A data breach report from the nonprofit Identity Theft Resource Center (ITRC) found that there were 2,116 publicly reported data compromises in the U.S. market during the first nine months of 2023. This figure represents the most in a calendar year, and there are still three months to go. The previous high mark was set in 2021 (1,862 data compromises).
In the third quarter (Q3) of 2023, there were 733 data compromises, which was down 22% from the second quarter (Q2) of 2023 (941) but enough to surpass the previous all-time high. Of the 733 Q3 data compromises, 386 data breach notices did not report an attack vector (53%), according to the report.
Among the notices that reported an attacked vector, phishing attacks were the most cited, followed by zero-day attacks, ransomware attacks and malware attacks. Additionally, the ITRC estimated there have been 233.9 million victims through the first three quarters of 2023, with 66.7 million victims in 2023 Q3.
The report noted that zero-day attacks against an undisclosed software flaw for which a patch does not exist increased to 86 reported incidents through the first three quarters of 2023 compared to only five during the first three quarters of 2022. This represents a 1,620% increase.
Other findings from the ITRC include that 1,321 organizations reported data compromises due to breaches or exposures at 87 third parties. The financial services industry experienced the most data compromises in 2023 Q3 with 204. The next highest was health care (113), followed by professional services (81), manufacturing (65) and education (42).
“While setting a record for the number of data breaches is attention-grabbing, unfortunately, it is not surprising,” Eva Velasquez, president and CEO of the ITRC, said in a statement. “There are a handful of reasons for the rise in data compromises, ranging from the drastic uptick in zero-day attacks to a new wave of ransomware attacks as new ransomware groups enter the criminal identity marketplace.”