2023 is already the worst year for hacks—and we’re not out yet

Cyberattacks are becoming more prevalent in 2023—and it’s no longer a matter of whether this year will record a record number of data breaches, it’s more a question of how high that number will be.

As of the end of September, corporations had reported 2,116 data compromises for the year, according to the Identity Theft Resource Center (ITRC). That’s already higher than the previous annual record of 1,862, set in 2021. And the fourth quarter is already off to a rollicking start, with the high-profile hack of 23andMe, which could impact millions of the company’s customers.

The third quarter saw 733 total reported compromises, affecting 66,658,764 people. Financial services was the most-attacked sector, topping healthcare for the first time since Q2 2022. That could be because the number of financial institutions reporting data compromises spiked in the third quarter. All totaled, 204 notices were issued, which is more than the 135 total of reported compromises in financial service businesses in the past two years.

Healthcare companies reported 113 data compromises in Q3. No other Industry reported compromise rates in triple digits.

“While setting a record for the number of data breaches is attention-grabbing, unfortunately, it is not surprising,” ITRC president and CEO Eva Velasquez said in a statement. “There are a handful of reasons for the rise in data compromises, ranging from the drastic uptick in Zero-Day attacks to a new wave of ransomware attacks as new ransomware groups enter the criminal identity marketplace.”

One piece of good news: Despite a record number of breaches, the total number of victims, so far, is well off a record pace. Through the first three quarters of the year, there have been 233.9 million estimated victims versus the 425 million at this time in 2022. (2022 included some very large breaches, including Twitter and AT&T.)

Increasing risks

The data breaches in the ITRC’s report range from ransomware to phishing attacks to malware infections. Those can result in everything from companies being shut out of their systems—such as the MGM ransomware attacks that severely impacted Las Vegas—to financially impacting individuals whose identities are sold on the Dark Web.

But the war in Israel is bringing out a potential new type of threat. The 23AndMe hack targeted users of Jewish ancestry. One online post offering data for sale bragged of having a huge database of Ashkenazi Jews, including people whose ties with that ancestry are less than 1%.

Given the growing Anti-Semitic rhetoric against Jewish people online and the very real physical threats both at home and abroad, that posting has raised concerns among 23AndMe members about their own safety.

What’s even more worrisome is that the actual number of breaches and victims is likely much higher than the ITRC’s data shows. Officials at the ITRC note that transparency about attacks continues to get worse. And data breach notices, when filed, often lack details about how companies were compromised and victim details.

“Underreporting and a lack of transparency continues to be a concern, as demonstrated by the fact that more than half (53%) of breach notices in Q3 did not include actionable information about the compromise,” says James Lee, ITRC’s COO. “We also have new, clear evidence that companies are simply making a decision to not report a breach when they do not believe a person is at risk—a decision nearly all state breach-notice laws allow the breached entity to make. If they determine there is no risk, then, generally, no notice is required.”

To put the data into perspective, there have been about 18,000 reported data breach notices in the U.S. since data breach laws went into effect 20 years ago. In the European Union, where the General Data Protection Regulation (GDPR) requires data breach notices, there are about 350,000 notices issued each year.

https://www.fastcompany.com/90966633/2023-breaking-records-hacks-cyberattacks?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Établi 2y | 13 oct. 2023, 04:50:10


Connectez-vous pour ajouter un commentaire

Autres messages de ce groupe

In his first 100 days, Trump’s tariffs are already threatening the AI boom

When Donald Trump returned to the White House in 2025, many in the tech world hoped his promises to champion artificial intelligence and cut regulation would outweigh the risks of his famously vol

29 avr. 2025, 16:50:07 | Fast company - tech
How learning like a gamer helped this high-school dropout succeed

There are so many ways to die. You could fall off a cliff. A monk could light you on fire. A bat the size of a yacht could kick your head in. You’ve only just begun the game, and yet here you are,

29 avr. 2025, 12:20:08 | Fast company - tech
Renate Nyborg’s Meeno wants to become the Duolingo of dating

Former Tinder CEO Renate Nyborg launched Meeno less than two years ago with the intention of it being an AI chatbot that help

29 avr. 2025, 12:20:07 | Fast company - tech
How Big Tech’s Faustian bargain with Trump backfired

The most indelible image from Donald Trump’s inauguration in January is not the image of the president taking the oath of office without his hand on the Bible. It is not the image of the First Lad

29 avr. 2025, 12:20:06 | Fast company - tech
Turns out AI is really bad at picking up on social cues

Ernest Hemingway had an influential theory about fiction that might explain a lot about a p

29 avr. 2025, 12:20:04 | Fast company - tech
Signal is the unlikely star of Trump’s first 100 days

The first 100 days of Trump’s second presidential term have included a surprising player that doesn’t seem likely to go away anytime soon: Signal.

The encrypted messaging pl

29 avr. 2025, 09:50:13 | Fast company - tech