How Many Data Breaches Happened in 2022? The Shocking Statistics
If you thought 2021 set records for cyberattacks, wait until you see the numbers for 2022. Data breaches exploded last year, with both the number of incidents and total records exposed reaching eye-popping new highs.
According to the Identity Theft Resource Center (ITRC), around 1,862 publicly reported data breaches took place in the United States alone in 2022. That‘s a shocking 68% increase compared to 2021, when 1,108 breaches occurred.
Those US-based incidents exposed nearly 227 million sensitive records, primarily consisting of names, email addresses, login credentials, social security numbers, financial account details, and medical information.
Globally, multiple cybersecurity firms estimate there were over 4,000 major data breaches across the world in 2022, collectively impacting billions of users.
For example, Surfshark‘s research found approximately 4,100 notable data breaches were publicly disclosed last year, exposing over 22 billion records in total.
To put that into perspective, if 22 billion breached records were divided evenly among the world‘s population of 8 billion, it would mean every person on earth had an average of nearly 3 records stolen in 2022 alone.
Sobering Data on Breached Online Accounts in 2022
In addition to breached records, hackers also compromised hundreds of millions of online accounts in 2022 by utilizing stolen login credentials.
According to Surfshark, approximately 108.9 million accounts worldwide were breached in Q3 2022. That represents a massive 69% spike from Q2 2022, when 64.4 million accounts were breached.
To compare, only 922 million online accounts were breached across the entire year of 2020. But at the current trajectory, 2022 surpassed that annual figure in just three quarters.
Here‘s a breakdown of online accounts breached globally each quarter of 2022:
- Q1 2022: 85.6 million accounts breached
- Q2 2022: 64.4 million accounts breached
- Q3 2022: 108.9 million accounts breached
With one quarter remaining, 2022 has already handily exceeded 1 billion breached accounts worldwide.
Surfshark cybersecurity expert Gabriele Racaityte offered context on the dramatic rise, stating: "As our digital lives expand, so do opportunities for cybercriminals. Users have an average of 100 online accounts, so a single leak can give fraudsters details to attack various services."
Exposed Sensitive Records Take a Dive in 2022
Interestingly, while breached online accounts surged to unforeseen highs, the number of sensitive records exposed like credit cards, medical data and financial information declined compared to prior years.
Surfshark‘s research illustrates this divergence:
- Q1 2022: 3.3 million sensitive records breached globally
- Q2 2022: 5.5 million sensitive records breached globally
- Q3 2022: 14.8 million sensitive records breached globally
Compare that to 2020‘s peaks:
- Q4 2020: 125 million sensitive records breached globally
- Q1 2021: 96 million sensitive records breached globally
The drop in breached sensitive records possibly indicates cybercriminals pivoting to more targeted data theft by accessing accounts directly, rather than bulk exfiltration of records which takes more effort.
Stolen account credentials can still enable significant financial and identity fraud. The 2022 Identity Fraud Study found around 10 million Americans were victims of identity theft last year, up nearly 50% from 2020.
Massive Cyber Attacks Lead the 2022 Data Breach Hall of Shame
Several mega data breaches from unethical hackers and hostile nation states made headlines last year. Here are a few of the biggest:
-
Uber: The ridesharing giant revealed in 2022 that it covered up a massive 2016 breach impacting 57 million customers and drivers.
-
Facebook: In April 2022 the stolen records of over 533 million Facebook users remerged for sale online, including phone numbers, birthdates, bios and email addresses. Facebook originally reported this vulnerability fixed in 2019.
-
Medibank: Australia’s largest health insurer was breached in October 2022 by alleged Russian cybercriminals, exposing the records and private health details of 9.7 million current and former customers.
-
T-Mobile: Cyberattackers accessed personal data of over 37 million postpaid and prepaid customers in yet another breach of the telecom giant announced in January 2022.
-
LA Unified School District: A ransomware attack in September 2022 breached 500GB of sensitive data from the US’ second-largest public school district, including social security numbers, financial data and health insurance information.
State-Sponsored Hackers Set Their Sights on Crypto in 2022
Government-backed cyber groups originating from North Korea, Russia and elsewhere strategically targeted cryptocurrency firms in 2022 seeking big paydays:
-
In June, North Korean state hackers stole a record $100 million from Harmony’s Horizon bridge.
-
In August, Lazarus Group linked to North Korea pilfered $540 million from token bridge Axie Infinity.
-
The FBI blamed North Korea for the $615 million Ronin Bridge exploit in March 2022.
-
And in April, the U.S. Treasury linked North Korean hackers to the record $625 million cryptocurrency heist targeting Axie Infinity developers Sky Mavis.
Cybersecurity experts believe the difficult-to-trace nature of cryptocurrency transactions appeals to North Korea and other cybercrime groups as they ramp up financially-motivated hacking efforts.
How Countries Stack up for Most Breached Users
Surfshark‘s research identified the countries with the most breached online accounts in Q3 2022:
- Russia – 22.3 million
- France – 13.8 million
- Indonesia – 13.3 million
- United States – 8.5 million
- Spain – 3.9 million
- China – 3.5 million
- Brazil – 2.9 million
- Taiwan – 2.2 million
- Portugal – 1.4 million
- India – 1.4 million
Russia holds its place as the world leader in breached users, trailed by European nations France, Spain and Portugal. The United States and Indonesia were the only non-European countries in the top five.
Key Takeaways from the 2022 Data Breach Landscape
Reviewing the vital data breach statistics and trends last year:
-
Around 4,000 major publicly reported data breaches occurred globally in 2022.
-
Over 22 billion total records were exposed worldwide across those breaches.
-
Approximately 108.9 million online accounts were breached globally in Q3 2022 alone.
-
Breached online account totals in 2022 exceeded 1 billion by end of Q3.
-
Breached sensitive records like financial data declined compared to prior years.
-
Russia, France and Indonesia had the most breached online accounts in Q3 2022.
-
North Korea, Russia and other state actors targeted cryptocurrency services.
The staggering cost of data breaches is felt by both consumers and businesses. The average cost of a data breach now exceeds $4 million according to IBM and Ponemon Institute‘s 2022 report.
How to Protect Yourself from Data Breaches in 2024
With data breaches showing no signs of slowing, individuals and organizations must remain vigilant. Here are proactive tips to reduce your risk online:
For personal protection:
-
Enable multi-factor authentication on all critical accounts like email, banking and social media.
-
Avoid using the same password across multiple online accounts.
-
Consider using a password manager app to generate and store strong unique passwords.
-
Check if your accounts were exposed at sites like HaveIBeenPowned and monitor your credit reports regularly for signs of fraud.
For businesses:
-
Provide cybersecurity awareness training to employees to spot phishing and social engineering schemes.
-
Deploy advanced endpoint protection to detect malware and anomalous access attempts.
-
Perform regular backups and ensure critical systems can be restored quickly after an attack.
-
Control access to sensitive systems and data via principle of least privilege.
Hackers evolve their tactics constantly, which means our defensive strategies must also adapt in response. But with enhanced vigilance and some prudent precautions, we can help deny them the opportunity.
Sources:
Identity Theft Resource Center: https://www.idtheftcenter.org/post/cyberattacks-and-data-breaches-continue-to-surge-in-2022/
Surfshark: https://surfshark.com/learn/data-breaches-statistics
2022 Identity Fraud Study: https://www.javelinstrategy.com/press-release/identity-fraud-losses-reach-30-billion-2022-javelin-strategy
IBM Cost of Data Breach Report 2022: https://www.ibm.com/security/data-breach
