"US Smashes Annual Data Breach Record With Three Months Left"

According to the Identity Theft Resource Center (ITRC), there were 2116 reported US data breaches and leaks in the first nine months of 2023, making it the worst year on record with a whole quarter left to go.  The non-profit, which tracks publicly reported breaches in the US, said there were 733 “data compromises” in Q3 2023, a 22% decline from the previous quarter.  However, despite the relative slump, this was enough to drag the total for the year past the previous all-time high of 1862 set in 2021.  The ITRC counted an estimated 234 million victims from these breaches, well short of the 425 million individuals impacted by incidents last year.  The ITRC noted that cyberattacks remained the most common cause of breaches in Q3, with phishing attacks the most popular attack vector, followed by zero-day exploits, ransomware, and malware.  The ITRC said that Zero-day attacks, in particular, are on the rise, climbing 1620% in the first three quarters of 2023 versus the whole of 2022.  Supply chain attacks also remained a major threat in Q3, with 1321 organizations reporting breaches due to attacks on 87 third parties, many of which used the MOVEit software targeted by the Clop ransomware gang.  The ITRC claimed that four of the top 10 biggest compromises in Q3 were caused by the MOVEit campaign.  The ITRC noted that there is a persistent concern about the lack of transparency from breached organizations.  The ITRC found that over half (53%) of reported breaches did not come with any explanation about the initial attack vector.

Infosecurity reports: "US Smashes Annual Data Breach Record With Three Months Left"