"Data Breach Notices Become More Opaque, Leaving Consumers in The Dark"

According to the Identity Theft Resource Center (ITRC), data breach disclosures that included specific details for consumers dropped dramatically in 2022.  Of the 1,802 breaches the group tracked in 2022, 66% did not include victim and attack details such as root cause.  It’s a dramatic decline from two years ago when 100% of reported breaches tracked by the center had details about attack vectors.  The ITRC noted that data breaches in 2022 affected roughly 400 million individuals.  The ITRC also noted that cybercriminals are moving away from zero-day exploitations to going after weaknesses in APIs.  The ITRC stated that the trend toward less descriptive disclosures makes it harder for consumers to protect themselves and for policymakers and cyber defenders to respond.  The ITRC noted that companies are currently subject to a patchwork of state data breach laws, many of which don’t require victim details.  The Federal Trade Commission (FTC) has gone after companies for covering up or failing to disclose breaches, but current enforcement measures might not be incentive enough for reporting.  The ITRC noted that they believe there’s not much fear of the consequences.

Cyberscoop reports: "Data Breach Notices Become More Opaque, Leaving Consumers in The Dark"