"Identity Theft Resource Center Q3 2022 Data Breach Report: Compromises & Victims Up from Q2 - Record High Year Unlikely"
Recently the Identity Theft Resource Center (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the third quarter (Q3) of 2022. According to the Q3 2022 Data Breach Report analysis, there were 474 publicly-reported data compromises in the quarter, a 15 percent increase compared to Q2 this year. However, the ITRC noted that the year-to-date (YTD) number of compromises (1,291) is only 69 percent of the year-end total in 2021, making a record-high number of compromises in 2022 unlikely. The ITRC stated that the number of victims jumped 210 percent in Q3 2022 over Q2 2022, partly due to an AT&T-related breach (23M victims) and a Neopets data compromise (69M victims), which account for more than half of the YTD victim count. The ITRC noted that the number of data breach notices with no information about the root cause of the compromise increased for the fourth consecutive quarter to 199 of the 419 breaches reported in Q3. Concern continues to grow that this trend will continue to increase as we move into 2023. The ITRC also found that Q3 2022 saw a 250 percent increase in supply chain attacks (1,280 entities impacted by 48 supply chain attacks) compared to H1 2022 (367 organizations affected by 44 attacks). Cyberattacks (419) made up 88 percent of data breaches in Q3. Phishing attacks (124) remained the primary attack vector for the 15th consecutive quarter. Also, the ITRC found that, with non-Russian affiliated ransomware groups emerging and cryptocurrency markets less volatile, ransomware attacks rebounded slightly in Q3. Malware-based attacks (13 in Q3) dropped to the lowest number in 3.75 years. The ITRC noted that they have become increasingly rare as the number of related attacks has fallen steadily from a recent high of 39 attacks in Q2 2021.