Data breaches fallout reach new heights as the number of exposed records soars

Dive Brief:

  • Cyberattacks and data breaches are exposing personal data at an ever-growing rate, according to an Apple-commissioned study conducted by Stuart Madnick, professor of IT at Massachusetts Institute of Technology, published Thursday.
  • More than 2.6 billion personal records were compromised in 2021 and 2022, and the number of records breached jumped 36% in 2022 to 1.5 billion, the report said.
  • Data breaches at U.S. organizations are at an all-time high, up 20% in the first nine months of 2023 compared to all of last year, the study found.

Dive Insight:

The increased threat to and exposure of personal data is linked to two key factors: a rise in ransomware and attacks against vendors, according to the study.

Ransomware groups are more organized and aggressive, and “their attacks are more likely to target organizations with sensitive data, like governments, mass-market genetic testing companies or healthcare facilities,” Madnick said.

Ransomware attacks increased by nearly 70% year over year in the first nine months of 2023, according to the report, which cites research and analysis from more than 200 sources. The majority, nearly 70%, of ransomware attacks through September this year occurred in the U.S., U.K., Canada and Australia.

Attacks involving exploited vulnerabilities in vendors’ applications are also growing in scope, as evidenced by the still-unraveling attacks against Progress Software’s MOVEit file-transfer service.

“Vendor exploitation attacks often have broad ripple effects,” Madnick said in the report. “As the initial attack allows hackers to gain access to the vendor’s system and data, it may also allow hackers to access the systems and data of that vendor’s clients.”