The US Shatters Data Breach Records
The First Nine Months of 2023 Saw Record Breaking Breaches
Media reports explained that there were 2116 reported US data breaches and leaks in the first nine months of 2023, making it the worst year on record with a whole quarter left to go, according to the Identity Theft Resource Center (ITRC)
The ITRC is a non-profit, which tracks publicly reported breaches in the US, said there were 733 “data compromises” in Q3 2023, a 22% decline from the previous quarter. However, the media outlet noted that, despite the relative slump, this was enough to drag the total for the year past the previous all-time high of 1862 set in 2021.
In addition to what the ITRC discovered, reports from Bleeping Computer noted a surge in new “HTTP/2 Rapid Reset” DDoS attacks that were “breaking records” for DDoS attacks.
Reportedly, the “uptick” in this variety of DDoS attack has been observed “since last August” but adds to the overall strain of rising data breaches and high-impact cyber security attacks in the United States, in a calendar year that saw such catastrophes as the major MGM Resorts breach.
InfoSecurity magazine explained that cyber-attacks remained the most common cause of breaches in Q3. The publication referred t phishing attacks as the “most popular” attack vector. After phishing,analysts with InfoSecurity noted the rising scale of zero-day exploits, ransomware and malware.
The outlet likewise reported that zero-day attacks are rising, climbing 1620% in the first three quarters of 2023 versus the whole of 2022, the ITRC said.
Speaking with Eva Velasquez, ITRC president and CEO, InfoSecurity magazine reported that the figures for 2023 year-to-date weren’t surprisinc.
“There are a handful of reasons for the rise in data compromises, ranging from the drastic uptick in zero-day attacks to a new wave of ransomware attacks as new groups enter the criminal identity marketplace,” she explained, as she was quoted by InfoSecurity Magazine.
“Now that we have broken the previous annual data comprise record, the question remains: by how much?”
InfoSecurity revealed that the “persistent concern” US data governance regulators face is the lack of transparency from breached organizations. The ITRC said over half (53%) of reported breaches “did not come with any explanation about the initial attack vector”, which experts find can prove problematic for researchers attempting to understand the full scope of attacks and implications for other entities.