BOSTON— The number of data breaches in 2022 is actually double the size of what has been reported by one analysis, according to one company’s review of what took place last year.
While the Identity Theft Resource Center (ITRC) reported that the overall number of publicly reported data breaches in 2022 remained at a steady high (1,802 incidents), coming up just shy of the record-high of 1,862 incidents reported in 2021, further analysis of the ITRC data by Sontiq, a unit of TransUnion, has found the number of entities compromised by those 2022 breaches reached 3,495, nearly twice the number of publicly reported breaches, according to the company.
Jim Van Dyke, senior vice president of innovation at Sontiq, said Sontiq’s calculation is based on how the company’s proprietary algorithm accounts for breaches at third-party vendors, also known as supply-chain attacks. Of the publicly reported incidents, half were third-party breaches that gave attackers access to the data of companies served by the breached vendor, Sontiq reported.
Crooks Seeking Stronger ROI
Sontiq further said its analysis shows that of those 3,495 compromised entities in 2022, 1,745 originated from a third-party data breach, 45% increase over the 2,417 compromised entities Sontiq analyzed in 2021 and a year-over-year increase in third-party breaches of more than 220%.
Van Dyke said cybercriminals are pursuing supply chain attacks for a higher return on effort.
“By focusing attacks on the accounting, payroll or administrative firms that serve multiple clients, a single breach can give an attacker access to the data of multiple organizations at once, including customer and employee records,” Van Dyke stated.
Third-Party Breaches Get More Severe
Van Dyke said the severity of third-party data breaches, as measured by Sontiq’s BreachIQ AI algorithm, is also trending higher. According to the company, BreachIQ analyzes more than 1,300 factors to assess the severity of a data breach and assigns a unique Breach Risk Score on a scale of 1 to 10 for each incident.
The algorithm also identifies the primary risks associated with a breach, as well as recommended protective action steps specific to that breach, the company said.
In examining the average Breach Risk Score year over year, the severity of third-party breaches increased 10% in 2022. Meanwhile, the severity of primary breaches increased a mere 2%.
Quicker Action Recommended
In a statement, Van Dyke said individual data breaches that score higher than 4 warrant stronger action from those affected due to the potential risks.
“When a data breach reaches a score greater than 4, typically several pieces of sensitive personal information have been compromised,” said Van Dyke. “This greatly increases the odds of serious identity theft and fraud scams, which give criminals direct access to a victim’s workplace or personal financial, medical and social accounts.”
Sontiq said it offers a free online tool at www.sontiq.com/breachiq/#search-breached-organizations
It’s Called Fresh for a Reason. And We Offer Home Delivery. For Free!
The biggest, best and freshest news reporting in credit unions remains free in ’23! Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more.
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com