17 billion personal records exposed in data breaches in 2023


Reported data breach incidents increased 34.5% in 2023, with more than 17 billion personal records compromised throughout the year, according to Flashpoint. Global Threat Intelligence Report 2024.

Last year, the company recorded 6,077 publicly reported data breaches, which included sensitive information such as names, Social Security numbers and financial data.

More than 70% of these incidents were the result of unauthorized access from outside the affected organization.

Researchers also observed a 429% increase in personal data stolen or leaked in the first two months of 2024 compared to the same period last year, with 1.897 billion personal records and credentials compromised.

The United States accounted for the majority (60%) of global data breaches in 2023, with 3,804 reported incidents. This represents an increase of 19.8% compared to 2022.

Ransomware a major driver of increasing data breaches

Ransomware attacks are one of the main culprits behind this increase in data breaches, with Flashpoint highlighting an 84% increase in documented incidents in 2023.

Additionally, the number of public ransomware attacks increased by approximately 23% in the first two months of 2024 compared to the same period in 2023, to 637.

Read here: NHS Trust confirms clinical data leak by ‘recognized ransomware group’

The LockBit gang claimed 1,049 victims last year, accounting for more than a fifth of all known ransomware attacks in 2023, according to the report.

The infrastructure of the prolific ransomware actor was disrupted by global law enforcement in February 2024 during Operation Cronos.

Researchers also noted that the Clop ransomware group exploitation of the MOVEit Transfer file The application vulnerability, which emerged in May 2023, has had a “profound” impact on the data breach landscape.

They determined that in total, the MOVEit attack was responsible for 19.3% of all reported data breaches in 2023. This figure includes organizations whose data was stolen through third parties in their supply chain.

The most targeted sector for ransomware last year was construction and engineering (18.7%), with 416 public incidents. This is followed by professional services (13.7%), Internet software and services (13.2%), and healthcare providers and services (12.29%).

Overall, ransomware and unauthorized access accounted for 85% of all publicly disclosed data breaches.

Record vulnerability disclosures and exploits

THE report found that 2023 marked a high level of vulnerability disclosures, reaching a total of 33,137.

Of these, more than half (52%) had a severity score of high to critical (7.0 to 10.0) according to the Common Vulnerability Scoring System (CVSS), which is a key pathway for attacks such as ransomware.

Flashpoint researchers said they documented more than 100,000 vulnerabilities that Common Vulnerabilities and Exposures (CVE) failed to report, many of which affect large companies such as Google and Microsoft.

So they estimate that organizations that rely strictly on CVE are likely ignoring nearly a third of known vulnerability risks.

Leave a comment