Data breaches increased in 2023 and with them, internet security concerns
One report found a 78% year-to-year increase in breaches from 2022 to 2023
As the world becomes ever more online, companies and individuals are trying to protect themselves from cyber criminals and bad actors who try to access their personal information. Despite this, evidence shows that the fight against data breaches is not getting better. In fact, it appears to be getting significantly worse.
Most reports indicate that 2023 was the worst year yet for data breaches, both in the United States and around the world. A report from the Identity Theft Resource Center (ITRC) released in January concluded that there was a 78% increase in data compromises year-to-year, from 1,801 in 2022 to 3,205 in 2023. Even as the global community is working to fight against hackers, criminals are "constantly finding new ways to access and exploit readable personal data, in particular when stored in the cloud," according to a data breach study from MIT Professor of Information Technology Stuart Madnick.
This has led to devastating consequences for personal finance security and problems for web safety, and marks a step back in the fight against identity theft. What made 2023 such a bad year for data breaches?
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
What were the figures on data breaches in 2023?
The numbers are staggering: The 3,205 compromising incidents in 2023 include 3,122 breaches of data, 25 data exposures, two data leaks and 56 compromises of an unknown nature, according to the ITRC's report. This translates to more than 353 million total victims, which "represents an all-time high for data compromises reported in the United States," the ITRC said.
Many of the data breaches in 2023 came in the form of ransomware, which are viruses that lock victims out of their files and hold their data hostage until a ransom is paid. The number of ransomware attacks "increased by almost 70%" compared to the prior year, Madnick said. While all data breaches are problematic, ransomware has become one of the most common culprits. Ransomware scams had "more than twice the number of victims in 2023 compared to 2022," said cyber security outlet SecurityWeek. And based on current trends, the threat of ransomware "will continue to increase and evolve in 2024," SecurityWeek said. The spike in ransomware can be measured "by an increase in the number of victims who have paid the ransom — up from 68% to 76% (and remember that is 76% of a higher number of victims)," the outlet said.
While the vast majority of these breaches were performed online, this was not all-encompassing; according to the ITRC, there were at least 729 breaches caused by human or system errors, 242 supply chain attacks, and 53 breaches caused by physical attacks on hardware. The healthcare industry was the most compromised, the ITRC said, leading the way with 809 incidents. Similar breaches were also seen in professional services, financial services, education and manufacturing.
What made 2023 so bad for breaches?
There are "three primary reasons behind this increased theft of personal data: cloud misconfiguration, new types of ransomware attacks and increased exploitation of vendor systems," Madnick said in the Harvard Business Review. First, cloud-based storage is often cheaper for companies on a wide scale, and so it is "estimated that more than 60% of the world's corporate data is stored in the cloud." This "makes the cloud a very attractive target for hackers," and more than 80% of breaches in 2023 involved cloud-based software.
The spread of ransomware attacks is also a contributing factor to these spikes, Madnick said. Third, many large companies use third-party vendors to help with everything from "air conditioning maintenance to providing software." To do these things, vendors "need easy access to your company's systems," Madnick said, which can prove a feeding frenzy for hackers given the vendors are "frequently small companies with limited cybersecurity resources."
Also concerning is that "the number of data breach notices without specific information such as what happened, what the company has done to correct it, or what steps have been taken to make sure the breach doesn't happen again has nearly doubled year over year," the ITRC's James. E. Lee said to USA Today. This lack of information "creates risk for other businesses who could be attacked in a similar fashion and consumers who need to know how to protect themselves."
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Justin Klawans has worked as a staff writer at The Week since 2022. He began his career covering local news before joining Newsweek as a breaking news reporter, where he wrote about politics, national and global affairs, business, crime, sports, film, television and other Hollywood news. Justin has also freelanced for outlets including Collider and United Press International.
-
Will Starmer's Brexit reset work?
Today's Big Question PM will have to tread a fine line to keep Leavers on side as leaks suggest EU's 'tough red lines' in trade talks next year
By The Week UK Published
-
How domestic abusers are exploiting technology
The Explainer Apps intended for child safety are being used to secretly spy on partners
By Chas Newkey-Burden, The Week UK Published
-
Scientists finally know when humans and Neanderthals mixed DNA
Under the radar The two began interbreeding about 47,000 years ago, according to researchers
By Justin Klawans, The Week US Published
-
David Sacks: the conservative investor who will be Trump's crypto and AI czar
In the Spotlight Trump appoints another wealthy ally to oversee two growing — and controversial — industries
By David Faris Published
-
Judge rejects Elon Musk's $56B pay package again
Speed Read Judge Kathaleen McCormick upheld her rejection of the Tesla CEO's unprecedented compensation deal
By Peter Weber, The Week US Published
-
DOJ seeks breakup of Google, Chrome
Speed Read The Justice Department aims to force Google to sell off Chrome and make other changes to rectify its illegal search monopoly
By Peter Weber, The Week US Published
-
Racist texts tell Black people in US to prepare for slavery
Speed Read Recipients in at least a dozen states have been told to prepare to 'pick cotton' on slave plantations
By Peter Weber, The Week US Published
-
Australia proposes social media ban before age 16
Speed Read Australia proposes social media ban before age 16
By Peter Weber, The Week US Published
-
Social media ban: will Australia's new age-based rules actually work?
Talking Point PM Anthony Albanese's world-first proposal would bar children under 16 even if they have parental consent, but experts warn that plan would be ineffective and potentially exacerbate dangers
By Harriet Marsden, The Week UK Published
-
Is ChatGPT's new search engine OpenAI's Google 'killer'?
Talking Point There's a new AI-backed search engine in town. But can it stand up to Google's decades-long hold on internet searches?
By Theara Coleman, The Week US Published
-
Teen suicide puts AI chatbots in the hot seat
In the Spotlight A Florida mom has targeted custom AI chatbot platform Character.AI and Google in a lawsuit over her son's death
By Theara Coleman, The Week US Published