Report: 90 Percent of Data Breaches in Q1 2022 Were Cyberattack Related
The Identity Theft Resource Center (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, released its U.S. data breach findings for the first quarter (Q1) of 2022.
According to the Q1 data breach analysis, the 404 publicly-reported data compromises in the U.S. represent a 14 percent increase compared to Q1 2021. Q1 2022 is the third consecutive year when breaches have increased compared to Q1 of the previous year. However, despite the breach increase, the number of victims (20.7 million) decreased 50 percent compared to Q1 2021 and dropped 41 percent compared to Q4 2021.
“Traditionally, Q1 is the lowest number of data compromises reported each year,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “The fact the number of breach events in Q1 represents a double-digit increase over the same time last year is another indicator that data compromises will continue to rise in 2022 after setting a new all-time high in 2021. As we mentioned in our 2021 Annual Data Breach Report, we saw an alarming number of data breaches last year due to highly complex and sophisticated cyberattacks that are fueling the dramatic rise in identity fraud. It is vital everyone continues to practice good cyber-hygiene, businesses and consumers, to help reduce the amount of personal information flowing into the hands of cyberthieves.”
Other findings in the analysis include:
- Approximately 92 percent of the data breaches in the first three months of 2022 resulted from cyberattacks. Phishing and ransomware remain the top two root causes for data compromises.
- Continuing a trend from 2021, 154 out of 367 data breach notices did not include the cause of the breach, making “unknown” the largest attack vector in Q1 2022. It also represents a 40 percent increase in the total number of unknown breach causes compared to full-year 2021. While data breach notice updates may include more attack information, the increasing lack of transparency in the notices is a risk to organizations and consumers.
- System & Human Errors represent eight (8) percent of the Q1 2022 data compromises.
- Data breaches resulting from physical attacks such as document or device theft and skimming devices dropped to single digits (three) in Q1 2022.
- The only non-cyberattack-related attack vector in double digits during Q1 2022 was related to email or letter correspondence with 12 instances.
- Healthcare, Financial Services, Manufacturing & Utilities, and Professional Services sectors had the most compromises in Q1 2022.