The Identity Theft Resource Center (ITRC) released its Q1 report, detailing the industries targetted by data breaches, the types of cyber attacks resulting in data breaches, and most importantly, it outlines a growing trend of data breaches coming with a lack of actionable information for customers.
The good news is that their report shows a 13% drop in data breaches and a 64% decrease in the number of victims compared to last quarter. However, this doesn’t paint the full story, Q1 normally sees a decrease in cyber attacks, and the drop in Q1 2023 is less than in Q1 2022 when cyber attacks fell by 28.6%. What’s more, is that despite the reduction there were more than 89 million people affected by data breaches in Q1.
The ITRC has also found a growing trend for companies that face data breaches to withhold information about the data breach. Oftentimes, they hold back so much information that the root cause of the breach is unknown and there’s no actionable information for victims. Of the top 10 largest data breaches of the quarter, 60% of them didn’t include information about the root cause (Up from 40% in Q4)
The report found that 94% of data breach victims came from four sectors, Manufacturing & Utilities, Technology, Healthcare, and Transportation. The trend of healthcare being the most targeted sector continues for the third quarter in a row with 81 different compromises. Financials Services came in #2, with 70 compromises in Q1.
The companies with the most compromised victims include T-Mobile, with 37 million users affected, and PeopleConnect, which had data breaches exposing over 20 million users. Medical companies like Regal Medical Group had over 3.3 million victims.
“It is troubling to see the trend of a lack of actionable information in data breaches continue from 2022,” said Eva Velasquez, ITRC President and CEO.