17 Billion Personal Records Exposed In Data Breaches In 2023
Category

Threat Actor: Unspecified threat actors
Victim: Various organizations and individuals

Information:
– 17 billion personal records were exposed in data breaches in 2023.
– The majority of data breaches (70%) resulted from unauthorized access from outside the affected organization.
– The US accounted for 60% of global data breaches in 2023, with 3804 reported incidents.
– Ransomware attacks were a major driver of the surge in data breaches, with an 84% increase in documented incidents in 2023.
– The LockBit gang claimed 1049 victims in 2023, representing over a fifth of all known ransomware attacks.
– The Clop ransomware group’s exploitation of the MOVEit Transfer file application vulnerability had a significant impact on the data breach landscape.
– The construction and engineering sector was the most targeted by ransomware in 2023, followed by professional services, internet software and services, and healthcare providers and services.
– Ransomware and unauthorized access made up 85% of all publicly disclosed data breaches.
– 2023 saw a high number of vulnerability disclosures, reaching a total of 33,137.
– Over half (52%) of the disclosed vulnerabilities scored high to critical severity, providing opportunities for attacks like ransomware.
– Flashpoint researchers documented over 100,000 vulnerabilities that CVEs failed to report, indicating that organizations relying solely on CVEs may be unaware of a significant portion of known vulnerability risks.

Reported data breach incidents rose by 34.5% in 2023, with over 17 billion personal records compromised throughout the year, according to Flashpoint’s 2024 Global Threat Intelligence Report.

The firm recorded 6077 publicly reported data breaches last year, which included sensitive information such as names, social security numbers and financial data.

Over 70% of these incidents resulted from unauthorized access that stemmed from outside the affected organization.

The researchers also observed a 429% spike in stolen or leaked personal data in the first two months of 2024 compared with the same period last year, with 1897 billion personal records and credentials compromised.

The US made up the majority (60%) of global data breaches in 2023, with 3804 reported incidents. This represents a 19.8% increase compared to 2022.

Ransomware a Major Driver of Surging Data Breaches

A major culprit for this surge in data breaches is ransomware attacks, with Flashpoint highlighting an 84% increase in documented incidents in 2023.

Additionally, the number of public ransomware attacks grew by around 23% in the first two months of 2024 compared to the same period in 2023, reaching 637.

Read here: NHS Trust Confirms Clinical Data Leaked by “Recognized Ransomware Group”

The LockBit gang claimed 1049 victims last year, representing over a fifth of all known ransomware attacks in 2023, according to the report.

The prolific ransomware actor’s infrastructure was disrupted by global law enforcement in February 2024 during Operation Cronos.

The researchers also noted that the Clop ransomware group’s exploitation of the MOVEit Transfer file application vulnerability, which emerged in May 2023, had a “profound” impact on the data breach landscape.

They determined that in total, the MOVEit attack was responsible for 19.3% of all reported 2023 data breaches. This figure includes organizations who had data stolen via third parties on their supply chain.

The sector most targeted by ransomware last year was construction and engineering (18.7%), with 416 public incidents. This was followed by professional services (13.7%), internet software and services (13.2%) and healthcare providers and services (12.29%).

Overall, ransomware and unauthorized access made up 85% of all publicly disclosed data breaches.

Record Vulnerability Disclosures and Exploits

The report found that 2023 marked a high in vulnerability disclosures, reaching a total of 33,137.

Of these, over half (52%) scored high to critical (7.0-10.0) in severity under the Common Vulnerability Scoring System (CVSS), providing a key avenue for attacks like ransomware to take place.

Flashpoint researchers said they documented over 100,000 vulnerabilities that the Common Vulnerabilities and Exposures (CVEs) failed to report, many of which affect major companies such as Google and Microsoft.

They therefore estimate that organizations strictly relying on CVEs are likely unaware of nearly a third of known vulnerability risk.

Source: Original Post