Data security incidents in Q3 exposed the personal data of over 66 million individuals, the Identity Theft Resource Center says

The number of data security incidents publicly reported by the end of September in the US this year has already surpassed the annual record of data events by 14%, according to the ITRC’s latest data breach report.

Over 34% of the data compromise incidents (733 breaches) so far this year were reported in the third quarter, with over 66.6 million victims.

“For the nine months ending September 30, 2023, there have been 2,116 data compromises reported, including 733 in the third quarter (Q3),” the ITR noted. “The number of year-to-date (YTD) data compromises surpasses the previous annual record of 1,862 reported events set in 2021.”

Here’s a breakdown of the ITRC’s data breach analysis:

· Records of more than 63.89 million victims were exposed in 716 data breach incidents

· Six data exposures with over 52,000 victims

· Two data leaks with over 2.69 million victims

The most popular attack vectors of Q3 data breaches include cyberattacks, system and human errors, physical attacks and supply chain attacks.

Cyberattacks, including phishing, zero-day attacks, and ransomware were among the most frequently reported root cause of data breaches, with 614 incidents.

“More than half of breached entities (386) entities did not report an attack vector,” the ITR said. “However, among those that did, phishing attacks were the most frequently reported cause. Zero-day attacks (69) exceeded ransomware (64) and malware attacks (17). However, with more entities not reporting an attack vector than those that did, it is difficult to be precise about the rate of specific attack vectors.”

Supply chain attacks were also at the the root of 87 data breaches or data exposures that impacted 344 organizations in the US, with four of the top 10 compromises directly related to a MOVEit attack.

“So far in 2023, 344 U.S. organizations have been impacted by a single or multiple vendor(s) using a vulnerable MOVEit product,” the agency explained. “An additional 79 organizations have reported being directly impacted by attacks against MOVEit software or services.”

Between July and September 2023, the ITRC notes that 27.83% of data compromise incidents were reported by the financial services industry, 15.41% by healthcare services, 11% by professional services, 8.86% by manufacturers, and 5.42% by educational institutions.

Worried about data breaches that threaten your identity and financial security?

With Bitdefender Identity Theft Protection (US only) you can stay in the know and limit financial losses associated with identity crimes, with:

• 24/7 identity monitoring to detect if your personal information is on the dark web and to check for change of address requests, attempts to take over accounts and court records that may show crimes falsely reported in your name
• An easy way to view your credit score or order a credit freeze in case of compromise
• Identity restoration services with a 100% success rate, plus access to your own dedicated resolution specialist and much more