US data compromises affected over 20 million people in Q1 2022
From appointment scheduling and calendar service FlexBooker to CVS Pharmacy, data compromises are still a grim reality in 2022.
According to the data presented by the Atlas VPN team, publicly reported data compromises in the United States affected 20,773,963 million victims (approximately 230,822 a day) in the first quarter of 2022. In total, there were 404 compromises reported from January through March.
The data is based on the First Quarter 2022 Data Breach Analysis by Identity Theft Resource Center. It includes the data compromise cases which were reported in Q1 of this year.
Compared to the first quarter of 2021, data compromises increased by 14%, from 354 to 404. However, the number of victims actually fell by 50%, from 41,254,479 to 20,773,963, indicating smaller but more targeted data breaches.
Cyberattacks were responsible for 91% of US data compromises in Q1 2022. In total, 367 data breaches happened due to cyberattacks, claiming 13,525,762 victims. Most common cyberattacks include phishing, smishing, and business email compromise (110), ransomware (67), and malware (22).
System and human errors were the reason for 32 or 8% of data compromises in the US within the first three months of the year, affecting 7,223,708 victims. The main reasons behind the errors were email and letter correspondence (12), misconfigured firewalls (5), and failure to configure cloud security (4).
The remaining 1% of data compromises were due to physical attacks, such as document theft, device theft, and improper disposal. Such events took 21,601 victims.
The technology sector suffered the most
Almost no major economic sectors were spared from data breaches in the first quarter of this year. However, some were affected more than others.
The most impacted industry in terms of the number of victims was technology, with 10,832,588 million breached accounts. Data compromises affecting the sector were also the most prolific, with one breach on average involving nearly 677,037 accounts. In total, the sector faced 16 data compromise events in Q1 2022.
The second most affected sector in terms of victims was financial services. It suffered from 68 compromises impacting 3,384,769 people. Meanwhile, the healthcare industry faced 73 compromises — more than any other sector and affected 2,560,465 people. Both financial and healthcare sectors are highly lucrative targets to cybercriminals due to valuable data stored by the companies working in the industry.
Next up is the professional services industry. The first quarter of the year it had 1,719,850 victims due to 46 data compromises.
Non-profit and non-governmental organizations round out the top five most affected sectors list with 558,362 victims. In total, the sector faced 18 data compromises in Q1 2022.
Other highly impacted industries include government (294,027), retail (272,950), manufacturing and utilities (247,852), education (106,099), hospitality (56,451), and transportation (20,930).