Data breaches in the US are over 90% cyberattack-related

It is the third consecutive year that data breaches increased when compared to Q1 of the previous year.
15 April 2022

Data breaches in the US rose 14% in the first quarter of this year Source: Unsplash

  • More than 90% of data breaches are cyberattack-related — phishing and ransomware remain the top two root causes for data compromises
  • Healthcare, financial services, manufacturing & utilities, and professional services sectors had the most compromises in Q1 2022
  • Russia and the US among the most-breached countries in the first quarter of this year

The number of publicly reported data breaches in the US has increased by double-digit year-on-year, for the first three months of 2022, according to  the Identity Theft Resource Center (ITRC). Between January to March, there were 404 publicly-reported data compromises country wide, representing a 14% increase compared to the same period last year.

To ITRC’s president and CEO Eva Velasquez, the fact that the number of breach events in the first quarter rose, indicates that data compromises will continue to rise in 2022 after setting a new all-time high in 2021. “As we mentioned in our 2021 Annual Data Breach Report, we saw an alarming number of data breaches last year due to highly complex and sophisticated cyberattacks that are fueling the dramatic rise in identity fraud.”

Despite the breach increase, the ITRC said the number of victims (20.7 million) decreased 50% compared to Q1 2021 and dropped 41% compared to Q4 2021. Healthcare, financial services, manufacturing & utilities, and professional services sectors had the most compromises between January to March this year.

The ITRC also highlighted that a majority (92%) of the data breaches in the first three months of 2022 resulted from cyberattacks whereby phishing and ransomware are the top two root causes for data compromises. “Continuing a trend from 2021, 154 out of 367 data breach notices did not include the cause of the breach, making “unknown” the largest attack vector in the first quarter of this year,” ITRC noted.

Representing 8% of the data compromises in the first three months of this year were system and human errors. Data breaches resulting from physical attacks such as document or device theft and skimming devices however, dropped to single digits (3%) in Q1 2022. “The only non-cyberattack-related attack vector in double digits during Q1 2022 was related to email or letter correspondence with 12 instances,” the nonprofit organization said.

Globally, a separate study by Surfshark found that Russia tops the chart with the most breaches between January to March 2022, with more than 3.5 million internet users affected. Since the start of the Russian invasion of Ukraine, 136% more Russian accounts were breached than in February. 

Interestingly, the US came in second place, despite showing a positive downward trend in data breaches for the second quarter in a row. The analysis also highlighted that the top five countries with the most data breaches account for half of all leaks in Q1 2022. For an instance, Russians alone make up almost a fifth of all global victims.