STOCK TITAN

New Analysis Reveals Number and Severity of Known Data Breaches in 2022 is Nearly Double What’s Been Reported

Rhea-AI Impact
(Low)
Rhea-AI Sentiment
(Negative)
Tags
Rhea-AI Summary

Sontiq, a TransUnion company, reported a significant rise in compromised entities due to data breaches in 2022, with a total of 3,495 compromised entities, marking a 45% increase from 2,417 in 2021. The jump is largely attributed to third-party breaches, which accounted for 1,745 of the incidents, reflecting a staggering 220% year-over-year increase. The severity of these breaches, measured by Sontiq's BreachIQ AI algorithm, also increased by 10% in 2022. Sontiq emphasizes the importance of consumers taking swift action when breaches score above 4, as they pose higher risks for identity theft.

Positive
  • Number of compromised entities rose to 3,495 in 2022, a 45% increase from 2021.
  • Third-party breaches accounted for 1,745 incidents, a 220% increase year-over-year.
  • Breach severity, as per BreachIQ AI algorithm, increased by 10% in 2022.
Negative
  • None.

New AI-driven analysis by Sontiq shows third-party data breaches drove drastic year-over-year jump in compromised entities

BOSTON--(BUSINESS WIRE)-- Last month, the Identity Theft Resource Center (ITRC) reported that the overall number of publicly reported data breaches in 2022 remained at a steady high (1,802 incidents), coming up just shy of the record-high of 1,862 incidents reported in 2021. Further analysis of the ITRC data by Sontiq, a TransUnion company, reveals the number of entities compromised by those 2022 breaches reached 3,495* — nearly twice the number of publicly reported breaches.

Jim Van Dyke, senior vice president of innovation at Sontiq, explains that Sontiq’s calculation is based on how the company’s proprietary algorithm accounts for breaches at third-party vendors, also known as supply-chain attacks. Of the publicly reported incidents, half were third-party breaches that gave attackers access to the data of companies served by the breached vendor.

Sontiq’s analysis shows 3,495 compromised entities in 2022, of which 1,745 originated from a third-party data breach. This is a nearly 45% increase over the 2,417 compromised entities Sontiq analyzed in 2021 and a year-over-year increase in third-party breaches of more than 220%.

Van Dyke, who has served as an expert harms witness in some of the country’s largest data breach litigations, noted that cybercriminals are pursuing supply chain attacks for a higher return on effort.

“By focusing attacks on the accounting, payroll or administrative firms that serve multiple clients, a single breach can give an attacker access to the data of multiple organizations at once, including customer and employee records,” he said.

Third-Party Breaches Getting More Severe

Van Dyke noted that the severity of third-party data breaches, as measured by Sontiq’s BreachIQ AI algorithm, is also trending higher. BreachIQ analyzes more than 1,300 factors to assess the severity of a data breach and assigns a unique Breach Risk Score on a scale of 1 to 10 for each incident. The algorithm also identifies the primary risks associated with a breach, as well as recommended protective action steps specific to that breach.

In examining the average Breach Risk Score year over year, the severity of third-party breaches increased 10% in 2022. Meanwhile, the severity of primary breaches increased a mere 2%.

Higher-Risk Data Breaches Warrant Quicker Action by Consumers

According to Van Dyke, individual data breaches that score higher than 4 warrant stronger action from those affected due to the potential risks. (Consumers can check on the severity of any publicly reported breach on the Sontiq website.)

“When a data breach reaches a score greater than 4, typically several pieces of sensitive personal information have been compromised,” said Van Dyke. “This greatly increases the odds of serious identity theft and fraud scams, which give criminals direct access to a victim’s workplace or personal financial, medical and social accounts.”

That said, Van Dyke added that even low-scoring breaches can be dangerous because cyber thieves are willing to work harder to access a victim’s financial accounts. When criminals obtain less-sensitive information in a data breach, they often use social engineering techniques to extract more personal information to gain direct account access or commit payments card and peer-to-peer (P2P) payment fraud.

A free online tool is available at www.sontiq.com/breachiq/#search-breached-organizations for anyone who wants a risk score and recommended actions for a particular data breach.

* The ITRC’s figure is based on the number of initially breached organizations, while Sontiq includes entities whose data was exposed by the initial breach. Both are considered valid breach counts by the industry. Sontiq believes its approach provides more value to protecting organizations and consumers from potential data compromise.

About Sontiq

Sontiq (pronounced Son-tick), a TransUnion company, is an intelligent identity security company arming businesses and consumers with a full range of award-winning identity and cyber monitoring solutions, as well as restoration and response services. Sontiq products empower millions of customers and organizations to be less vulnerable to the financial and emotional consequences of identity theft and cybercrimes. Sontiq has an outstanding track record for delivering high-touch support and fraud remediation services, demonstrated through its 93% customer satisfaction ratings. www.sontiq.com

About TransUnion (NYSE: TRU)

TransUnion is a global information and insights company that makes trust possible in the modern economy. We do this by providing an actionable picture of each person so they can be reliably represented in the marketplace. As a result, businesses and consumers can transact with confidence and achieve great things. We call this Information for Good®.

A leading presence in more than 30 countries across five continents, TransUnion provides solutions that help create economic opportunity, great experiences and personal empowerment for hundreds of millions of people. www.transunion.com/business

Media:

Kelly Moore or Nicole Selinger

kelly@kmprcollective.com, nicole@kmprcollective.com

515-720-9670, 314-805-2165

Source: Sontiq

FAQ

What was the total number of compromised entities reported by Sontiq in 2022?

Sontiq reported a total of 3,495 compromised entities in 2022.

How much did third-party breaches increase year-over-year according to Sontiq?

Third-party breaches increased by over 220% year-over-year in 2022.

What does a Breach Risk Score above 4 signify?

A Breach Risk Score above 4 indicates significant risks for identity theft and fraud.

What is the increase in severity of third-party breaches in 2022?

The severity of third-party breaches increased by 10% in 2022.

Who analyzed the data breach incident reports for 2022?

The Identity Theft Resource Center (ITRC) reported the data breaches, which were further analyzed by Sontiq.

TransUnion

NYSE:TRU

TRU Rankings

TRU Latest News

TRU Stock Data

18.26B
194.35M
0.24%
104.62%
1.99%
Financial Data & Stock Exchanges
Services-consumer Credit Reporting, Collection Agencies
Link
United States of America
CHICAGO