What to watch for as data breaches hit record high
The number of publicly reported data compromises in the United States surged last year, reaching 3,205, according to the Identity Theft Resource Center’s 2023 Data Breach Report. That’s a 78% increase from 2022 and a 72% rise from the previous all-time high, 1,860 in 2021.
In particular, supply-chain attacks have grown dramatically in recent years. In a supply-chain attack, criminals gain access to a large organization by exploiting a third-party vendor, which may have weaker security protections. Because of the relationship, the vendor provides a route to the organization and sensitive information that may be associated with it, such as customer data. The number of affected organizations leapt from 101 in 2018 to more than 2,700 in 2023.
For 2024, the ITRC predicts that the unprecedented number of breaches in 2023 will push identity crimes to new levels — especially impersonation scams and synthetic identity fraud, through which criminals create fake identities by combining pieces of real personal information, such as Social Security numbers, with fabricated ones, such as made-up names or birth dates. And generative artificial intelligence will contribute to increasingly sophisticated phishing attacks and scams that leverage personal information collected in data breaches.
“The combination of more data from more compromises, along with revolutionary technology, means we must consider significant changes to how we protect personal information and respond when it is compromised,” the ITRC said in the report. To address these growing threats, the ITRC is calling for more-uniform laws and regulations that dictate when and how attacked organizations must report data breaches. To rein in identity crimes involving the use of stolen personal information, the ITRC recommends expanded use of facial identity verification. A bank, for example, could require customers who apply for an account online to take and submit a photograph of themselves, and the bank could compare it to the photo on the customer’s driver’s license.
What can you do? You may have little control over the measures organizations employ to protect your data, but you can take steps to shield yourself from fraud that targets you directly, such as phishing schemes. Scammers may incorporate real information about you — say, your name or employer — in emails or text messages that appear to be from legitimate institutions (your bank or the IRS, for example).
Be wary of unexpected messages that claim there’s a problem with your account or payment information, as well as those that encourage you to click on a link or download an attachment. If a message conveys a sense of urgency — stating that you must update the log-in credentials for one of your accounts within 24 hours, for example — that’s another red flag.
Install software updates, which may contain security patches, on your devices as soon as the updates become available. When possible, use multifactor authentication to log in to your accounts online.