Year-over-year results indicate a fast start to data breaches in 2022 after a record-setting 2021, as more than 90% of data breaches are cyberattack-related, the Identity Theft Resource Center found.

For the third consecutive year, data breaches increased when compared to Q1 of the previous year. Despite the data breach increase, the number of victims (20.7 million) decreased 50% compared to Q1 2021 and dropped 41% compared to Q4 2021.

“Traditionally, Q1 is the lowest number of data compromises reported each year,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “The fact the number of breach events in Q1 represents a double-digit increase over the same time last year is another indicator that data compromises will continue to rise in 2022 after setting a new all-time high in 2021. As we mentioned in our 2021 Annual Data Breach Report, we saw an alarming number of data breaches last year due to highly complex and sophisticated cyberattacks that are fueling the dramatic rise in identity fraud. It is vital everyone continues to practice good cyber-hygiene, businesses and consumers, to help reduce the amount of personal information flowing into the hands of cyberthieves.”  

Other findings include:

• Phishing and ransomware remain the top two root causes for data compromises.
• Continuing a trend from 2021, 154 out of 367 data breach notices did not include the cause of the breach, making “unknown” the largest attack vector in Q1 2022. It also represents a 40% increase in the total number of unknown breach causes compared to full-year 2021. While data breach notice updates may include more attack information, the increasing lack of transparency in the notices is a risk to organizations and consumers.
• System & Human Errors represent 8% of the Q1 2022 data compromises.
• Data breaches resulting from physical attacks such as document or device theft and skimming devices dropped to single digits (three) in Q1 2022.
• The only non-cyberattack-related attack vector in double digits during Q1 2022 was related to email or letter correspondence with 12 instances.
• Healthcare, Financial Services, Manufacturing & Utilities, and Professional Services sectors had the most compromises in Q1 2022.