DATABREACH STATS & NEWS
28,433,149,823
Overview
As more and more companies experience crippling security breaches, the wave of compromised data is on the rise. Data breach statistics show that hackers are highly motivated by money to acquire data, and that personal information is a highly valued type of data to compromise. It’s also apparent that companies are still not prepared enough for breaches even though the cybertechnology landscape has dramatically advanced.
Below are the top 2022 data breach stats covering types of data breaches, industry-specific, risks, costs, as well as data breach defense and prevention resources supporting the importance of cybersecurity and how to better align organizational security budgets.
- The global number of web attacks blocked per day increased by 561 percent
- The number of data breaches has significantly increased within the past decade, from a mere 662 to more than 1,000
- Office applications were the most commonly exploited applications worldwide
- 80 percent increase in the number of people affected by health data breaches
- Formjacking attacks caused an average of 10 credit card breach per website earning cybercriminals over $32M+
Data Breach Cost
- The average total cost of a ransomware breach is $4.62 million, slightly higher than the average data breach of $4.24 million
- The average per record (per capita) cost of a data breach increased by 10.3 percent
- The average total cost for healthcare increased from $7.13 million to $9.23 million, a 29.5 percent increase
- Lost business opportunities represented the largest share of breach costs, at an average total cost of $1.59 million
- The average cost of a breach with a lifecycle over 200 days is $4.87 million
- 39 percent of costs are incurred more than a year after a data breach
- United States was the country with the highest average total cost of a data breach was at $9.05 million
- The average cost of a mega-breach was $401 million for the largest breaches (50 – 65 million records), an increase from $392 million
- Annually, hospitals spend 64 percent more on advertising the two years following a breach
- The cost difference in breaches in which mature Zero Trust was deployed versus not was $1.76 million
- The largest difference for breaches with a high level of compliance failures compared to a low level was $2.30 million
Cause & Source
- An average of 4,800 websites a month are compromised with formjacking code
- 34 percent of data breaches involved internal actors
- 71 percent of breaches are financially motivated
- Ransomware accounts for nearly 24 percent of incidents in which malware is used
- 95 percent of breached records came from the government, retail and technology sectors
- 36 percent of external data breach actors were involved in organized crime
Response & Lifecycle
- It took an average of 287 days to identify a data breach
- The average time to contain a breach was 80-90 days
- Healthcare and financial industries had the longest data breach lifecycle — 329 days and 233 days, respectively
- The data breach lifecycle of a malicious or criminal attack took an average of 315 days
- Microsoft Office files accounted for 48 percent of malicious email attachments
- The most active attack groups targeted an average of 55 organizations
Industry News
Hazleton Anesthesia Services is warning the public of a data security breach that may have impacted a limited amount of patient protected health ... According to the company, encrypted data such as usernames and passwords as well as unencrypted data like website URLs were affected. Breaches at ... Shoppers affected by last year's Rite Aid data breach could receive up to $10000 each. ... breach, which they claimed was leaked in January 2025. According to a posting on a well-known data breach forum, they decided to give the data ... NEW YORK – New York Attorney General Letitia James today released body-worn camera videos and security camera footage that her office obtained as ... An $11 million infection tracking solution was put on hold, and a couple of cyber security projects are also among the 136 initiatives not going ahead ... OKLAHOMA CITY, April 01, 2025 (GLOBE NEWSWIRE) — Federman & Sherwood investigates Ciuni & Panichi, Inc. for data breach. On April 1st, 2025, ... The details of the breach are currently under investigation. The type of information potentially exposed includes: Full Name; Social Security Number ... Each credit bureau requires you to mail the requested documents with their respective security freeze forms (or a written request for TransUnion). Security Breach: IABs, Dark Web Fueling Ransomware Surge. Inside the evolution of Ransomware-as-a-Service groups and why they continue to target ... "This leak is a serious breach of identity and privilege-related security ... data breach information, and emerging trends. Delivered daily or weekly ... Social Security Number; Date of Birth; Other sensitive information. Ciuni & Panichi, Inc. offers a full range of accounting, tax, wealth management ... A long-established Hanover tax preparation business announced Thursday that it was the victim of a spear phishing attack that compromised customer ... If your personal information was compromised in the 2023 MOVEit data breach, you may be eligible for a payout of up to $10000. Cyber Security Headlines · FTC sends warning to future 23andMe buyer · Global phishing threat targets 88 countries · Samsung data breach tied to old ... Guests Tony Martino and Rolin “Bud” Peets share best practices for investigating, mitigating, and remediating cybersecurity and data breach ... One in eight children had their identity compromised in a data breach since 2019, and about 5% have suffered identity theft over the same period, ... Data breaches can lead to dire consequences. Here, we've unpacked the biggest fines, penalties, and shutdowns in history. Written by. Gus Mallett. T-Mobile's $350M data breach settlement checks start rolling out this week—find out if you're getting paid and how much you could receive. On March 28, 2025, Lyon Management Group, Inc. d/b/a Lyon Living (“Lyon”) filed a notice of data breach with the Attorney General of California ...on April 1, 2025 at 1:35 pm on April 1, 2025 at 12:52 pm on April 1, 2025 at 12:21 pm on April 1, 2025 at 11:55 am on April 1, 2025 at 11:15 am on April 1, 2025 at 10:23 am on April 1, 2025 at 9:55 am on April 1, 2025 at 9:34 am on April 1, 2025 at 9:31 am on April 1, 2025 at 9:18 am on April 1, 2025 at 9:09 am on April 1, 2025 at 9:08 am on April 1, 2025 at 9:03 am on April 1, 2025 at 9:02 am on April 1, 2025 at 9:02 am on April 1, 2025 at 8:59 am on April 1, 2025 at 8:57 am on April 1, 2025 at 8:40 am on April 1, 2025 at 8:32 am on April 1, 2025 at 8:31 am
Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized […] On the 21st birthday of Gmail, Google has announced a major update that allows enterprise users to […] A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities […] Apple on Monday backported fixes for three vulnerabilities that have come under active exploitation […] Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting […] Are your security tokens truly secure?
Explore how Reflectiz helped a giant retailer to expose a […] Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that […] Apple has been hit with a fine of €150 million ($162 million) by France's competition watchdog […] The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in […] Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code […]on April 1, 2025 at 10:08 am on April 1, 2025 at 8:34 am on April 1, 2025 at 7:18 am on April 1, 2025 at 4:28 am on April 1, 2025 at 4:17 am on April 1, 2025 at 4:03 am on April 1, 2025 at 4:03 am on March 31, 2025 at 10:47 pm on March 31, 2025 at 9:41 am on March 31, 2025 at 5:04 am
Over the past few weeks, bad actors from different regions have been scanning devices with the VPN […] In this roundtable, cybersecurity experts — including two former CISA executives — weigh in on […] The bill will allow Japan to implement safeguards and strategies that have been in use by other […] The security vendor counters that none of the information came directly from its systems but rather […] Tenable released details of a Google Cloud Run flaw that prior to remediation allowed a threat […] The FDA's regulations and guidance aim to strike a balance between ensuring rigorous oversight and […] A continuation of the North Korean nation-state threat's campaign against employment seekers uses […] Although Oracle has denied its cloud infrastructure services were breached, security experts […] Next-level malware represents a new era of malicious code developed specifically to get around […] New research from Specops Software shows attackers successfully attack and gain access to RDP with […]on April 1, 2025 at 1:53 pm on April 1, 2025 at 1:13 pm on April 1, 2025 at 11:54 am on April 1, 2025 at 11:37 am on April 1, 2025 at 7:00 am on April 1, 2025 at 7:00 am on April 1, 2025 at 6:21 am on March 31, 2025 at 2:29 pm on March 31, 2025 at 1:55 pm on March 31, 2025 at 12:12 pm
Brian Krebs Updates
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an […] Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for […] Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. […] A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration's continued disregard […] A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is […] Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active […] Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in […] In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves […] At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information […] One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and […]on March 30, 2025 at 6:22 pm on March 27, 2025 at 9:39 am on March 21, 2025 at 12:12 pm on March 19, 2025 at 6:26 pm on March 14, 2025 at 3:15 pm on March 11, 2025 at 4:53 pm on March 11, 2025 at 9:49 am on March 7, 2025 at 6:20 pm on March 6, 2025 at 5:54 pm on February 28, 2025 at 1:14 pm
