Eva Velasquez, CEO
Identity Theft Resource Center
January 2024
First, we must acknowledge the signicant
impact of Supply Chain Attacks and the effect
they have on all organizations. A single supply
chain attack can directly or indirectly impact
hundreds or thousands of businesses that rely on
the same vendor. Stronger reporting
requirements can help warn other vulnerable
businesses of the risk associated with a similar
attack. Increased due diligence when it comes to
vendors and data protection are also in order.
Second, the two-decade old legislative and
regulatory framework designed to alert
consumers to breaches is broken. A Supply Chain
Attack victim from 2020 conrmed in 2023 what
was suspected for years: Businesses under or
non-report breaches. We need to bring a level of
uniformity to the breach notice process to help
protect both consumers and business.
The sheer scale of the 2023 data compromises
is overwhelming. Just the increase from the past
record high to 2023’s number is larger than the
annual number of events from 2005 until 2020
(except for 2017). But, we cannot let
complacency, frustration, or weariness lead us
to surrender the ght to protect identity crime
victims. We’re not about to give-up or give-in and
we hope you will join us as we seek to start a
different conversation about protecting
identities in 2024.
Off-the-shelf hacker tools lowered the barrier
to entry for launching attacks and the wealth
of personal information available from data
breaches and identity scams made it easy to
impersonate an individual or business using
social engineering. This was the environment in
2021 that created the highest number of data
compromises ever tracked by the ITRC – 1,860
1
events impacted an estimated ~300M victims.
The highest, that is, until 2023.
In the pages that follow you’ll see the new
record high: 3,205 publicly reported data
compromises that impacted an estimated
353,027,892 individuals. That’s a 72 percent
(72%) increase in events over the previous
high-water mark and 78 percent (78%) over
2022.
See Figure 1
Each year we are asked “why the increase in
events?” and “what can be done to protect
against a data breach?” There’s never any one
reason why compromises go up or down just as
there are no actions that are 100 percent
effective in stopping breaches or the identity
crimes that result. We do believe there are
trends that need to be highlighted and actions
that need to be considered if we are to slow or
stop the pace of data breaches and exposures.
1
Audits of 2021 and 2022 compromises resulted in a reduction in the total number of data compromises for those years due to breaches originally reported as separate
events later being updated as related events. The total number of compromises in full-year 2021 has been adjusted downward by two (2) events to 1,860 and full-year
2022 adjusted downward by one (1) event to 1,801.
Figure 1 | Total Compromises, Year over Year
0 2,250 4,0001,750 3,0001,250 2,5001,000750500250 2,000 3,250 3,7503,5001,500 2,750
2021
300,607,163 Victims
1,860
2022
425,212,090 Victims
1,801
2023
353,027,892 Victims
3,205
Compromises
© IDENTITY THEFT RESOURCE CENTER 2024 | IDTHEFTCENTER.ORG
3
