DATABREACH STATS & NEWS
28,433,149,823
Overview
As more and more companies experience crippling security breaches, the wave of compromised data is on the rise. Data breach statistics show that hackers are highly motivated by money to acquire data, and that personal information is a highly valued type of data to compromise. It’s also apparent that companies are still not prepared enough for breaches even though the cybertechnology landscape has dramatically advanced.
Below are the top 2022 data breach stats covering types of data breaches, industry-specific, risks, costs, as well as data breach defense and prevention resources supporting the importance of cybersecurity and how to better align organizational security budgets.
- The global number of web attacks blocked per day increased by 561 percent
- The number of data breaches has significantly increased within the past decade, from a mere 662 to more than 1,000
- Office applications were the most commonly exploited applications worldwide
- 80 percent increase in the number of people affected by health data breaches
- Formjacking attacks caused an average of 10 credit card breach per website earning cybercriminals over $32M+
Data Breach Cost
- The average total cost of a ransomware breach is $4.62 million, slightly higher than the average data breach of $4.24 million
- The average per record (per capita) cost of a data breach increased by 10.3 percent
- The average total cost for healthcare increased from $7.13 million to $9.23 million, a 29.5 percent increase
- Lost business opportunities represented the largest share of breach costs, at an average total cost of $1.59 million
- The average cost of a breach with a lifecycle over 200 days is $4.87 million
- 39 percent of costs are incurred more than a year after a data breach
- United States was the country with the highest average total cost of a data breach was at $9.05 million
- The average cost of a mega-breach was $401 million for the largest breaches (50 – 65 million records), an increase from $392 million
- Annually, hospitals spend 64 percent more on advertising the two years following a breach
- The cost difference in breaches in which mature Zero Trust was deployed versus not was $1.76 million
- The largest difference for breaches with a high level of compliance failures compared to a low level was $2.30 million
Cause & Source
- An average of 4,800 websites a month are compromised with formjacking code
- 34 percent of data breaches involved internal actors
- 71 percent of breaches are financially motivated
- Ransomware accounts for nearly 24 percent of incidents in which malware is used
- 95 percent of breached records came from the government, retail and technology sectors
- 36 percent of external data breach actors were involved in organized crime
Response & Lifecycle
- It took an average of 287 days to identify a data breach
- The average time to contain a breach was 80-90 days
- Healthcare and financial industries had the longest data breach lifecycle — 329 days and 233 days, respectively
- The data breach lifecycle of a malicious or criminal attack took an average of 315 days
- Microsoft Office files accounted for 48 percent of malicious email attachments
- The most active attack groups targeted an average of 55 organizations
Industry News
Coinbase breach linked to customer data leak in India · Flight Centre taps more data in customer sentiment analysis · Share on Facebook · Share on ... In a letter [PDF] letter to the Comptroller General of the US, ranking House Homeland Security committee member Bennie Thompson (D-MS) and ranking ... Security experts warned that it is difficult to rule out the possibility of a leak, given that ransomware attacks often involve stolen financial data, ... Hackers leak data of 10K VirtualMacOSX customers in alleged breach, exposing names, emails, passwords and financial data on a hacking forum. Exposed data may include names, Social Security numbers, medical records, financial account info, and other personal identifiers. While no cases of ... Dublin-based credit union also hires new chief audit executive as fallout from last year's security breach continues. Avatar photo ... Less than two months after a massive security breach at SK Telecom ... The next day, Yes24 declared there had been no data breach. But later ... Nonetheless, the most harmful have been data breaches—stealthy incursions where attackers circumvent security measures and obtain a considerable ... A $15 million settlement pertaining to claims of insufficient security measures was made available to Cash App users in April 2025. Users might submit ... NVRAM variables are a recurrent source of security vulnerabilities. Documents published by WikiLeaks in 2017 detailing CIA penetration techniques ... Over 8M patient records leaked in healthcare data breach. FOX News. Over 8M patient records leaked in healthcare data breach. 7. 2. How To Get Cash ... Several customers' critical information has been compromised, leading to data breach alerts issued by JPMorgan Chase, Bank of America, and TD ... The breach could fuel fraud, identity theft and more. While data leaks might feel like background noise, ignoring this one could come back to bite you ... In a public statement posted to Facebook, the Transportation Security Administration (TSA) warned that just simply plugging your phone into USB ports ... Security breaches happen. Your password and email may have been leaked online. Unfortunately, that's the grim reality of creating accounts online: you ... From vibe hacking to malware development to deepfakes, bad actors are discovering more vulnerabilities to attack generative AI tools while also ... ... Security number. ... Scammers may have some of your personal information already from a previous phishing scam, a data breach, or some other source. The breach, first detected on April 18, involved the unauthorised exposure of data linked to universal subscriber identity module (USIM) cards. In ... Businesses need to be vigilant on both external and internal threats to the security of information they collect and hold. The incident prompted heightened scrutiny of mobile authentication security across South Korea's telecommunications sector, particularly given the ...on June 15, 2025 at 4:19 pm on June 15, 2025 at 3:33 pm on June 15, 2025 at 3:14 pm on June 15, 2025 at 2:42 pm on June 15, 2025 at 2:36 pm on June 15, 2025 at 1:46 pm on June 15, 2025 at 1:37 pm on June 15, 2025 at 12:51 pm on June 15, 2025 at 11:50 am on June 15, 2025 at 11:34 am on June 15, 2025 at 11:13 am on June 15, 2025 at 10:46 am on June 15, 2025 at 10:21 am on June 15, 2025 at 10:08 am on June 15, 2025 at 10:03 am on June 15, 2025 at 9:50 am on June 15, 2025 at 9:11 am on June 15, 2025 at 9:05 am on June 15, 2025 at 8:44 am on June 15, 2025 at 8:21 am
A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an […] Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed […] The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that […] Introduction: Security at a Tipping Point
Security Operations Centers (SOCs) were built for a […] Apple has disclosed that a now-patched security flaw present in its Messages app was actively […] The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to […] Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be […] AI is changing everything — from how we code, to how we sell, to how we secure. But while most […] A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial […] Human identities management and control is pretty well done with its set of dedicated tools, […]on June 13, 2025 at 7:45 pm on June 13, 2025 at 7:12 am on June 13, 2025 at 4:02 am on June 13, 2025 at 3:30 am on June 13, 2025 at 12:03 am on June 12, 2025 at 10:47 am on June 12, 2025 at 6:52 am on June 12, 2025 at 6:06 am on June 12, 2025 at 4:11 am on June 12, 2025 at 4:00 am
A new Cybersecurity and Infrastructure Security Agency (CISA) advisory warned ransomware actors […] Researchers discovered a large-scale campaign using the open source penetration-testing framework […] This alignment makes a successful CISO, but creating the same sentiment across business leadership […] These groups suffered three times the cyberattacks as the year previous, with DDoS attacks […] Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this […] New regulations and compliance standards for the Children's Online Privacy Protection Act reflect […] A string of threat-actor OpSec failures have yielded unexpected windfalls for security researchers […] To truly future-proof your cybersecurity approach, it's vital to ensure that your security program […] Interpol's Operation Secure arrested more than 30 suspects across Vietnam, Sri Lanka, and Nauru, […] The move is unrelated to a recent nation-state attack the vendor endured but stems from a report by […]on June 13, 2025 at 1:06 pm on June 13, 2025 at 8:10 am on June 13, 2025 at 7:00 am on June 13, 2025 at 6:00 am on June 12, 2025 at 1:49 pm on June 12, 2025 at 1:16 pm on June 12, 2025 at 1:13 pm on June 12, 2025 at 7:00 am on June 11, 2025 at 2:25 pm on June 11, 2025 at 2:10 pm
Brian Krebs Updates
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same […] Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active […] Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large […] The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites […] Authorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The […] The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold […] KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits […] In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit […] Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active […] A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees […]on June 12, 2025 at 3:14 pm on June 10, 2025 at 5:10 pm on June 5, 2025 at 3:44 pm on May 29, 2025 at 6:55 pm on May 28, 2025 at 10:41 am on May 22, 2025 at 2:53 pm on May 20, 2025 at 2:30 pm on May 15, 2025 at 12:56 pm on May 14, 2025 at 4:57 am on May 7, 2025 at 3:22 pm
