In 2023, reported data breaches surged by 34.5%, totaling over 17 billion compromised personal records, according to Flashpoint’s 2024 Global Threat Intelligence Report. The year witnessed 6077 publicly reported breaches, encompassing sensitive information like names, social security numbers, and financial data. Notably, over 70% of these breaches resulted from unauthorized external access to organizations. The first two months of 2024 saw a staggering 429% increase in stolen personal data compared to the same period in the previous year, with 1.897 billion records compromised.
The United States accounted for the majority (60%) of global data breaches in 2023, recording 3804 reported incidents, marking a 19.8% increase from 2022. Ransomware attacks emerged as a significant driver behind the surge in breaches, with Flashpoint reporting an 84% increase in documented incidents in 2023. Notably, the first two months of 2024 witnessed a 23% rise in public ransomware attacks compared to the same period in 2023, totaling 637 incidents. The LockBit gang, responsible for over a fifth of all known ransomware attacks in 2023, saw its infrastructure disrupted by global law enforcement in February 2024 during Operation Cronos.
The Clop ransomware group’s exploitation of the MOVEit Transfer file application vulnerability in May 2023 also significantly impacted the data breach landscape, accounting for 19.3% of all reported breaches in 2023. Construction and engineering were the most targeted sectors by ransomware in 2023, with 18.7% of public incidents occurring within this industry, followed by professional services (13.7%), internet software and services (13.2%), and healthcare providers and services (12.29%). Overall, ransomware and unauthorized access comprised 85% of all publicly disclosed data breaches.
The report highlighted a record high in vulnerability disclosures in 2023, totaling 33,137, with over half scoring high to critical severity under the Common Vulnerability Scoring System (CVSS). Despite this, Flashpoint researchers noted over 100,000 vulnerabilities not reported by the Common Vulnerabilities and Exposures (CVEs), potentially leaving organizations unaware of nearly a third of known vulnerability risks.
