Apple Study Highlights an Alarming Trend in Data Breaches

Highlights:

• During the first half of 2023, breaches directed at U.S. corporations more than doubled compared to the same period in 2022 in several English-speaking countries.
• The number of ransomware victims listed on leak sites in May 2023 was nearly three times higher than in May 2022, with the U.S. and U.K. being the most frequent targets.

Incidents of threats and data breaches are on the rise at a concerning pace, as indicated by the findings of a recent study commissioned by Apple Inc.

Data breaches have reached unprecedented levels, with ransomware becoming increasingly prevalent and more perilous than before. The study highlights a surge in targeted and effective exploits in third-party and supply chain networks. “The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase” was authored by Dr. Stuart Madnick, the Director of the MIT CIO Symposium annually and a professor at MIT.

In the initial nine months of 2023, the number of breaches surpassed those recorded in any preceding years. Breaches targeting U.S. firms more than doubled in numerous English-speaking countries between the first half of 2023 and the first half of 2022. Prominent breaches in 2023 include Honda Motor Co. Ltd. in June, India-based social media vendor Slick in February, and Microsoft Corp. in September.

Madnick discovered that over 2.6 billion personal records were acquired from breaches in 2021 and 2022, most originating from cloud-based data. Numerous attacks have focused on sensitive data, including the October breach of genetic information from 23andMe and the compromise of student data from the Minneapolis public school system in March. Madnick’s report documents numerous additional incidents.

The number of ransomware victims listed on leak sites in May 2023 was nearly three times higher than in May 2022, with the U.S. and U.K. being the most frequent targets. Multipoint attacks deploy various methods, including data extortion, to collect ransoms.

Fortunately, the adoption of more advanced end-to-end encryption tools is on the rise, exemplified by recent announcements from Meta Platforms Inc.’s Messenger division.

Madnick wrote, “In this landscape, no organization, and, by extension, no individual, is safe from a data breach. As long as organizations worldwide continue to store troves of valuable personal data in unencrypted form in the cloud, individuals remain at risk of having their personal data stolen, exploited, and exposed.”

Madnick suggests that consumers are experiencing a decline in confidence regarding how governments safeguard their data. “Given the prevalence of data breaches and their real-life consequences on individuals, keeping personal data safe should be at the forefront of these organizations’ priorities,” he wrote in his report.