The latest data breach recap of 2023 by Surfshark shows that a total of 300M accounts were breached in 2023, with the United States ranking first and amounting to around a third of all breaches (97M). Russia takes second place (79M), while France is third (11M), followed by Spain (8M) and India (5M). The breach rate in the US is more than 200% higher in 2023 than it was in 2022, while the global trends show a general decrease of 20%
The US jumped to 1st place with almost 100 million breached online accounts in 2023, being previously ranked 3rd with 31M in 2022, after Russia and China. Around 3 American user accounts were leaked every second in 2023. In 2023, the US also had the 2nd highest breach density (285 leaked accounts per 1,000 residents) in the world, after Russia (542 per 1,000 residents).
Europe was the most affected region by breaches in 2023, followed by North America and Asia. North America accounts for 34% of the breaches (101.7M). North America’s breaches grew 193% in 2023 compared to the previous year.
In descending order, the ten most breached countries of 2023 were the US, Russia, France, Spain, India, Taiwan, Australia, Italy, the UK, and Brazil.
The countries with the highest breach density in 2023 (number of leaked accounts per 1,000 residents): Russia (542), the US (285), Czechia (207), Taiwan (169), Spain (164), France (162), Australia (134), Panama (98), Sweden (96) and Finland (89).
“Defending against data leaks involves crucial steps, such as encrypting sensitive data, implementing thorough monitoring, and building a cybersecurity-aware culture. Organizations should incorporate automated provisioning of user access, using RBAC (role-based access control), enforcing multi-factor authentication, and conducting regular external and internal configuration audits, including penetration testing,” says Aleksandr Valentij, Cyber Security Lead at Surfshark. “Additionally, adhering to data protection regulations, ensuring proper storage practices, and limiting the collection of unnecessary information are key components of a resilient defense against malicious actors.”
When an email account is breached, the user is at risk of social engineering and identity theft. Scammers might send fake emails pretending to be from legitimate organizations, and those emails might contain links with computer viruses or requests to disclose even more personal information. If the email address was leaked with more personal information like name and address, scammers might even be able to impersonate the victim for various malicious purposes.
If you suspect your information has been breached, you should:
- Change the passwords to your accounts immediately
- Enable two-factor authentication where possible
- Contact your bank if your credit card information was leaked
- Scan your devices for malware
- Keep an eye out for scams if your email, phone number, or other contact information was leaked.
METHODOLOGY
A data breach happens when confidential and sensitive data gets exposed to unauthorized third parties. In this study, we treat every breached or leaked email address used to register for online services as a separate user account, which may have been leaked with additional information, such as password, phone number, IP address, zip code, and more.
The data was collected by our independent partners from 29,000 publicly available databases and aggregated by email address. To determine the location of the email address, our partners’ mechanism looked into several associated parameters, such as domain names, IP addresses, locales, coordinates, currency, or phone numbers. This data was then anonymized and passed on to Surfshark’s researchers to analyze their findings statistically.
The Data Breach World Map is updated monthly with the most recent data from our independent partners. The numbers from January to December 2023 were compared with data aggregated from January to December 2022. Countries with a population of less than 1M people were not included in the analysis. For the full methodology, please refer to: https://surfshark.com/research/data-breach-monitoring/methodology
For the complete research material behind this quarterly comparison, visit here.
NOTES TO EDITORS
Surfshark is a cybersecurity company focused on developing humanized privacy and security solutions. The Surfshark One suite includes one of the very few VPNs audited by independent security experts, an officially certified antivirus, a private search tool, and a data leak alert system. Surfshark is recognized as the Independent’s Editor’s Choice for Best Value VPN 2023. For a closer look at Surfshark in 2023, visit our annual wrap-up. For more research projects, visit our research hub at: surfshark.com/research
PR Archives: Latest, By Company, By Date