1,802 breach notifications were made in 2022, affecting over 440 million people. The fact that there were numerous data breaches in the United States last year should please the hackers at least.

According to the Identity Theft Resource Center, 1,802 data breach notices from U.S. firms in 2022 reported disclosing records or personally identifiable information impacting more than 400 million people.

It totals just 60 breaches, less than the 1,862 vulnerabilities in the United States that the ITRC recorded in 2021.

Eva Velasquez, CEO and president of ITRC said no established records for data intrusions in the U.S. last year; we got close.”

Even if the number of data breaches declined noticeably in the first half of 2022, that close call nonetheless happened. Velasquez asserts that the invasion of Ukraine by Russia and the turbulence in the cryptocurrency market likely kept Russian criminals too busy or distracted. The second quarter of the year saw an increase in breach volume.

The companies with the most significant known breaches in 2022 were Cash App Investing, with 8.2 million victims. Neopets with 69 million, AT&T Data with 23 million, and Twitter with 222 million records exposed.

According to breach reports, the most frequently disclosed characteristics were the victims’ names, followed by Security Numbers, dates of birth, current addresses, driver’s license or state identification numbers, medical information, and bank account numbers.

Leading Breach Vector: Online Attacks

According to breached organizations, the catch-all category of “online attack” was the leading cause of data breaches in 2022. It is followed by phishing or corporate email intrusion, ransomware, and malware. It contrasts significantly with the ITRC study from 2005 revealed that the main offenders were lost or stolen computers and paper documents or backup tapes.

The lack of transparency and underreporting remain significant obstacles to determining the exact scope of the data breach epidemic. A breach affected 422 million people last year, according to organizations. However, in 68% of all breach notices, neither the number of people affected nor their specific circumstances were reported. In addition, 42% omitted attack specifics.

According to those two figures, only 34% of the data leak alerts from ITRC contained information that might be used for action, according to James Lee, chief operations officer.

According to Velasquez, this has led to less trustworthy data, which hinders the ability of consumers and companies. Government agencies should educate decisions regarding the risk of a data compromise and the steps to take if one occurs.


Other firms frequently use breach reports to gather the most recent threat intelligence to protect themselves better. It is especially those in similar industries to a victim organization or with a similar I.T. infrastructure.

Additionally, the lack of information makes it harder for victims of consumer fraud to understand the risks involved. Providing customers with practical information they may use to protect themselves once firms holding their personal information end up disclosing it is one of the goals of state laws governing data breach notification.

Lee claims that failing to bring about increases puts them at greater risk. This is particularly in an era where data breaches are now expected.

They may determine “whether it’s something they need to act immediately to defend oneself, or it’s a matter that can wait a day or two, or perhaps they will not need to do much at all” by being provided with such information he claims.

“It’s a very, very worrying trend without that kind of information is disclosed in these data breach reports. No one understands what to do, and that increases risk.”