Data Breaches Hit Lots More People in 2022

While the number of breaches reported last year was flat compared with 2021, the number of people caught up in them jumped.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
2 min read
An image of a lock on a computer screen.

An estimated 422.1 million people were caught up in reported breaches last year.


The number of data breaches reported last year didn't break 2021's record total, but the number of Americans caught up in them jumped by 42% compared with the year before, a new report says. 

According to the Identity Theft Resource Center's 2022 Data Breach Report on Wednesday, 1,802 data compromises were reported last year, just 60 reports shy of 2021's total.

For the first half of 2022, the number of reports significantly lagged 2021's totals, the group said, possibly as a result of the war in Ukraine and volatile cryptocurrency prices, before picking up in the second half of the year.

The vast majority of both years' compromises were classified as data breaches, though in a handful of cases data was exposed in some other way that didn't involve a breach of computer systems.

Meanwhile, the number of people affected by data breaches jumped about 40% to 422.1 million, boosted by the December report that the personal data of 221.1 million Twitter users had been found online, though it remains unclear whether that data was compromised through a new data breach or just collected from existing online databases.

The researchers also noted that the number of breaches listing a direct cause dropped last year. "Not specified" was the largest category of cyberattacks leading to a data breach in 2022, ahead of phishing and ransomware, they said. Just 34% of data breach notices included details about the victim and how the attack occurred

Eva Velasquez, the ITRC's president and CEO, noted that when data breach notifications are less detailed, researchers have less information to work with, hurting the ability of consumers, businesses and government organizations to make educated decisions about their data security risks and what they should do if they're affected by a compromise. 

"People are largely unable to protect themselves from the harmful effects of data compromises, fueling an epidemic – a 'scamdemic' – of identity fraud committed with compromised or stolen information," Velasquez said in a statement.