Data breaches and identity theft hit a record high in 2023. The same trend could continue this year, with several high-profile leaks hitting headlines in January. This includes the “mother of all leaks,” which affected platforms such as LinkedIn, Dropbox, and Twitter, as well as a database of COVID-19 checks records.
In the US, the number of knowledge breaches in 2023 increased by 78% year over year, reaching more than 3,200 incidents. The figure represents a new record, according to the Identity Theft Resource Center (ITRC), a nonprofit organization focused on victims of identity crimes.
“The scale of knowledge breaches in 2023 is staggering,” the organization writes in its recently released 2023 Annual Data Breach Report.
Among the most sensitive breaches are T-Mobile, which affected 37 million people, followed by Xfinity, PeopleConnect and Nationstar Mortgage. But while breaches have increased, the number of victims has decreased by 16% compared to 2022. The ITRC attributes this to a general trend of organized identity criminals focusing on express and identity-related data frauds rather than mass attacks.
The organization warns that businesses are under-reporting breaches or not reporting them at all. The lack of information is not only impacting consumers but also companies that are in danger of supply chain attacks.
“A single chain-of-origin attack can directly or indirectly affect hundreds, if not thousands, of companies that rely on the same supplier,” the report states. “Stricter reporting requirements can help warn other vulnerable organizations about the threat related to a similar attack. “
The organization’s call may find a sympathetic ear at the Federal Trade Commission, which will be hosting the Identity Theft Awareness Week starting on Monday, January 29.
In November 2023, the ITRC completed a review focused on identity verification, concluding that using facial verification and digital credentials is crucial to reducing the number of identity crimes.
In the year 2024, trends in breaches and knowledge leaks will continue to be observed.
Researchers uncovered as many as 26 billion leaked knowledge records on platforms such as LinkedIn, Twitter, Tencent, Dropbox, Adobe, Canva, and Telegram. The knowledge base of the leaked data measures 12 terathroughtes and is referenced through those who discovered it. as the “mother of all violations” (MOAB).
The discovery was made by researchers at Security Discovery and CyberNews last week. According to the team, the knowledge set typically comprises data from knowledge violations beyond, but also includes new data.
“The body of knowledge is incredibly dangerous, as malicious actors can simply exploit the aggregated knowledge for a wide diversity of attacks, adding identity theft, complicated phishing schemes, targeted cyberattacks, and unauthorized access to private and sensitive accounts,” they state.
The largest number of registrations, 1. 4 billion, came from Chinese instant messaging app Tencent QQ. The knowledge base also comprises knowledge from Weibo, MySpace, Deezer, AdultFriendFinder, VKontakte, and Daily Motion, as well as government organizations in the United States, Brazil, Germany, the Philippines, Turkey, and more.
An estimated 1. 3 million sets of COVID-19 records, including patient names, dates of birth, passport numbers, and more, were exposed in the Netherlands.
The database is owned by one of the nation’s largest COVID-19 testing advertising providers, CoronaLab, a subsidiary of Microbe.
The vaccine record leak is not unprecedented. In April 2023, Thai authorities ordered ISPs to block a website that threatened to disclose the personal information of 55 million Thai citizens, allegedly obtained from vaccine registration records. The website was run by a hacker named 9Near, who claimed he was holding on to data such as full names, birthdates, ID card numbers and phone numbers.
More blocks may be coming. In January, Thailand saw an increase in cyberattacks compared to 2023, with at least 14 significant knowledge breaches, according to cybersecurity firm Resecurity. A knowledge base posted on a dark web forum publishes the records of 160,000 Thais and includes photographs of other people with identities. documents, such as those commonly used to adapt biometric knowledge from selfie identity verification.
Cybersecurity | Document Verification | Facial Biometrics | Identity Theft Resource Center | Identity Verification
Read