The U.S. became the most data breached country globally in 2023. Previously, in 2022, the US ranked 3rd, after Russia and China. This is according to a new study from Surfshark, drawing on global trends.
The review finds that the U.S. had 97 million leaked accounts in 2023, which translates to 3 leaked accounts per second. The nation experienced more than triple growth in breached accounts, while the global trends show a general decrease of 20 percent. At the same time, the number of breached accounts in the U.S. grew significantly (over 200 percent).
A data breach happens when confidential and sensitive data gets exposed to unauthorized third parties. In this study, we treat every breached or leaked email address used to register for online services as a separate user account, which may have been leaked with additional information, such as password, phone number, IP address, zip code, and more.
To put the data issues affecting the U.S. in context, globally 300 million accounts were breached in 2023, out of which a third were of U.S. origin. The U.S. is followed by Russia (78.4 million), France (10.5 million), Spain (7.8 million), and India (5.3 million).
At the supranational level, North America was the second most affected region by breaches in 2023. Europe took the lead, while Asia was the third most breached region. All other regions comprised less than 5 percent of the quarter’s total.
The U.S. also claims the unenviable statistic of holding the second highest position when it comes to breach density (number of leaked accounts per 1,000 residents). The countries with the highest breach density: Russia, the US, Czechia, Taiwan, and Spain.
Looking at these patterns for Digital Journal is Aleksandr Valentij, who is the Cyber Security Lead at Surfshark.
In terms of assessment, Valentij describes the challenges businesses face in seeking to redress cyberattacks: “Defending against data leaks involves crucial steps, such as encrypting sensitive data, implementing thorough monitoring, and building a cybersecurity-aware culture.”
In terms of seeking effective remediation, Valentij recommends: “Organizations should incorporate automated provisioning of user access, using RBAC (role-based access control), enforcing multi-factor authentication, and conducting regular external and internal configuration audits, including penetration testing.”
As a further measure, the expert recommends: “Additionally, adhering to data protection regulations, ensuring proper storage practices, and limiting the collection of unnecessary information are key components of a resilient defense against malicious actors.”