View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Personal data breaches are falling – except in Russia

The number of people affected by personal data breaches fell 95% in the last year, but retaliatory attacks on Russia are growing.

By Claudia Glover

The number of people affected by personal data breaches fell by 95% over the last year, according to a tally by VPN provider Surfshark, as companies and governments invested in cybersecurity. Personal data breaches are on the increase in Russia, however, as hackers target the country in retaliation for its invasion of Ukraine.

The personal data, including passwords, credit card details and email addresses, of nearly 500m people was breached in the first quarter of 2021, according to Surfshark's analysis. In the latest quarter, the figure was just 18.2m.

Significant data breaches in the most recent period include a cyberattack on Hong Kong hotel chain Harbour Plaza in February, which exposed 1.2 million guests' personal data.

The number of UK residents affected by personal data breaches fell by 30% in the first quarter of this year, down to just under 300,000. The figure for the US dropped 47% to 2.5 million.

Personal data breaches in Russia: on the increase

In Russia, however, the number of affected people grew by 11% to 3.6 million.

This uptick reflects retaliatory attacks following the invasion of Ukraine, explains Etay Maor, senior director of security strategy at Cato networks. “With different groups, such as Anonymous and ransomware groups, individuals and government entities all taking aim at Russian organisations, it is not surprising to see these numbers go up."

Despite their connection to the war, most of these data breaches were not strategically significant, says Yelisey Boguslavskiy, head of research at security intelligence company Advintel.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

“In most of these leaks, many of which were not confirmed or denied by the Russian authorities, the data itself was not particularly valuable and contained information that could be found using Russian-language OSINT engines," he explains. "However, the number of leaks made Russia rise statistically on the scale of having more credentials exposed by hackers.”

By contrast, the number of Ukrainians affected by personal data breaches fell by 67% to just over 200,000. This indicates Russian hackers switching the more strategic attacks, Boguslavskiy argues.

"Cyber attacks against Ukraine were not aimed at credential or email exposure, but at compromising critical infrastructure and data denial," he says. "These attacks were more advanced and more destructive than simple [personal data] leaks, however, because they did not manifest themselves as credential exposure, they were not reflected in the observed trends."

Why are personal data breaches falling?

The falling number of people involved in data breaches reflects investment in cybersecurity by governments and businesses, says Amy DeCarlo, a principle analyst at business intelligence firm GlobalData. “Many countries have more effectively prepared their defences over the last two quarters," she says. "Cybersecurity has become an important investment priority."

Geopolitical leaders and global corporations have also made cybersecurity a priority, adds Rajesh Muru, principle analyst in cybersecurity at GlobalData.

“Counter attacks by UK and Western outfits are a key focus and resource on stepping up cybersecurity across Ukraine and US," he says. And "companies like Microsoft blocking or taking down source domains of known state-backed hacking outfits would play a role.”

Read more: Greencore case highlights risk of employee data breach claims

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU