IT Governance USA’s research has discovered the following for the USA in October 2023:
- 57 publicly disclosed security incidents (50% of all incidents globally)
- 17,527,078 records known to be breached
Considering the size of these figures, we’re publishing a special report, focusing on U.S. data breaches and cyber attacks in October 2023.
Free download: Data Breach Dashboard
For a one-page overview of this special report’s key findings, check out our Data Breach Dashboard:
This blog provides analysis of the same data that we’ve collected. The dashboard, and our data, will be available to download soon – we’ll add it to this page, so be sure to bookmark it.
High-level overview
Of those 57 incidents in the USA (and 114 incidents globally), we know the following:
Incident cause/type
| Unpatched or misconfigured | Ransomware | |
| USA | 12% | 40% |
| Global | 32% | 21% |
U.S. organizations seem disproportionately hit by ransomware, particularly in the health care sector: 55% of all incidents in American health care this month were ransomware attacks. This is in line with recent reports on ransomware gangs targeting the U.S. health sector more.
Meanwhile, U.S. organizations performed relatively well in terms of patching and configuration management compared to the global benchmark.
However, for both attack types, bear in mind that this data only accounts for one month – October 2023. We’ll continue to monitor this data to find out whether this is part of a longer-term pattern.
Data exfiltration
| Data exfiltration? | |||
| Yes | Unknown | No | |
| USA | 67% | 28% | 5% |
| Global | 53% | 30% | 18% |
Note 1: ‘No’ means that either no records were breached, or that the breach didn’t involve a criminal.
Note 2: The global numbers add up to 101% due to rounding.
Our findings show that the USA was disproportionately targeted with data exfiltration attacks. This is the case regardless of whether you isolate the incidents where we know that data was exfiltrated, or combine the ‘Yes’ and ‘Unknown’ groups – at least, in October 2023.
This is another thing we’ll continue to monitor to see whether this is a longer-term pattern.
Records breached
| Specific number of breach records reported | Data exfiltrated, but no specific numbers | |
| USA | 53% | 19% |
| Global | 53% | 18% |
Note: ‘Specific number reported’ includes security incidents with 0 records breached.
On this data point, organizations in the USA have performed nearly the same as organizations globally.
However, considering the various breach notification laws at state level, under which organizations are expected to report the number of individuals affected, we’d been expecting better performance from the USA. It’s possible that those laws are the reason the USA performed better than the global benchmark in this month on notification – more on that below.
Remediation
58% of breached USA organizations reported taking remedial action – roughly in line with the 61% we found globally over the same period.
Remediation typically included conducting a forensic analysis to establish exactly what happened (often by engaging a third-party specialist). It usually also involved temporarily taking down systems to limit the impact of the security breach.
Notification
| Notified regulator | Notified affected individuals | |
| USA | 77% | 67% |
| Global | 49% | 53% |
Our research has found that USA organizations are more likely to notify both a regulator and affected individuals of data breaches and cyber attacks.
Do note, however, that our research is based on the information we can find in the public domain. It’s possible that due to U.S. breach notification laws, it’s more likely that incidents are reported – particularly to regulators, but also to affected individuals – than in other countries. Equally, this could be the product of the type of information our sources tend to provide.
Again, this is something we’ll continue to monitor. We’ll also provide a future breakdown of this data by organization location, once we’ve collected more data.
Top 5 biggest breaches
| # | Organization name | Known number of records breached |
| 1 | McLaren Health Care | 6,000,000 |
| 2 | MCH (Morrison Community Hospital) | 5,000,000 |
| 3 | MNGI Digestive Health | 2,000,001 |
| 4 | Flagstar Bank | 837,390 |
| 5 | District of Columbia Board of Elections | 600,001 |
Note: Where ‘around,’ ‘about,’ etc. is reported, we record the rounded number. Where ‘more than,’ ‘at least,’ etc. is reported, we record the rounded number plus one. Where ‘up to,’ etc. is reported, we record the rounded number minus one.
Sector overview
Most-breached sectors (by number of incidents)
| # | Sector | Incidents | |
| 1 | Health care | 20 | 35% |
| 2 | Other | 16 | 28% |
| 3 (tie) | Education | 7 | 12% |
| 3 (tie) | Non-profit and public | 7 | 12% |
| 5 | Legal | 4 | 7% |
| 6 | Finance and insurance | 3 | 5% |
| 7 | Media and telecoms | 0 | 0% |
Note: The percentages add up to 99% due to rounding.
Most-breached sectors (by number of records)
| # | Sector | Known number of records breached |
| 1 | Health care | 14,298,846 |
| 2 | Public and non-profit | 1,661,001 |
| 3 | Finance and insurance | 837,390 |
| 4 | Education | 469,919 |
| 5 | Other | 259,922 |
| 6 (tie) | Legal | 0 |
| 6 (tie) | Media and telecoms | 0 |
