Data Breaches and Cyber Attacks in the USA in October 2023 – 17,527,078 Records Breached

IT Governance USA’s research has discovered the following for the USA in October 2023:

  • 57 publicly disclosed security incidents (50% of all incidents globally)
  • 17,527,078 records known to be breached

Considering the size of these figures, we’re publishing a special report, focusing on U.S. data breaches and cyber attacks in October 2023.

Free download: Data Breach Dashboard

For a one-page overview of this special report’s key findings, check out our Data Breach Dashboard:

This blog provides analysis of the same data that we’ve collected. The dashboard, and our data, will be available to download soon – we’ll add it to this page, so be sure to bookmark it.

High-level overview

Of those 57 incidents in the USA (and 114 incidents globally), we know the following:

Incident cause/type

 Unpatched or misconfiguredRansomware

U.S. organizations seem disproportionately hit by ransomware, particularly in the health care sector: 55% of all incidents in American health care this month were ransomware attacks. This is in line with recent reports on ransomware gangs targeting the U.S. health sector more.

Meanwhile, U.S. organizations performed relatively well in terms of patching and configuration management compared to the global benchmark.

However, for both attack types, bear in mind that this data only accounts for one month – October 2023. We’ll continue to monitor this data to find out whether this is part of a longer-term pattern.

Data exfiltration

 Data exfiltration?

Note 1: ‘No’ means that either no records were breached, or that the breach didn’t involve a criminal.
Note 2: The global numbers add up to 101% due to rounding.

Our findings show that the USA was disproportionately targeted with data exfiltration attacks. This is the case regardless of whether you isolate the incidents where we know that data was exfiltrated, or combine the ‘Yes’ and ‘Unknown’ groups – at least, in October 2023.

This is another thing we’ll continue to monitor to see whether this is a longer-term pattern.

Records breached

 Specific number of breach records reportedData exfiltrated, but no specific numbers

Note: ‘Specific number reported’ includes security incidents with 0 records breached.

On this data point, organizations in the USA have performed nearly the same as organizations globally.

However, considering the various breach notification laws at state level, under which organizations are expected to report the number of individuals affected, we’d been expecting better performance from the USA. It’s possible that those laws are the reason the USA performed better than the global benchmark in this month on notification – more on that below.


58% of breached USA organizations reported taking remedial action – roughly in line with the 61% we found globally over the same period.

Remediation typically included conducting a forensic analysis to establish exactly what happened (often by engaging a third-party specialist). It usually also involved temporarily taking down systems to limit the impact of the security breach.


 Notified regulatorNotified affected individuals

Our research has found that USA organizations are more likely to notify both a regulator and affected individuals of data breaches and cyber attacks.

Do note, however, that our research is based on the information we can find in the public domain. It’s possible that due to U.S. breach notification laws, it’s more likely that incidents are reported – particularly to regulators, but also to affected individuals – than in other countries. Equally, this could be the product of the type of information our sources tend to provide.

Again, this is something we’ll continue to monitor. We’ll also provide a future breakdown of this data by organization location, once we’ve collected more data.

Top 5 biggest breaches

#Organization nameKnown number of records breached
1McLaren Health Care6,000,000
2MCH (Morrison Community Hospital)5,000,000
3MNGI Digestive Health2,000,001
4Flagstar Bank837,390
5District of Columbia Board of Elections600,001

Note: Where ‘around,’ ‘about,’ etc. is reported, we record the rounded number. Where ‘more than,’ ‘at least,’ etc. is reported, we record the rounded number plus one. Where ‘up to,’ etc. is reported, we record the rounded number minus one.

Sector overview

Most-breached sectors (by number of incidents)

1Health care2035%
3 (tie)Education712%
3 (tie)Non-profit and public712%
6Finance and insurance35%
7Media and telecoms00%

Note: The percentages add up to 99% due to rounding.

Most-breached sectors (by number of records)

#SectorKnown number of records breached
1Health care14,298,846
2Public and non-profit1,661,001
3Finance and insurance837,390
6 (tie)Legal0
6 (tie)Media and telecoms0