The Identity Theft Resource Center (ITRC) released its annual report on data breaches in 2023 [9], revealing a significant increase in incidents compared to the previous year [2] [6]. This report highlights the causes and impacts of these breaches, as well as the actions taken to address the issue.


In 2023, the ITRC reported a record number of data breaches in the US, with a total of 3,205 compromises. This represents a 78% increase from the previous year [1] [4], marking a new record [2] [8]. The surge in compromises can be attributed to supply chain attacks and zero-day exploits [1]. Industries such as Healthcare [3], Financial Services [2] [3] [4] [5] [7] [10], and Transportation reported double the number of compromises compared to 2022 [3] [4] [5] [7]. Cyberattacks were the main cause of breaches [2] [10], affecting various industries [10], with healthcare leading in total compromises [10], followed by financial services [10], professional services [10], and manufacturing [10]. Supply chain attacks have also been on the rise [3], impacting more organizations and victims [2] [3] [5]. The number of organizations impacted has increased by over 2,600% since 2018 [3], and the estimated number of victims has risen by 1,400% [3].

Despite the increase in compromises, the number of victims impacted by these breaches decreased by 16% to 353,027,892 [5]. The ITRC attributes this decline to a shift in focus by organized identity criminals towards specific information and identity-related fraud rather than mass attacks [5] [8].

The ITRC’s latest report also highlights that nearly 11% of all publicly traded companies experienced a compromise in 2023 [5]. These companies were responsible for a significant number of personal records exposed in data breaches [10], accounting for 1 in 10 incidents and 2 in 5 data compromise victims [10]. The Securities and Exchange Commission implemented new cyber incident reporting rules in 2023 [10], which are expected to result in more disclosures [10].

To address these issues, the report emphasizes the need for better regulatory frameworks [9], industry collaboration [9], and transparency in data breach notifications [9]. Experts suggest that consumers can protect themselves by raising awareness and taking steps to prevent identity theft and scams. The ITRC [3] [5] [6] [7] [9] [10], a nonprofit organization [9], offers assistance to those affected by data breaches or identity theft [9].

In response to the findings, the ITRC has introduced a new service called Breach Alert for Business (BA4B), which helps organizations verify vendors’ cybersecurity policies and performance [5].


The increase in data breaches and compromises in 2023 highlights the urgent need for improved cybersecurity measures. The decline in the number of victims impacted by these breaches suggests a shift in tactics by identity criminals. However, the impact on publicly traded companies and the exposure of personal records remain significant concerns. The implementation of new reporting rules by the Securities and Exchange Commission is expected to increase transparency and disclosure. Moving forward, it is crucial to establish better regulatory frameworks, foster industry collaboration [9], and promote transparency in data breach notifications [9]. Additionally, raising awareness and taking proactive measures to protect personal information can help mitigate the risks of identity theft and scams. The ITRC’s efforts [10], such as the introduction of the BA4B service, play a vital role in assisting organizations and individuals affected by data breaches.