Ten years of data breaches cost US over $1.5 trillion

real-time bidding

New data has painted a damning picture of the price of poor data privacy in modern America.

Ten years’ worth of information collated by public sources in the US puts the financial damage incurred by data breach incidents since 2008 at around $1.6 trillion.

The period saw an unprecedented level of data record exposure, coming from around 9,700 data breach incidents. Over 10.7 billion items of data being compromised equals out to an average cost of around $148 per record for the ten years in question.

The research is based solely on information submitted for publication by state-centred sources and in media reports, and is likely to be conservative in nature. Data breach disclosure obligations vary from state to state in the US. Indeed, in some areas, companies are not even required to notify the individuals to whom exposed data belongs.

Researchers at Comparitech put the findings together, studying each state to identify areas worst affected by data breaches. The dataset includes both the events and the number of records compromised per data breach incident.

Those closest to the study have reiterated the likelihood that the actual numbers are probably higher in reality, because breach reports sometimes neglect to give detail on the number of records exposed.

Further data may be “unknown or below the threshold imposed by the state”, the researchers said.

For example, a phishing attack that hit the Department of Human Services (DHS) in Oregon in January of this year affected information belonging to around 645,000 data subjects. While the cyber-attack was disclosed in March, the actual number of victims could not be established until some weeks later.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.