Global data breach statistics: 2023 recap
February 2024 by Surfshark
As we dive into the new year, let’s look at the 2023 data breach trends and discuss the statistics. We will break down which countries faced the most data breaches and uncover some of the most significant breaches in 2023.
Analyzing the statistics on data breaches, we found that in the past year, the number of breached accounts decreased by 18%, from 366.7M to 299.8M, indicating a slight improvement compared to 2022.
While the number of data breaches has decreased globally, some countries experienced an increase. In 2023, the top 5 countries ranked by the number of breached accounts have changed significantly from 2022.¹ However, the US, Russia, and France have remained in the top 5 throughout the year, while all other rankings have changed.
While some changes were expected, we noticed extreme shifts in breach rankings between 2022 and 2023. For instance, China dropped from second place in 2022 to 12th place in 2023, and South Sudan experienced a more significant shift and dropped from 5th to 24th.
In the US, for example, the number of breaches increased from 30.9M to 96.7M, more than tripling the previous year’s figure. Such an increase means that American accounts are just under a third of all breached accounts in 2023.
In 2022, Russia experienced the highest number of breaches. However, in 2023, the number of breaches decreased by 27% from 107.7M to 78.4M, causing Russia to drop to 2nd place. Despite the decrease, Russia still holds over a quarter of all breached accounts in 2023.
In 2023, France had the third-highest number of breached accounts, with 10.5M accounts compromised. Though the number of breached accounts decreased by 49% from the previous year (down from 20.6M), France moved up a ranking from 4th place in 2022.
In 2023, Spain had a higher number of breached accounts, with 7.8M accounts compromised, which is an 86% increase from the previous year’s 4.2M. As a result, Spain’s ranking has risen from 10th to 4th regarding the number of breached accounts compared to other countries.
India experienced a significant decrease in the number of breached accounts, similar to Russia and France. However, it also underwent a rise in rank relative to other countries. The number of breached accounts dropped by 56%, from 12.3M in 2022 to 5.3M in 2023. With these changes, India went from 7th in 2022 to 5th in 2023 in the global ranking.
Which regions were affected the most in 2023?
Europe remained the most breached region in 2023 despite a 27% reduction in the number of accounts breached since 2022. The region experienced 116.6M breaches in 2023 (down from 160M in the previous year), accounting for 44% of all accounts breached in 2023.
North America is a close second regarding how many accounts were affected by data breaches in 2023. Breached accounts increased from 34.7M in 2022 to 101.7M in 2023, which is 3 times more. As a result, North America moved from being ranked 3rd in 2022 to 2nd in 2023, overtaking Asia. Also, North America is the only region to experience an increase in 2023².
Asia experienced the second most significant drop in the number of accounts breached, ranking 3rd in 2023 with 26.3M accounts affected, compared to 83.6M accounts in 2022. Despite this drop, breached accounts in Asia still account for 9% of the total 297.6M breaches in 2023.
In 2023, South America had 6.9M breached accounts, making it the 4th most breached region. This changed from 2022, when it was ranked 5th with 17.5M breached accounts. Despite the year-over-year 61% decrease in breached accounts, South America still accounts for 2% of all breaches in 2023.
Oceania ranked 5th by the number of breaches, but the number of accounts breached decreased by 13% from 5M in 2022 to 4.4M in 2023.
On the other hand, Africa showed a significant improvement in the number of accounts affected by data breaches in 2023, with only 3M accounts compared to 25M in 2022, an eight-fold decrease. This improvement moved the region to the 6th position from 4th in the previous year.
Top countries by breach density in 2023
Breach density is calculated by dividing a country’s total number of breaches by its population. This metric helps us understand the likelihood of experiencing a data breach in various countries, even if two countries have the same number of compromised accounts. For example, a country with a smaller population may not be high up when it comes to the total breach count but may have a higher breach density, indicating that its residents are more likely to experience a data breach.
In 2023, Russia had a higher density of data breaches than the US, with 542 accounts per 1,000 residents compared to the US’s 285. Despite American accounts making up 32% of all breached accounts, the average American was less likely to have been affected by a data breach than a Russian resident.
With such a high density, Russia is ranked first, while the US is second by how many accounts per resident were affected by breaches in 2023. In the previous year, the breach density in the US was much lower at 91 accounts per 1,000 people, while Russia had a notably higher density at 744.
Taiwan and Czechia are among the smaller states that have been highly affected by data breaches. Regarding the number of breached accounts, Taiwan is ranked 6th, and Czechia is ranked 13th.
However, when analyzed based on breach density in 2023, these states come in much higher. Czechia comes in 3rd place, with 207 accounts breached per 1,000 residents, while Taiwan is ranked 4th with 169 affected accounts per 1,000 people. In the previous year, Czechia had a density of 105 and Taiwan 169, which indicates that people in these countries are more likely to notice the impact of data breaches on their privacy and security in 2023 than in the previous year.
Spain ranked 5th by breach density in 2023, with 164 accounts per 1,000 people. This is a significant increase from 2022 when the density was 88.
South Sudan, on the other hand, experienced a notable improvement in breach density. In 2022, the country had 1,760 accounts per 1,000 people, but by 2023, the density dropped to 80 accounts per 1,000 residents.
Biggest breaches of 2023
Note: To quantify the impact of data breaches, we count the number of unique email addresses affected by a cyber incident. This approach provides a consistent way of identifying and understanding the breach’s impact, but it may not align with other sources’ reported figures. This is because we only consider exposed email addresses rather than all the accounts affected by the breach.
In 2023, LinkedIn had the biggest instance of people’s personal details being made available for nefarious actors, with almost 11.5M emails leaked due to the scraping of publicly available information. Although it was not a data breach per se, the platform facilitated the aggregation of personally identifiable information that could be used for phishing attacks, spam, or brute-force password hacking attempts. Surfshark’s researchers discovered that out of the leaked accounts, 1.6M were American, 1.1M were French, and 700K were British.
Four Russian platforms, Chitai-gorod, Book24, Gloria Jeans, and SberSpasibo, experienced the 2nd through 5th biggest data breaches. These breaches exposed over 20.2M email accounts, of which 19.9M were Russian. Ukraine had the 2nd highest number of affected accounts, with 34K, while 22K were American.
In January, Duolingo had a data breach, resulting in the leak of 2.7M email addresses, ranking it the 6th on the list. Nearly 1M of these emails belonged to Americans, 170K to South Sudanese, and 120K to Spaniards.³
Another major data leak was on chess.com, where the scraped data of almost 1.3M people ended up on hacker forums. Of these, 470K were American, 76K were French, 75K were British, and 66K were Indian.
Stay alert in the face of declining breaches
Although data breaches have decreased from 2022 to 2023, it’s still important to remain vigilant. Millions of private records are still being stolen and leaked worldwide every day. Discover how to avoid data spill and safeguard your data by practicing smart online habits⁴:
Create strong and unique passwords
Enable two-factor authentication on all your accounts
Avoid spam emails — don’t click on any links in suspicious emails and report them
Stay alert, protect yourself, and ensure your data remains safe.
Methodology and sources
We looked into global data breaches that occurred in 2023.
We excluded countries with a population lower than 1M from the rankings as they tend to be outliers in global distribution per population metrics due to their small population numbers. This exclusion does not significantly impact global statistics as these countries and territories account for less than 1% of the worldwide population.
To collect the data, our independent partners aggregated data by email addresses from 29,000 publicly available databases. They then anonymized the data and passed it on to Surfshark’s researchers for statistical analysis of their findings.
For timeline accuracy, our independent partners recorded the actual time of the breach instead of when it first became public. Therefore, past numbers may change as new cases are reported.
Definitions:
Data breach — an event when an intruder copies and leaks user data such as names, surnames, email addresses, passwords, etc.;
Breach count/breaches — every breached or leaked email address is counted as a separate account/user/breach;
Breach density — breach count of a country per its population.
Data was collected from:
Surfshark (2023). Global data breach stats
References:
¹ Surfshark (2023). Data breach statistics 2021 vs. 2022
² Surfshark (2023). Data breach statistics of Q2 2023
³ Surfshark (2023). Duolingo data leak
⁴ Surfshark (2022). What is a data leak and what can you do about it?
Note: In this study, we treat every breached or leaked email address used to register for online services as a separate user account. We count each one as a breach.
Trends in data breach statistics: 2023 vs. 2022
Note: The number of breached accounts may change as more breaches have been identified since our last report.