$100 Million awarded Since 1994 6,000 Satisfied Clients
You're in the right
place. We can help.
free consultation

2022 Data Breach Trends and Statistics

Data Breach LetterOver the past several years, it’s been almost impossible to scroll through your news feed without learning about another data breach. Indeed, the number of data breaches reached an all-time high in 2021; up 68 percent from the previous year. And it appears that the 2022 numbers aren’t far behind. According to one recent study, there are about 68 records compromised every second; that’s almost six million pieces of information being leaked every day.

Of course, aside from being selective in the companies you provide your information to, there is nothing you can do to avoid a data breach. However, based on recent statistics, it is important that everyone familiarize themselves with the risks associated with data breaches, as well as how to mitigate them.

At the data breach law firm of Console & Associates, P.C., we provide guidance to victims of data breaches, helping them understand how to best protect themselves and, where appropriate, how to effectively bring a claim against a company for leaking their information. We offer free consultations to data breach victims, during which we will explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case.

Data breaches are on the rise.

What Are the Most Common Types of Data Breaches

When it comes to research-based information about data breaches and consumer privacy, the Identity Theft Resource Center (“ITRC”) is the gold standard. The ITRC is a non-profit organization that not only helps victims of a breach after-the-fact, but also educates all stakeholders, including corporations and lawmakers, on the best practices for identity theft and fraud detection, reduction, and mitigation.

Throughout the year, the ITRC releases reports discussing annual data breach statistics, current trends in cybercrime, and similar topics. According to the most recent publication from the ITRC, the following are the most common types of breaches.


Phishing is a type of cyberattack where a hacker tries to get an employee to voluntarily give them information enabling the hacker to access a company’s computer system. Email phishing attacks make up about a third of all cyberattacks in the United States. According to a study from 2021, employees in the United States receive 14 malicious emails per year on average. However, employees in certain industries, such as retail workers, receive more than four times that number. Perhaps the most shocking statistic about phishing attacks is that 86% of companies reported having at least one employee click a phishing link in 2021.

Phishing emails are designed to look official and may include the company’s logo in the email and may even come from an official-sounding email address. However, these emails are fraudulent. Once an employee provides information to the hacker, the hacker then uses it to either steal data from the company’s servers or install malware or ransomware on the company’s network.


A ransomware attack involves a hacker installing malicious software on a company’s computer network and then demanding the company pay a ransom. According to a 2021 ITRC report, ransomware attacks represent about a quarter of all cyberattacks.

Often, ransomware attacks are carried out in conjunction with an email phishing attack or by placing malicious code on the back end of a company’s website. The malicious software encrypts the data on the victim’s device, preventing them from logging in. Instead, when the victim tries to log in to their computer, they see a message from the hackers demanding they pay a ransom if they want to regain access to their computer.

One of the recent data breach trends involves hackers threatening to publish stolen data on the dark web if the ransom is not paid. This certainly adds to a company’s incentive to pay the ransom. However, the FBI discourages all companies from paying ransom for the same reason the government doesn’t negotiate with terrorists: doing so emboldens the attackers.


Malware, or malicious software, is the name given to any program that is designed to interrupt the way a computer system functions. About ten percent of all cyberattacks are classified as malware attacks.

Ransomware is one type of malware, but there are others. Other types of malware include viruses, worms, Trojan viruses, keyloggers, rootkits, spyware, and adware. Typically, hackers install malware on a company’s computer system through a phishing attack. There are a few ways hackers can do this, for example, by directing an employee to click on a malicious link or download a malicious file.

The Health Effects of Experiencing a Data Breach

“Between 26 to 29 percent of identify theft victims in 2021 had been victimized in the past…”
Data breaches are incredibly stressful. Whether it was your Social Security number, financial information or protected health information that was leaked, it’s incredibly worrisome to think of a total stranger—and possibly a criminal—in possession of your personal information. Recently, the ITRC released its most recent publication on the consumer impact of identity theft and cybercrime more generally. In this publication, the ITRC looked at the physical and psychological impact that identity had on victims. Below are some of the highlights:

  • Between 26 to 29 percent of identity theft victims in 2021 had been victimized in the past.
  • 37 percent of those who experienced identity theft in 2021 had not yet resolved the issue by September 2022.
  • 30 percent of identity theft victims in 2020 faced losses in excess of $10,000.
  • More than 80 percent of identity theft victims report being worried or anxious, and close to half report feeling depressed.
  • 68 percent of 2022 identity theft victims report experiencing physical problems related to the crimes committed against them. The most common physical problems were:
    • Sleep loss
    • Stress
    • Headaches
    • Changes in eating or drinking habits
    • New or recurring addictive behaviors
  • More than half of identity theft victims had challenges covering their immediate needs.

Of course, not every data breach leads to victims experiencing identity theft. However, it is important to remember that conducting identity theft is the very purpose of most cyberattacks. Hackers put a tremendous amount of effort into orchestrating these attacks and wouldn’t carry through with them if there wasn’t any upside. Thus, as soon as you receive a data breach letter in the mail, it is important that you start to take the necessary steps to protect yourself.

Can Consumers Affected by a Data Breach Bring a Lawsuit Against a Company?

Yes, under United States data breach laws, consumers who have their information leaked in a data breach may be able to pursue a legal claim against the company. However, the fact that a breach occurred does not automatically give rise to liability on the company’s part—you must first establish that the company’s negligence contributed to your information being compromised. Of course, companies don’t carry out these attacks—hackers do—but a company may be negligent in failing to maintain a robust data security system designed to deter and prevent cyberattacks.

Do You Need to Experience Identity Theft to Bring a Data Breach Lawsuit?

Not necessarily. Courts are currently split on how to handle situations where someone’s information is leaked, but they have not yet been the victim of identity theft. However, many courts are permitting these claims to proceed on the theory that, as a result of the company’s alleged negligence, data breach victims now face an increased future risk of identity theft. Of course, this is a complex analysis that is very dependent on the specifics of the breach. An experienced data breach lawyer can help victims of a breach determine their potential legal remedies and effectively pursue a claim against the responsible parties.

Are You Facing Increased Risk of Identity Theft in the Wake of a Data Breach?

No Fee PromiseAt the data breach law firm of Console & Associates, P.C., we actively track all new data breaches on behalf of consumers, helping them understand and pursue their legal remedies. Companies that negligently store your information leading up to a data breach can and should be held accountable for the harms you’ve experienced, as well as those you may face in the future. Data breach lawsuits can not only provide you with meaningful compensation for what you’ve been through but also encourage companies to be more careful in the future. If you’ve been affected by a data breach, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.

Free Case Evaluation Easy. Quick. Confidential. *Field Required
  • By submitting this form, you agree to receive SMS text communication regarding the legal matter you are contacting us about. We do not send marketing or recurring messages. Msg & data rates may apply. You may reply STOP at any time to stop receiving messages from our firm.