Data breaches declined globally at the beginning of 2023
One user account was leaked every second in Q1’2023
The latest study by cybersecurity company Surfshark shows that a total of 41.6M accounts were breached in Q1’2023, with Russia ranking first and amounting to a sixth of all breaches from January through March. The United States takes second place, while Taiwan appears in third place after extreme quarter-over-quarter growth, followed by France and Spain. A 49% decrease in breached users worldwide is seen compared to Q4’2022. However, the biggest QoQ spikes were seen in Asian countries: Taiwan, Saudi Arabia, and South Korea.
Global data from Surfshark’s data breach statistics update (Q1’2023) records 41.6M leaked accounts, with Russia being 1st in the world (6.6M), followed by the U.S. (5M), Taiwan (3.9M), France (3.2M), and Spain (3.2M). Taiwan saw the highest quarter-over-quarter increase (21x), placing its total of 4M leaked accounts 3rd in Q1’2023. The country had only placed 26th in Q4’2022’ with 191K breached users. Globally, data breaches declined, dropping to one user account leaked every second in Q1’2023.
“According to Surfshark’s study, data breaches declined globally in the first quarter of 2023 if we compare it to the previous one,” says Agneska Sablovskaja, Lead Researcher at Surfshark. “However, the fact that over 40 million accounts were breached in just a few months is still a cause for concern. Those whose data was compromised are at an increased risk of being targeted by cybercriminals as their personal information can be utilized for phishing attacks, fraud, identity theft, and other serious cybercrimes.”
Europe was the most affected region by breaches in Q1’2023, followed by Asia and North America
In Q1’2023, Europe was also the only region with a significant quarter-over-quarter increase in its statistics on data breaches. The number nearly doubled, growing from 9.9M in Q4’2022 to 17.5M in Q1’2023. To put this into perspective, 2 out of 5 accounts breached in Q1’2023 were of European origin, with 38% of these being Russian. Within the region, the biggest quarter-over-quarter spikes in data breaches were recorded in Czechia (almost 9x), Armenia (around 6x), and Switzerland (6x).
Asia was the second-most vulnerable region, accounting for around a fourth of the quarter’s breaches (10.6M). The three countries that saw the highest quarter-over-quarter increase overall were all Asian — Taiwan and Saudi Arabia both had around 20 times more leaked accounts in Q1’2023 than in Q4’2022, while South Korea saw its number increase 12 times.
An additional 13% of the accounts were North American (5.3M). All other regions comprised less than 5% of the quarter’s total. Out of all regions, Africa saw the greatest quarter-over-quarter decrease — a whopping 33 times, bringing its total of 18.6M leaked accounts in Q4’2022 down to 557.6K in Q1’2023.
Some of the biggest breaches by email count were Sberbank (Russia), with 2.9M accounts leaked, Weee! (United States) with 1.1M, and Zurich Insurance (Switzerland) with 756.7K.
The ten most breached countries of Q1’2023, in descending order, are Russia, the U.S., Taiwan, France, Spain, India, Czechia, South Korea, and Italy. The highest growth in user victims was spotted in Taiwan (21x), Saudi Arabia (19x), South Korea (12x), Czechia (9x), and Armenia (7x).
The data was collected by our independent partners from 29,000 publicly available databases and aggregated by email address. To determine the location of the email address, our partners’ mechanism looked into several associated parameters, such as domain names, IP addresses, locales, coordinates, currency or phone numbers. This data was then anonymized and passed on to Surfshark’s researchers to perform a statistical analysis of their findings.
The Data Breach World Map is updated every month with the most recent data from our independent partners. At the time of this particular study, the data analyzed was from April 1st, 2023. The numbers from October to December 2022 were compared with data aggregated from January to March 2023. Countries with a population of less than 1M people are not included in the analysis. For the full methodology, please refer to: https://surfshark.com/research/data-breach-monitoring/methodology