ForgeRock 2022 Consumer Identity Breach Report Finds 297% Increase in Supply Chain and Third-Party Supplier Breaches

ForgeRock®, a global digital identity leader, announced today findings from its 2022 Consumer Identity Breach Report, revealing an unprecedented 297% surge in breaches caused primarily by security issues associated with supply chain and third-party suppliers and representing almost 25% of all breaches. The report also found unauthorised access was the leading cause of breaches for the fourth consecutive year, steadily increasing to account for 50% of all records compromised during 2021. 
 
The report underscores the fact that cybercriminals continue to find new methods of attack across industries and geographies. The cost of breaches also continues to grow. In the U.S. alone, the price of remediation from a breach has climbed annually, more than doubling since 2018. 
 
“This is no time for security teams to let their guard down as cybercriminals are getting even more bold in how they score their next payday,” said Fran Rosch, CEO, ForgeRock. “Exploits that target people’s usernames and passwords to break into organisations are becoming more sophisticated. Now more than ever, companies need to adopt digital identity and access management solutions that strengthen their security posture without compromising the user experience.” 
 
ForgeRock also discovered that 60% of all records breached in 2021 included either Social Security Numbers, dates of birth, or both – nearly doubling since last year. The report found that as ecommerce sites and applications increasingly strive for an effortless user experience to differentiate from the competition, they often omit security features. When massive amounts of personal data are poorly protected, this leads to creating the perfect conditions for breaches and subsequent fraud.
 
Other key U.S. findings from this year’s report include:

• Breaches involving usernames and passwords increased by 35% during 2021, accounting for more than 2 billion records compromised.
• Healthcare was the most targeted industry for the third year in a row. 
• The average cost of a breach in the U.S. is $9.5 million, up 16% from one year ago.
• The percentage of records breached containing Social Security Number, date of birth, or both, nearly doubled in 2021.
• The cost of a retail breach jumped to $3.27 million last year, a 63% increase.

In addition to U.S. data breaches, ForgeRock’s Consumer Identity Breach Report also highlights attacks in other regions, including the United Kingdom, Germany, Australia, and Singapore.
 
To see the full breach report, or learn more about ForgeRock, visit www.forgerock.com.