Since 2014, the US government has suffered 822 breaches affecting nearly 175 million records. Based on the average cost per breached record (as reported by IBM each year), Comparitech estimate these breaches have cost government entities over $26 billion from 2014 to October 2022.
In 2018 and 2019, the number of government breaches hit an all-time high with 116 and 118 breaches respectively. In 2020, breaches decreased to 107 before increasing again to 116 in 2021. So far this year, there have been 61 data breaches affecting 2.9 million people.
The amount of records affected during these data breaches has reduced significantly in the last few years. 2018 saw a colossal 83 million breached records. They mainly stemmed from one breach on the US Postal Service, affecting 60 million records. In 2019, this figure dropped to 1.4 million before hovering around the 3 million mark for the next three years.
Over the last four years, the average number of records involved per government data breach has increased. From 17,400 in 2019 to 42,097 in 2020 and 40,440 in 2021, the average number of records affected per breach in 2022 currently stands at 71,534. While the frequency of attacks may have declined, the impact of individual attacks has increased. The true extent of breaches often isn’t felt for months, if not years, so the average number of records affected per breach for this year could increase even further yet
Key findings include:
From 2014 to October 2022:
- 822 government entities suffered data breaches
- 174,963,934 records were affected because of these breaches
- The cost of these affected records was $26 billion
- 2019 was the biggest year for breaches with 118 in total, followed closely by 2018 and 2021–both with 116
- 2018 had the highest number of records affected– 83,293,815 in total
- California had the most breaches overall (108) and the District of Columbia had the highest number of records affected overall (91.2 million). DC’s vast number of affected records stems from many government offices being based here
- The most common type of breach was hacking with 256 breaches. Those involving inadvertent disclosure were the second-largest breach type with 192 breaches
- Cities/towns were the most-affected government entity type from 2019 to Oct 2022 with 124 breached, while counties were breached 56 times during the same time period
From the start of 2014 to October 2022, data breaches have approximately cost US government organisations over $26 billion.
While this figure sounds relatively high for these 822 data breaches, the true costs are likely much higher. This is not just because of all of the other costs involved in a data breach (e.g. recovery costs and ransom payments) but because some figures are unavailable for the number of records involved in these breaches.