Data Breaches and Cyber Attacks in 2022: 480 Million Breached Records

Welcome to our review of security incidents for 2022, in which we take a closer look at the information gathered in our monthly lists of data breaches and cyber attacks.

Here, you’ll find an overview of the cyber security landscape in 2022, including the total number of publicly disclosed security incidents, the number of compromised records and the sectors most susceptible to data breaches.


IT Governance discovered 1,063 security incidents in 2022, which accounted for 480,014,323 breached records. That represents an 14.8% decrease in security incidents compared to 2021 (1,243).

Although that’s a positive development in terms of organisations’ fight against cyber crime and their ability to prevent data breaches, we must remain cautious. There was a significant dip in reported incidents in the first half of the year, before the figures increased again from July to December.

This demonstrates how the cyber security landscape continues to ebb and flow. Criminal hackers are always developing new techniques to outsmart defences, and as soon as organisations develop tools that are effective against one method of attack, criminals move on to something else.

It’s also worth noting the number of breached records is always an incomplete figure, because in most cases organisations doesn’t reveal this information.

This is either because they don’t know or aren’t compelled to make the information public. As such, the true number of breached records will be considerably higher.

How security incidents occurred

In compiling our monthly lists, we distinguish between breaches caused by an organisation’s employees (‘data breaches’) and those that result from criminal hacking (‘cyber attacks’).

We also give ransomware its own category, due in part to the frequency of attacks and to differentiate it from intrusions that may be harder to detect, such as password breaches.

Separating security incidents in this way reveals more about how they happen and who is to blame, as you can see in the chart below:

Cyber attacks were the most common type of security incident throughout the year. Throughout 2022, we found 611 cyber attacks, which represents 57% of all publicly disclosed incidents.

This is to be expected, given that it is the broadest category. It encompasses any technique that criminal hackers use to bypass security controls, although the majority of incidents involve phishing and malware.

Meanwhile, we discovered 255 ransomware attacks during the year (24% of all publicly disclosed incidents). This attack method was one of the most popular tools in cyber criminals’ arsenals throughout the past five years, with incidents spiking in 2021, a year that saw 401 publicly disclosed incidents.

At first glance, the latest figures indicate that organisations are now much better at fending off ransomware attacks. There is certainly a truth to that, with much more public awareness of ransomware and the strategies organisations can take to mitigate the risk.

However, beyond the numbers there is a more complex relationship between ransomware gangs and organisations. The year began with a continued decline in the number of successful attacks, as organisations gave greater emphasis to cyber security and data backups, which would allow them to repel attacks and avoid ransom negotiations.

However, as the above graph shows, attacks began to creep up again in Q3 and Q4. This again demonstrates the way that criminal hackers react to the cyber security environment. In this case, they found greater success in a technique that has been dubbed ‘double extortion’.

Traditional extortion attempts involve the primary intrusion, in which the victims’ systems are crippled, accompanied by a ransom demand in order to decrypt the compromised systems.

With double extortion attempts, crooks not only cripple organisations’ systems but also threaten to publish stolen data.

The victim can now not simply rebuff the ransom demand, because they risked customers’ personal data being leaked online. This would result in a much messier data breach, with added risks for victims and a PR disaster for the organisation.

If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the support you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

The final type of security incident that we categorise is ‘data breaches’, which refers to any security incident in which the organisation or one of its employees is primarily responsible for the leak.

This usually refers to human error, with common mistakes including databases being uploaded to the web without password protections or physical files being disposed of improperly.

In addition to this common cases, we also found 48 cases of current or former employees deliberately leaking sensitive data. These incidents usually occur for the same reason that anyone commits a crime: as an act of revenge (perhaps they have been fired or passed up for a promotion) or because they need money.

The biggest data breaches of 2022

It’s hard to know definitively how many personal records are compromised each year, because few publicly disclosed incidents contain this information. This is typically the case when the organisation doesn’t know or isn’t obliged to say.

However, where this information was revealed, we discovered 480,014,323 breached records.

With that in mind, 2022 was a year with uncharacteristically few major data breaches. We usually expect to see at dozens of incidents that result in tens of millions of leaked records, but they were fortunately few and far between.

The incidents that resulted in the highest number of breached records in 2022 were:

1. Neopets (69 million)

2. Shanghai COVID app (48.5 million)

3. Sriraj Hospital (38.9 million)

4. Indian Railway Catering and Tourism Corporation (30 million)

5. Unknown credit agency (28.5 million)

6. Pegasus Airlines (23 million)

7. Mangatoon (23 million)

8. Malaysian National Registration Department (22.5 million)

9. Super VPN/Gecko VPN (21 million)

10. Swachhta City Platforms (16.4 million)

Which sectors were most vulnerable?

The healthcare sector was the most vulnerable to cyber attacks and data breaches in 2022, with our research finding 213 publicly disclosed incidents. This represents one in five of all security incidents that we discovered during the year.

Another big contributor was the public sector (173 incidents), with local governments contributing to a the majority of these breaches.

Other significant contributors to 2022’s total were the technology (115), education (95), professional services (63) and retail (62) sectors.

Keeping your organisation secure

With 2022 now in the books, organisations must start to prepare for the challenges that await in the new year. Using the information collected here, you will have a good idea of the threats you must address and the trends to look out.

Whatever challenges you wish you address, IT Governance is here to help. That includes supporting those seeking Cyber Essentials certification or implementing an ISMS (information security management system).

We also have a selection of staff awareness e-learning coursesdocumentation toolkitssecurity testing solutions and consultancy packages to help organisations succeed no matter what challenges await.