Personal data breaches affected 70% fewer subjects in 2023 than the year before, Lietuvos respublikos vyriausybe – the State Data Protection Inspectorate (SDPI) in Lithuania reports.
Going against the worldwide trend, SDPI received a 16.5% fewer notifications on breaches during the year, with 254 notifications compared to 304 in 2022.
The total amount of affected subjects fell from 1,955,382 in 2022 to 571,833 – a decrease of more than 70%. It is worth noting here that ‘subject’ refers to a consumer account, not to an individual person. The data of one person can feature in in more than one data breach, and one person can hold a number of consumer accounts.
Of all the received notifications of breaches in 2023:
- 76% were breaches of confidentiality;
- 10% were attributed to integrity breaches;
- 10% were attributed to accessibility breaches; and
- 4% of the incidents were not deemed to be personal data breaches.
Reduction in cyber incidents
After analysing the notifications, the SDPI found that only 15% of the personal data breaches occurred due to cybernetic incidents such as data encoding, ransom demand, social engineering, phishing attacks and other. Which is also a decrease compared to 2022, where 35% of the breaches were due to cyber incidents. The rest, 85%, were found to be happening because of factors such as human error and IT systems’ disturbances.
“Having compared this with the previous year’s data, more personal data breaches occur through human error,” said the SDPI, pointing to the fact that this caused 72% of the breaches. In 2022, 60% happened through human error.
In total, of all the notifications SDPI received, 12 were aboutg data encoding and ransomware attacks. DDoS attacks were also noticed during the year.
Even though the cyber incidents have gone down, the SDPI says that it’s important to note that those events affected almost half (49%) of the affected subjects. This is still less than in 2022, where 82% of all affected subjects were connected to cybernetic events.
The authority highlighted the importance of “determining the reliability, reputation, country of origins of manufacturers of the software and hardware used or of the cloud services providers, as well as, the assessment of potential risks to the security of data become bigger”.