Data breach statistics 2021 vs. 2022

With the new year in full swing, it’s time to look back at and compare 2021 and 2022 cybersecurity statistics. This article will give a high-level overview of which countries suffered the most data breaches and summarize last year’s most costly occurrences.

A quick 2022 data breaches overview, compared to 2021

  • A total of 310,855,487 accounts were leaked in 2022 – a third of the 959,327,963 occurrences seen in 2021.
  • Year-over-year breach rates were 67.6% lower in 2022 than in 2021. Moreover, 10 accounts were leaked every second last year, as opposed to 30 accounts in 2021.
  • The five countries with the most significant data leaks in 2022 were Russia, China, the US, France, and Indonesia
  • In addition to the highest breach rate, Russia had the highest breach density, where 718 accounts were leaked per 1k people.

Global trends in data breach statistics 2021 vs. 2022

Here is a brief roundup of countries that suffered the most from data breaches in 2022.

Looking back at 2022, we see a total of 310.9M leaked accounts, compared to a significantly higher 959.3M recorded in 2021. The pattern seems promising because leaked accounts in 2022 comprised only a third of the total in 2021.

Year-over-year, the global breach rate was 67.6% lower in 2022 than in 2021. Moreover, whereas 30 accounts were leaked every second in 2021, only 10 were leaked per second in 2022. 

Regarding the distribution per population, 40 accounts were leaked per 1k people globally in 2022, as opposed to 123 per 1k people in 2021.  

Top countries by breach count in 2022

We’ll now unpack the countries with the most data breaches in 2022. Note that the top five most-breached countries account for nearly two-thirds (63.5%) of all leaked accounts.

While 4th in 2021, Russia now ranks 1st with a third of all account leaks in 2022. Moreover, 104.8M Russian accounts were leaked in 2022 – a three-fold increase from the 36M seen in 2021.

A third of Russian account breaches came from two companies 

Last year’s two most significant data leaks for Russian companies occurred in March 2022, where multi-national courier service CDEK and news portal NGS.ru had around 19M emails breached (per company) and leaked to the public. This, in turn, accounted for a little over a third (35.6%) of all 2022 Russian breaches. 

The third-largest Russian breach was of Gemotest, a medical laboratory network, which exposed around 6M accounts and accounted for 6% of total Russian breaches in 2022.

Chinese company Hjedd suffered a major setback

China went up from 7th in 2021 to 2nd position in 2022, as the total breach count increased by 45.2% last year.

In June 2022, a breach of a Chinese adult content site Hjedd resulted in around 11M accounts being leaked. This accounted for around a third of all Chinese accounts leaked in 2022.

The BidenCash breach took the largest amount of US email accounts

The US was the most-breached country in 2021, with 209.8M leaked accounts, but saw a decrease of nearly nine times and placed 3rd in 2022 with 23.5M leaked accounts.

The most noteworthy case of an American data breach was that of the popular dark web carding site, BidenCash, which in January 2022 had around 2.3M American accounts leaked, totaling 10% of US breaches from that year. 

Defunct French content provider hit hard by leaked accounts

Meanwhile, France missed the top five most breached countries in 2021 and came in 6th with 25.7M leaked accounts. In 2022 France moved to 4th position, despite a 21.6% decrease in leaked accounts year-over-year.

Around 18% (or 3.6M) of leaked French accounts were attributed to the August breach of Wakanim, the now-defunct streaming service specializing in Japanese anime series.

Telecomms giant recorded the most breached email accounts 

Indonesia placed 23rd in 2021 with just under 4M leaked accounts. However, in 2022 the country saw the single largest year-over-year increase of nearly four times, placing it 5th with close to 15M leaked accounts in 2022.

A staggering 85.7% of these account breaches can be attributed to IndiHome, an Indonesian telecommunications company, which leaked 12.6M accounts.

Notable year-over-year improvements in data breach numbers

Three other countries, namely Iran, India, and Brazil, were in the top five most-breached countries of 2021 but dropped down the list in 2022. All three countries saw significant year-over-year decreases in leaked accounts. 

Brazil saw a decrease of nearly four times, moving from 33M in 2021 to 8.7M in 2022, while India saw an even greater decrease of almost 17 times, moving from 78.6M in 2021 to 4.7M in 2022

Finally, Iran’s total breach count dropped drastically last year by 485 times, ranking it 43rd with 316k leaked accounts. Having placed 2nd in 2021, it was one of the most dramatic improvements of 2022.

Was your country heavily affected by data breaches in 2022? Check out this interactive world map to know for sure

Find the latest statistics here

Top countries by breach density

On average, 40 accounts were leaked per 1000 people worldwide in 2022. That said, some countries had a substantially higher data breach density, up to 18 times the global average. Below is a table of the 5 countries with the highest breach density in 2022.

Country
Breach density (breached accounts/1k people)
Breach density vs. global average, times
Russia
718
18x
France
309
8x
Portugal
193
5x
Australia
133
3x
Taiwan
121
3x

Top 5 countries that saw the biggest increase in leaked accounts

While the overall trend leans downward, some countries saw leaked accounts increase year-over-year by over 100% in some cases. For example, Indonesia had nearly four times more leaked accounts in 2022 than in 2021, while Russia and Sri Lanka saw their numbers increase around three times. 

Below are the top 5 countries most affected by year-over-year data breach spikes.

Country
Accounts breached in 2022
Accounts breached in 2021
YoY change in leaked accounts
Indonesia
14.7M
4M
269%
Sri Lanka
1,5M
496k
204%
Russia
104.8M
36M
191%
Uzbekistan
183k
106k
73%
China
34M
23.4M
45%

Remember that countries with a population of 1M or lower were omitted from the above list. However, it’s interesting to note that Iceland, a country with a population of less than 400K, saw one of the highest jumps overall, tripling its number of leaked accounts from 336k in 2021 to over 1M in 2022.

Regional analysis

While Europe saw a slight year-over-year decrease, it continued to lead in 2022 for the most leaked accounts. The region recorded 153.3M leaked accounts last year, more than any other continent. Asia followed with 74.2M, while North America recorded 26.6M.

European accounts made up half of the total breaches in 2022, with nearly 70% of them being leaked Russian accounts. Asia was the second-most vulnerable region, accounting for around a fourth of the year’s breaches. All other regions comprised less than 10% of total data breach statistics in 2021 vs. 2022. 

Region
Accounts breached in 2022
Accounts breached in 2021
YoY change, %
% of total accounts breached in 2022
Europe
153.3M
176.8M
-13%
49%
Asia
74.2M
324M
-77%
24%
North America
26.6M
232.4M
-89%
9%
South America
13.7M
52.3M
-74%
4%
Oceania
5M
15.3M
-67%
2%
Africa
3.8M
14.8M
-74%
1%
Antarctica
2.8k
16.8k
-83%
0%
Unknown
34.3M
143.7M
-76%
11%

While none of the regions saw year-over-year increases in breach count, Europe’s breaches decreased the least, by just 13%. Conversely, North America saw the most significant decrease of nearly nine times.

20 of the biggest breaches by email count in 2022

While data breaches impact the lives of millions of individuals around the world, it’s the corporate leaks that make the news. Below are 20 of the most significant data leaks that occurred in 2022. Remember that half of the targeted companies on this list were Russian.

How to prevent data breaches

Preventing data breaches, whether on a personal or company-wide level, can be easier with the right approach. It mainly comes down to a few best practices:

  • Create strong, unique, and complicated passwords, change them regularly, and use two-factor authentication for your accounts whenever possible;
  • Use an email alias like Alternative ID for online sign-ups;
  • Update your software frequently;
  • Use a safe, secure, and trustworthy VPN and an antivirus solution.

Luckily, such software-based solutions are available in one place: download Surfshark.

If you’d like to dive a little deeper, here are 8 proven ways to prevent data breaches in your company.

Stay vigilant despite the declining trend in data breaches

Data breach statistics for 2021 vs. 2022 are rather promising, and if the trend continues, we may see a further decline in total breaches per country continuing into 2023. 

That said, private information is stolen, leaked, and illegally distributed daily, both on a corporate and an individual level – and in the tens of millions globally. So, with this in mind, please stay vigilant, stay protected and keep your data safeguarded at all times.

People also ask

How many data breaches happened in 2022?

A total of 310,855,487 accounts were leaked in 2022 – significantly lower than the 959,327,963 occurrences seen in 2021.

Is the number of data breaches increasing?

When analyzing data breach statistics in 2021 vs. 2022, we see that data breaches decreased by 67.6% last year, totaling 310,855,487 compared to 959,327,963 cases in 2021. 

Methodology

We looked into data breach statistics globally that occurred between January to December of 2022 (inclusive) and compared the numbers to those from January to December 2021 (inclusive). The data was taken from Surfshark’s Global data breach statistics tool.

Countries with a population lower than 1M were excluded from the rankings as they are often outliers in global distribution per population metrics due to small population numbers.

Note: excluding countries and territories with a population of fewer than 1M does not significantly impact global statistics as they account for less than 1% of the worldwide population.

What is a data breach?

In information security, a data breach is an incident in which data held by some party – a person, a company, etc. – is accessed, viewed, or potentially stolen by unauthorized third parties. For example, a hacker accessing a database to steal secret plans would constitute a data breach. For our purposes, a data breach means that the intruder copied and leaked user data such as names, surnames, email addresses, passwords, etc.

How are users’ locations identified?

The data collected by our independent partners from breached databases that appear online is aggregated by data points that directly identify a user – more precisely, their email address.

For timeline accuracy, our independent partners record the actual time of the breach as opposed to when it first becomes public. Therefore, past numbers can change as new cases are reported.

Definitions

  • Breach count/breaches – number of leaked profiles, accounts, or email addresses.
  • Breach rate – breaches per period of time.
  • Breach density – breach count of a country per its population.

Complete research material can be found here.

Sources

Our independent partners collected user data from breached databases that appeared online.

These findings allowed us to sort through over 27,000 leaked databases and create approximately 5 billion data combinations. Our researchers then sorted these combinations based on specific data points, such as countries, and performed a statistical analysis of their findings.