Time to refresh our data on what countries suffer the most breaches online. Our independent partners collected loads of user data from breached databases that appeared online to give you a sense and scope of the current data breach situation worldwide. Researchers analyzed which countries had the most breached users in the first three months (Q1) of 2022 to bring you the latest data breach statistics by country.
A quick overview of Q1 2022 breaches:
- 58% fewer users were breached in Q1’2022 than in Q4’2021, with 18 million affected
- Russian users experienced a 11% growth in breaches quarter-over-quarter, with the biggest spike in March
- Poland rose to third place amidst nationwide phishing attacks and the Pegasus scandal
- February 2022 saw enormous increases of breaches in Hong Kong and Taiwan
- South Korea was among the top countries that greatly reduced their number of breaches
Global improvement in the data breach situation continues
So far, every second of 2022, two internet users have their data leaked – an improvement from the previous quarter. In the last quarter of 2021, six accounts were leaked per second.
Compared to Q4 2021, there was a 58% global decrease in breaches. To put that into real numbers, only 18,174,132 email accounts were breached in 2022’Q1. Whereas in the previous quarter there was a total of 43,169,912 breaches.
Some countries improved their standings while others saw massive spikes. Here is the breakdown of the top 20 countries and territories most affected by breaches in 2022 Q1:
Country & territory overview
Let’s explore some of the more interesting data breach statistics by country:
- The top 20 countries make up almost 70% of the total breached accounts in the first quarter of 2022, while the top 5 alone make up a grand total of 50%.
- With more than 3.5M internet users affected, Russia experienced the most breaches in Q1 2022. The war in Ukraine has likely influenced this situation as the hacker group Anonymous declared that it was targeting the country. Thus, the quarter-to-quarter breach number grew 11%, surpassing the usual “front runner” US. In fact, March was the outstanding month, resulting in 136% more breaches than February and 5 times more than in January.
- Users in Ukraine appeared in 67% fewer breaches than in the quarter before the invasion. It’s now 15th in the world – previously, during October – December 2021, Ukraine was the most breached country in Eastern Europe.
- The United States of America may still hold the #2 spot, but it continues to show a positive downward trend in data breaches for the second quarter in a row. The U.S. had almost 50% fewer affected users in Q1 2022 than in the last quarter (Q4 2021), with around 2.5M users breached.
- Poland shot up the chart due to a 514% spike in breaches this year, with a total of 961K users breached in the first quarter of 2022. In comparison, there were only 159K breaches in Q4 2021.
At the beginning of the year, Polish media reported a wave of telephone phishing attacks seeking to lure out credit card details. The fraudsters impersonated well-known people, state institutions and companies, and even targeted the daughter of the former head of the CBA. Around the same time, the Polish government admitted to purchasing the controversial Israeli Pegasus spyware to supposedly protect its citizens.
Countries with the highest jumps in breaches in 2022 Q1
Besides Russia and Poland, big spikes in breached users were spotted in Turkey (34%) and Australia (87%). The number of cases also shot through the roof in Hong Kong (946%) and Taiwan (295%) in February of 2022, resulting in almost 311K and 179K breach victims respectively.
While the exact origins of the breaches could not be traced, one case in Harbour Plaza Hotel Management Limited (Harbour Plaza) had lost over 1.2 million customers’ data in a cybersecurity attack in early February.
Despite overall high breach numbers, most countries showed major improvements compared to Q4 2021. South Korea saw the biggest percentage decrease of 92% among the other TOP20 countries. It improved its position from 3rd place to 20th in just three short months.
A quick recap of Q4 2021
Almost one billion emails were exposed in 2021, affecting nearly 1 out of 5 internet users. Q4 of last year has seen an 81% drop in exposed accounts (44.2 million) compared to Q3 (235.6 million).
The US topped the charts in exposed accounts back the last months of 2021 with 2 out of 100 American internet users affected. This was caused by multiple major breaches during the last three months of the year in large companies like Robinhood, Eskenazi, and GoDaddy.
Russia took second place in exposed users with the Moscow driver incident, followed by South Korea in third. The latter may have been influenced by the Reddoorz case. It was the largest data breach in Asia in Q4, affecting 5.9 million Singapore and Southeast Asian hotel customers from across the world.
The 2022 Q1 data breach statistics say “Stay vigilant”
The first quarter of 2022 has shown a continuous positive trend from the end of last year. However, while data breach rates may be declining globally, certain countries remain more affected than others. Additionally, cyberattacks have intensified across most of the world during the past months. Therefore, it’s important to remain vigilant and keep all your information and devices safe.
Data & methodology
What sources does the study use?
Our independent partners collected loads of user data from breached databases that appeared online.
This allowed us to sort through 27,000 leaked databases and create 5 billion combinations of data. Researchers could then sort those combinations based on specific data points, such as countries, and perform a statistical analysis of their findings.
We’ve looked into data breaches that occurred through January to March 2021 (Q1) and compared them with the numbers from November through December 2021 (Q4).
What is a data breach?
In information security, a data breach is an incident in which data held by some party – a person, a company, etc. – is accessed, viewed, and potentially stolen by unauthorized third parties. In layman’s terms, a standard movie hacker accessing a database to steal secret plans would be a data breach. For our purposes, a data breach means that the intruder copied and leaked user data such as names, surnames, email addresses, passwords, etc.
How are users’ locations identified?
The data collected by our independent partners from breached databases that appear online is aggregated by data points that directly identify a user – more precisely, the email address.
For timeline accuracy, our independent partners record the actual time of the breach instead of when it becomes public. Therefore, the numbers in the past can change as new cases are reported. Data associations to specific breach instances in this study are only stipulated.
Download the full data here.