India is the 5th most breached country of 2022, but has 1M less victims QoQ

Cybersecurity company Surfshark’s study found that Russia is first in terms of breached unique accounts from January-March 2022, with more than 3.5M internet users affected. The second place is claimed by the US, followed by Poland, France, and India. In general, approximately 18.2M accounts were breached in 2022 so far, meaning that the data of two users was leaked every second.

Surfshark Alert’s database analysis determined that the first quarter of 2022 was lower than the last in terms of data breach cases. To put it in real numbers, 18,174,132 email accounts were breached in 2022’Q1. Whereas, there were 43,169,912 breaches in the previous quarter, signaling a decline of 58% quarter-over-quarter.

India has followed the downwards trend, showing -62% less breached accounts than in Q4 ‘2021, amounting to 1M less victims as figures improved from 1.77 M to 675K, according to the database.

“Data breaches remain one of the most common types of cybercrime, despite the decline it has demonstrated in the past months”, – explains Aleksandr Valentij, Chief Information Security Officer at Surfshark. “Pools of leaked emails, passwords, telephone numbers, and even more sensitive data are often sold on the dark web to be later used in phishing attacks, ransomware, or even identity theft. As we can see from our latest data, some countries were more vulnerable to such instances than others in the past months.”

Surfshark’s analysis highlights that the top five countries with the most data breaches account for half of all leaks in Q1’2022. Russians alone make up almost a fifth of all global victims, of which were 3.55M. The numbers in the country are 11% higher than in the last quarter, likely due to the start of Ukraine’s invasion. In March, 136% more Russian accounts were breached than in February.

Users in Ukraine appeared in 67% fewer breaches than in the quarter before the invasion. It’s now 15th in the world – previously, from October to December 2021, Ukraine was the most breached country in Eastern Europe.

The US, which came in second place, shows a positive downward trend in data breaches for the second quarter in a row. The US had almost 50% fewer affected users in 2022 than in the last quarter, with around 2.5M users breached.

Poland took third place and shot up the chart due to a 514% spike in breaches this year, with 961K users breached in the first quarter of 2022. In comparison, there were only 159K breaches in 2021’Q4.  Poland’s media reported a wave of telephone phishing attacks at the beginning of the year, seeking to lure out credit card details. Moreover, the top three most breached countries were followed by France (721.17 K breached users) and India (674.85 K).

Besides Russia and Poland, big spikes in breached users were spotted in Turkey (+34%) and Australia (+87%). The number of cases also shot through the roof in Hong Kong (+946%) and Taiwan (+295%) in February of 2022, resulting in almost 311K and 179K breach victims, respectively. While the exact origins of the breaches could not be traced, one case in Harbour Plaza Hotel Management Limited (Harbour Plaza) had lost over 1.2 million customers’ data in a cybersecurity attack in early February. 

The top 20 most breached countries of Q1 2022 in descending order are Russia, the U.S., Poland, France, India, Turkey, Australia, Indonesia, Hong Kong, Germany, the U.K, Brazil, China, Philippines, Ukraine, Spain, Czechia, Taiwan, Canada, and South Korea. The full data can be found in the blog post here: https://surfshark.com/blog/data-breach-statistics-by-country