GITNUXREPORT 2026

Data Theft Statistics

Data theft costs are soaring globally, reaching millions per incident across all industries.

Written by Thomas Lindqvist·Edited by Rachel Svensson·Fact-checked by Katherine Brennan

Published Feb 13, 2026·Last verified Apr 2, 2026·Next review: Oct 2026

How We Build This Report

Primary Source Collection

Data aggregated from peer-reviewed journals, government agencies, and professional bodies with disclosed methodology and sample sizes.

Editorial Curation

Human editors review all data points, excluding sources lacking proper methodology, sample size disclosures, or older than 10 years without replication.

AI-Powered Verification

Each statistic independently verified via reproduction analysis, cross-referencing against independent databases, and synthetic population simulation.

Human Cross-Check

Final human editorial review of all AI-verified statistics. Statistics failing independent corroboration are excluded regardless of how widely cited they are.

Statistics that could not be independently verified are excluded regardless of how widely cited they are elsewhere.

Our process →

Statistic 1

Personal identifiable information (PII) was the most stolen data type at 45% of breaches

Statistic 2

Credentials stolen in 49% of web application breaches in 2023

Statistic 3

Financial data involved in 11% of breaches per Verizon DBIR 2024

Statistic 4

Protected health information (PHI) compromised in 20% healthcare incidents

Statistic 5

Payment card data stolen in 5% of all breaches but 24% retail

Statistic 6

Customer PII most targeted at 82% of breaches

Statistic 7

Intellectual property stolen in 12% of incidents 2023

Statistic 8

Medical records exposed in 47% of healthcare breaches 2023

Statistic 9

SSNs stolen in 15% of US identity theft cases 2023

Statistic 10

Email addresses leaked in 90% of large breaches

Statistic 11

Passwords compromised in 24% of incidents via keylogging

Statistic 12

Biometric data stolen in under 1% but rising in 2023

Statistic 13

Trade secrets exfiltrated in 23% espionage incidents

Statistic 14

Bank details in 8% of dark web listings 2023

Statistic 15

Fullz (complete identity kits) 35% of stolen data sales

Statistic 16

Corporate databases 40% of exfiltrated data volume

Statistic 17

IoT device credentials in 7% of breaches 2023

Statistic 18

Location data sold from 70% of mobile breaches

Statistic 19

Source code repositories hacked for IP in 18% dev breaches

Statistic 20

In 2023, the global average cost of a data breach reached $4.45 million, marking an 15% increase over five years

Statistic 21

US organizations faced the highest average data breach cost at $9.44 million in 2023

Statistic 22

Healthcare industry breaches cost an average of $10.93 million in 2023, the highest among sectors

Statistic 23

Phishing attacks contributed to 16% of breaches with an average cost of $4.88 million

Statistic 24

Lost business was the largest cost component at 36% or $1.6 million per breach in 2023

Statistic 25

Detection and escalation costs averaged $1.48 million per breach globally in 2023

Statistic 26

Post-breach response costs hit $1.39 million on average in 2023

Statistic 27

Notification costs per breach averaged $0.31 million in the US in 2023

Statistic 28

Organizations with high ransomware visibility saved $2.73 million per incident in 2023

Statistic 29

AI and automation reduced breach costs by an average of $1.76 million in 2023

Statistic 30

Zero trust approach saved $1.13 million per breach compared to others in 2023

Statistic 31

Incident response teams with high maturity saved $2.05 million per breach

Statistic 32

Cloud breaches cost $4.95 million on average versus $4.95 million hybrid in 2023

Statistic 33

Stolen credentials were involved in 19% of breaches costing $4.88 million avg

Statistic 34

Supply chain attacks cost $5.12 million on average in 2023

Statistic 35

The total global cost of cybercrime is projected to reach $10.5 trillion annually by 2025

Statistic 36

Data breaches cost businesses $4.35 million on average in 2022 per Ponemon

Statistic 37

Identity theft resulted in $5.8 billion in losses in 2022 per FTC

Statistic 38

Ransomware payments averaged $1.54 million per incident in 2023

Statistic 39

Dark web data sales generated $1.3 billion in 2022

Statistic 40

Credit card data theft cost $28.3 billion globally in 2022

Statistic 41

Business email compromise scams led to $2.9 billion losses in 2022

Statistic 42

Healthcare data breaches cost $9.77 million avg in 2022

Statistic 43

Retail sector breach costs averaged $3.32 million in 2023

Statistic 44

Finance sector averaged $5.96 million per breach in 2023

Statistic 45

Energy sector breaches cost $5.47 million avg in 2023

Statistic 46

Public sector averaged $3.20 million per breach cost in 2023

Statistic 47

Manufacturing sector $5.01 million avg breach cost 2023

Statistic 48

Healthcare was the most affected industry with 20% of breaches in 2023

Statistic 49

Financial services saw 14% of all breaches in 2023 Verizon

Statistic 50

Retail hit by 10% of incidents but higher costs

Statistic 51

Public administration 12% of breaches in 2023

Statistic 52

Manufacturing compromised in 13% of cases 2023

Statistic 53

Education sector 9% of breaches per Verizon 2024

Statistic 54

Energy/utilities 7% of incidents but high impact

Statistic 55

Transportation 5% of breaches in 2023

Statistic 56

25% of healthcare breaches involved ransomware 2023

Statistic 57

Finance phishing attacks in 22% of sector breaches

Statistic 58

Retail POS systems targeted in 30% incidents

Statistic 59

Government espionage 40% of public sector attacks

Statistic 60

Tech sector supply chain 25% of breaches 2023

Statistic 61

Pharma IP theft 60% from China per FBI

Statistic 62

Hospitality breaches up 28% post-pandemic

Statistic 63

Communications 8% of Verizon breaches 2023

Statistic 64

Consumer services 6% incidents high volume data

Statistic 65

There were 8,235 data breaches reported in the US in 2023

Statistic 66

Globally, data breaches increased by 20% from 2022 to 2023

Statistic 67

83% of organizations experienced more than one breach in 2023

Statistic 68

Phishing was involved in 36% of breaches in 2023 per Verizon DBIR

Statistic 69

74% of breaches involved a human element in 2023

Statistic 70

Ransomware incidents rose 37% year-over-year in 2023

Statistic 71

2,365 ransomware attacks confirmed in H1 2023

Statistic 72

Data breaches occurred every 39 seconds globally in 2023

Statistic 73

US had 3,205 breaches in 2023 per ITRC

Statistic 74

India reported 1.3 million cyber incidents in 2022-23

Statistic 75

UK saw 1,234 data breaches notified in 2023

Statistic 76

Australia had 1,299 cyber incidents reported in 2023

Statistic 77

16 billion records exposed in breaches in 2023

Statistic 78

98% of organizations experienced a cyber incident in past 2 years

Statistic 79

Supply chain compromises featured in 15% of breaches 2023

Statistic 80

Vulnerability exploitation in 29% of web app breaches 2023

Statistic 81

Use of stolen credentials in 49% of web app breaches

Statistic 82

Brute force attacks in 14% of incidents per Verizon 2023

Statistic 83

5,199 US data breaches exposed 953 million records in 2022

Statistic 84

Equifax breach in 2017 affected 147 million people

Statistic 85

95% of breaches contained within 200 days in 2023

Statistic 86

MFA blocked 99% of account compromise attempts 2023

Statistic 87

AI-driven security reduced breach lifecycle by 28 days

Statistic 88

Encrypted data harder to exploit, used in 50% incidents no loss

Statistic 89

Incident response testing cut costs by $2.66 million avg

Statistic 90

SIEM and XDR reduced MTTD by 37 days 2023

Statistic 91

52% of breaches due to exploited vulnerabilities

Statistic 92

Employee training reduced phishing success by 70%

Statistic 93

Zero trust adoption grew 26% in breached orgs

Statistic 94

Cloud security posture mgmt saved $1.49 million

Statistic 95

Breach notification avg 47 days post-discovery 2023

Statistic 96

Ransomware decryption success 0% without backup

Statistic 97

Dark web monitoring detected 60% early threats

Statistic 98

Patch management prevented 32% vuln exploits

Statistic 99

Privilege access mgmt cut lateral movement 50%

Statistic 100

GenAI in attacks rose to 8% of phishing 2024

Statistic 101

Quantum threats to encryption in 10 years per NIST

Statistic 102

Supply chain risk mgmt adopted by 71% post-SolarWinds

Statistic 103

Average time to identify breach 204 days in 2023

Statistic 104

Time to contain breach avg 73 days globally 2023

Statistic 105

Customer churn post-breach averaged 12.4% in 2023

Statistic 106

422 million records stolen in 30 major breaches in 2023 Q1-Q3

Statistic 107

Yahoo's 2013-2014 breaches impacted 3 billion accounts

Statistic 108

Marriott breach 2018-2020 exposed 383 million guests

Statistic 109

LinkedIn 2021 scrape affected 700 million users

Statistic 110

Facebook Cambridge Analytica impacted 87 million users

Statistic 111

Capital One 2019 breach hit 106 million customers

Statistic 112

T-Mobile 2021 breach exposed 54 million customers

Statistic 113

Optus Australia 2022 breach affected 10 million customers

Statistic 114

MOVEit breaches in 2023 impacted 62 million individuals

Statistic 115

Change Healthcare 2024 ransomware hit 1/3 of Americans

Statistic 116

353 million records exposed in 2023 US healthcare breaches

Statistic 117

110 million records in 521 financial breaches 2023 US

Statistic 118

2.6 billion records from 1,900 retail breaches since 2005

Statistic 119

1.5 billion personal records stolen in first half 2024

Statistic 120

Snowflake breaches 2024 affected 165 organizations, millions records

Statistic 121

National Public Data breach 2024 exposed 2.9 billion records

Statistic 122

17 million French citizens' data stolen in 2024 DC Health

Statistic 123

208 million UK voter records leaked 2024

Statistic 124

1.2 billion Indian Aadhaar numbers exposed 2018

Statistic 125

500 million LinkedIn profiles scraped 2021

1/125

Sources

Trusted by 500+ publications

+497

While the stunning statistic that every stolen record now costs businesses an average of $4.45 million might make your eyes water, the deeper story lies in how these breaches unfold and what truly makes some organizations more vulnerable than others.

Key Takeaways

In 2023, the global average cost of a data breach reached $4.45 million, marking an 15% increase over five years
US organizations faced the highest average data breach cost at $9.44 million in 2023
Healthcare industry breaches cost an average of $10.93 million in 2023, the highest among sectors
There were 8,235 data breaches reported in the US in 2023
Globally, data breaches increased by 20% from 2022 to 2023
83% of organizations experienced more than one breach in 2023
422 million records stolen in 30 major breaches in 2023 Q1-Q3
Yahoo's 2013-2014 breaches impacted 3 billion accounts
Marriott breach 2018-2020 exposed 383 million guests
Personal identifiable information (PII) was the most stolen data type at 45% of breaches
Credentials stolen in 49% of web application breaches in 2023
Financial data involved in 11% of breaches per Verizon DBIR 2024
Healthcare was the most affected industry with 20% of breaches in 2023
Financial services saw 14% of all breaches in 2023 Verizon
Retail hit by 10% of incidents but higher costs

Global data theft costs are skyrocketing in 2026, hitting millions per breach across every industry.

Data Types

1Personal identifiable information (PII) was the most stolen data type at 45% of breaches

Verified

2Credentials stolen in 49% of web application breaches in 2023

Verified

3Financial data involved in 11% of breaches per Verizon DBIR 2024

Verified

4Protected health information (PHI) compromised in 20% healthcare incidents

Directional

5Payment card data stolen in 5% of all breaches but 24% retail

Single source

6Customer PII most targeted at 82% of breaches

Verified

7Intellectual property stolen in 12% of incidents 2023

Verified

8Medical records exposed in 47% of healthcare breaches 2023

Verified

9SSNs stolen in 15% of US identity theft cases 2023

Directional

10Email addresses leaked in 90% of large breaches

Single source

11Passwords compromised in 24% of incidents via keylogging

Verified

12Biometric data stolen in under 1% but rising in 2023

Verified

13Trade secrets exfiltrated in 23% espionage incidents

Verified

14Bank details in 8% of dark web listings 2023

Directional

15Fullz (complete identity kits) 35% of stolen data sales

Single source

16Corporate databases 40% of exfiltrated data volume

Verified

17IoT device credentials in 7% of breaches 2023

Verified

18Location data sold from 70% of mobile breaches

Verified

19Source code repositories hacked for IP in 18% dev breaches

Directional

Data Types Interpretation

If you're a modern criminal, your shopping list is oddly human: you're mostly just buying and selling people's identities, from their email addresses (90% of the time) and passwords to their very selves (with 'fullz' identity kits making up 35% of sales), because while stealing a company's secret sauce (23% of espionage) is valuable, there's no easier money than simply becoming someone else.

Financial Impact

1In 2023, the global average cost of a data breach reached $4.45 million, marking an 15% increase over five years

Verified

2US organizations faced the highest average data breach cost at $9.44 million in 2023

Verified

3Healthcare industry breaches cost an average of $10.93 million in 2023, the highest among sectors

Verified

4Phishing attacks contributed to 16% of breaches with an average cost of $4.88 million

Directional

5Lost business was the largest cost component at 36% or $1.6 million per breach in 2023

Single source

6Detection and escalation costs averaged $1.48 million per breach globally in 2023

Verified

7Post-breach response costs hit $1.39 million on average in 2023

Verified

8Notification costs per breach averaged $0.31 million in the US in 2023

Verified

9Organizations with high ransomware visibility saved $2.73 million per incident in 2023

Directional

10AI and automation reduced breach costs by an average of $1.76 million in 2023

Single source

11Zero trust approach saved $1.13 million per breach compared to others in 2023

Verified

12Incident response teams with high maturity saved $2.05 million per breach

Verified

13Cloud breaches cost $4.95 million on average versus $4.95 million hybrid in 2023

Verified

14Stolen credentials were involved in 19% of breaches costing $4.88 million avg

Directional

15Supply chain attacks cost $5.12 million on average in 2023

Single source

16The total global cost of cybercrime is projected to reach $10.5 trillion annually by 2025

Verified

17Data breaches cost businesses $4.35 million on average in 2022 per Ponemon

Verified

18Identity theft resulted in $5.8 billion in losses in 2022 per FTC

Verified

19Ransomware payments averaged $1.54 million per incident in 2023

Directional

20Dark web data sales generated $1.3 billion in 2022

Single source

21Credit card data theft cost $28.3 billion globally in 2022

Verified

22Business email compromise scams led to $2.9 billion losses in 2022

Verified

23Healthcare data breaches cost $9.77 million avg in 2022

Verified

24Retail sector breach costs averaged $3.32 million in 2023

Directional

25Finance sector averaged $5.96 million per breach in 2023

Single source

26Energy sector breaches cost $5.47 million avg in 2023

Verified

27Public sector averaged $3.20 million per breach cost in 2023

Verified

28Manufacturing sector $5.01 million avg breach cost 2023

Verified

Financial Impact Interpretation

Despite the sky-high cost of complacency—where a single phishing click can cost a company nearly $5 million—the data proves that investing in AI, zero trust, and a sharp incident response team isn't just prudent security; it's the most cost-effective apology you'll never have to make.

Industries Affected

1Healthcare was the most affected industry with 20% of breaches in 2023

Verified

2Financial services saw 14% of all breaches in 2023 Verizon

Verified

3Retail hit by 10% of incidents but higher costs

Verified

4Public administration 12% of breaches in 2023

Directional

5Manufacturing compromised in 13% of cases 2023

Single source

6Education sector 9% of breaches per Verizon 2024

Verified

7Energy/utilities 7% of incidents but high impact

Verified

8Transportation 5% of breaches in 2023

Verified

925% of healthcare breaches involved ransomware 2023

Directional

10Finance phishing attacks in 22% of sector breaches

Single source

11Retail POS systems targeted in 30% incidents

Verified

12Government espionage 40% of public sector attacks

Verified

13Tech sector supply chain 25% of breaches 2023

Verified

14Pharma IP theft 60% from China per FBI

Directional

15Hospitality breaches up 28% post-pandemic

Single source

16Communications 8% of Verizon breaches 2023

Verified

17Consumer services 6% incidents high volume data

Verified

Industries Affected Interpretation

In the grand data heist of 2023, your medical bills, credit score, and even your takeout order were all up for grabs, but the government’s secrets and China’s favorite pharma formulas were clearly the premium targets.

Prevalence

1There were 8,235 data breaches reported in the US in 2023

Verified

2Globally, data breaches increased by 20% from 2022 to 2023

Verified

383% of organizations experienced more than one breach in 2023

Verified

4Phishing was involved in 36% of breaches in 2023 per Verizon DBIR

Directional

574% of breaches involved a human element in 2023

Single source

6Ransomware incidents rose 37% year-over-year in 2023

Verified

72,365 ransomware attacks confirmed in H1 2023

Verified

8Data breaches occurred every 39 seconds globally in 2023

Verified

9US had 3,205 breaches in 2023 per ITRC

Directional

10India reported 1.3 million cyber incidents in 2022-23

Single source

11UK saw 1,234 data breaches notified in 2023

Verified

12Australia had 1,299 cyber incidents reported in 2023

Verified

1316 billion records exposed in breaches in 2023

Verified

1498% of organizations experienced a cyber incident in past 2 years

Directional

15Supply chain compromises featured in 15% of breaches 2023

Single source

16Vulnerability exploitation in 29% of web app breaches 2023

Verified

17Use of stolen credentials in 49% of web app breaches

Verified

18Brute force attacks in 14% of incidents per Verizon 2023

Verified

195,199 US data breaches exposed 953 million records in 2022

Directional

20Equifax breach in 2017 affected 147 million people

Single source

Prevalence Interpretation

While we’ve all become experts at avoiding suspicious emails, the grim reality of 2023’s data theft statistics suggests we might as well have left our digital doors wide open, considering breaches were as frequent as a ticking clock and humans—often unwittingly—held the key in nearly three-quarters of these incidents.

Trends Mitigation

195% of breaches contained within 200 days in 2023

Verified

2MFA blocked 99% of account compromise attempts 2023

Verified

3AI-driven security reduced breach lifecycle by 28 days

Verified

4Encrypted data harder to exploit, used in 50% incidents no loss

Directional

5Incident response testing cut costs by $2.66 million avg

Single source

6SIEM and XDR reduced MTTD by 37 days 2023

Verified

752% of breaches due to exploited vulnerabilities

Verified

8Employee training reduced phishing success by 70%

Verified

9Zero trust adoption grew 26% in breached orgs

Directional

10Cloud security posture mgmt saved $1.49 million

Single source

11Breach notification avg 47 days post-discovery 2023

Verified

12Ransomware decryption success 0% without backup

Verified

13Dark web monitoring detected 60% early threats

Verified

14Patch management prevented 32% vuln exploits

Directional

15Privilege access mgmt cut lateral movement 50%

Single source

16GenAI in attacks rose to 8% of phishing 2024

Verified

17Quantum threats to encryption in 10 years per NIST

Verified

18Supply chain risk mgmt adopted by 71% post-SolarWinds

Verified

19Average time to identify breach 204 days in 2023

Directional

20Time to contain breach avg 73 days globally 2023

Single source

21Customer churn post-breach averaged 12.4% in 2023

Verified

Trends Mitigation Interpretation

While defenses like MFA and zero trust are getting stronger, the sheer persistence of attackers—who often lurk undetected for months—means our security victories are less about building impenetrable walls and more about relentlessly shortening their stay and limiting the damage when they inevitably get in.

Victims Affected

1422 million records stolen in 30 major breaches in 2023 Q1-Q3

Verified

2Yahoo's 2013-2014 breaches impacted 3 billion accounts

Verified

3Marriott breach 2018-2020 exposed 383 million guests

Verified

4LinkedIn 2021 scrape affected 700 million users

Directional

5Facebook Cambridge Analytica impacted 87 million users

Single source

6Capital One 2019 breach hit 106 million customers

Verified

7T-Mobile 2021 breach exposed 54 million customers

Verified

8Optus Australia 2022 breach affected 10 million customers

Verified

9MOVEit breaches in 2023 impacted 62 million individuals

Directional

10Change Healthcare 2024 ransomware hit 1/3 of Americans

Single source

11353 million records exposed in 2023 US healthcare breaches

Verified

12110 million records in 521 financial breaches 2023 US

Verified

132.6 billion records from 1,900 retail breaches since 2005

Verified

141.5 billion personal records stolen in first half 2024

Directional

15Snowflake breaches 2024 affected 165 organizations, millions records

Single source

16National Public Data breach 2024 exposed 2.9 billion records

Verified

1717 million French citizens' data stolen in 2024 DC Health

Verified

18208 million UK voter records leaked 2024

Verified

191.2 billion Indian Aadhaar numbers exposed 2018

Directional

20500 million LinkedIn profiles scraped 2021

Single source

Victims Affected Interpretation

These figures make it chillingly clear that in our hyper-connected age, personal data has become the most frequently and catastrophically spilled commodity, leaving us all perpetually mopping up a digital flood with a teaspoon.