More than 66,000 breaches and nearly 42 billion exposed consumer and employee records were detected circulating in dark markets in 2021, with critical infrastructure providers suffering 1 in every 3 cyber attacks

LOS ALTOS, Calif., April 28, 2022 /PRNewswire/ — Today, Constella Intelligence (“Constella”), a leader in digital risk protection and identity threat intelligence, released its 2022 Identity Breach Report — a comprehensive annual report that examines risks to consumers, employees, companies, and institutions stemming from breached data, along with threat actors’ activities on the surface, deep and dark web.

The report, titled “Exposed Data and the Convergence of Consumer, Business and Geopolitical Risk” leverages Constella’s industry-leading data lake of over 45 billion curated identity records spanning 125 countries and 53 languages to deliver insights on identity-based vulnerabilities.

The convergence of individual, corporate, and geopolitical risk is covered in depth by Constella’s threat intelligence team. Importantly, as geopolitical confrontation intensifies, private individuals and organizations will be targeted in cyberattacks and face new dimensions of identity-based, reputational, disinformation-driven, and even physical risk.

“Risks to individuals, businesses and the public sector are converging,” said Constella Intelligence CEO, Kailash Ambwani. “Individuals—as consumers, employees, and executives—are targeted for their sensitive personal data, which powers an increasingly commodified threat economy where personal information is transacted and then weaponized.”

Key findings from the report include:

• More than 66,000 breaches and nearly 42 billion exposed records of consumers and employees were detected circulating in dark markets in 2021.
• Critical infrastructure providers like healthcare, financial services, telecom and utilities were significantly impacted by data breaches in 2021, suffering 1 in every 3 breaches analyzed.
• Constella’s threat intelligence team identified more than 11 million exposed personal records from 13,000 third-party breaches of the 30 public companies that comprise the Dow Jones Industrial Average.
  • Out of a sample of more than 120 executives from these companies, 78% had their corporate credentials exposed in a breach since 2018.
• The average price of personal consumer documentation circulating in dark markets—including credit cards, passports, and IDs—saw a 100% year over year increase.

Of interest, Constella also identified several groups involved in the Ukraine/Russia conflict deploying DDoS, defacement, malware, and ransomware attacks against business and government targets.  These attacks frequently exploit individuals (consumers and employees) as a principal vector of entry into critical networks.

“During times of conflict, threat actors increasingly target critical infrastructure and essential services,” said Alex Romero, COO and co-founder of Constella Intelligence. “Consequently, the availability of sensitive personal data empowers threat actors to launch cyberattacks against companies, institutions, and networks by targeting affiliated individuals and exploiting vulnerabilities at an individual level.”

Constella’s research and analysis details how cybercriminals exploit personally identifiable information (PII) to execute a host of attacks and illustrates how identity-based attacks like fraud, impersonation, or phishing exploit individuals and underpin risks like malware, ransomware, or coordinated disinformation attacks.

To download the full Constella 2022 Identity Breach Report click here.

Press Release