Apple has published an independent study conducted by Massachusetts Institute of Technology professor Dr. Stuart Madnick that found “clear and compelling” proof that data breaches have become an epidemic, threatening sensitive and personal consumer data the world over.
The total number of data breaches more than tripled between 2013 and 2022 — exposing 2.6 billion personal records in the past two years alone — and has continued to get worse in 2023. The findings underscore that strong protections against data breaches in the cloud, like end-to-end encryption, have only grown more essential since last year’s report and the launch of Advanced Data Protection for iCloud.
This year’s study, “The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase,” demonstrates threats that had already reached historic levels — as shown in last year’s report, “The Rising Threat to Consumer Data in the Cloud” — continue to rise. Increasingly, companies across the technology industry are addressing these threats by implementing end-to-end encryption, as Apple did with last year’s launch of Advanced Data Protection for iCloud.
Craig Federighi, Apple’s senior vice president of Software Engineering, notes that with Advanced Data Protection for iCloud, which uses end-to-end encryption to provides Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data even in the case of a data breach.
He says iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection for iCloud, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos.
As shown in this year’s report, the increasing digitalization of users’ personal and professional lives has fueled a dramatic rise in data breaches. Each year, thousands of data breaches expose the personal information of hundreds of millions of consumers.
Hackers are evolving their methods and finding more ways to defeat security practices that once held them back. Consequently, even organizations with the strongest possible security practices are vulnerable to threats in a way that wasn’t true just a few years ago.
The report also shows that even when consumers take all the right steps to secure their sensitive data, it’s still at risk of being compromised by hackers if it’s stored in a readable form by organizations they entrust it with. For instance, when attempting to infiltrate companies with robust security practices, hackers often start by targeting a different organization with relatively weak security that has a technical business relationship with the ultimate target. They then steal credentials or information that helps them target employees or systems at the organization that is their primary objective.
As threats to user data continue to grow more frequent and sophisticated, Apple’s long track record of engineering powerful and innovative features make its products the most secure on the market, says Federighi. With Lockdown Mode, Apple developed a protection for those who may be targeted by extreme threats like mercenary spyware because of who they are or what they do.
Apple’s Advanced Data Protection for iCloud is another feature the company has developed to protect users against growing threats to their data, keeping most user data in iCloud protected even in the case of a data breach in the cloud.
The report illustrates that the historic threats to user data that saw the number of data breaches nearly triple between 2013 and 2022, compromising 2.6 billion records over the course of two years, are only getting worse in 2023. In the U.S. alone, there were nearly 20 percent more breaches in just the first nine months of 2023 than in any prior year.
The target for cybercriminals was very clear, with a 2023 survey finding that over 80% of breaches involved data stored in the cloud. This is after attacks targeting cloud infrastructure nearly doubled from 2021 to 2022.
This is due in part to the increased targeting of consumer data by ransomware gangs and coordinated campaigns that compromised vendors or their products to target customers. The threat of ransomware has only grown in 2023, as shown by the fact that there were nearly 70 percent more attacks reported through September 2023 than in the first three quarters of 2022.
In fact, experts found that there were more ransomware attacks through September 2023 than in all of 2022 combined. This has led to alarming trends in the U.S. and abroad, with more than double the accounts getting breached in the first half of 2023 compared to the first half of 2022 in the U.K., Australia, and Canada combined.