Annual study by cybersecurity company Surfshark shows that a total of 310.9M accounts were breached in 2022, with 1 in 3 breached accounts being of Russian origin. China takes second place with a 45% year-on-year growth, while the U.S. appears third with a nearly 9-fold decrease since 2021. Half of total accounts breached were European, whilst a quarter belonged to Asian users. The largest amount of emails were leaked during CDEK courier service, NGS Russian news portal and IndiHome telecommunications data breaches.

Global data from Surfshark's data breach statistics tool records more that 310M breached internet users in 2022, as opposed to 959M seen in 2021. Yearly report ranks Russia 1st in the world by leaked accounts (104.8M), followed by China (34M), The U.S. (23.5M), France (20.1M), and Indonesia (14.7M). The top 5 most-breached countries account for nearly two thirds of all leaked accounts in 2022.

"Every second of 2022, 10 internet users have lost their data." - says Agneska Sablovskaja, Lead Researcher at Surfshark. "While these remain unsettling, we're happy to report an immense global decrease of 68% compared to last year. Some countries, including U.S., India and Brazil, managed to improve their situation significantly, while Indonesia, Sri Lanka and Russia experienced the biggest surges in data breaches year-over-year. "

In 2022, there were 89% less breached accounts in The U.S. compared to 2021. Even though the country's situation improved, it still experienced plenty of severe breaches last year. Most noteworthy was the January breach of BidenCash, a popular dark web carding site, which affected 2.3M American accounts, and accounted for around 10% of total U.S.' breaches in 2022. Online-to-offline shopping giant Locally's data breach in October contributed to 5% of the total user victim count as well.

Russia was the hotspot of data breaches in 2022

The United States remained the single most breached country of this decade up until Ukraine's invasion at the end of February. Russia has been topping the charts since then, holding a third of all accounts leaked and also having the highest number of breaches per 1K people, as much as 718. At the same time, Ukraine had 54 victims per 1K people last year, 30% less than in 2021.

Two biggest Russian breaches (courier service CDEK and news portal NGS.ru), both of which happened in March, exposed nearly 19M Russian accounts each, and together made up over a third of total Russian breaches in 2022. The third-largest Russian breach was of Gemotest, a medical laboratory network, which exposed around 6M Russian users.

The most breached region was Europe, with Asia following closely behind

Half of all breaches of 2022 (153.3M) happened to European email accounts. The flood of Russian data breaches has put Europe at the top of the continental rankings, with France being the second-biggest contributor. Around 18% of leaked French accounts were attributed to the August breach of Wakanim, the now-defunct streaming service that specialized in Japanese anime series.

Meanwhile, Asia amounted to a fourth of all world's breaches with 74.2M, mostly coming from China, Indonesia and India. The breach affecting the most Chinese accounts was that of adult content site Hjedd (11M) in June, making up around a third of total Chinese breached emails in 2022. In Indonesia, an even greater damage was done during the IndiHome breach in August, exposing as much as 12.6M Indonesian accounts.

The ten most breached countries of 2022 in descending order are: Russia, China, The U.S., France, Indonesia, Brazil, India, Germany, Australia and Turkey. The highest growth in YoY user victims was spotted in Indonesia (269%), Sri Lanka (204%), Russia (191%), Uzbekistan (73%) and China (45%).