In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

In 2023, the monetary damage caused by cybercrime reported to the United States' Internet Crime Complaint Center (IC3) saw a year-over-year increase of around 21 percent, amounting to a historical peak of 12.5 billion U.S. dollars. Cybercrime in the U.S. Cybercrime continues to be one of the biggest challenges for governments around the world. In the United States, phishing and personal data breaches were among the most reported categories of cybercrime in 2022, with over 300 thousand people falling victim to phishing attacks. Additionally, data breaches cost the U.S. organizations over nine million U.S. dollars on average as of January 2023. Identity theft is a serious issue in the U.S. Along with other reported online crimes, identity theft was a prevalent issue that affected millions of people in the United States. The country ranked second globally in reported cases of identity theft, with an estimated 13.5 million Americans falling victim to this crime. As a result, millions of users had their lives turned upside down. In January 2023, 43 percent of identity theft victims reported wasting their time resolving issues, while 33 percent had no choice but to freeze their credit cards. Furthermore, sometimes threat actors targeted seniors, as in 2022, more than 4800 individuals over 60 reported being victims of identity theft.

The largest reported data leakage as of January 2025 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. The second-largest data breach in history so far, the Yahoo data breach, occurred in 2013. The company initially reported about one billion exposed data records, but after an investigation, the company updated the number, revealing that three billion accounts were affected. The National Public Data Breach was announced in August 2024. The incident became public when personally identifiable information of individuals became available for sale on the dark web. Overall, the security professionals estimate the leakage of nearly three billion personal records. The next significant data leakage was the March 2018 security breach of India's national ID database, Aadhaar, with over 1.1 billion records exposed. This included biometric information such as identification numbers and fingerprint scans, which could be used to open bank accounts and receive financial aid, among other government services.

Cybercrime - the dark side of digitalization As the world continues its journey into the digital age, corporations and governments across the globe have been increasing their reliance on technology to collect, analyze and store personal data. This, in turn, has led to a rise in the number of cyber crimes, ranging from minor breaches to global-scale attacks impacting billions of users – such as in the case of Yahoo. Within the U.S. alone, 1802 cases of data compromise were reported in 2022. This was a marked increase from the 447 cases reported a decade prior. The high price of data protection As of 2022, the average cost of a single data breach across all industries worldwide stood at around 4.35 million U.S. dollars. This was found to be most costly in the healthcare sector, with each leak reported to have cost the affected party a hefty 10.1 million U.S. dollars. The financial segment followed closely behind. Here, each breach resulted in a loss of approximately 6 million U.S. dollars - 1.5 million more than the global average.

India saw a significant jump in cyber crimes reported in 2022 from the previous year. That year, over 65 thousand cyber crime incidents were registered. Karnataka and Telangana accounted for the highest share during the measured time period.

Uttar Pradesh leads the way

The northern state of Uttar Pradesh had the highest number of cyber crimes compared to the rest of the country, with over six thousand cases registered with the authorities in 2018 alone. India’s tech state, Karnataka, followed suite that year. A majority of these cases were registered under the IT Act with the motive to defraud, or sexually exploit victims.

It's a numbers game

It was estimated that in 2017, consumers in India collectively lost over 18 billion U.S. dollars due to cyber crimes. However, these were estimates based only on reported numbers. In a country like India, it is highly likely that the actual figures could be under-reported due to a lack of cyber crime awareness or the mechanisms to classify them. Recent government initiatives such as a dedicated online portal to report cyber crimes could very well be the main factor behind a sudden spike in online crimes from 2017 onwards.

Abstract copyright UK Data Service and data collection copyright owner.

The Commercial Victimisation Survey (CVS) is a survey of the extent of crime and crime related issues experienced by business premises in England and Wales. It provides additional detail on the extent of crime to be used alongside the other main sources of information on crime. These are the Crime Survey for England and Wales (CSEW) (formerly the British Crime Survey), which covers crimes against private individuals and households, and the Police Recorded Crime statistics, which cover crimes reported to the police. In common with the CSEW, the CVS also includes crimes that are not reported to the police. The Police Recorded Crime data tables are available from the GOV.UK website.

The CVS was previously run as a standalone survey in 1994 and again in 2002. The CVS was then run as an annual publication from 2012 onwards. A break occurred from 2019 to 2021 where CVS underwent a re-design following a consultation, where the coverage of the survey was expanded to cover all commercial business premises. A standalone CVS was run in 2021, covering only the Wholesale and Retail sector, to provide insights on the effects of the COVID-19 pandemic.

Further information on the CVS, with links to findings by year, can also be found on the GOV.UK Crimes against businesses statistics webpage.



Main Topics:
Businesses were asked which of a number of types of crime they had experienced in the 12 months prior to being interviewed. For each one they had suffered, they were asked about the number of occasions they had been victim to that type of crime, the effect of it on their business and the cost of the most recent incident. The survey also asked respondents whether they had reported the incidents to the police; the extent of the losses suffered; their crime prevention precautions; and their concerns about problems of crime and antisocial behaviour in the local area.

The 2017 dataset includes details of the extent of crime against business premises for the core CVS crime types. These include burglary, vandalism, vehicle-related theft, robbery, assaults and threats, theft and fraud. In addition, details on cyber crime, experience of anti-social behaviour and crime prevention are also included.

In the United States, a number of challenges prevent an accurate assessment of the prevalence of hate crimes in different areas of the country. These challenges create huge gaps in knowledge about hate crime--who is targeted, how, and in what areas--which in turn hinder appropriate policy efforts and allocation of resources to the prevention of hate crime. In the absence of high-quality hate crime data, online platforms may provide information that can contribute to a more accurate estimate of the risk of hate crimes in certain places and against certain groups of people. Data on social media posts that use hate speech or internet search terms related to hate against specific groups has the potential to enhance and facilitate timely understanding of what is happening offline, outside of traditional monitoring (e.g., police crime reports). This study assessed the utility of Twitter data to illuminate the prevalence of hate crimes in the United States with the goals of (i) addressing the lack of reliable knowledge about hate crime prevalence in the U.S. by (ii) identifying and analyzing online hate speech and (iii) examining the links between the online hate speech and offline hate crimes. The project drew on four types of data: recorded hate crime data, social media data, census data, and data on hate crime risk factors. An ecological framework and Poisson regression models were adopted to study the explicit link between hate speech online and hate crimes offline. Risk terrain modeling (RTM) was used to further assess the ability to identify places at higher risk of hate crimes offline.

In 2023, ransomware was the most frequently detected cyberattack worldwide, with around 70 percent of all detected cyberattacks. Network breaches ranked second, with almost 19 percent of the detections. Although less frequently, data exfiltration was also among the detected cyberattacks.

Abstract copyright UK Data Service and data collection copyright owner.

The Scottish Crime and Justice Survey (SCJS) is a social survey which asks people about their experiences and perceptions of crime in Scotland. The survey is an important resource for both the government and public of Scotland. Respondents are selected at random from the Postal Address File and participation in the survey is entirely voluntary. The main aims of the SCJS are to:

• provide reliable statistics on people's experience of crime in Scotland, including services provided to victims of crime
• assess the varying risk of crime for different groups of people in the population
• examine trends in the level and nature of crime in Scotland over time
• collect information about people's experiences of, and attitudes on a range of crime and justice related issues

An important role of the SCJS is to provide an alternative and complementary measure of crime to police recorded crime statistics. For further details of the scope and methodology of the SCJS, please see documentation. Information about the survey and links to publications may be found on the Scottish Government's Scottish Crime and Justice Survey webpages.

Background and history of the SCJS
Previous surveys of victimisation in Scotland began with the Scottish components of the 1982 and 1988 sweeps of the British Crime Survey (BCS) (held at the Archive under SNs 4368 and 4599) The Scottish element of the 1988 BCS was also known as the Scottish Areas Crime Survey and coverage was limited in those early surveys to the areas south of the Caledonian Canal. From 2012, the BCS has been renamed the Crime Survey for England and Wales (CSEW) (held under GN 33174).

The first independent Scotland-only crime survey was commissioned by the Scottish Office in 1993 under the title of the Scottish Crime Survey (SCS) and was followed by repeated sweeps in 1996 (both years held together under SN 3813), and again in 2000 (SN 4542) and 2003 (SN 5756). In 2004 the survey underwent both a name change, to the Scottish Crime and Victimisation Survey (SCVS) (SN 5757), and a major methodological change, with a move away from in-home face-to-face interviewing to telephone interviewing. However, the 2006 SCVS (SN 5784) returned to face-to-face interviewing after it was shown that the robustness of the data produced by the 2004 telephone survey could not be substantiated. From 2008-2009, the series name was changed to the present title, the Scottish Crime and Justice Survey, and it moved to a repeated annual cross-sectional schedule based on financial year. From 2012-13 the SCJS moved from annual to biennial survey covering the financial year however, the 2014-15 survey was the last biennial survey and currently the SCJS is conducted on an annual basis. See the documentation for further details.

Special Licence data
From 2012-13 only the Main Questionnaire data are available under standard End User Licence (EUL) agreement. The Victim Form and Self-Completion data are available under Special Licence (SL). The SL data have more restrictive access conditions than those made available under the standard EUL. Prospective users of the SL version will need to complete an extra application form and demonstrate to the data owners exactly why they need access to the additional variables in order to get permission to use that version.

The Scottish Crime and Justice Survey, 2021-2022 contains data from the SCJS Main Questionnaire only and is based on 5,516 face-to-face interviews with adults (aged 16 or over) living in private households in Scotland. The Victim Form questionnaire dataset is not included in this study.

Documentation

Users should note that the User Guide document was written to accompany the 2008/09 study, but the depositor advises that it is the latest version available and should be included here.

Main Topics:

The SCJS main questionnaire data file covers perceptions of crime, experience of and opinions on the justice system and police, experiences of cyber crime, and demographic details for the respondent and their household. Modular sections which are asked, respectively, of a quarter of the sample includes questions on local community, sentencing, civil law, the Crown Office and Procurator Fiscal Service (COPFS) and harassment. It also contains the victim form screener (types of crimes which respondents / households may have experienced in the 12 months prior to interview) but data from the victim form itself (details of and experiences resulting from crimes) will be published as a separate dataset.

The annual number of complaints of cybercrime received annually on the U.S. Internet Crime Complaint Center (IC3) website increased significantly between 2000 and 2023. The center received over 880 thousand complaints in the most recently reported year.

Over 740,000 cases of cyber crime were reported to the Indian Cyber Crime Coordination Centre (I4C) in India within the first four months of 2024 alone. The number of cyber crimes in the country saw a massive spike between 2019 and 2020 and have been on the rise ever since. Roughly 85 percent of the reports in 2024 were related to online financial fraud.

In 2024, online frauds were the most reported cyber threat incidents announced by Cybersecurity Malaysia with more than 3,800 reports. This was followed by content related cyber crime with 533 cases. CyberSecurity Malaysia is a government agency that deals with internet safety and operates under the Malaysian Ministry of Science, Technology and Innovation. Risks of scams in e-commerce leading internet activities. Meanwhile, the Malaysian internet users have experienced cybercrime, only 18.9 percent

In 2023, job scams were the most common type of scam in Singapore, with around 9,914 cases reported. E-commerce scams also represented a prevalent form of fraud in the country, with over 9,700 cases reported.

Phishing threat in Singapore In Singapore, around 42 thousand different phishing URLs with a .SG domain were detected in 2022. The highest number of phishing URLs was recorded the previous year, with around 55 thousand. Phishing attacks can take many forms, such as corporate e-mail compromise (CEC), mass phishing, or smishing. These phishing e-mails represent a crucial risk for businesses. They can also lead to ransomware infections, which have also increased in recent years.

Data breaches Companies and governments are increasingly relying on technology to collect, analyze, and store personal data. This can lead to potential risks when such data is affected by cyber incidents. In Singapore, the number of exposed data points per thousand people reached 26 in 2022. Over the same period, around 154 thousand data sets were reported as leaked in the country.