Skip to main content

Back to Blog

Understanding the Fragility of Digital Identities

ForgeRock’s 2023 Identity Breach Report

Digital identities are the keys that unlock our online worlds, be it personal emails or sensitive organizational data. But what happens when these keys fall into the wrong hands? Recent analyses uncover some startling facts and trends that emphasize why organizations must take a strong approach to online security.

Digital identities are no longer just usernames and passwords; they include a myriad of Personally Identifiable Information (PII). Through various tactics like phishing, keylogging, or simply buying credentials off the Dark Web, attackers can breach an identity and use it to infiltrate an entire organization.

Imagine the scene – one accidental click on a malicious link by a well-trained employee can pave the way for an intruder. The fallout? Stolen data, compromised systems, and a devastating impact on the organization, its customers, and even other companies sharing data with it.

The Real Impact
Statistics reveal that one in three consumers globally has been a victim of a data breach, causing customer trust to dwindle. Recent data shows a drop in breached records, the lowest in five years, but don’t be fooled. While numbers may seem lower, the sensitivity of stolen data has drastically increased, along with the potential for far-reaching and lasting damage.

In the past five years, breached records containing usernames and passwords surged by over 350%, while those with Protected Health Information (PHI) rose by 160%.

Additionally, the amount of PII in breached records has also increased; addresses were only found in 20% of breaches in 2018 but are now found in virtually all exposures today. The trend highlights the pivotal role of individual credentials in increasingly damaging breaches.

When PII is gleaned from data breaches, the doors open for a multitude of fraudulent activities:

  • Filing Falsified Tax Returns
  • Opening Bank Accounts and Submitting Fraudulent Claims
  • Misusing Patient PHI (Protected Health Information)
    This complex web of interconnected data underscores the need for a robust approach to digital security.

Connecting the Dots
The ecosystem of digital identities is vast and interconnected. Attacks on third-party service providers have increased, accounting for 52% of all breaches in 2022. The past year saw considerable increases in breaches that hit education and healthcare, while other sectors, notably financial services, retail, and manufacturing, saw a drop in breaches.

With technological advancement comes innovation in cybercrime. “MFA prompt bombing” is an example of how even authentication methods like MFA can be exploited. This tactic has been painful for companies like Cisco, illustrating that innovations in security must keep pace with those in cyber threats.

A Rising Tide
The trends are clear. Valuable data, including login credentials, PHI, date of birth, and Social Security Numbers, continues to surge. Payment or credit card information is the only category that has dipped, likely due to enhanced security measures. The report’s key findings shed light on the prevailing trends in the risk landscape:

  • U.S. breaches exposing credentials increased by 233% compared to 2021.
  • Healthcare record costs rose to $675 per record in the U.S.
  • 83% of UK businesses faced phishing attacks.
  • 62.9M German user accounts were compromised in 2022.
  • Australian businesses now face a maximum penalty of $50M for serious privacy breaches.

Protecting the Future
The ForgeRock Identity Breach Report 2023 paints a picture of a rapidly evolving cyber threat landscape. The lessons are clear: we must manage digital identities holistically, recognizing that compromising one identity can lead to grave breaches elsewhere.

By adopting robust password practices as outlined by organizations like NIST, monitoring for exposed credentials, and fostering a culture of continuous vigilance, we can build resilient defenses.

The cost of a single compromised identity can be vast, reaching far beyond monetary loss to erode trust and reputation. In the interconnected world of digital identities, the stakes have never been higher. It’s time to reinforce our defenses, understanding that a single breach can be just the beginning of a catastrophic downfall or even the tipping point.



Josh Parsons

Josh is the Product Marketing Manager at Enzoic, where he leads the development and execution of strategies to bring innovative threat intelligence solutions to market. Outside of work, he can be found at the nearest bookstore or exploring the city’s local coffee scene.