Data breaches have compromised 2.6 billion personal consumer records in the past two years, with a rapid rise since last year, according to an independent study Apple published Thursday.
Increasing threats to consumer data stored in the cloud underscore a need for end-to-end data encryption like Advanced Data Protection for iCloud, launched in 2022, Apple said.
“Bad actors continue to pour enormous amounts of time and resources into finding more creative and effective ways to steal consumer data, and we won’t rest in our efforts to stop them,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “As threats to consumer data grow, we’ll keep finding ways to fight back on behalf of our users by adding even more powerful protections.”
Apple-commissioned study of rising data breaches shows need for more cloud-based end-to-end encryption
Apple published a study entitled “The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase,” conducted by Massachusetts Institute of Technology professor Dr. Stuart Madnick. It followed a similar report last year that showed threats had already reached historic levels.
The new study “found clear and compelling proof that data breaches have become an epidemic, threatening sensitive and personal consumer data the world over,” Apple said, saying companies increasingly implement end-to-end encryption.
Advanced Data Protection for iCloud
And of course Apple pointed at its own Advanced Data Protection for iCloud functionality:
The total number of data breaches more than tripled between 2013 and 2022 — exposing 2.6 billion personal records in the past two years alone — and has continued to get worse in 2023. The findings underscore that strong protections against data breaches in the cloud, like end-to-end encryption, have only grown more essential since last year’s report and the launch of Advanced Data Protection for iCloud.
With Advanced Data Protection for iCloud, which uses end-to-end encryption to provides Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data even in the case of a data breach. iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection for iCloud, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes and Photos.
As data digitization increases, hackers evolve
The report shows that the rise in data breaches is fueled by the “increasing digitalization of users’ personal and professional lives,” Apple said. And hackers are always getting better at getting past security practices, compromising previously reliable defenses.
And the report also shows consumers can do everything right to protect their sensitive data but still suffer breaches when they entrust it to organizations that store it in readable form. It cites the common example of a hacker attacking an organization in order to get to the true target, a partner organization with tougher security. They then steal credentials and other information.
Apple’s Lockdown Mode
So Apple touts its “long track record of engineering powerful and innovative features make its products the most secure on the market.”
The company said:
With Lockdown Mode, Apple developed a protection for those who may be targeted by extreme threats like mercenary spyware because of who they are or what they do. Apple’s Advanced Data Protection for iCloud is another feature the company has developed to protect users against growing threats to their data, keeping most user data in iCloud protected even in the case of a data breach in the cloud.
Ransomware attacks rising
Regarding increasing breaches in 2023, Apple cited a survey finding that more than 80 percent of breaches involved data stored in the cloud, after attacks targeting cloud infrastructure nearly doubled from 2021 to 2022.
The company noted two reasons for this, citing the growth of ransomware attacks:
- Increased targeting of consumer data by ransomware gangs.
- Coordinated campaigns that compromised vendors or their products to target customers.
The threat of ransomware has only grown in 2023, as shown by the fact that there were nearly 70 percent more attacks reported through September 2023 than in the first three quarters of 2022. In fact, experts found that there were more ransomware attacks through September 2023 than in all of 2022 combined. This has led to alarming trends in the U.S. and abroad, with more than double the accounts getting breached in the first half of 2023 compared to the first half of 2022 in the U.K., Australia, and Canada combined.