Cybersecurity|Cybersecurity statistics
Holiday shopping alert: retail breaches exposed
As the festive season unfolds and Christmas shopping takes center stage, it becomes imperative to navigate the digital landscape with caution. Since 2020, the retail sector has faced serious cyberattacks, resulting in breaches that impacted 280 million email accounts, making up at least 8% of all global data breaches. What breaches stood out as the biggest in this decade, and which countries have experienced the highest numbers of data leaks?
Key insights
- Indonesian tech giant Tokopedia encountered the largest data breach since 2020, with 70 million accounts compromised in April of 2020¹. Next up, Luxottica (the world's largest eyewear company) faced a data breach in March of 2021, exposing over 60 million accounts, with a notable impact on the United States². Third up, in October of 2021, BigBasket (the Indian online grocery company), suffered a breach that compromised 20 million email accounts, predominantly affecting almost 90% of its Indian users³.
- The United States was affected the most by retail breaches since 2020, witnessing over 80 million users compromised. This accounts for over a quarter of all retail breaches since 2020, translating to 237 accounts breached per 1,000 Americans.
- The United States is followed by India, Russia, and Indonesia, each of which has also experienced significant impacts. These countries faced retail breaches compromising over 20 million email accounts each, with breach rates of 19, 75, and 173 accounts breached per 1,000 individuals, respectively.
Methodology and sources
The data was collected by our independent partners on November 28, 2023. Breaches where the affected industry was categorized as 'retail' or 'e-commerce' were selected for analysis. Since the targeted industry type was not available for all breached companies, the magnitude of the number of users affected in retail breaches is likely higher than reported in this study. For the statistical analysis, compromised email accounts were aggregated by country, and breach density was calculated as the ratio of email accounts to 1,000 people.
For the complete research material behind this study, visit here.