Compromised Email Accounts Are Most Expensive Data Breach Costing Over $7.5B, FBI Data

Compromised Email Accounts Are the Most Expensive Data Breach With Financial Losses of Over $7.5 Billion, FBI Data Shows

Data breaches in today’s technology driven world can affect hundreds of millions, if not billions of people at once. As people continue to provide data to various organizations in our daily lives without hesitation, personal information is being exposed more frequently, with some of the largest data breaches occurring in the last decade.

But what is the most expensive and the most common type of data breach in the United States?

Interested in this, Forbes Advisor used data from the FBI's Internet Crime Complaint Center (IC3) from the past five years to determine how many Americans experienced a data breach, which type of breach was the most common, and which had the highest total cost lost.

 

Key findings:

 

  • The most expensive type of data breach in America is having your email account compromised, with financial losses of over $7.5 billion.
  • Non-payment or non-delivery is the most common type of data breach in the USA with 361,972 cases over the last five years. 
  • Over the last five years, data breaches have affected over two million people in America, resulting in losses of over $20 billion.
  • Ohio ranks as the fifth worst state for data breaches in America with 64,926 victims from 2017 – 2021 and these victims have collectively lost $776,895,836 from cybercrimes.

 

American states most affected by data breaches 2017-2021
 

Rank

American state

Total data breach victims 

Total data breach losses 

1.

California

325,291

$3,738,488,140

2.

Texas

179,217

$1,820,823,734

3.

New York

141,170

$1,775,479,397

4.

Florida

198,830

$1,723,041,371

5.

Ohio

64,926

$776,895,836

6.

Illinois 

76,938

$676,683,650

7.

New Jersey

63,062

$670,049,038

8.

Pennsylvania

79,471

$617,680,596

9.

Virginia

72,783

$535,893,196

10.

Massachusetts

44,966

$526,212,719

See the full dataset showings the individual results for 50 American states and individual results for each type of data breach here.

Forbes Advisor found that California is the American state that has suffered the most data breaches, with a total of 325,291 victims from 2017 – 2021. The collective loss incurred by data breach victims in the Golden State equates to a collective $3,738,488,140.

In second position is Texas with a total 179,217 data breach victims from 2017 to 2021. The overall loss inflicted on the 179,217 equals a colossal $1,820,823,734.

New York ranks third, with a total of 141,170 data breach victims. Over the last five years the collective financial loss for New Yorkers affected by data breaches is $1,775,479,397.

Florida comes in fourth with 198,830 people affected by a data breach and a loss of $1,723,041,371, while Massachusetts rounds out the top ten with 44,966 data breach victims and a loss of $526,212,719.

Ohio ranks fifth, with a total of 64,926 data breach victims. Over the last five years the collective financial loss for residents of the state affected by data breaches is $776,895,836. The most expensive data breach for Ohio residents was having their email account compromised, which cost over $514 million (2,507 victims), followed by romance scams, which cost $43 million (2,343 victims).

 

Most expensive type of data breach in the USA from 2017-2021

 

Rank

Data breach type

Total data breaches

Total breach losses ($)

1

BEC/EAC (email account compromise)

94,814

$7,527,098,098

2

Confidence Fraud/Romance

86,780

$2,311,138,731

3

Investment

26,388

$1,717,576,571

4

Non-payment/Non-Delivery

362,962

$950,596,596

5

Real Estate/Rental

55,377

$944,761,963

6

Personal Data Breach

203,317

$938,506,733

7

Identity Theft

140,091

$797,198,232

8

Spoofing

77,098

$597,562,604

9

Tech Support

75,651

$585,695,563

10

Credit Card Fraud

74,307

$521,169,815

The study also revealed that the most expensive type of data breach in the United States over the last five years has been business email compromise and email account compromises (BEC/EAC). In a BEC/EAC scam, criminals will send an email that appears to be from a known source, making a legitimate request, such as being asked by the CEO to purchase gift cards to distribute to employees. There were 94,620 data breach victims in total, with a total financial loss of $7,527,098,098.

Confidence or romance fraud is the second most expensive data breach in the United States, with 86,780 data breach victims and a total financial loss of $2,311,138,731. These scams typically occur when someone adopts a false online identity in order to gain the trust of the victim, but then asks for money. Over the last five years, 2021 was the worst year for these scams, with 21,021 cases reported, with California being the most affected state.

Investment data breaches rank third. Despite only having 26,388 reported cases over the past five years, financial losses due to these breaches has resulted in $1,717,576,571 in financial losses.

Non-payment or non-delivery is the fourth most expensive data breach in the USA, with& 362,962 breaches in data and a financial loss of $950,596,596. Non-payment or non-delivery is when you don’t get paid if you ship off an item you have sold, or you don’t get an item you paid for. Non-payment or non-delivery was the most reported cybercrime in the US in 2020, with California being the most affected state with 13,151 data breaches in 2020.

Real estate or rental data breaches round out the top five, with a total of 55,377 breaches and $944,761,963 in financial losses. The real estate industry is not the first thing that comes to mind when discussing data security, but with important information such as bank accounts, contracts, and other details, the real estate industry has become a more attractive target for cyber criminals in recent years.

 

Most common type of data breach in the USA from 2017-2021

 

Meanwhile, the most common data breaches in the US include non-payment, no lead value, and extortion.

 

Rank

Data breach type

Total data breaches

1

Non-payment/Non-Delivery

362,962

2

No Lead Value

275,707

3

Extortion

213,237

4

Personal Data Breach

203,317

5

Identity Theft

140,091

6

Phishing

114,852

7

BEC/EAC

  94,814

8

Confidence Fraud/Romance

  86,780

9

Spoofing

  77,098

10

Tech Support

  75,651

“All told, there is no single solution when it comes to protecting your data,” Rob Watts, a Business Editor at Forbes Advisor said, while sharing his tips for trying to keep your data safe. “True protection comes from a combination of the right software tools, building your knowledge on cyberthreats and establishing safe practices with your online activity. Many data breaches come as a result of human error, so it's important to educate yourself in order to spot and counter threats."