Data breaches in today’s technology driven world can affect hundreds of millions, if not billions of people at once. As we continue to provide data to various organisations in our daily lives without hesitation, personal information is being exposed more frequently, with some of the largest data breaches occurring in the last decade.
But what is the most common type of data breach in the United States?
Interested in this, Forbes Advisor used data from the FBI’s Internet Crime Complaint Center (IC3) from the past five years to determine how many Americans experienced a data breach, which type of breach was the most common and which had the highest total cost lost.
- California is the worst state for data breaches in America with 325,291 victims from 2017 – 2021 and these victims have collectively lost $3,738,488,140 from cyber crimes.
- The most expensive type of data breach in America is having your email account compromised, with financial losses of over $7.5 billion.
- Non-payment or non-delivery is the most common type of data breach in the USA with 361,972 cases over the last five years.
- Over the last five years, data breaches have affected over two million people in America, resulting in losses of over $20 billion.
The American states most affected by data breaches 2017-2021
Total data breach victims
Total data breach losses
To view the full dataset, which shows the individual results for 50 American states and individual results for each type of data breach, please click here.
Forbes Advisor found that California is the American state that has suffered the most data breaches, with a total of 325,291 victims from 2017 – 2021. The collective loss incurred by data breach victims in the Golden State equates to a collective $3,738,488,140. The most expensive data breach for California residents was having their email account compromised, which cost over $1.1 billion (14,925 victims), followed by romance scams, which cost $516 million (12,205 victims).
In second position is Texas with a total 179,217 data breach victims from 2017 to 2021. The overall loss inflicted on the 179,217 equals a colossal $1,820,823,734.
New York ranks third, with a total of 141,170 data breach victims. Over the last five years the collective financial loss for New Yorkers affected by data breaches is $1,775,479,397.
Florida comes in fourth with 198,830 people affected by a data breach and a loss of $1,723,041,371, while Ohio rounds out the top five with 64,926 data breach victims and a loss of $776,895,836.
The most expensive type of data breach in the USA from 2017-2021
Data breach type
Total data breaches
Total breach losses ($)
BEC/EAC (email account compromise)
Personal Data Breach
Credit Card Fraud
Forbes Advisor can reveal that the most expensive type of data breach in the United States over the last five years has been business email compromise and email account compromises (BEC/EAC). In a BEC/EAC scam, criminals will send an email that appears to be from a known source, making a legitimate request, such as being asked by the CEO to purchase gift cards to distribute to employees. There were 94,620 data breach victims in total, with a total financial loss of $7,527,098,098.
Confidence or romance fraud is the second most expensive data breach in the United States, with 86,780 data breach victims and a total financial loss of $2,311,138,731. These scams typically occur when someone adopts a false online identity in order to gain the trust of the victim, but then asks for money. Over the last five years, 2021 was the worst year for these scams, with 21,021 cases reported, with California being the most affected state.
Investment data breaches rank third. Despite only having 26,388 reported cases over the past five years, financial losses due to these breaches has resulted in $1,717,576,571 in financial losses.
Non-payment or non-delivery is the fourth most expensive data breach in the USA, with 362,962 breaches in data and a financial loss of $950,596,596. Non-payment or non-delivery is when you don’t get paid if you ship off an item you have sold, or you don’t get an item you paid for. Non-payment or non-delivery was the most reported cybercrime in the US in 2020, with California being the most affected state with 13,151 data breaches in 2020.
Real estate or rental data breaches round out the top five, with a total of 55,377 breaches and $944,761,963 in financial losses. The real estate industry is not the first thing that comes to mind when discussing data security, but with important information such as bank accounts, contracts, and other details, the real estate industry has become a more attractive target for cyber criminals in recent years.
The most common type of data breach in the USA from 2017-2021
Data breach type
Total data breaches
No Lead Value
Personal Data Breach
Rob Watts, a Business Editor at Forbes Advisor shared his tips for trying to keep your data safe:
“All told, there is no single solution when it comes to protecting your data. True protection comes from a combination of the right software tools, building your knowledge on cyberthreats and establishing safe practices with your online activity. Many data breaches come as a result of human error, so it’s important to educate yourself in order to spot and counter threats”
- Forbes Advisor sought to determine how many Americans had suffered from the data breaches from the last five years, which data breach was the most common and finally which was the most expensive.
- To do so, data breaches that had occurred from 2017 to 2021 were obtained from the FBI’s Internet Crime Complaint Center. The source provides a comprehensive account of internet crime complaints in those years.
- All of the internet complaints for all 50 states in America were put together and analyzed.
- Then, the data breaches information was extracted from the report and grouped together in one table, which was then ranked from the highest to lowest in each state.
- Following this, the average losses per data breach were calculated and sorted from most expensive to least expensive.
- The data was collected on 06/06/22 and is accurate as of then.