Mining, Quarrying, and Oil & Gas Extraction + Utilities (21 + 22)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.



143 incidents, 47 with confirmed data disclosure

Top patterns


System Intrusion, Basic Web Application Attacks and Miscellaneous Errors represent 81% of breaches

Threat actors


External (80%), Internal (20%) (breaches)

Actor motives


Financial (63%-93%), Espionage (4%-32%), Grudge (1%-21%), Ideology (0%-15%), Convenience/Fear/ Fun/Other/ Secondary (0%-7%) each (breaches)

Data compromised


Personal (50%), Internal (33%), Other (26%), Credentials (24%) (breaches)

What is the same?


System Intrusion and Basic Web Application Attacks remain significant causes for concern in this industry.



Ransomware is responsible for approximately one out of three breaches in this vertical. Social Engineering, in spite of its overall rise, has decreased in this industry.

Dig around and find out. 

Due the smaller number of incidents and breaches reported to us from NAICS 21 and 22, we have to dig deep (pun intended) at times to have a statistically relevant population. Even so, because of the smaller sample size we are sometimes still forced to use ranges rather than definite percentages. However, as both these sections are considered critical infrastructure and are not too dissimilar, we do our best to find useful and interesting nuggets where we can. Are you a member of these industries? If so, please consider becoming a DBIR contributor to help us provide more useful analysis. 

The number one pattern this year is System Intrusion. If you have been reading the other sections, you will know that this in no way makes those in this vertical the Lone Ranger. As stated in the patterns section, the System Intrusion pattern is made up of more complex, multistep attacks as opposed to the “get in, grab the loot and scram” type of attacks. Specifically, most ransomware attacks fall into System Intrusion, and approximately one out of three breaches (32%) in this industry were ransomware attacks (Figure 57). Given the high rate of success of ransomware (along with the fact that attackers often take data before they encrypt it, and they do love to post it on their leak sites), seeing so much of it in critical infrastructure verticals is a matter for concern.

2023 Data Breach Investigations Report

Last year we commented on the high number of breaches in this vertical that fell into the Social Engineering pattern. This year it has dropped out of the top three completely with Basic Web Application Attacks and Miscellaneous Errors coming in at number two and three. In fact, Social Engineering dropped out of the top five. This is mildly surprising due to the uptick we are seeing in phishing and pretexting in other industries. Maybe the criminals don’t want to have to actually interact with others to steal money? We can certainly understand that. 

When it comes to what the threat actors are taking, personal data accounts for half, and there was a substantial rise in Internal data (33% this year as opposed to 9% last year, as shown in in Figure 58). This may be tied to the name and shame ransomware attacks mentioned on the previous page.

2023 Data Breach Investigations Report

Let's get started.