- I tested every Lenovo laptop released at MWC - and these are the very best
- VMware ESXi gets critical patches for in-the-wild virtual machine escape attack
- The 3 biggest opportunities you'll regret ignoring in 2025
- How to generate random passwords from the Linux command line
- 5 easy Gemini settings tweaks to protect your privacy from AI
Mega Data Breaches Push US Victim Count to 1.7 Billion
A near-record number of data compromises in 2024 resulted in over 1.7 billion US breach victims, according to the Identity Theft Resource Center (ITRC).
The non-profit tracked publicly recorded data breaches and leaks nationwide to compile its 2024 Annual Data Breach Report.
It revealed 3158 data “compromise” incidents – including breaches, exposures and leaks. This is just 44 events short of the all-time high recorded in 2023.
These resulted in 1.73 billion breach notifications being sent out to victims, 85% of which stemmed from mega breaches of over 100 million records.
These included the Snowflake-linked incidents at Ticketmaster (560 million), Advance Auto Parts (380 million), DemandScience (122 million) and AT&T (110 million) as well as the Change Healthcare breach, which was recently revised upwards by the company to 190 million records.
For the first time since 2018, healthcare was not the most breached industry. Although it accounted for 536 compromises, the top spot went to financial services (737).
Read more on data breaches: US Data Breach Victim Numbers Surge 1170% Annually
Cyber-attacks accounted for the vast majority of compromises (80%) and breach notifications (93%), followed by system and human error, supply chain attacks and physical attacks.
Stolen and compromised passwords accounted for several of the mega breaches, meaning that they could have been prevented with multi-factor authentication (MFA), ITRC argued.
The report claimed that better cyber hygiene could have prevented at least 196 compromises and more than 1.2 billion victim notices.
Victims Still Lacking Details
Disappointingly, 70% of cyber-attack-related breach notices did not include any contextual information for victims, compared to 58% in 2023 and 100% in 2019. Two-thirds (65%) of all breach notices in 2024 didn’t contain attack vector details.
“With a near-record number of compromises and over 1.7 billion victim notices, often tied to inadequate cyber practices, we are also seeing an increase in notices that provide limited actionable information for victims,” said ITRC CEO, Eva Velasquez.
“On a positive note, 40% of states have enacted comprehensive privacy laws to better protect consumers.”
Although new SEC breach disclosure rules resulted in a 60% increase in disclosures in 2024, less than 10% of notices included details of the event, the report noted.
The continued opacity of breach notifications make it harder for individuals and businesses to determine their risk exposure following a compromise.
