Number of data breach victims goes up 1,000%

Nope, that headline’s not a typo. Over one thousand percent.

The Identity Theft Resource Center (ITRC) tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 (81,958,874 victims).

The ITRC is a national non-profit organization set up with the goal of minimizing the risk and mitigating the impact of identity compromise. Through public and private support, it provides no-cost victim assistance and consumer education.

The vast majority of that rise in numbers in due to a few very large compromises. The ITRC mentions Prudential (2.5 million people) and Infosys McCamish Systems (6 million people) as main contributors.

Because both of these breaches were announced/updated in the second quarter of 2024 they have a huge impact on the numbers. When we compare the number of data breach victims in the first half of 2024 (H1 2024) then we see an increase of 490 percent compared to the first half of 2023. Which is still significant and worrying.

The ITRC broke down some of the numbers to show them in an infographic.

ITRC infographic
Infographic by ITRC

Some notable statistics we can derive from the infographic:

  • Almost 90% of the compromises in H1 2024 are due to data breaches.
  • Financial services had the most breaches, followed by healthcare.
  • The largest data breaches in number of victims are Ticketmaster, Advance Auto Parts, and Dell.
  • 80 supply chain attacks accounted for 446 affected entities and over 10 million victims.

Another trend the ITRC highlights is the increase in stolen driver’s license information. Mostly caused by a post pandemic trend to use driver’s license information for identity confirmation. This has increased both the chances of this information being included in a breach, and increased the value of that information to thieves.

The number of data breaches where driver’s license data was stolen totaled 198 instances in pre-pandemic, full-year 2019 compared to 636 in full-year 2023 and 308 through June 30, 2024.

Most of the data breaches are not the result of negligence but of targeted cyberattacks. This explains the rising demand for data deletion services. Not only does it play a significant role in safeguarding privacy rights on the business side, it also helps avoid or lessen the legal consequences of a breach.

ITRC president and CEO Eva Velasquez summarized the report like this:

“The takeaway from this report is simple. Every person, business, institution and government agency must view data and identity protection with a greater sense of urgency.”

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims and verify the identity of anyone who contacts you using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your exposure

Looking at the numbers in the ITRC report, it’s likely you’ve had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan, and we’ll give you a report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.


Summer mega sale

Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!

https://blog.malwarebytes.com/feed/

Leave a Reply