In 2024, the Identity Theft Resource Center (ITRC) reported a near-record number of data breaches, with over 1.7 billion individuals affected. The non-profit tracked 3,158 data compromises across the United States, a figure just short of the 2023 record. These breaches, which include exposures, leaks, and attacks, were responsible for the widespread dissemination of breach notifications. Notably, 85% of these incidents stemmed from large-scale breaches involving over 100 million records, such as those linked to Snowflake, Ticketmaster, Advance Auto Parts, and AT&T.
While healthcare was previously the most targeted industry, financial services took the top spot in 2024, accounting for 737 breaches. Healthcare compromises dropped to second place, with 536 incidents recorded. Cyber-attacks dominated as the leading cause of these breaches, accounting for 80% of incidents and 93% of breach notifications. The report highlighted that many of these breaches could have been prevented with stronger cyber hygiene practices, particularly the use of multi-factor authentication (MFA) to safeguard passwords.
The report also revealed a concerning trend in breach notifications, where 70% of notices lacked critical information for victims, such as contextual data about the attack. This marked a worsening trend compared to previous years, with 58% of notices in 2023 and no notices in 2019 failing to provide such details. Although new SEC breach disclosure rules led to a 60% increase in disclosures, the quality of the notifications remained inadequate, with fewer than 10% providing specific details about the event. This lack of transparency makes it harder for individuals and businesses to assess their risk and take necessary precautions.
Despite the troubling increase in breaches, some progress has been made in terms of consumer protection. Forty percent of U.S. states now have comprehensive privacy laws in place to safeguard citizens’ data. However, the continued rise in data breaches and the insufficient information in breach notices emphasize the need for stronger cyber hygiene and improved regulatory measures to protect consumers in the face of escalating cyber threats.
