The Identity Theft Resource Center® (ITRC) has released its H1 2024 Data Breach Report & Analysis, revealing that Q2 of 2024 tracked over 1 billion data breach victims, a massive jump of 1,170 percent from Q2 of 2023.
Additionally, findings in the report include:
- 732 publicly reported data compromises in Q2 this year – a 12 percent decrease from Q1
- 1,571 compromises in H1 of 2024 – a 14 percent increase compared to H1 2023
- 490% increase in data breach victims H1 2024 (1,078,989,742) vs. H1 of 2023 (182,645,409)
- Majority of the victims in H1 2024 were from compromises announced and/or updated in Q2 2024 – (37,677,141 in Q1 vs. 1,041,312,601 in Q2)
The report explains that the majority of victims in H1 2024 were from compromises discovered in Q2 or from Q1 breaches whose stats were updated in Q2, citing breaches such as:
- Prudential Financial originally notified the U.S. Securities and Exchange Commission of a breach in February 2024 that impacted an estimated 36,000 victims and later revised the victim count in June 2024 to two-point-five (2.5) million.
- Infosys McCamish System revised their estimated victim count from ~84,000 in February’s notice to six (6) million.
- Credential stuffing attacks that targeted customers of the Snowflake cloud service accounted for more than 900 million of the victims reported in Q2.
Eva Velasquez, President and CEO of the Identity Theft Resource Center, stated that the key takeaway from the report is simple: every person, business, institution and government agency must view data and identity protection with a greater sense of urgency.
“The findings in the H1 2024 Data Breach Analysis are eye-opening for many different reasons. The estimated victim count is up significantly, primarily due to a small number of very large data events skewing the numbers. What is clear, though, is the fact the trends we saw emerge in 2023 that led to a record-breaking year in compromises are continuing into 2024. In some cases, such as the number of organizations impacted by supply chain attacks and the number of entities that did not list the root cause of a breach, the trends accelerated through the first half of the year.” – Eva Velasquez
Key findings surrounding the type of attacks and industries affected include:
- “Not Specified” remained the most reported cause of a cyberattack listed in breach notices issued in H1 2024 (68 percent).
- Attacks against financial services companies jumped 67 percent year-over-year, making it the most compromised industry in H1 2024.
- Reported compromises increased in ten (10) of the 16 industries tracked by the ITRC. However, compromises reported by healthcare entities decreased year-over-year by 37 percent. The decrease knocked healthcare from the most targeted industry to the second most frequently compromised for the first time in six years.
- Increased value and use of stolen Driver’s License information – driver’s license data was stolen in 25 percent of data breaches based on notices issued in H1 2024, reflecting a post-pandemic trend related to the increased use of Driver’s Licenses for identity verification in a wider variety of transactions. The number of data breaches where driver’s license data was stolen totaled 198 instances in pre-pandemic, full-year 2019 compared to 636 in full-year 2023 and 308 through June 30, 2024.
