In 2024, the frequency of cyberattacks and data breaches against organizations has increased at an alarming rate. Cybersecurity and technology leaders now face the daunting task of analyzing vast amounts of breach information, understanding the evolving tactics of threat actors, and learning from past incidents to safeguard their company’s data.
The Identity Theft Resource Center (ITRC) recently released its Data Breach Analysis report for the first half of 2024, covering the period from January 7 to June 30. This report provides detailed trends and statistics of data breaches during this timeframe.
The findings reveal a significant increase in data compromises compared to the previous year, with a dramatic rise in the number of victims affected. It also highlights the most impacted sectors and the methods employed by cybercriminals, offering a comprehensive overview of current cybersecurity challenges. This valuable information can help security executives better prepare and fortify their defenses against future threats.
A Massive Increase
The first half of 2024 saw a notable increase in data breaches compared to the same period in 2023. There were 1,571 reported compromises, marking a 14% rise from the previous year.
These breaches have impacted approximately 1.07 billion individuals, a significant jump from 2023’s 12-month total of just over 418 million. The increase is partly attributed to a few large-scale breaches that dramatically skewed the numbers. As an example, the Prudential Financial breach, initially estimated at 36,000 victims, was later revised to 2.5 million. Similarly, Infosys McCamish System’s breach count rose from 84,000 to 6 million.
The largest single breach of the year thus far is accredited to the credential stuffing attack on Snowflake cloud service customers, affecting over 900 million individuals, and several major businesses such as Ticketmaster and Advance Auto Parts.
Industry Specific Trends
Data breaches impacted various sectors differently. The financial services industry experienced the highest increase in breaches, with a 67% year-over-year jump, making it the most compromised sector in the first half of 2024. Surprisingly, healthcare, previously the most targeted segment for six years, saw a 37% decrease in breaches, dropping to the second position.
The sectors with the most significant victim counts included:
- Financial Services: 407 compromises, 28,414,934 victims
- Healthcare: 236 compromises, 26,885,828 victims
- Retail: 46 compromises, 384,019,001 victims
- Government: 74 compromises, 9,376,758 victims
ITRC H1 2024 Data Breach Analysis
Methods of Attack
Cyberattacks were the leading cause of data breaches in the first half of 2024, with a total of 1,226 incidents. This represents a significant portion of the overall data breaches, with much smaller percentages coming from instances of human error and supply chain attacks.
Here’s a breakdown of the primary attack tactics identified in these incidents:
- Phishing/Smishing/BEC: There were 212 incidents reported, showing the continued reliance of cybercriminals on social engineering techniques to deceive individuals into providing sensitive information.
- Ransomware: Accounting for 108 incidents, ransomware remains a major threat, where attackers steal and encrypt data, and then demand a ransom for its release.
- Malware: There were 23 reported incidents involving malware, where malicious software was used to infiltrate systems and extract data.
- Credential Stuffing: This method, involving the use of stolen credentials to gain unauthorized access, accounted for 16 incidents, including the largest breach of the year, the Snowflake attack.
A significant concern is a high number of “non-specified attacks”, which totaled 839 incidents, meaning the attack method data has not been properly shared or identified. This lack of detailed reporting poses a substantial risk, as it hampers the ability to learn and develop targeted defenses against specific threats.
Wait..my Drivers License?
A notable trend in the first half of 2024 was the increased theft of Driver’s License information, which was stolen in 25% of data breaches. This reflects a 23% rise in identity misuse cases reported in 2023.
The pre-pandemic total of such breaches in 2019 was 198, which grew to 636 in 2023, and reached 308 in the first half of 2024. Sectors like Financial Services, Healthcare, Professional Services, Manufacturing, and Government were the top sources of compromised Driver’s License data.
The Wrap
The ITRC H1 2024 Data Breach Analysis offers a sobering look at the evolving tactics and increasing frequency of data breaches businesses faced in the first half of 2024. With a significant rise in both the number of breaches and the sheer volume of affected victims, it’s evident that cyber threats are growing more sophisticated and pervasive across multiple sectors.
The report underscores the critical need for organizations and security leaders to be aware of this year’s common trends, implement effective security measures, and foster a culture of vigilance to identify and mitigate incoming data breaches.
By addressing these pressing challenges head-on, organizations can significantly improve their cybersecurity readiness and resilience, and reduce their risk of becoming a statistic in future ITRC Data Breach Analysis reports.