The alarming rise in data breaches is making 2024 a record-breaking year for cybercriminals seeking valuable information. On average, each data breach exposing sensitive information, such as Social Security numbers, affects around 172,000 victims, according to a ConsumerAffairs analysis of the Identity Theft Resource Center’s database from 2018 through the first quarter of 2024. Consumers must increasingly check if their information is secure elsewhere due to heightened vulnerability to identity theft scams. Publicly reported data breaches in the first quarter of 2024 totaled 841, nearly doubling from the previous year, indicating a significant upward trend that threatens to surpass last year’s record of 3,203 data breaches.
1. Key Insights on Data Breaches
Hospitality, financial services, and healthcare companies are the leading industries for data breach victims who have their sensitive records exposed. Privacy experts note that the vast majority of cyberattacks leading to data breaches are going unreported, increasing the risk for consumers. Vulnerabilities in the cloud, vendor exploitation, and new types of ransomware are making data breaches more threatening. These trends suggest that 2024 could outpace previous records, as cybercriminals relentlessly pursue valuable data while organizations struggle to keep up with evolving threats.
2. Millions of Consumers Have Been Victims of Data Breaches
In the first quarter of 2024, the largest data breach occurred at mortgage lender LoanDepot, exposing nearly 17 million victims. This incident marks the company’s second major breach since 2018, totaling around 33.5 million victims. Financial services, such as LoanDepot, have now overtaken healthcare as the industry with the most data breaches, recording 224 notices compared to healthcare’s 124 notices. Since 2018, hospitality industries have led in data breaches due to significant incidents like the Marriott breach in November 2018, which compromised up to 383 million guest records. The technology sector, with around 126 million victims, closely follows financial services and healthcare, reflecting the high value of data managed by these industries.
3. Cybercriminals Targeting the Information They Want
As the number of successful attacks rises, the number of victims is paradoxically falling. Privacy experts attribute this shift to cybercriminals focusing on more targeted assaults for specific kinds of valuable information, rather than grabbing as much data as possible. These targeted attacks have resulted in fewer individuals being impacted, even as the total number of data breaches continues to increase. This trend highlights the increasingly sophisticated strategies employed by cybercriminals to extract high-value data more efficiently, posing a growing threat to consumers and organizations alike.
4. Emerging and More Sophisticated Threats
Data breaches are on the rise as new types of cyberattacks emerge, including cloud vulnerabilities, advanced ransomware, and vendor exploitation. The cloud stores approximately 60% of corporate data, but many companies lack long-term security experience in this area. The National Security Agency has noted issues with cloud misconfiguration, where organizations unknowingly leave back doors accessible to hackers. Ransomware has evolved to not only lock up computer systems but also make copies of private information, with cybercriminals threatening to publish it as blackmail. Additionally, cybercriminals increasingly target third-party vendors to access data, as evidenced by the 2023 MOVEIt data breach. These factors, combined with the ease of purchasing attack software and information on the dark web, have contributed to the rise in data breaches.
5. Increased Risk and Rising Cybercriminal Activity
The dark web continues to be a hotbed of activity for cybercriminals, who place high value on Social Security numbers and other key personal information. The information being bought and sold has expanded to include home equity data and cryptocurrency wallets. New technology has enabled cybercriminals to crack passwords in just minutes, making multifactor authentication more critical than ever. However, research shows that only 65% of companies protect some of their users with multifactor authentication. Despite new regulations on data privacy, companies still need to do more to safeguard consumer data effectively.
6. Not Enough Data on Data Breaches
Despite the rise in data breaches, there is still insufficient data on the extent of the problem. Companies often remain unaware of cyberattacks for months and must navigate a patchwork of state regulations with varying requirements for reporting breaches. The lack of uniform reporting has left the public with an incomplete picture. Federal Trade Commission expanded reporting requirements aim to bridge this gap by requiring nonbanking financial institutions to report data breaches impacting 500 or more people within 30 days of discovery. This rule should provide better insight into when and where data breaches are occurring and encourage companies to implement stronger safeguards to protect consumer data.
7. Where Data Breaches Happen
Maryland leads the U.S. in data breaches, with almost 390 million victims since 2018, accounting for 30% of all victims during that period. Texas and California follow, with around 130 million and 120 million victims, respectively. These states’ high rankings are largely because many companies are based there or are close to government agencies housing vast amounts of data. However, more uniform reporting requirements are necessary to develop a clearer understanding of where breach victims live. Inconsistencies in reporting laws between states contribute to an incomplete picture of the geographic scope of data breaches.
8. Federal Privacy Legislation and State Laws
Although existing laws and reporting requirements offer some protection, they fall short in many areas. For example, companies don’t always disclose breaches when they pay cybercriminals to prevent data from being published or sold. Federal privacy legislation requiring notifications could address these gaps, but the passage of such laws has proven challenging. Some progress has been made with state-level laws, such as the California Delete Act, which allows residents to request their personal information be erased from data brokers. However, concerns remain that federal legislation could prevent states from passing stronger privacy laws.
9. Review the Notification
In the event of a data breach, companies should send out a notification letter to victims. This letter will provide essential details about the exposed data and the steps the company recommends you take. By carefully reviewing this information, you will better understand the breach’s impact and know what measures to implement immediately to protect yourself from further repercussions.
10. Freeze Your Credit
One of the most crucial steps you can take following a data breach is to contact each of the three major credit bureaus: Experian, Equifax, and TransUnion. Request a credit freeze to prevent criminals from opening new accounts or taking out lines of credit in your name. This measure provides an additional layer of security, making it considerably harder for cybercriminals to exploit your stolen information.
11. Monitor Your Credit
After a breach, some companies offer free credit monitoring services to the affected individuals. It’s important to take advantage of these services to keep a close watch on your credit report for any suspicious activities. These monitoring services can help detect early signs of identity theft and fraudulent activities, allowing you to take prompt action to mitigate potential damage.
12. Update Passwords
Updating your passwords is a critical response to a data breach. Change passwords associated with the affected accounts and any other accounts where you used the same or similar passwords. Ensure that the new passwords are strong, unique, and not easily guessable. Avoid reusing passwords across multiple accounts to reduce the risk of further compromise.
13. Use a Password Manager
Consider using a password manager, like LastPass or the built-in services available in web browsers such as Google Chrome and Microsoft Edge. These tools can generate and store strong, unique passwords for all your accounts, reducing the likelihood of password-related security breaches in the future. A password manager can simplify the process of maintaining numerous secure passwords, enhancing overall online security.
14. Opt Out of Data Collection
If your state grants the right, you can opt out of data collection by contacting the services you use. By requesting that your data not be collected for use by third parties, you can minimize the amount of personal information available to potential cybercriminals. This proactive step helps reduce your exposure to future data breaches and enhances personal privacy.
15. Request Data Deletion
The dramatic increase in data breaches is propelling 2024 to be a record-setting year for cybercriminals targeting valuable information. Each data breach exposing sensitive information, such as Social Security numbers, impacts approximately 172,000 victims on average. This is based on a ConsumerAffairs analysis of the Identity Theft Resource Center’s database spanning from 2018 to the first quarter of 2024. As identity theft scams become more prevalent, consumers must more frequently verify if their personal information is safe. In the first quarter of 2024 alone, there were 841 publicly reported data breaches, nearly doubling from the prior year. This worrisome trend suggests that this year might far exceed last year’s record of 3,203 data breaches.
The implications of this upward trend are profound. Cybercriminals are becoming increasingly sophisticated, and the sheer volume of data breaches signals an urgent need for better cybersecurity measures. Businesses, governments, and individuals all face mounting pressures to safeguard sensitive information. The financial and emotional toll on victims of data breaches is significant, often leading to long-term consequences such as loss of trust, financial hardship, and emotional distress. As society becomes more digital, the importance of robust cybersecurity protocols cannot be overstated. The goal is not just to protect data but to ensure that personal and professional lives are not unduly affected by the devastating impacts of cybercrime.
