Over 1.7 billion individuals fell victim to data breaches in 2024, with weak security measures and a lack of multifactor authentication driving record-breaking exposures.
What happened
More than 1.7 billion individuals had their personal data compromised in 2024, marking a 312% increase in breach victim notices compared to 2023. According to the Identity Theft Resource Center (ITRC) Annual Data Breach Report, data compromises remained nearly as high as the previous record-breaking year, with only a slight 1% decrease.
Cyberattacks accounted for 80% of data breaches, with six major breaches exposing over 100 million records each. The largest breaches occurred at Ticketmaster (560 million records), Advance Auto Parts (380 million records), and Change Healthcare (190 million healthcare records), among others.
Going deeper
A few large-scale breaches drove the massive increase in victim notices, with six incidents responsible for 85% of all breach notifications in 2024.
While the number of reported healthcare data breaches slightly declined (from 747 in 2023 to 721 in 2024), the number of breached records soared to over 247 million due to the Change Healthcare breach. Notably, healthcare, historically the top industry for data compromises, fell to second place behind financial services for the first time since 2018.
Despite increasing breaches, many incidents could have been prevented. Four of the biggest breaches (Ticketmaster, Advance Auto Parts, Change Healthcare, and AT&T) stemmed from compromised credentials on accounts without multifactor authentication (MFA), leading to 1.24 billion preventable record exposures. Additionally, 29 cyberattacks in 2024 were caused by credential stuffing, another risk that MFA could have mitigated.
What was said
Cybersecurity experts at ITCR warn that weak security measures are making data breaches more severe. One major issue is the lack of MFA, leaving sensitive patient data vulnerable. To address this, the proposed HIPAA security rule update aims to make MFA a requirement for healthcare organizations, strengthening protections against unauthorized access.
The big picture
Data breaches are not just a cybersecurity problem. They represent a fundamental breakdown in how companies handle and protect personal information. Without strong federal privacy laws, individuals face inconsistent protections that leave them vulnerable. Until stronger regulations and accountability measures are in place, personal data will continue to be treated as an afterthought rather than a right worth protecting.
FAQs
How do data breaches typically occur?
Data breaches often result from cyberattacks, such as phishing, malware, and credential theft. Weak security practices, like reusing passwords and lacking multifactor authentication (MFA), also make breaches more likely.
What personal information is usually exposed in a breach?
Depending on the breach, exposed data can include names, addresses, Social Security numbers, financial details, medical records, and login credentials. In some cases, even biometric data is compromised.
How can individuals protect themselves after a breach?
If your data is exposed, immediately update passwords, enable MFA on accounts, monitor financial statements, freeze credit if necessary, and stay alert for phishing attempts using your stolen information.
Farah Amod
