Every year, the Identity Theft Resource Center (ITRC) publishes its Data Breach Report, and every year, the numbers tell a familiar story: breaches are still rampant and personal data is still getting exposed.
The statistics and trends revealed in the ITRC’s 2024’s Data Breach Report help us understand where we are, where things are headed, and—most importantly—what we can do about it.
The Big Picture: 2024 Was a Year of Massive Exposure
If there’s one number you take away from the report, it’s 3,158.
3,158 data compromises were recorded in 2024, just 44 short of the all-time high set in 2023. While the total number of breaches did not increase, the number of victim notices skyrocketed by 312%—meaning the scale of each breach is growing.
In fact, six “mega-breaches” accounted for 85% of all victim notices in 2024.
The Biggest Data Breaches of 2024
- Ticketmaster – 560 million victim notices
- Advance Auto Parts – 380 million victim notices
- Change Healthcare – 190 million victim notices
- DemandScience – 121 million victim notices
- AT&T – 110 million victim notices
Although these massive incidents were the stars of the show last year, the reality is that thousands of smaller breaches are happening constantly, many of which go unnoticed by the public.
What’s Changing? Key Trends from the Report
1. Companies Won’t Tell Us How They Got Hacked
70% of cyberattack-related breach notices in 2024 failed to disclose how the attack happened—a significant jump from 58% in 2023. This lack of transparency makes it more difficult for other companies to learn and strengthen defenses.
2. Financial Services Overtakes Healthcare as the #1 Target
For the first time since 2018, the Financial Services sector suffered more breaches than Healthcare. Although this could indicate improvements in healthcare security, it’s more likely that there’s been a shift in attacker focus. Banks, insurance providers, and payment processors hold valuable data and may be more vulnerable than the healthcare sector that has endured innumerable attacks in the past years.
3. Credential-Based Attacks Are Still the Top Problem
Four of the six biggest breaches in 2024 were caused by stolen credentials—something that could have been prevented through Multi-Factor Authentication (MFA) and passkeys. According to the report, 94% of all devices now support passkeys, but adoption is slow, and companies continue to rely on passwords that attackers can guess or steal.
4. AI is Helping Hackers—But Also Defenders
While no breaches were officially attributed to AI-powered attacks, it’s clear that AI is being used to enhance phishing attempts, automate attacks, and find vulnerabilities faster than ever. At the same time, AI-powered security tools are improving at detecting threats, creating an ongoing arms race between attackers and defenders.
Read more on the historical context, what needs to change, and the importance of Zero Trust security models on our blog.
Top comments (0)