Report by Identity Theft Resource Center

2024 Annual Data Breach Report

16 FINDINGSPublished Jan 1, 2025
View Original Report →

Key Findings

New Securities and Exchange Commission breach disclosure rules resulted in a 60% increase in disclosures in 2024, however, less than 10% of the notices included details of the event.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

74% of the breach organisations did not list an attack vector in a breach notice.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

Approximately 70% of cyberattack-related breach notices did not include attack information in 2024, compared to 58% in 20232. In 2019 and prior years, nearly 100% of breach notices included attack vector information.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

At least 196 compromises and more than 1.2 billion victim notices could have been prevented with better cyber practices.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

Stolen credentials were the leading attack vector in 133 cyberattacks against publicly traded companies.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

40% of states have enacted comprehensive privacy laws to better protect consumers.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

Data compromises in the U.S. in 2024 decreased by 1% compared to 2023, with 3,158 compromises in 2024 and 3,202 in 2023.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

The number of data breach notices issued in 2024 increased by 312% compared to 2023, rising from 419,337,446 to 1,728,519,397.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

Supply chain attacks directly impacted 134 organizations and indirectly impacted 657 entities, resulting in 203 million victim notices. At least 190 million notices were related to the Change Healthcare breach.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

Excluding the six mega-breaches, the number of victim notices in 2024 decreased by 36% compared to 2023.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

The Financial Services industry was the most breached in 2024, followed by Healthcare, Professional Services, Manufacturing and Technology.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

Six "mega-breaches" accounted for more than 1.4 billion of the 1.7 billion victim notices issued in 2024.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

Publicly traded companies represented only 7% (221 companies) of all compromised organizations but issued 76% of victim notices in 2024.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

Better cyber practices and requirements could have prevented at least 196 compromises and more than 1.2 billion victim notices.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

Publicly traded companies represented only 7% (221 companies) of all compromised organisations, but issued 76% of victim notices in 2024

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025

Of the 133 cyberattacks against publicly traded companies resulting in a data breach notice, a stolen credential was the leading attack vector.

Identity Theft Resource Center2024 Annual Data Breach Report·Jan 1, 2025