You’re not imagining things if it feels like there have been more notifications about hacks or victims of data breaches lately.
The number of data breach victims has surpassed 1 billion for the first half of 2024, according to the Identity Theft Resource Center. That’s a 409% increase from the same period last year: 1.07 billion victims compared to 182.65 million in the first half of 2023.
A majority of the victims were from compromises announced or updated in the most recent quarter. There were 1.04 billion new victims in the second quarter compared to 37.68 million in the first quarter, according to the San Diego, California-based nonprofit’s Data Breach Report.
“The takeaway from this report is simple: Every person, business, institution and government agency must view data and identity protection with a greater sense of urgency,” Eva Velasquez, president and CEO of the Identity Theft Resource Center, said in a news release.
How did we get to 1 billion data breach victims?
Last year was already record-breaking for data companies, but the trends from the first half of this year have shown a major jump in victims, said Identity Theft Resource Center’s Chief Operating Officer James Lee.
“While the victim count is eye-popping, keep in mind this includes people who are impacted by more than one breach,” Lee said.
“Also, about 1 billion of the victims are related to a handful of mega-breaches such as Ticketmaster and Advanced Auto Parts but do not include a victim count from the Change Healthcare supply chain attack since none have been reported yet,” he said, referring to a breach announced in February of a subsidiary of United Healthcare that processes one-third of all U.S. patient health records.
There was also a 23% increase in stolen driver’s license information in the first half of 2024 compared to the same period in 2023, Lee said.
While a small number of data breaches with very large numbers of victims skew the figures, there was still an increase in data compromises, the ID Theft Center said.
There were 1,571 data breaches reported in the first half of 2024, a 14% increase compared to the same period in 2023. Last year set a record for data events reports in a single year with 3,203 breaches.
“It’s fair to say that the trends we saw in 2023 that led to a record-high number of compromises in a single year are continuing and some are accelerating, like the increase in stolen driver’s license information,” Lee said. “Consumers need to be hyper-vigilant in practicing good cyber-hygiene and make sure their loved ones are too.”
What are some recently reported data breaches?
- A lawsuit was recently filed against Lurie Children’s Hospital after a February cyberattack shut down the medical center’s systems for months. In the federal lawsuits, parents said their children experienced “actual harm” because of the attack, and the hospital waited too long to inform the 800,000 victims of the data breach.
- In June, Change Healthcare, a subsidiary of UnitedHealth Group, started notifying hospitals, insurers and other customers who may been exposed to its massive cyberattack. The company provides technology used to submit and process billions of insurance claims a year.
- In May, the University of Chicago Medical Center said an email hack of its workers may have exposed patient’s personal information. The unauthorized access to a “small number” of workers was made between Jan. 4 and Jan. 20. About 10,300 people, including patients, their family members and others who received care from the medical center may have been impacted, according to a memo the hospital sent to employees.
- A ransomware attack in May forced hospital group Ascension’s computer systems offline and led it to divert ambulances away from some of its emergency departments, including one in the Chicago area. Ascension said that it was the victim of a “cybersecurity event” after noticing “unusual activity” on its computer network.
- The Ticketmaster breach has an estimated 560 million victims, based on unverified information from the threat actor claiming responsibility for the attack, which accessed customers’ personal information. Ticketmaster, in a mandatory breach notification filing, has said there are more than 1,000 customers affected. The ID Theft Center used the 560 million number for its report.
- The Advanced Auto Parts breach had 380 million victims’ sensitive records exposed in April and was reported in June, according to the ID Theft Center’s custom data breach search database.
- A leak of 10 billion passwords — a combination of old and newly acquired passwords — were uploaded to a hacker site on July 4. Dubbed the RockYou2024 leak, the breach was reported after June 30, so it will be included in the data breach numbers for the third quarter of 2024, Lee said.
Tips to protect yourself
Here are some tips from the Identity Theft Resource Center to improve your online security:
- Use multi-factor authentication. Two-factor authentication or multi-factor authentication adds an extra layer of protection to your account through another verification method, like a text code, phone call or through an app.
- Use unique passphrases for every account. Use a 12+ character passphrase, or phrase unique to you, instead of an 8-character password. Also, do not re-use the same passphrase for multiple websites or accounts.
- Use secure payment methods online. Only shop trusted websites and use trusted payment methods. If you shop at an unfamiliar site, use a payment method that has a dispute resolution process, like a credit card or PayPal.
- Never open a link from an unknown source. Don’t click on links or download attachments via email or text unless you are expecting something from a person or business you know.
- Log out of accounts when you are done. Always log out of accounts online or on your cell phone so no one can gain access if they get your device.
- To protect your physical documents, cards and devices, secure them in a safe location and consider a digital wallet such as ApplePay or Google Pay. Use a cross-cut shredder to shred documents with personally identifiable information.