Q3 Sees 8% Fall in Data Compromises; 77% Reduction in Victims
This year was on track to set a new record for data compromise incidents; however, there has been some good news – data compromises are down 8% from Q2, 2024, according to the latest data from the Identity Theft Resource Center (ITRC). In Q3, 2024, there were 672 publicly reported data compromises, which bring the running total for the year to 2,242 data compromise incidents – 70% of the total for all of 2023. That makes it unlikely that 2024 will set a new record for data compromises, although ITRC predicts that the annual compromise rate will be only slightly below last year’s record. The number of individuals affected by data compromise incidents in Q3, 2024 fell by 77% from the previous quarter, with 241,889,316 individuals confirmed as having their personal data compromised.
Out of the 672 known compromises, 615 were data breaches affecting a total of 141,022,573 individuals and 6 were data exposure incidents involving the data of more than 100 million individuals. The latter includes a misconfiguration at the data broker MC2 Data, which primarily supplies data for background checks. While the misconfiguration exposed the sensitive data of around 100 million individuals, there was no evidence that any bad actors found and downloaded the data. The ITRC figures include 50 unknown compromises with 852,743 individuals affected and 1 data leak.
Financial services experienced the most data compromise incidents in Q3, 2024 with 141 confirmed incidents, closely followed by healthcare with 123 confirmed data compromises. They include two of the top five data compromise incidents of the quarter – the 4.3 million-record data breach at HealthEquity Inc. and the cyberattack on Acadian Ambulance Service, which affected almost 2.9 million individuals. They were the 2nd and 4th largest healthcare data breaches of the year, excluding the ransomware attack on Change Healthcare. Despite the Change Healthcare cyberattack occurring in February 2024, the number of affected individuals has still not been confirmed. A further two breaches of healthcare data made the top 10 – the 2.2 million record data breach at Rite Aid and the 954K-record data breach at Young Consulting.
While it is unlikely that last year’s data compromise record will be broken, that may not be the case in terms of victims. The total number of victims for the year to September 30, 2024, is 1,323,973,841, well above the 419,040,609 victims in all of 2023 and just shy of the 1,825,413,935 victims for all of 2017. In Q3, 2024, 3,997,594 individuals had their data compromised across the 123 healthcare data breaches, well below the 17,758,006 individuals affected by healthcare data breaches in Q3, 2023.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Q3 saw a significant increase in supply chain attacks after decreases in the first two quarters. In Q3, 2024, 91 organizations were impacted by supply chain attacks, more than three times the number in Q2, 2024. The most common root cause of data compromises in Q3, 2024 was cyberattacks (549) followed by phishing/smishing/BEC attacks (104), and system/human error (67%), with the caveat that the root cause of the data compromise was not specified in 382 incidents.
“While we will likely not set a new record for the number of data compromises in a single year as we did in 2023, there are some interesting trends in the Q3 2024 Data Breach Report,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “In particular, the number of businesses reporting multiple data breaches in the past 12 months and the return of mega-data breaches that impact more than 100 million people. These trends prove that businesses must continue to prioritize data and identity protection, and consumers must take the steps needed to make their information less valuable to criminals.”
