"The reason the victim count is so high is because the number of data breaches is increasing, leading to more people receiving multiple data breach notices," said James E. Lee, chief operating officer of the resource center. "More than 80% of U.S. adults have received at least one breach notice in the past 12 months, according to research we'll publish in October."
There were 1,571 data compromises in the first half of 2024, impacting nearly 1.08 billion total victims, a figure that includes people who appear in more than one publicly-reported data breach notice, according to the resource center.
By comparison, in 2023 there were 418.7 million victims in 3,203 data compromises.
The total number of data compromises in the first six months of this year is 14% higher than the same period in 2023, according to the resource center, a non-profit that tracks publicly reported incidents of compromised personal information and consumer data in the U.S. and also offers online assistance for people with questions about identity theft, scams and other cybercrime issues
In 2023 there were more data breaches and other compromises of personal information and consumer data in the U.S. than ever before, according to last year's annual report from the resource center.
One of the largest data compromises in 2023 involved the cyberattack on MOVEit, a file transfer software tool owned by Progress Software, that impacted a wide variety of companies and organizations, including Dayton-based CareSource and Premier Health.
The bulk of the data compromises last year and so far this year were cyberattacks.
Data compromises can expose a company's data, or personal information including Social Security numbers, logins and passwords, credit card numbers and consumer information.
Data compromises include: — Breaches, which are when unauthorized people remove personal information from where it is stored, sometimes through a ransomware attack. — Leaks, which occur when information people have put online is scraped from a website, such as the ones in past years that occurred on the Facebook and LinkedIn social media platforms. — Exposures, which are typically caused by a system or human error, are generally considered lower risk because there is no indication information was accessed, copied or removed.
In the first half of 2024 financial services companies had the most data compromises, followed by health care companies, professional services, manufacturing firms and education, according to the new report.
The Ticketmaster breach had 560 million victims, a tally as of July 17 that the report said was based on "unverified information provided by the threat actor claiming responsibility for the attack." The data will be updated if Ticketmaster updates its mandatory breach notice that said more than 1,000 individuals had been impacted, the report said.
Advance Auto Parts Inc. had the second most victims so far this year, 380 million, followed by Dell Technologies Inc., with 49 million, the report said.
The 51 million victims in the AT&T data compromise that made news this year is not included in this year's data because the compromise initially occurred in 2021, according to the resource center.
The report also noted increasing value and use of stolen driver's license information, reflecting a post-COVID-19 pandemic increase in the use of driver's licenses to verify identity in a wider variety of transactions.
Driver's license data was stolen in 25% of breaches during the first half of the year.
"However, just because cybercriminals have access to enough personal information to impersonate most adults, that doesn't mean there aren't steps everyone should take to protect their identities and to make their information less valuable to a criminal," Lee said.
He suggests freezing your credit, which is the only way to stop an identity criminal from accessing your credit.
"The credit and identity monitoring you buy or get due to a data breach are helpful in telling you what happened, but cannot stop anything from happening," Lee said.
Freezing your credit requires contacting all three major credit reporting agencies — Equifax, Experian and Transunion -and restricts access to your credit report, keeping creditors from approving any new credit in your name, according to the U.S. government's USA.Gov Money and Credit website. Once you freeze your credit you need to contact the reporting agencies to lift the freeze if you want to take out a loan or get any new credit account in your name.
Lee said it is also important to never reuse the same or similar passwords on various accounts. A password manager can help create and keep track of passwords, or passkeys can provide even more secure protection if they are available for your mobile devices.
Lee also suggests using multifactor authentication, questioning businesses that don't offer it about why they do not have that option and perhaps switching to a competitor that does.
© 2024 the Journal-News (Hamilton, Ohio). Distributed by Tribune Content Agency, LLC.
