Data breaches may reach new heights in 2024.
There have been more than 1 billion victims of data breaches in the first half of 2024, up from more than 418,000 victims in all of 2023, the Identity Theft Resource Center (ITRC) said Tuesday. That compares to a record 2.2 billion victims in 2018.
The number of data breaches at organizations also reached 1,571 compromises, nearly half of 2023's record 3,203 compromises.
The high numbers of victims is largely because of security failures at Tickemaster and Advanced Auto Parts. Identity theft against financial services companies also jumped more than two-thirds in the first half of 2024 compared to the same period in 2023.
At Tickemaster, hackers stole the data of around 560 million users, including names, addresses, emails, credit card information and order history.
At Advanced Auto Parts, hackers stole the data of around 380 million customers, including loyalty and gas card numbers, sales history and employment information.
Still, the number of victims is falling as the number of successful attacks rises. Privacy experts say this is because criminals are launching more targeted assaults for specific kinds of valuable information, instead of grabbing as much data as possible.
But the public has a poor idea of how many data breaches are taking place in part because companies can be unaware of a cyberattack for months. Companies are also reporting under a patchwork of state requirements that vary on how quickly and detailed their disclosures need to be, compared with stricter nationwide laws in Europe.
In October, the Federal Trade Commission expanded reporting requirements so that nonbanking financial institutions like mortgage brokers and vehicle dealerships must have security programs in place to keep customer information safe. Privacy experts say the FTC rule should give a better picture of when and where data breaches are happening.
New laws on data privacy have also come into force in various states this year. In 2002, California was the first to pass a data breach notification law, and since then, all 50 states have followed.
How to protect yourself from data breaches
- Strong passwords: Create long and complex passwords and check if the service you are using requires them.
- Two-factor authentication: This will require two or more credentials to log in to an account, such as both your password and a one-time code texted to your phone.
- CAPTCHA: If companies require a user to enter a series of characters from an image to use services, this will slow down attackers.
- Read news: A simple Google search can show if a company has been breached in recent years.
- Security certifications: Look for seals of approval, such as from the International Organization for Standardization, that a website follows best cybersecurity practices.
- Encryption: Check if a website uses encryption, such as SSL and the lock for HTTPS.
- Passkeys: There is a push to switch to passkeys, which authenticate logins without using a username or password.
What to do after a data breach
- Follow the letter: Companies should send out a letter if you are a victim of a data breach. Read it carefully to get more details about what data was exposed and the steps the company recommends you take.
- Freeze your credit: Contact each of the three credit bureaus, Experian, Equifax and TransUnion, and get your credit frozen so a criminal can’t open cards or other lines in your name.
- Credit monitoring: Sometimes, companies will offer free credit monitoring or other services after a data breach.
- Reset passwords: Change your passwords and use different ones for services.
- Use a password manager: LastPass and services built into web browsers such as Google Chrome and Microsoft Edge can create and store strong passwords for you.
- Opt out of data collection: If you have the right in your state, you can email services you use to request they don’t collect your data for the use by third parties.
- Request to have your data deleted: For services you don’t use, ask to have your data deleted. California and other states have written this into law.