The Weekly Breach Breakdown: Runaway Breach Train – Breakdown of ITRC’s Q1 2024 Data Breach Analysis

• According to the Identity Theft Resource Center’s Q1 2024 Data Breach Analysis, there were 841 data compromises in Q1 2024, a 90 percent increase compared to the same time period in 2023.
• Cyberattack-related breach notices without information about the root cause accelerated in Q1 2024 to more than two-thirds of notices – 68 percent. In Q1 2023, it was 44 percent.
• The number of victims dropped 72 percent compared to Q1 2023. It was the fewest number of people impacted by data compromises in any quarter since Q1 2022.
• The number of organizations impacted by Supply Chain Attacks more than tripled in Q1 2024 compared to the same period in 2023. Businesses and consumers need to continue to practice good password hygiene and transition to Passkeys as soon as possible.
• To learn about the latest data compromises and the findings in the Q1 2024 Data Breach Analysis, consumers and businesses should visit the ITRC’s data breach tracking tool, notified. To download the report, click here.
• If you believe you are the victim of an identity crime, contact the ITRC. Call toll-free at 888.400.5530 or live chat on the company website, idtheftcenter.org.

Runaway Breach Train

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for April 12, 2024. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we review the findings in our Q1 2024 Data Breach Analysis. 

2023 Was a Record-Setting Year

As you may recall, we ended 2023 with the most publicly reported data compromises in a single year since the ITRC started tracking breach notices in 2005. All forms of compromises, including breaches where personal information was stolen, totaled 3,203 – a 72 percent increase over the previous record high set in 2021.

ITRC Tracks 90 Percent Increase in Compromises in Q1 2024

As with most years, there is a drop-off from Q4 to Q1 in terms of compromises. That is true this year, too. However, when you consider the first Quarter of the year is usually the lowest in terms of compromises, and that the volume of notices in Q1 this year nearly doubled the number from the same period in 2023, it’s then clear that the runaway breach train is still on the track.

Data Breach Notices Lacking Details Continue to Rise

Even more troubling from the Q1 2024 Data Breach Analysis is the fact that the number of cyberattack-related breach notices without information about the root cause accelerated in Q1 2024 to more than two-thirds of notices – 68 percent, to be precise. In Q1 2023, that percentage was 44 percent.

Financial Services & Healthcare Were the Most Impacted Industries

Attacks increased across 15 of 17 industries tracked by the ITRC. Financial Services displaced Healthcare as the most attacked industry in Q1. However, Healthcare remained at the top spot for industries represented in the list of top ten compromises for the Quarter.

Victims Impacted Down 72 Percent

Not all the news is bad in the Q1 2024 Data Breach Analysis. The number of victims dropped 72 percent compared to Q1 2023. In fact, Q1 represents the fewest number of people impacted by data compromises in any quarter since the first three months of 2022.

Other Highlights in the Q1 2024 Data Breach Analysis

Data compromises reported in Q1 2024 totaled 841, including 642 Cyberattacks, 85 compromises caused by System or Human Errors, and 11 Physical Attacks, impacting an estimated 28.5 million victims. That total is a 90 percent increase over the same Quarter in 2023 and a 108 percent increase over Q1 2022.

The number of organizations impacted by Supply Chain Attacks more than tripled in Q1 2024 compared to the same period in 2023. According to the Q1 2024 Data Breach Analysis, 50 new attacks in the Quarter impacted 243 organizations and ~7.5 million victims compared to 73 entities and ~11.4 million victims in Q1 2023.

We’ve discussed how publicly traded companies regulated by the U.S. Securities and Exchange Commission and the Federal Communications Commission are under new cybersecurity and breach reporting requirements. It’s logical to think maybe the number of reported compromises is just a function of more reporting, not an actual rise in attacks.

However, only 75 of the 841 entities reporting a compromise in Q1 were subject to the new regulations, a nine (9) percent rate consistent with the overall number of publicly traded companies vs. non-public and non-profit entities. It is also consistent with the full-year rate in 2023.

Regular followers know the ITRC believes the number of victims is drifting lower because identity criminals are launching more targeted assaults that are vastly different from the mass attacks of the late 20-teens. However, more breaches with fewer people impacted does not mean individuals or businesses can reduce their level of diligence. Our advice: Businesses and consumers need to continue to practice good password hygiene and transition to Passkeys as soon as possible.

There is much more information in the full Q1 2024 Data Breach Analysis. You can find it on our website, www.idtheftcenter.org/publications, or click here.

Contact the ITRC

If you want to know more about how to protect your business or personal information, think you have been the victim of an identity crime, or want more information on the findings in the Q1 2024 Data Breach Analysis, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Be sure to check out the latest episode of our sister podcast, the Fraudian Slip, for a discussion with the Internal Revenue Service about the kind of tax scams that can happen at any time of the year, not just on April 15. We will return next week with another episode of the Weekly Breach Breakdown.