ITRC Annual Data Breach Report
Please add your information below to download a copy of the report PDF
About the 2024 Annual Data Breach Report
Since 2005, the Identity Theft Resource Center has tracked publicly reported data breaches in the United States. What began as a collection of basic information has grown into a database of more than 21.9K tracked data compromises, leading to nearly 12B victim notices and exposing approximately 60B records. Now in its 19th year, the ITRC’s 2024 Data Breach Report looks at the number of data compromises, the types of data compromised, the root causes of data compromises and much more. The ITRC uses information voluntarily collected from you to communicate effectively and efficiently with you and to provide best-in-class services. The ITRC does not sell or share any information about individual users. For more details, read our privacy policy.
Data Breach Report Methodology
For purposes of reporting, the ITRC aggregates data events based on the date the breach, exposure, or leak was entered into the database rather than the date the event occurred. This avoids the confusion and data conflicts associated with the need to routinely update previous reports and compromise totals. The date of the original compromise, if known, and the date of the event report are noted in the ITRC’s comprehensive data breach database.
The number of victims linked to individual compromises are updated as needed and can be accessed in the ITRC’s data breach tracking solution.
The ITRC reports Third-Party/Supply Chain Attacks as a single attack against the company that lost control of the information. The total number of individuals impacted by third-party incidents is based on notices sent by the multiple organizations impacted by the single data compromise.
