As we approach the end of the year, it seems unlikely that 2024 will break records for data breaches. However, the latest report from the Identity Theft Resource Center (ITRC) paints a concerning picture of the current cyber threat landscape. Q3 saw a steep rise in supply chain attacks and a staggering 242 million US breach victims.
The ITRC, a non-profit organization, meticulously tracks publicly reported data breaches and leaks in the US to compile its quarterly reports. The most recent report highlights a 77% decline in the number of data breach and leak victims compared to the previous quarter. This decrease is largely attributed to the inflated figures from Q2, which included two massive breaches at Ticketmaster and Advanced Auto Parts totaling 940 million victims.
Despite the overall decline, the total number of “data compromises” in Q3 stood at 672, representing an 8% decrease from the previous quarter. One particularly alarming trend was the 203% increase in supply chain attacks during Q3, impacting 97 entities and nearly a million victims.
For more insights on ITRC data, check out: ITRC Q3 Data Breach Analysis
ITRC CEO Eva Velasquez noted, “While we may not reach a new record for data compromises in 2024, there are notable trends in the Q3 2024 Data Breach Report. Businesses must prioritize data and identity protection, while consumers need to take steps to safeguard their information.”
Continuation of Mega Breaches
One of the mega breaches highlighted in the report involved AT&T, where 110 million victims were affected by threat actors who accessed customer data, including call logs, from the company’s Snowflake account. Another notable incident was an accidental data leak by MC2 Data, where 2.2TB of sensitive information was left exposed online without proper protection.
While the data breach landscape may not break records this year, the rise in supply chain attacks and resurgence of mega breaches serve as stark reminders of the ongoing cyber threats businesses and consumers face. It is crucial for organizations to prioritize data security and for individuals to take proactive measures to safeguard their personal information.