We have already crossed the first half of 2024 and are witnessing some of the most adverse data breaches in history in the current year. Although data breaches in previous years have not affected individuals, this is not the case in 2024, where the privacy of individuals has been heavily compromised. It has resulted in customers’ personal information getting into the hands of unscrupulous elements, and individual health information getting stolen, making 2024 the year with the worst data breaches.
The average total cost of data breaches internationally in 2024 jumped 10 percent over the previous year, to USD 4.88 million from USD 4.45 million. This cost increase resulted from business disruption and post-breach responses. These costs totaled USD 2.8 million. More than 35 billion records have been breached so far this year in 9500 disclosed breaches. Most of the sectors that were breached this year were IT services and healthcare. About 50 percent of all breaches involved customer personal identifiable information (PII). Intellectual Property (IP) records comprised 43 percent of all breaches. The United States has the highest average data breach cost, USD 9.36 million. Malicious attacks are the leading cause of data breaches this year. Over the past three years, nearly two-thirds of the data breaches comprised ransomware and other extortion techniques – phishing, malware, and DDOS attacks.
Major Data Breaches
Several big organizations in the US have suffered data breaches this year. AT&T suffered a major data breach in March. It has put the accounts of 7.6 million AT&T customers at risk. The data published online contained customers’ personal information such as names, and social security numbers. AT&T still does not know how the breach happened with its data.
A recent data breach, involving National Public Data (NPD), a US data broker, compromised the personal data of 2.7 billion people, which was posted on the dark web. The hacker group put a purchase price of $3.5 million on the database. This breach appears to be one of the biggest of all time.
UnitedHealth Group acquired technology giant Change Healthcare in 2022. This year, the sensitive health data belonging to Change Healthcare was hacked by hackers and posted online. UnitedHealth Group informed that the breach affected one-third of all Americans and included personal, medical, and billing information of the people. UnitedHealth paid a high ransom to hackers to get copies of stolen data.
Cloud data giant Snowflake suffered a series of attacks targeting its customers in June this year, leading to a large amount of data being stolen. It is one of the biggest data breaches of the year, affecting Snowflake customers. Impacted companies included Ticketmaster, Advance Auto Parts, Santander Bank, Lending Tree, Neiman Marcus Group and others. Around 560 million records from Ticketmaster were impacted whereas 79 million records from Advance Auto Parts were stolen by cyber criminals. Impacted accounts were not configured with a security feature, that protects against these attacks.
US pharma giant Cencora reported a data breach in February, resulting in compromising health information of patients. A report says that this breach impacted more than a million people, though Cencora has served more than 18 million patients till now.
Recommendations to Counter Data Breaches
To counter the increasing damage done by data breaches, data privacy regulations like GDPR, CCPA, and HIPAA have been implemented to protect the sensitive personal data of individuals and make organizations responsible for safeguarding sensitive information and taking accountability for any data breach. These regulations impose heavy penalties on organizations in case of data breach. However, there are still loopholes in these data privacy regulations, that make enterprises vulnerable to data breaches.
Usage of security AI and automation these days is helping to reduce the cost of breaches. AI and Automation solutions can help to quickly identify a data breach, which can reduce its potential impact. More than, half of organizations that faced data breaches this year had a shortage of employees skilled in cybersecurity. The rapid rise of gen AI and its adoption across organizations and the usage of Internet of Things (IoT) and SAAS applications is also bringing many risks, that current regulations cannot handle, eventually impacting cybersecurity teams. As per the latest report, only 24 percent of gen AI initiatives are secured, exposing data models to breaches.
Conclusion
Data Breaches are never-ending and have become common in today’s digital world. Securing sensitive data at rest and in motion can make data useless to hackers, in case of data breach. Strict Data Privacy regulations are required to protect sensitive PII data. Using a combination of various anonymization techniques, enterprises can make data useless, protecting both their image and their customer.
References
2. https://techcrunch.com/2024/08/12/2024-in-data-breaches-1-billion-stolen-records-and-rising/
3. https://www.techopedia.com/cost-of-a-data-breach
4. https://www.bluefin.com/bluefin-news/biggest-data-breaches-year-2024/
