Data breaches continued to surge in 2024, new report shows

PORTLAND (WGME) — More than 1.7 billion data breach notices were issued across the United States in 2024, according to a new report from the Identity Theft Resource Center (ITRC).

This marks a 312% increase compared to the 419 million notices sent in 2023.

Despite the surge in notices, the overall number of reported breaches remained relatively flat, with 3,158 incidents tracked, just shy of 2023’s record-breaking total of 3,202.

In Maine, more than a million data breach notices were sent to residents, reflecting the nationwide trend of growing vulnerability to cyberattacks.

According to the report, mega-breaches at companies like Ticketmaster, United Health and AT&T accounted for the majority of last year’s notices, with each incident affecting hundreds of millions of people.

Data Breaches Continue to Impact Most Americans

The ITRC highlighted that nearly every adult in the U.S. has likely been impacted by a data breach in the past year.

“Most adults receive at least one data breach notice each year, and many receive multiple,” ITRC President James E. Lee said. “Only 20% of individuals and businesses reported not being impacted by a breach in 2024. That’s a significant number.”

While the total number of breaches decreased by just 1%, the increase in notices underscores a shift toward transparency. However, the report noted that many breach notifications lacked actionable information, such as the root cause of the compromise or clear guidance on next steps.

However, Maine’s law regarding data breach notifications has become a baseline for the rest of the country.

“Maine actually has one of, if not the best, data breach notice laws in the country,” Lee said. “We rely on it for a lot of information, because you have a very simple trigger. If one Mainer is impacted by a data breach, there has to be a data breach notice.”

Preventable Breaches Highlight Security Gaps

The report also found many breaches could have been avoided through better cybersecurity practices.

For example, four of the six largest breaches in 2024, affecting over 1.2 billion people, were linked to stolen credentials. According to the report, Multi-Factor Authentication (MFA), a basic security measure, could have prevented these incidents.

In Maine and across the country, experts are urging companies to adopt stronger cybersecurity measures, such as Zero Trust frameworks, passkeys and regular system patching. The ITRC emphasized that without these measures, breaches will continue to rise, leaving sensitive information like Social Security Numbers, financial records and health data vulnerable to theft.

Steps for Consumers

While individuals cannot prevent companies from being hacked, the ITRC recommends steps to protect personal information:

Freeze your credit to prevent identity theftUse unique passwords for every account and switch to passkeys when availableEnable Multi-Factor Authentication on all accountsMonitor accounts regularly for unauthorized activity

If you receive a breach notice, the ITRC advises taking immediate action, including changing passwords for affected accounts and taking advantage of any credit monitoring services offered.

Have an issue you want the CBS13 I-Team to investigate? Call their tip line at (207) 228-7713 or send an email to tips@wgme.com.