Over One Billion U.S. Consumers Impacted by Data Breach Events So Far in 2024: Report

A new report highlights the widespread impact of cybersecurity failures and data breach events this year, indicating that more than one billion people have had their personal identifying information compromised during the first half of 2024, with more than half of those affected coming from a massive Ticketmaster data breach.

According to a quarterly update published online by the Identity Theft Resource Center (ITRC), there was a 490% increase in the number of individual data breach victims between January and June 2024, when compared with the same timeframe a year earlier.

Data breach events can include a variety of security failures in which hackers gain access to sensitive information held by companies, ranging from customer login credentials, contact information and credit card data, to more sensitive details like social security numbers or bank account data. Often this compromised information is then sold for nefarious purposes on the Dark Web.

These events can lead to devastating consequences for those affected, exposing individuals to an increased risk of identity theft and financial fraud, as well as fear, stress, anxiety and other consequential damages resulting from the need to freeze their credit, employ identity monitoring services, and take other drastic measures to protect their financial security.

In the first six months of 2024, the Identity Theft Resource Center (ITRC) indicates there were at least 1,078,989,742 reported victims of data breach events in the United States, while there were only 182,645,409 impacted during the same period of 2023.

Those figures do not even include 73 million individuals who received notice earlier this year that they were the victim of an AT&T data breach, which resulted in the release of names, social security numbers and other personal identifying information. However, the actual breach occurred in 2021, and AT&T did not announce the cybersecurity failure until hackers had already released the information on the Dark Web.

Approximately 25% of reported data breach events in 2024 involved stolen driver’s license information. ITRC reports that cybercriminals appear to see an increased value in this data, since it has become a primary source for ensuring individual identities in the wake of the COVID-19 pandemic. There have been 308 instances of stolen driver’s license data so far in 2024, as opposed to only 198 instances in all of 2019, the year before the pandemic began.

In addition, cybercrime at financial firms jumped 67% in the first half of 2024, making that sector the cause of the most leaked customer data so far this year. The healthcare sector is responsible for the second most number of data breaches thus far in 2024.

The massive spike in consumers impacted by a data breach this year comes as a result of cybersecurity failures at the cloud storage company Snowflake, which suffered multiple data breach events impacting approximately 900 million people.  One of those incidents targeted Ticketmaster, resulting in at least 560 million individuals having their personal identifying information compromised.

“The findings in the H1 2024 Data Breach Analysis are eye-opening,” Eva Velasquez, president and CEO of ITRC, said. “The takeaway from this report is simple: Every person, business, institution and government agency must view data and identity protection with a greater sense of urgency.”

Cybersecurity experts often recommend that individuals who fear their data has been compromised might want to follow a handful of steps, such as changing their passwords, freezing their credit, placing fraud alerts and considering identity theft protection. The IRTC also offers additional advice individuals can take to secure their identities at home.

Ticketmaster Data Breach Lawsuits Being Pursued by Consumers

Following the spike in cybersecurity victims this year, a growing number of Ticketmaster data breach lawsuits and other legal actions are now being pursued against companies responsible for allowing hackers to access customers’ personal identifying information.

The litigation emerged after Ticketmaster announced its customers were impacted by a Snowflake data breach in May, indicating that hackers were attempting to sell the  information on the dark web.

This followed an AT&T cybersecurity breach announced in July 2024, involving the release of customers’ cell phone call records and text messages, which were also obtained by hackers through cloud-based servers operated by Snowflake.

Given common questions of fact and law raised in the Snowflake-related complaints, a motion is currently pending with the U.S. Judicial Panel on Multidistrict Litigation (JPML) seeking to centralize data breach lawsuits against Snowflake and other companies, as part of a federal multidistrict litigation (MDL).

If the JPML chooses to consolidate all cases involving the Snowflake security problems before one judge, it would likely include both the AT&T cell record leak lawsuits and the Ticketmaster data breach lawsuits, which both occurred as a result of Snowflake’s data storage servers being hacked.