117+ Data Breach Statistics [2024]

According to recent data breach statistics, our growing reliance on technology comes with a hidden cost: increased data vulnerability. 

‍

Businesses, eager to improve services are also collecting more personal data from customers.  This can be a double-edged sword, leaving us vulnerable to identity theft if a data breach occurs.  The reality is, in today's data-driven world, anyone can be a victim.

‍

This article contains data breach statistics to increase awareness of data vulnerability and how susceptible businesses and individuals are to breaches. It also alerts us to the most recent data breach attacks and explains how to build resistant systems. 

‍

Biggest data breaches in history

Big data breaches shake industries and even economies and some even force the affected businesses into folding up. These breaches cost billions of dollars, which most businesses are unprepared to pay for. 

‍

1. Yahoo’s database infiltration in 2013

This is one of the biggest data breaches in history, affecting over three billion Yahoo accounts worldwide. The worst part is that this breach went on simultaneously for over three years, resulting in Yahoo incurring costs of $35 million and other class-action lawsuits due to the data breach. 

‍

2. Microsoft's zero-day exploits

Hackers exploited four zero-day vulnerabilities in Microsoft’s OS and servers to gain unauthorized access to users’ email information. This data breach lasted for six months before Microsoft found out, and it affected 30,000 companies in the United States and 60,000 companies worldwide.

‍

3. Real Estate Wealth Network (REWN) breach

Due to non-passworded folders and files owned by REWN, some hackers unlawfully gained access to 1.5 billion private records of individuals, including their names, addresses, property history, bankruptcy information, and tax information. This breach exposed celebrities whose information was exposed on the database to all forms of social engineering attacks.

‍

4. First American Financial Corporation data leak

This is one of the biggest unauthorized data exposures from a financial company. The worst part is that there was no hacking involved. The bad actors only took advantage of a design flaw on their website that created a security loophole. This design flaw allowed anyone to view private records once they had links to the documents hosted on the website. 

‍

Users could also access other users’ records by changing a series of digits in their login URL. This data leak exposed 885 million files, including bank account information, bank statements, and social security numbers. The SEC also fined First American Financial Corporation $500,000. 

‍

5. Eastern Radiologists data breach

A more recent breach of Eastern Radiologists’ network resulted in the possible exposure of 866,000 patient records. These records, including patient names, radiology exam details, insurance details, and social security numbers, were found to have been copied from the company’s database to an offsite location. 

‍

6. Facebook data breach of 2021

‍

‍

Facebook is not new to the world of data breaches. There was the Cambridge Analytica Scandal, which cost the FAANG company over 800 million dollars in 2023. Between 2019 and 2020, 309 million user information was found on the dark web from Facebook, and in 2019, the personal information—Facebook IDs and phone numbers—of 419 million Facebook users was found on an exposed server. But these breaches have only little impact compared to the breach of 2021. 

‍

In 2021, Facebook suffered another breach where hackers exploited a system vulnerability within Facebook that allowed them to scrape users' profile information, including names, phone numbers, and passwords. This gave the hackers unauthorized access to more than 530 million user accounts, and the users were not notified after the incident.

‍

As an individual, you can protect yourself and reduce the impact of this breach by masking the phone numbers and email addresses you use on social media. 

‍

7. Home Depot's five months malware attack

In Home Depot’s malware attack, 56 million payment card numbers and 53 million email addresses were leaked. The hackers gained access to this information through custom-built malware installed on Home Depot’s point-of-sale systems across the US and Canada. This breach went undetected for five months and cost Home Depot about $180 million, including payment to credit card companies and damages.

‍

8. Marriott International data breach of 2018

This data breach affected five major hospitality companies under Marriott International, including Four Points and Sheraton. In this breach, over 500 million guest records dating back four years were accessed by the hackers who duplicated these records. The stolen records include information on names, addresses, passport numbers, and guests' credit card information. This breach cost Marriot over $20 million.

‍

9. River City Media data breach

River City Media failed to implement password protection while configuring backup servers to its My SQL database, which exposed 1.4 billion user information, including the names, email addresses, IP addresses, and physical addresses of affected individuals. This breach's financial and non-financial impact was so significant that it resulted in River City Media shutting down its operations.

‍

10. Heartland Payment Services credit card breach of 2008

This breach is one of the biggest breaches that hit the financial industry, involving over 100 million payment card records. The breach occurred due to an SQL injection that allowed hackers to modify Heartland’s web code. The hackers could also retain unauthorized access for months undetected due to poor cybersecurity oversight on Heartland’s part. 

‍

Heartland would have remained unaware of the hackers’ presence and activities on their networks if Visa and Mastercard had not alerted them to some suspicious activities from Heartland accounts. Heartland, however, had to incur costs amounting to around $220 million; their stock prices fell by 77%, and another payment service company—Global Payments, finally bought them over.

‍

11. Exactis database leak of 2018

As a renowned marketing firm that collects and sells data on businesses and individuals, Exactis holds one of the largest databases containing billions of information on consumers and their habits. In 2018, this database was found in plain form online with 340 million individual records exposed. 

‍

It was later found that this database, the most complete consumer data collection, including information on nearly all US citizens and many businesses, had been publicly available online for months.  

‍

12. Capital One server breach of 2019

Due to a vulnerability in Capital One’s cloud firewall, a former AWS employee was able to hack into Capital One’s servers, accessing records of over 100 million individuals, including their bank account numbers and balances, social insurance numbers, and credit scores. The hacker also published this data on GitHub, where anyone could access it, increasing the breach's impact. This breach cost Capital One $190 million.

‍

13. MOVEit’s zero-day vulnerability attack of 2023

This data breach is not just one of the biggest. It is also very high-profile, involving over 93 million users and 2,500 businesses. The breach resulted from a vulnerability in the transfer application MOVEit, which allowed bad actors to access many corporations' records, including First National Bank. 

‍

The cost of this single breach amounted to more than $15 billion in damages and may still increase as more companies discover that the breach impacted them.

‍

14. MGM Resorts 2023 cyber attack

This cyberattack on MGM Resorts resulted in a revenue loss of $80 million and was carried out using simple social engineering techniques. The attackers assumed the identity of an MGM employee from the information they found on LinkedIn. 

‍

After that, they called the MGM IT help desk, requesting assistance logging into their accounts. This 10-minute call allowed the attackers to gain administrator privileges into MGM’s Okta and Azure environments. Although the experts at MGM identified their activities on time and limited the attack area, they still successfully launched ransomware.

‍

15. MongoDB database attack

In MongoDB’s attack, hackers could access and delete files containing the names, employment history, and other private details of individuals involved. However, only 275 million records were deleted out of over 1 billion exposed records. 

‍

Further investigation found that the breach was only successful because of a series of unpassworded databases containing all of this information.

‍

Read more about significant data breaches here: 

• Temu Data Breach
• Chick Fil A Data Breach 
• PBI Data Breach 
• Reventics Data Breach 
• Bricklink Data Breach 
• Luxottica Data Breach 
• Carvin Wilson Data Breach 
• Mr. Cooper Data Breach 

‍

Has your data been breached? Find out here.

‍

Historical data breach statistics

The world is not new to data breaches, and although the impact and significance of each breach have increased over the years, every breach in history has shaped the future of data security and cybersecurity.

‍

1. The first data leak occurred in 1962 when an MIT student created a punchcard that allowed him to print user access passwords of other students to access the computer during other students’ allocated time. Though moderately insignificant, this marked the beginning of many other data exposures.
2. In 1972, the first computer virus was created unintentionally as it was meant to test the possibility of self-replicating programs. However, this virus called “creeper” breached the security of systems and simply displayed a message—I’m the Creeper; catch me if you can.
3. The first significant data breach and exposure happened in 2005. This breach affecting DSW Shoe Warehouse resulted in the unauthorized exposure of 1.4 million records, including credit card numbers and account names of involved individuals.
4. The Privacy Rights Clearinghouse started documenting data breaches in 2005 and maintains a chronological record of breaches from 2002. 
5. The longest insider data attack lasted 30 years, from 1976 to 2006, exposing $2 billion worth of aerospace documents.
6. The majority of the data breaches since 2005 involved some form of hacking. 
7. Unintended disclosures have been the second-highest cause of data breaches since 2005.
8. Currently, the healthcare industry has been impacted the most from 2009 to 2023, with over 5,000 data breaches exposing 519 million healthcare records.
9. Over 16 billion accounts have been breached worldwide since 2004.
10. In early 2024, the biggest data leak, dubbed the mother of all breaches, occurred, leaking data from several social networks. Although much of the data has been exposed previously in data breaches, and some of them may have been outdated, the impact of this data leak was significant as it has more than 26 billion records.
11. More healthcare records were exposed to data breaches in 2015 than in any other year in history.
12. NGOs are the least targeted type of organization in data breaches.
13. Majority of the data leakages that occurred in 2019 related to Facebook.
14. Nation-states are now including cyber security funding in their annual budget, with the United States taking the lead.
15. Yahoo has the highest number of records exposed or accessed in a data breach at more than 1 billion.

‍

‍

Keep your data safe with the best privacy protection for online and travel. Get Cloaked. 

‍

Data breach statistics by country

Let’s break down statistics on data breaches by country: 

‍

1. In 2023, 97 million people were affected by data breaches in the US. In Russia, 78 million internet users were affected; in France, only 10 million internet users were affected.
2. Over 700 million records were exposed to data breaches in the US in the first two months of 2024.
3. The number of records exposed in data breaches in the United Kingdom reduced drastically from 15 million in the first quarter of 2021 to only 1.5 million in the last quarter of 2023.
4. Ransomware activities in the Middle East increased by 77% in 2023 compared with 2022.
5. There was a 93% decrease in breached accounts in Australia in 2023.
6. The rate of detection of cyber attacks is as low as 0.5% in the United States. 
7. More than 120 countries have implemented some form of international data protection laws.
8. 60% of people in the U.S still do not know what phishing—the most popular cyber-attack means
9. Only 2% of Americans believe that their personal information is not vulnerable to hacking.
10. The United States is the biggest target for data breaches.
11. Half of all accounts breached in 2023 were either American or Russian. 
12. Mexico and China experienced the largest increase in data breaches in the third quarter of 2023 compared with the second quarter.
13. 65% of data breaches in Europe affected Russian accounts.
14. 70% of breached data in North America include credential information.

‍

15. System data were compromised in 55% of data breaches affecting Latin America and the Caribbean. 

‍

Have you been breached? Check here

‍

Cost of a data breach statistics 

Data breaches often result in huge financial and non-financial costs, from court fines to incidence response costs.

‍

1. Zero trust technologies can reduce the cost of data breaches by $1 million.
2. On average, the cost of data breaches globally amounted to 4.5 million dollars per breach in 2023.
3. For the third year in 2023, the healthcare industry incurred the highest cost from data breaches, reaching $11 million. The financial services sector incurred the second highest cost at almost $6 million.
4. More companies are opting for data breach insurance coverage to reduce the costs of possible data breaches. In the US, 1 in 3 companies already have data breach or cyber liability insurance coverage.
5. According to the FBI, businesses are losing $500 million yearly due to phishing attacks and business email compromise, noting the importance of always sending secure emails.
6. A single illegally exposed data record in a data breach costs businesses about $165. 
7. Amongst all countries globally, the financial impact of data breaches is worse in the US, costing $9.5 million per breach.
8. Data breach costs include those incurred on detection, immediate incident response, legal fees, regulatory fines, compensation to affected parties, public relations efforts to manage reputation damage, and cybersecurity improvements to prevent future incidents. But among these, the most expensive segment is detection and escalation. 
9. A single ransomware attack could cost $4 million, excluding the ransom itself.
10. 40% of cyber attacks result in a disruption of core business activity, impacting revenue generation.
11. The cost of data breach of a single record in the healthcare sector surpasses the average cost by more than 200% at $408 per patient record exposed or illegally accessed.
12. Wealthier countries experience more financial losses from cyber crimes than less wealthy ones.
13. Nearly 1% of the world’s GDP is lost to cybercrime yearly.
14. The cost of a single business email compromise hack is about $24,000. 
15. The cost of data breaches has increased by 15% in the last three years from 2020 - 2023

‍

Securing your private data is simple with Cloaked. Find out more

‍

Global data breach statistics

Here are some data breach statistics from around the world. 

‍

‍

1. More than 8 million records were exposed worldwide in the last quarter of 2023 due to data breaches.
2. The number of accounts breached in 2023 was almost 300 million.
3. In the first quarter of 2023, over 6 million records were leaked due to data breaches.
4. In 2022, Russia had the most exposed online accounts from a single country, at 104 million, followed by China and the US, at 34 million and 25 million, respectively. 
5. The World Economic Forum has identified large-scale cyber attacks as one of the world's top five risks.
6. The number of breached accounts worldwide had reduced by 18%, from 366.7 million accounts to 299.8 million accounts.
7. One-third of all accounts breached in 2023 had US origin.
8. Due to population, Russia had a higher breach density than the US, indicating that breaches have less impact in more populated countries on average.
9. Data scrapers accessed the most emails worldwide from LinkedIn. Emails scraped surpassed 11 million.
10. 209 accounts are breached per 100 persons worldwide.
11. A single email address is breached 3 times based on past trends.
12. Over 4000 data security incidents were reported in the first month of 2024.
13. In January 2024, 29.5 billion records were reportedly breached. 
14.  Cybercrime is expected to cost the global economy $10.5 trillion by 2025. 
15. 52% of data breaches worldwide involved personally identifiable data of the affected individuals. 

‍

Stay one step ahead of identity thieves; see if your data has been leaked here.  

‍

Data breach prevention statistics 

Preventing data breaches certainly outweighs the costs incurred after a data breach. Here are some statistics to guide your data breach prevention strategies:

1. The most used and best cyber security frameworks for data breach prevention are NIST, ISO 27001 & 27002, CIS Controls, PCI-DSS, COBIT, HITRUST Common Security Framework, and Cloud Control Matrix.
2. Identifying data breaches on time can limit their impact. However, on average, data breaches are detected in 118 days.
3. Strong passwords are the first line of defense against data breaches. As of 2023, 300 billion passwords were already in use globally.
4. Attackers will likely shift focus toward biometric hacking in the future, and companies will need to beef up security in these areas, especially regarding access controls.
5. 63% of companies that have experienced a data breach are implementing biometric authentication to safeguard against future breaches.
6. IT leaders expect a 100% increase in their cybersecurity budget in 2024.
7. 41% of businesses consider investing in AI-assisted cyber security tools and consolidation. 
8. Businesses are planning to invest in managed breach detection and software patching to support the early identification of breaches and reduce software and system vulnerabilities.
9. Small and medium businesses spend up to 20% of their IT budget on security.
10. Encryption reduces the impact of data breaches. However, only 17% of small businesses encrypt their data, indicating room for improvement.
11. According to cyber professionals, small businesses are advised to implement MFA as a safeguard against cyber attacks. 
12. Currently, only 20% of small businesses have implemented MFA.
13. The top four cybersecurity tools small businesses adopt are antivirus, firewalls, VPNs, and password management such as password vaulting. But be careful–even password managers can experience data breaches. Read about the LastPass data breach here.
14. 76% of business patrons want businesses to do more to protect their data.
15. 37% of internet users believe that businesses that are more transparent about how they collect and use user data are often more proactive in enforcing data privacy laws and principles.

‍

Prevent your data from being breached with Cloaked.

‍

Cybercrime & attacks statistics

Cyber crimes are rising due to the influx of people using the Internet for various transactions. AI's emergence has also proven to be a key tool in cyber crimes and attacks, enabling AI-assisted data breaches.

1. In the first quarter of 2024 alone, 116 data breaches involving hacking and IT incidents occurred, targeting the healthcare industry and affecting over 13 million people. 

2. The number of people affected by data breaches doubled between 2022 and 2023 and is expected to increase even more in 2024 as the growth in ransomware continues at over 70% allowing people with limited knowledge in exploiting networks to access private records unlawfully.

3. Breach of government agencies and departments is also on the increase. The French government department responsible for registering and helping unemployed citizens recently suffered a breach that led to the exposure of information of 43 million citizens. This information includes names, dates of birth, postal addresses, and social security information of affected citizens. 

Similarly, a ransomware gang leaked 65,000 Swiss government files in an Xplain data breach. These files belong to the Federal Department of Justice, the Federal Office of Police, the State Secretariat for Migration, the IT Service Center, and the Federal Department of Defense, Civil Protection, and Sports.

4. Cyberattacks and data breaches are now top threats to business survival in India.

5. Hackers initiate more than 2,200 cyber attacks every day, which means that an individual or a business is hacked every 39 seconds.

6. The cost of cybercrimes is expected to reach an all-time high of $9.22 trillion in 2024, and it could reach $13.82 trillion in 2028.

7. Cyber attackers are now exploring using AI to launch more potent and efficient attacks with a much higher execution speed.

8. 80% of reported cyber attacks are phishing, highlighting the importance of strong data privacy measures even while using online dating apps.

9. Cyber attackers can attack users on 98% of web applications, illustrating how easily anyone can be hacked. 

10. Only 55% of companies run regular cyber security assessment tests on their assets and infrastructure.

11. Businesses rely more on external IT providers for cybersecurity, with 81% of businesses choosing to outsource their cybersecurity.

12. More cyber attacks happen in the US than in any other country, followed by Canada.

13. Since COVID, there have been 4000 cyber attacks daily globally, and this number is expected to increase by 400% yearly.

14. Cyber incidents are the biggest risks to businesses worldwide as of 2023.

15. Network intrusion was the most common cyber attack experienced by US companies in 2022, followed by business email compromise.

Is your information safe from bad actors? Find out here  

‍

Other data breach statistics 

Data breaches always have ripple effects, though not always reported. For example, hackers used credential surfing to access 14,000 23andMe user accounts. However, this escalated quickly to a breach that now affected 6.9 million users as 23andMe had a feature that linked users to their relatives—the DNA relatives feature. 

‍

Here are more data breach statistics:

1. Employees are still the weakest link and most vulnerable to data breaches through phishing attacks, poor password security measures, and common errors. However, these can be managed by using a strong password manager. 
2. Not all data breaches result from sophisticated, planned attacks. Bad actors who do not know advanced hacking techniques can still initiate a data breach by exploiting basic security vulnerabilities like weak passwords and outdated software or by launching a ransomware attack. 
3. The impact of a data breach is more significant for small businesses, as 60% of them are forced out of business following a data breach.
4. 83% of small businesses are not financially prepared to recover from a data breach.
5. 90% of data breaches result from phishing attacks, usually carried out through malicious links sent to individuals and organizations via email.
6. More Gen Zs (18 -24 years) were victims of phishing attacks in 2022, indicating the need for increased cyber security awareness and training targeted at these categories of employees and individuals.
7. Personally identifiable information (PII) is one of the most frequently breached data, accounting for 52% of records leaked in a data breach.

‍

8. 74% of data exposed in a breach involving companies in the finance and insurance industry are personal data of individuals.
9. The most targeted industries are the financial and healthcare industries due to the sensitivity of the data they store.
10. 80% of all data breaches in 2023 involved data stored on the cloud.
11. Ransomware attacks on businesses and individuals increased by 70% in 2023 compared to 2022.
12. Cyber attackers continuously attempt to gain unauthorized access to companies' networks that have been breached. Thus, experiencing a data breach increases the chances of experiencing a future breach.
13. Cloud misconfigurations, new ransomware attacks and gangs, and increased exploitation of vendor systems are the top reasons for the upward spike in data breaches in 2023.
14. 71% of bad actors in a data breach are motivated by financial gain. Others are motivated by espionage, political agendas, personal vendettas, ideological beliefs, or the challenge and thrill of hacking into secure systems.
15. Small businesses are targeted almost as much as larger businesses at 43%.
16. Weak and reused passwords are why 80% of data breaches are successful. 

‍

Securely save your private information in Cloaked’s impenetrable vault.  

‍

More about data breaches

Let’s cover a few FAQs on data breaches. 

‍

Definition of a data breach

A data breach is a security incident where private information and records are accessed without the proper authorization. 

‍

How do data breaches occur? 

Data breaches do not only occur when a bad actor steals private information. A data breach has occurred where someone who isn’t authorized to access certain information gains access to them. 

‍

Data breaches are not just the result of a hacker using brute force to penetrate our systems but also individual negligence, such as saving all your passwords on Google Password Manager and overlooking simple data security rules like setting strong passwords for your systems and updating software regularly. 

‍

How to prevent data breaches

Preventing data breaches requires constant data security awareness for both businesses and individuals. 

‍

For business:

• Train employees to recognize phishing emails and social engineering tricks
• Restrict access to information to only those who need them
• Segment networks for access control
• Regularly update software to the latest versions
• Ensure employees maintain strong password management practices, such as using unique passwords that consist of letters, numbers, and symbols and changing passwords regularly

‍

For individuals:

•  Use strong passwords on all online accounts
• Never give out your personal data to untrusted sites
• Only open links to websites that you’re aware of
• Always encrypt sensitive information before you send it out

‍

Also, data breaches can be prevented using a data privacy platform like Cloaked. Cloaked’s features for data privacy include:

• Password management for creating and storing unlimited strong passwords
• Identity creation for creating disposable phone numbers for dating 
• Auto cloaking for enhancing user anonymity online.
• Secure identity sharing via encrypted password-protected links
• Time-based one-time passcodes

‍

Don’t become another data breach statistic

Data breaches expose you to identity theft, brushing scams, social engineering attacks, and many other cyber crimes. Sadly, based on statistics, these breaches are more common than we think, but you can protect yourself from them by using a data privacy platform like Cloaked.

‍

Cloaked is a privacy-first platform that offers users anonymity online for complete privacy. This full-stack privacy platform provides users with proxy email addresses and phone numbers that can never be linked to them. Cloaked also has password management features to protect all your online accounts with strong passwords, preventing breaches.

‍

Cloaked also allows users to store and share private information securely, so you never have to send sensitive information via plain text again. It also implements a zero-trust architecture and end-to-end encryption for everything stored on the app so no one can access your information without your consent.

‍

Sign up on Cloaked to get started.

‍

To check if you have been involved in a data breach, enter your email address or phone number here.