In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.
During the third quarter of 2024, data breaches exposed more than *** million records worldwide. Since the first quarter of 2020, the highest number of data records were exposed in the first quarter of ***, more than *** million data sets. Data breaches remain among the biggest concerns of company leaders worldwide. The most common causes of sensitive information loss were operating system vulnerabilities on endpoint devices. Which industries see the most data breaches? Meanwhile, certain conditions make some industry sectors more prone to data breaches than others. According to the latest observations, the public administration experienced the highest number of data breaches between 2021 and 2022. The industry saw *** reported data breach incidents with confirmed data loss. The second were financial institutions, with *** data breach cases, followed by healthcare providers. Data breach cost Data breach incidents have various consequences, the most common impact being financial losses and business disruptions. As of 2023, the average data breach cost across businesses worldwide was **** million U.S. dollars. Meanwhile, a leaked data record cost about *** U.S. dollars. The United States saw the highest average breach cost globally, at **** million U.S. dollars.
In 2024, the financial services industry in the United States was the most targeted by cyberattacks, that resulted in data compromises. That year, financial institutions in the U.S. saw 737 data compromise incidents. On the other hand, in 2023, the number of data compromise incidents in the U.S. healthcare industry was much higher than in the latest measured year.
This statistic depicts the most common causes of data breaches in Italy in 2017. According to data, ** percent of the cases of data breach were caused by attacks, whereas in ** percent of the cases a technical problem was responsible for the data violation.
In 2022, most healthcare data breaches in the United States happened as a result of hacking or IT-related incidents. The number of such cases was 555 in the examined year. The next-most common cause for data breaches was unauthorized access or disclosure, detected in 113 cases. Loss and theft of data were less common causes of data breaches in the U.S. healthcare system in 2022. Overall, in 2022, there were 707 data breaches of over 500 records in the U.S. healthcare industry.
As of February 2024, the global average cost per data breach amounted to **** million U.S. dollars, an increase from **** million U.S. dollars in the previous year. The average cost of a data breach varied across sectors, with the highest average cost in the healthcare industry.
Customers' personal identifiable information was the most common type of data compromised in worldwide data breaches. ** percent of compromised records fell into this category in 2024. The second-most breached kind of data was employee personal identifiable information, with around ** percent of all breached records in the same year.
According to 35 percent of Chief Information Security Officers (CISO) from worldwide organizations, an employee or a so-called compromised insider that might inadvertently expose their credentials, giving cybercriminals access to sensitive data, was the most common cause of a data breach. A further 33 percent thought a malicious insider, who would intentionally steal the information would most likely cause a data breach in their organization in the next 12 months.
In 2022, a person's name was the most common attribute involved in data compromises in the United States. Among other frequently compromised pieces of Personally Identifiable Information (PII) were full social security number and date of birth. In 433 occasions, data compromises included users' bank account numbers, while in 186 cases the compromises included users' payment card full numbers.
The largest reported data leakage as of January 2025 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. The second-largest data breach in history so far, the Yahoo data breach, occurred in 2013. The company initially reported about one billion exposed data records, but after an investigation, the company updated the number, revealing that three billion accounts were affected. The National Public Data Breach was announced in August 2024. The incident became public when personally identifiable information of individuals became available for sale on the dark web. Overall, the security professionals estimate the leakage of nearly three billion personal records. The next significant data leakage was the March 2018 security breach of India's national ID database, Aadhaar, with over 1.1 billion records exposed. This included biometric information such as identification numbers and fingerprint scans, which could be used to open bank accounts and receive financial aid, among other government services.
Cybercrime - the dark side of digitalization As the world continues its journey into the digital age, corporations and governments across the globe have been increasing their reliance on technology to collect, analyze and store personal data. This, in turn, has led to a rise in the number of cyber crimes, ranging from minor breaches to global-scale attacks impacting billions of users – such as in the case of Yahoo. Within the U.S. alone, 1802 cases of data compromise were reported in 2022. This was a marked increase from the 447 cases reported a decade prior. The high price of data protection As of 2022, the average cost of a single data breach across all industries worldwide stood at around 4.35 million U.S. dollars. This was found to be most costly in the healthcare sector, with each leak reported to have cost the affected party a hefty 10.1 million U.S. dollars. The financial segment followed closely behind. Here, each breach resulted in a loss of approximately 6 million U.S. dollars - 1.5 million more than the global average.
Between November 2022 and October 2023, 67 percent of compromised information in the healthcare industry was personal data. Furthermore, 60 percent of data compromised in the manufacturing industry was personal information, while 38 percent were compromised credentials.
Phishing, ransomware, and business malware have been the most widespread types of cyberattacks in the United States, resulting in data compromises. In 2024, 455 cases of phishing and its variations were detected. Ransomware followed in the second place, with 188 attacks.
As of December 2024, the most significant data breach incident in the United States was the Yahoo data breach that dates back to 2013-2016. Impacting over three billion online users, this incident still remains one of the most significant data breaches worldwide. The second-biggest case was the January 2021 data breach at Microsoft, involving about 30 thousand companies in the United States and around 60 thousand companies around the world.
A survey conducted in the United Kingdom (UK) from September 2023 to January 2024 found that around 13 percent of businesses that had identified a data breach incident or a cyberattack in the preceding 12 months had seen at least one outcome after the incident. The most common were the situations where the website or online services were taken down or made slower and the temporary loss of access to files or networks.
Incidents of data breaches in the Philippines reached roughly 0.7 million during the fourth quarter of 2024, indicating a decrease from the previous quarter. The number of data breaches peaked in the second quarter of 2020 at the height of the COVID-19 pandemic. Challenges in cybersecurity As one of the countries in Asia with a high internet penetration, Filipino online users have been surfing the web to access social media and other entertainment platforms. Recently, particularly at the height of the global pandemic, Filipino internet users also adopted online shopping and digital payment services for their essential and non-essential needs. With the increased digitalization of most services comes the heightened risk of being a victim of cyber threats such as phishing, online scams, data theft, and mobile malware. Such incidents were especially prominent among users lacking cyber hygiene or those unaware of how to protect their personal information when doing their online transactions. Cybersecurity market insights Despite the increased risks of online threats in the Philippines, the cybersecurity market remains modest compared to other countries. In particular, the Philippines ranked 12th out of 14 among countries in the Asia-Pacific region regarding the size of its cybersecurity market and was forecast to grow to about 344 million U.S. dollars in 2028.
As of January 2025, the most significant data breach incident in the United Kingdom (UK) was the 2017-2018 Dixons Carphone breach. As a result of this incident, 14 million user records were affected, and 5.6 million payment card information was exposed. The Equifax data breach between 2011 and 2016 impacted over 15 million customers nationwide.
According to a 2024 survey of Chief Information Security Officers (CISO) worldwide, nearly eight in ten respondents in South Korea said their organization had encountered a loss of sensitive information in the past 12 months. Canada ranked second, as ** percent of the CISOs stated the same. Overall, around ** percent of organizations across the researched markets said they had dealt with material loss of sensitive information in the previous year.
As of January 2024, about ** percent of organizations in the United Kingdom reported experiencing a data breach accident once a month. A further ** percent said they had encountered a data breach event less than once a month in the past 12 months. Meanwhile, ** percent said they had experienced a data breach incident once a week.
Between November 2022 and October 2023, 69 percent of compromised data in companies in the Asia Pacific region was credential information. Additionally, 50 percent of breached data in Northern America was personal information.
As of 2024, the average cost per stolen record in data breaches worldwide amounted to *** U.S. dollars, up from *** dollars in the previous year. The average cost of a data breach worldwide was **** million U.S. dollars.
In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.