In 2024, the number of data compromises in the United States stood at 3,158 cases. Meanwhile, over 1.35 billion individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2024 the financial services, healthcare, and professional services were the three industry sectors that recorded most data breaches. Overall, the number of healthcare data breaches in some industry sectors in the United States has gradually increased within the past few years. However, some sectors saw decrease. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

As of June 2025, the most significant data breach incident in the United States was the Yahoo data breach that dates back to 2013-2016. Impacting over three billion online users, this incident still remains one of the most significant data breaches worldwide. The second-biggest case was the January 2021 data breach at Microsoft, involving about 30 thousand companies in the United States and around 60 thousand companies around the world.

As of 2024, the average cost of a data breach in the United States amounted to **** million U.S. dollars, down from **** million U.S. dollars in the previous year. The global average cost per data breach was **** million U.S. dollars in 2024. Cost of a data breach in different countries worldwide Data breaches impose a big threat for organizations globally. The monetary damage caused by data breaches has increased in many markets in the past decade. In 2023, Canada followed the U.S. by data breach costs, with an average of **** million U.S. dollars. Since 2019, the average monetary damage caused by loss of sensitive information in Canada has increased notably. In the United Kingdom, the average cost of a data breach in 2024 amounted to around **** million U.S. dollars, while in Germany it stood at **** million U.S. dollars. The cost of data breach by industry and segment Data breach costs vary depending on the industry and segment. For the fourth consecutive year, the global healthcare sector registered the highest costs of data breach, which in 2024 amounted to about **** million U.S. dollars. Financial institutions ranked second, with an average cost of *** million U.S. dollars for a data breach. Detection and escalation was the costliest segment in data breaches worldwide, with **** U.S. dollars on average. The cost for lost business ranked second, while response following a breach came across as the third-costliest segment.

Between January and November 2023, California was the U.S. state with the highest number of reported data breach incidents targeting the government. In the measured period, the government agencies saw 16 cases of data breaches. Texas ranked second, with eight incidents. Overall, 137 cases of government data breaches were recorded in the United States.

The largest reported data leakage as of January 2025 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. The second-largest data breach in history so far, the Yahoo data breach, occurred in 2013. The company initially reported about one billion exposed data records, but after an investigation, the company updated the number, revealing that three billion accounts were affected. The National Public Data Breach was announced in August 2024. The incident became public when personally identifiable information of individuals became available for sale on the dark web. Overall, the security professionals estimate the leakage of nearly three billion personal records. The next significant data leakage was the March 2018 security breach of India's national ID database, Aadhaar, with over 1.1 billion records exposed. This included biometric information such as identification numbers and fingerprint scans, which could be used to open bank accounts and receive financial aid, among other government services.

Cybercrime - the dark side of digitalization As the world continues its journey into the digital age, corporations and governments across the globe have been increasing their reliance on technology to collect, analyze and store personal data. This, in turn, has led to a rise in the number of cyber crimes, ranging from minor breaches to global-scale attacks impacting billions of users – such as in the case of Yahoo. Within the U.S. alone, 1802 cases of data compromise were reported in 2022. This was a marked increase from the 447 cases reported a decade prior. The high price of data protection As of 2022, the average cost of a single data breach across all industries worldwide stood at around 4.35 million U.S. dollars. This was found to be most costly in the healthcare sector, with each leak reported to have cost the affected party a hefty 10.1 million U.S. dollars. The financial segment followed closely behind. Here, each breach resulted in a loss of approximately 6 million U.S. dollars - 1.5 million more than the global average.

Between January 2014 and November 2023, the most significant data breach incident involving the U.S. government was the 2018 breach at the U.S. Postal Service. The incident compromised 60 million records. During the data breach incident at the Office of Personnel Management in 2015, 21.5 million data records were affected.

The statistic shows the number of data breaches in the United States from 2013 to 2019, by industry. In the last measured period, the majority of the 1,473 annual data breaches affected business and medical or healthcare organizations, with 644 and 525 data breaches respectively.

Between January and September 2024, healthcare organizations in the United States saw 491 large-scale data breaches, resulting in the loss of over 500 records. This figure has increased significantly in the last decade. To date, the highest number of large-scale data breaches in the U.S. healthcare sector was recorded in 2023, with a reported 745 cases.

In 2024, the financial services industry in the United States was the most targeted by cyberattacks, that resulted in data compromises. That year, financial institutions in the U.S. saw 737 data compromise incidents. On the other hand, in 2023, the number of data compromise incidents in the U.S. healthcare industry was much higher than in the latest measured year.

Between the first quarter of 2021 and the first quarter of 2024, the number of data compromise cases in the United States increased significantly. The highest number of data compromises was recorded in the fourth quarter of 2023, with 1,089 cases. However, the number of recorded cases fell to 841 in the first quarter of 2024. In the fourth quarter of 2022, more than 253 million individuals were affected by data compromise incidents. By the first quarter of 2024, this number decreased to around 28.5 million.

As of January 2025, the most significant data privacy violation fine worldwide was for social media giant Meta. In May 2023, the Data Protection Commission (DPC) of Ireland decided to fine the company with 1.2 billion euros or 1.3 billion U.S. dollars. The Chinese vehicle-for rent company Didi Global ranked second. In July 2022, China's data privacy regulator fined the company 8.026 billion Chinese yuan, or 1.19 billion U.S. dollars. The 2021 Amazon fine issued by Luxembourg's data privacy regulation authorities was 877 million U.S. dollars and was the third-biggest data breach fine as of the measured month. The 2019 fine of 575 million U.S. dollars to Equifax followed. In this incident, because of unpatched vulnerabilities, nearly 150 million people were affected, which caused the American consumer credit reporting agency to pay at least 575 million U.S. dollars.

Between January 18 and November 2023, a quarter of data breach incidents in the United States government happened at city administration offices. A further 17 percent of the incidents involved counties, while law enforcement agencies encountered 14 percent of the data breaches.

In 2023, the most significant healthcare data breach incident in the United States was the HCA Healthcare breach. The Nashville-based company is the largest health system in the United States. During the July 2023 breach, more than *** U.S. hospitals and ***** healthcare sites reported about unauthorized access. The incident impacted ***** million individuals in the United States. Second-ranked PJ&A data breach impacted nearly **** million individuals.

In the first half of 2024, the share of health-related U.S. data breaches caused by hacking was ** percent, which marked a *** percent increase from 2023, reaching its highest rate since 2014.

In a survey conducted between July 2023 and June 2024 among small companies in the United States, 47 percent said they did not notify consumers about data breach incidents because there was no risk of identity theft or fraud. Additionally, nearly four in 10 said they postponed the data breach notification following the advice of law enforcement.

A survey conducted in May 2024 found that 56 percent of the respondents in the United States were not likely at all to trust a company that had experienced data breaching with their personal data. The same trend was reflected among different age groups, as the majority of them were not likely to trust companies post-data breach. A significant share of 76 percent of adults between the age of 45 and 54 were not likely to share their personal information with a company after a data breach. While approximately half of users aged between 25 and 44 were not at all likely to trust such companies in the future.

As of February 2024, the United States ranked first by the average cost of a data breach, **** million U.S. dollars. The average cost of data breaches in the Middle East is **** million U.S. dollars. Benelux followed in the ranking, with *** million U.S. dollars. In the measured period, the global average data breach cost was **** million U.S. dollars. Phishing scams in the U.S. Breached data often ends up in the hands of threat actors who use it for malicious purposes, including online scams. Phishing continues to be a major threat in North America, particularly on smartphones. In the second quarter of 2023, the region recorded the highest number of phishing and malicious attack attempts globally. The United States was particularly affected, with ** percent of U.S. citizens reporting being targeted by scam texts, e-mails, and calls on a daily basis. Additionally, phishing and spoofing were the most common types of cybercrime, impacting *** thousand individuals in 2023. These attacks led to financial losses, with U.S. victims reporting nearly ** billion U.S. dollars in damages throughout the year. U.S. users and data privacy Despite only ** percent of internet users in the United States being highly knowledgeable about data privacy and cybersecurity, a significant portion of users demonstrated caution and awareness in protecting their information. In fact, over half of surveyed U.S. users reported being somewhat confident in knowing the right steps to take in the event of a cyberattack. Furthermore, ** percent of U.S. users actively decline cookies on websites, reflecting their increasing concern for data protection. Many respondents also take additional steps to safeguard their digital privacy, such as limiting or avoiding clicking on ads as well as not answering phone calls due to cybersecurity risks.

Healthcare data breaches in the United States are a constantly increasing risk with the potential for significant damage to affected parties. The largest recorded U.S. data breach in the healthcare sector as of November 2024, was recorded in July 2024, at Change Healthcare, Inc., a health insurance provider in the United States, when criminal hackers stole personal data affecting *** million individuals.

In 2022, most healthcare data breaches in the United States happened as a result of hacking or IT-related incidents. The number of such cases was 555 in the examined year. The next-most common cause for data breaches was unauthorized access or disclosure, detected in 113 cases. Loss and theft of data were less common causes of data breaches in the U.S. healthcare system in 2022. Overall, in 2022, there were 707 data breaches of over 500 records in the U.S. healthcare industry.

In 2023, over *** thousand healthcare data breaches were reported in the United States. The number of reported breaches in the U.S. healthcare system has gradually increased since 2016.