Ticketmaster and Advanced Auto Parts data breaches push 2024 total up to over a billion

According to statistics from the Identity Theft Resource Center, there have been over a billion data breaches in the first half of this year, compared with 418,000 for the whole of 2023. 

The surge in victims is mainly due to security lapses at Ticketmaster and Advanced Auto Parts. Identity theft targeting financial services companies also rose by over two-thirds in the first half of 2024 compared to the same period in 2023. The total number of data breaches at organizations hit 1,571, nearly half of the record 3,203 breaches in 2023. 

At Ticketmaster, hackers accessed data from approximately 560 million users, including names, addresses, emails, credit card details, and order histories. 

At Advanced Auto Parts, data from around 380 million customers was stolen, involving loyalty and gas card numbers, sales records, and employment information.

Other large breaches this year include Loan Depot, the U.S. Environmental Protection Agency, Kaiser Foundation Health Plan, Infosys McCamish Systems, and Omni Hotels and Resorts. 

Despite the increasing number of attacks, the number of victims is declining. Privacy experts attribute this to cybercriminals focusing on more targeted assaults for specific types of valuable information rather than mass data grabs.

The public remains largely unaware of the true extent of data breaches because companies may not detect cyberattacks for months. Additionally, the disclosure requirements vary by state, leading to inconsistent reporting compared to the more stringent nationwide regulations in Europe.

In October, the Federal Trade Commission (FTC) broadened reporting requirements, mandating that nonbanking financial institutions, such as mortgage brokers and vehicle dealerships, implement security programs to protect customer information. Privacy experts believe the FTC rule will improve the clarity of when and where data breaches occur.

New state laws on data privacy have also been enacted this year. California pioneered the data breach notification law in 2002, and now all 50 states have adopted similar legislation.