The number of data breach victims in the first half (H1) of 2024 has surged to 1,078,989,742, marking a 490% increase compared to the same period in 2023, which saw 182,645,409 victims.

According to the Identity Theft Resource Center (ITRC) report, the second quarter (Q2) alone accounted for a significant portion of this rise, with 1,041,312,601 victims, a dramatic spike from the 37,677,141 reported in Q1.

The overall number of publicly reported data compromises in Q2 2024 stood at 732, a 12% decrease from the previous quarter’s 838.

Despite this drop, the cumulative total for the first half of 2024 reached 1,571 compromises, reflecting a 14% increase compared to H1 2023, which ended with a record 3,203 compromises.

Several high-profile incidents contributed to the exploding victim count, including Prudential Financial, which initially notified the Securities and Exchange Commission (SEC) of a breach in February 2024 impacting an estimated 36,000 individuals.

However, by June 2024, Prudential had revised this figure to 2.5 million. Similarly, Infosys McCamish System adjusted its estimated victim count from approximately 84,000 in February to six million by mid-year.

The report noted a significant contributor to the Q2 victim surge was a series of credential-stuffing attacks targeting customers of the Snowflake cloud service, which alone accounted for over 900 million victims.

Notably, the estimated total of over one billion victims for H1 does not include those affected by the Change Healthcare supply chain attack, which company executives warn could impact a substantial number of U.S. residents.

Weaponizing AI for Sophisticated Phishing

Stephen Kowski, field CTO at SlashNext Email Security+, warned attackers are weaponizing AI to launch near-perfect, sophisticated phishing campaigns.

“We’re seeing a rise in multi-channel attacks exploiting not just email, but all communication channels including SMS, WhatsApp, Teams, Slack and Discord,” he said.

This broader attack surface, combined with personal account vulnerabilities (e.g., Gmail), has significantly increased breach success rates.

“Additionally, there’s been an uptick in supply chain attacks to compromise multiple organizations through a single vendor,” Kowski said.

He added the surge in activity is likely due to several large-scale breaches of major companies with extensive customer databases.

“Increased remote work has expanded the attack surface for many organizations,” he explained. “Additionally, more sophisticated attack methods powered by AI allow cybercriminals to breach defenses at an accelerated rate.”

Kowski advised organizations to implement AI-powered controls across all messaging and communication channels to stop initial credential harvesting attempts.

“A zero-trust security model with multi-factor authentication is crucial,” he said.

While regular security awareness training is important, it’s insufficient alone against sophisticated phishing and social engineering attacks.

“Robust, AI-driven email and messaging security that can detect and block advanced threats in real-time is essential to mitigate large-scale data breach risks,” Kowski added.

Expanded Attack Surfaces, Rise of RaaS

Chris Morales, CISO at Netenrich, said he agreed there was an expanded attack surface due to remote work and cloud adoption and noted the rise of sophisticated ransomware attacks and the democratization of attack tools through ransomware-as-a-service (RaaS).

“We’re also seeing larger-scale breaches affecting millions of users at once,” he said.

From his perspective, this surge highlights the urgent need for a paradigm shift in security operations, and underscores the need for immediate action, moving towards more proactive, data-driven strategies.

He said AI and machine learning show immense potential for processing vast amounts of security data to identify patterns and anomalies.

“Behavioral analytics is another promising area, allowing for quicker identification of potential threats based on deviations from normal behavior,” Morales said.

Another concept gaining traction is the unified security fabric, which integrates various security tools and data sources into a single, cohesive system.

“This approach can significantly enhance threat detection and response capabilities when combined with AI-driven analytics,” he said.