Data Breach Notification , Data Security , Fraud Management & Cybercrime

312% Surge in Breach Notices That Could Have Been Prevented

Identity Theft Resource Center's Lee on Lessons Learned From 2024 Mega-Breaches
James E. Lee, president, Identity Theft Resource Center

Six mega cybersecurity incidents led to a record 1.7 billion data breach notices going out to victims in 2024 - a dramatic 312% increase over the previous year. Among the mega-breaches, the Change Healthcare ransomware attack - the third-largest breach - continues to grow. The insurance company last week nearly doubled its estimated breach count to 190 million people.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

James E. Lee, president of the Identity Theft Resource Center, citing the nonprofit group's 2024 Annual Data Breach Report, said the increase exposes industry-wide failures in basic cybersecurity practices.

"More than 94% of breaches could have been prevented with simple measures like multifactor authentication," Lee said. "These failures led to cascading impacts, with billions of victim notices issued."

The report also reveals a troubling trend: 70% of breach notices lacked actionable information about attack vectors, complicating efforts to mitigate risks. The lack of standardization of breach disclosure laws is a key obstacle, Lee said. "We need uniform, enforceable federal regulations to better protect both businesses and consumers."

In this video interview with Information Security Media Group, Lee also discussed:

  • The implications of mega data breaches on identity theft and scams;
  • Why organizations should take advantage of MFA and passkeys to block credential-based attacks;
  • The critical need for standardized breach disclosure requirements to close information gaps on cyberthreats.

Lee, a data protection and technology veteran, is a former executive vice president and company secretary of Irish application security company Waratek and former senior vice president and chief marketing officer for Atlanta-based data pioneer ChoicePoint - now LexisNexis. He also chaired two working groups for the American National Standards Institute on identity management and privacy. Prior to joining ChoicePoint, Lee was a global public affairs and communication executive at the International Paper Company.


About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.