While the number of data breaches reported last year wasn't a whole lot different than the year before, the number of people potentially affected by them skyrocketed.
According to the 19th annual data breach report issued by the Identity Theft Resource Center, a nonprofit group that helps victims of identity theft, there were 3,158 reported data compromises in 2024, just slightly less than the record 3,202 compromises reported the year before.
But the number of people notified of data breaches issued last year jumped to 1.73 billion, marking a more than 300% increase from the year before. The ITRC says the jump mainly stemmed from six megabreaches that accounted for at least 100 million breach notifications each, and totaled more than 1.4 billion notifications together.
Eva Velasquez, the ITRC's chief executive, said in a statement that those are "troubling trends," adding that weak cybersecurity practices were also involved in several of 2024's biggest breaches.
According to the report, better cyber practices and requirements could have prevented at least 196 of 2024's reported compromises that combined accounted for more than 1.2 billion victim notices.
The breaches at Ticketmaster, AT&T and Change Healthcare, which all involved stolen login credentials, could have been blocked if the companies had used two-factor authentication or passkeys, the group says.
But Velasquez says the news isn't all bad, noting that 40% of states now have comprehensive data privacy laws designed to protect consumers. And new technologies like passkeys could go a long way toward preventing breaches caused by compromised passwords.