Share This:

From our sponsor

ITRC

As longtime readers of this space already know, I’m a big fan of the Identity Theft Resource Center (ITRC). Their regular breach reports provide lots of highly detailed statistics, their trend reporting is invaluable to help project the future of data breaches, and they are quick to report on new and emerging identity-theft grifts.

We’ve covered earlier reports here and here. Today, we’ll quickly go over three recent ITRC publications.

ITRC H1 2024 Data Breach Analysis

The ITRC’s breach report for the first half of 2024 reveals that in that period there were 1,571 data compromises reported and that the number of individual victims is estimated at over one billion. Compared to the first half of 2023, this represents a 14% increase in the number of data compromises.

One of the reasons for the very high number of estimated victims is that quite a few organizations revised their victim estimates significantly higher than originally reported in the wake of breaches that took place earlier in 2024.

Another remarkable finding is that the healthcare industry saw a year-over-year decrease in reported compromises of 37%. After many years as the top cyber-target, healthcare has now handed its crown to the Financial Services industry.

The top breach this year so far? Ticketmaster Entertainment, with an estimated 560 million victims impacted.

Download the full report here, it’s an easy read and packed with useful information.

ITRC 2023 Trends in Identity Report 

ITRC’s annual Trends in Identity Report delivers a backward-looking analysis of identity-theft trends based on victim reports that the Center has received in the preceding year. As such, it provides insights that are mostly focused on the individual experiences of identity-theft victims.

These findings—like the statistic that 16% of victims were driven to contemplate suicide—are a grim reminder of the real human toll that identity theft can have, far beyond the financial losses to a corporation that suffered a data breach.

The current report, published in June 2024, focuses on three main conclusions, based on analysis of a wealth of data from individual victims:

  • Identity thieves are getting better. Phishing scams are far more plausible than in the past—no longer can you count on bad spelling and syntax to give away a malicious message. Generative AI is very likely a big part of this shift.
  • The ways in which stolen identities are being misused are resulting in more severe, complex, and costly consequences for victims than ever before. These consequences can snowball, as victims face repercussions from the IRS, the justice system, and more.
  • Identity thieves already have all the information they need to open lines of credit and other accounts using stolen identities. The sheer number of stolen records available for purchase on the dark web—as part of a fully mature, criminal marketplace—means that rapid detection and response to any attempted identity misuse is critical.

There’s plenty more in terms of detailed information about victim demographics, thief behavior, and the services requested by, and provided for victims by the ITRC. Download it here.

ITRC report on emerging toll-road scam

This bulletin published in May 2024 by the ITRC shares reports of a rapid rise in scams in which smishing texts purport to be collecting road tolls from drivers.

This is taking place in numerous states, although an FBI report published a few weeks earlier only reported on occurrences in three states.

The smishing texts are plausible, such as this one:

“We’ve noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00, visit https://myturnpiketollservices.com to settle your balance.”

Remember—and this extends to many types of smishing attacks—you can and should always check your account status through the website or app of the entity that claims to need payment from you.

If you receive this type of attack, you can safely ignore it. You can also file a complaint with the FBI at ic3.gov.

This article was originally published at Barracuda Blog.

Photo: LookerStudio / Shutterstock


Share This:
Tony Burgess

Posted by Tony Burgess

Tony Burgess is a twenty-year veteran of the IT security industry and is Barracuda’s Senior Copywriter for Content and Customer Marketing. In this role, he researches complex technical subjects and translates findings into clear, useful, human-readable prose. You can connect with Tony on LinkedIn here.

Leave a reply

Your email address will not be published. Required fields are marked *