Data breaches increased five-fold globally in Q1 2024

Leaked accounts increased five times in Q1 2024 from 81 million to 435 million in the last quarter, according to the Global data breach monitoring tool by cybersecurity company Surfshark. The US, China, and Russia were the most breached countries in 2024 so far.
 
The report shows that since 2004, 17.2 billion accounts have been breached, and approximately 6.5 billion of them have unique email addresses. In descending order, the ten most breached countries since 2004 were the US (3.0 billion), Russia (2.4 billion), China (1.1 billion), France (521.6 million), Germany (486.7 million), Brazil (354.2 million), the UK (321.9 million), India (320.5 million), Italy (266.8 million), and Canada (213.8 million).
 
In February, a Kaspersky report said that India was placed in the 80th position in a report focusing on local threats in the year 2023. The position is based on the malicious programs found directly on users’ computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives) or that initially made their way onto the computer in non-open form, including programs in complex installers or encrypted files.
 
"Since 2004, a staggering 17 billion user accounts have been leaked worldwide, with 400 million occurrences recorded at the start of this year," said Lina Survila, a spokesperson at Surfshark. "We urge everyone to remain vigilant, create strong passwords, refrain from reusing them, and exercise caution when sharing personal information online."
 
In Q4 2023, 627 accounts were being breached every minute. In Q1 2024, however, breach rates are 435% higher, with 3,353 accounts being leaked every 60 seconds. It means that 5 out of 100 people in the world suffered account breaches in Q1 2024, the report confirmed. Of 17 billion leaked user accounts, 38% are unique email addresses. A total of 60.9 billion data points have been exposed (17.2 billion of them have been email addresses) since 2004. On average, each email address is leaked with 3 additional data points. American and Russian accounts are leaked the most often, Surfshark researchers said.
 
The report also noted that the countries with the highest breach density since 2004 (number of leaked accounts per resident) are Russia (16.8), the US (9.0), South Sudan (8.1), France (8.1), Czechia (6.1), Singapore (5.8), Germany (5.8), Canada (5.5), Australia (5.3), the UK (4.8), and Portugal (4.7).
 
Most people use the same email for different accounts when registering online. That’s why a single email or account can be breached several times in separate cases, and some numbers may seem so high (like 17.2 billion total breached accounts).

When an email account is breached, the user is at risk of social engineering and identity theft. Scammers might send fake emails pretending to be from legitimate organisations, which might contain links with computer viruses or requests to disclose even more personal information. If the email address was leaked with more personal information like name and address, scammers might even be able to impersonate the victim for various malicious purposes, the researchers said.
 
To be sure, data breaches have posed substantial threats to both government and private organizations in India. In January, a massive security breach exposed the personal data of 750 million telecom users in India, with the data being sold on the dark web, according to cybersecurity firm CloudSEK. Earlier this month, audio and wearables brand BoAt lost around 2GB of data on the dark web forum. Personally identifiable information like name, address, and contact number was available for purchase.
 
Last month, cybersecurity firm Thales revealed that despite ransomware becoming a top threat in the country, only 20% of businesses have a formal ransomware plan in place, with 10% resorting to paying the ransom demands. "Ransomware and malware stand out as the fastest-growing threat of 2024, with 42% of respondents ranking them as the topmost fastest-growing type of threat. Cloud assets, including software-as-a-service (SaaS) applications, cloud-based storage, and cloud infrastructure management, remain the primary targets for such attacks," revealed the report.
 
Global software industry body BSA, whose members include Adobe, Cisco, Microsoft, and IBM, works in more than 30 countries and engages with governments on policies related to privacy, artificial intelligence, cybersecurity, and other issues, said that India’s Data protection law needs clarity on risk threshold for breaches. That said, it should give companies 72 hours to report breaches and have better clarity on the risk threshold.