August 28

Three new reports from ITRC: H1 breaches, 2023 trends, and a new toll scam

0  comments

As longtime readers of this space already know, I’m a big fan of the Identity Theft Resource Center (ITRC). Their regular breach reports provide lots of highly detailed statistics, their trend reporting is invaluable to help project the future of data breaches, and they are quick to report on new and emerging identity-theft grifts.

We’ve covered earlier reports here and here. Today, we’ll quickly go over three recent ITRC publications.

The IRTC’s breach report for the first half of 2024 reveals that in that period there were 1,571 data compromises reported, and that the number of individual victims is estimated at over one billion. Compared to the first half of 2023, this represents a 14% increase in the number of data compromises.

One of the reasons for the very high number of estimated victims is that quite a few organizations revised their victim estimates significantly higher than originally reported in the wake of breaches that took place earlier in 2024.

Another remarkable finding is that the healthcare industry saw a year-over-year decrease in reported compromises of 37%. After many years as the top cyber-target, healthcare has now handed its crown to the Financial Services industry.

The top breach this year so far? Ticketmaster Entertainment, with an estimated 560 million victims impacted.

Download the full report here, it’s an easy read and packed with useful information.

ITRC’s annual Trends in Identity Report delivers a backward-looking analysis of identity-theft trends based on victim reports that the Center has received in the preceding year. As such, it provides insights that are mostly focused on the individual experiences of identity-theft victims.

These findings—like the statistic that 16% of victims were driven to contemplate suicide—are a grim reminder of the real human toll that identity theft can have, far beyond the financial losses to a corporation that suffered a data breach.

The current report, published in June 2024, focuses on three main conclusions, based on analysis of a wealth of data from individual victims:

  • Identity thieves are getting better. Phishing scams are far more plausible than in the past—no longer can you count on bad spelling and syntax to give away a malicious message. Generative AI is very likely a big part of this shift.
  • The ways in which stolen identities are being misused are resulting in more severe, complex, and costly consequences for victims than ever before. These consequences can snowball, as victims face repercussions from the IRS, the justice system, and more.
  • Identity thieves already have all the information they need to open lines of credit and other accounts using stolen identities. The sheer number of stolen records available for purchase on the dark web—as part of a fully mature, criminal marketplace—means that rapid detection and response to any attempted identity misuse is critical.

There’s plenty more in terms of detailed information about victim demographics, thief behavior, and the services requested by, and provided for victims by the ITRC. Download it here.

This bulletin published in May 2024 by the ITRC shares reports of a rapid rise in scams in which smishing texts purport to be collecting road tolls from drivers.

This is taking place in numerous states, although an FBI report published a few weeks earlier only reported on occurrences in three states.

The smishing texts are plausible, such as this one:

“We’ve noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00, visit https://myturnpiketollservices.com to settle your balance.”

Remember—and this extends to many types of smishing attack—you can and should always check your account status through the website or app of the entity that claims to need payment from you.

If you receive this type of attack, you can safely ignore it. You can also file a complaint with the FBI at ic3.gov.


Tags


You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Get in touch

Name*
Email*
Message
0 of 350