Data Breach Notification
,
Data Security
,
Fraud Management & Cybercrime
Identity Theft Resource Center’s Lee on Lessons Learned From 2024 Mega-Breaches
Six mega cybersecurity incidents led to a record 1.7 billion data breach notices going out to victims in 2024 – a dramatic 312% increase over the previous year. Among the mega-breaches, the Change Healthcare ransomware attack – the third-largest breach – continues to grow. The insurance company last week nearly doubled its estimated breach count to 190 million people.
See Also: OnDemand | North Korea’s Secret IT Army and How to Combat It
James E. Lee, president of the Identity Theft Resource Center, citing the nonprofit group’s 2024 Annual Data Breach Report, said the increase exposes industry-wide failures in basic cybersecurity practices.
“More than 94% of breaches could have been prevented with simple measures like multifactor authentication,” Lee said. “These failures led to cascading impacts, with billions of victim notices issued.”
The report also reveals a troubling trend: 70% of breach notices lacked actionable information about attack vectors, complicating efforts to mitigate risks. The lack of standardization of breach disclosure laws is a key obstacle, Lee said. “We need uniform, enforceable federal regulations to better protect both businesses and consumers.”
In this video interview with Information Security Media Group, Lee also discussed:
- The implications of mega data breaches on identity theft and scams;
- Why organizations should take advantage of MFA and passkeys to block credential-based attacks;
- The critical need for standardized breach disclosure requirements to close information gaps on cyberthreats.
Lee, a data protection and technology veteran, is a former executive vice president and company secretary of Irish application security company Waratek and former senior vice president and chief marketing officer for Atlanta-based data pioneer ChoicePoint – now LexisNexis. He also chaired two working groups for the American National Standards Institute on identity management and privacy. Prior to joining ChoicePoint, Lee was a global public affairs and communication executive at the International Paper Company.