By Roy Urrico
Massive Increase in Breach Victims
Data breaches were down for the second quarter of 2024, but up for first half of the year, according to the El Cajon, Calif.-based Identity Theft Resource Center (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime. The ITRC report revealed there were 732 publicly reported data compromises in the second quarter this year, a 12% decrease compared to the previous quarter (838).
However, through the first half of the year, the ITRC tracked 1,571 compromises, putting 2024 about 14% higher compared to the first half of 2023, which ended in a record number of compromises (3,203). The number of data compromises reported in the first half impacted an estimated 1.07 billion victims.
The ITRC also found the number of reported victims in the second quarter of 2024 (1,041,312,601) increased by 1,170% compared to the second quarter of 2023 (81,958,874). This was in part due to updated estimates from compromises reported earlier in 2024 as well as a small number of large cyberattack-related data breaches.
The ITRC also disclosed:
Prudential Financial originally notified the U.S. Securities and Exchange Commission (SEC) of a breach in February 2024 that impacted an estimated 36,000 victims. Prudential later revised the victim count in June 2024 to 2.5 million.
Infosys McCamish System revised their estimated victim count from about 84,000 in February’s notice to 6 million victims.
Credential stuffing attacks that targeted customers of the Snowflake cloud service accounted for more than 900 million of the victims reported in the second quarter of 2024.
“The more than 1 billion estimated total first half 2024 victim count does not include victims of the Change Healthcare supply chain attack, which company executives predict will impact ‘a substantial number’ of U.S. residents.”
Financial services was the top compromised industry for both the second quarter (182) and the first half (407) of 2024. Attacks against financial services companies jumped by more than two-thirds year-over-year. Reported compromises increased in 10 of the 16 industries tracked by the ITRC, but compromises reported by healthcare entities decreased year-over-year by 37%.
“The findings in the H1 2024 Data Breach Analysis are eye-opening for many different reasons,” said Eva Velasquez, president and CEO of the ITRC. “The estimated victim count is up significantly, primarily due to a small number of very large data events skewing the numbers. What is clear, though, is the fact the trends we saw emerge in 2023 that led to a record-breaking year in compromises are continuing into 2024. In some cases, such as the number of organizations impacted by supply chain attacks and the number of entities that did not list the root cause of a breach, the trends accelerated through the first half of the year. The takeaway from this report is simple: Every person, business, institution and government agency must view data and identity protection with a greater sense of urgency.”
Defending Against Transfer Scams
LexisNexis Risk Solutions recently published a study, Defend Against Authorized Transfer Scams: How Financial Institutions Can Transform an Epidemic into an Opportunity. In September 2023, LexisNexis Risk Solutions commissioned Forrester Consulting to evaluate the state of authorized transfer scam detection and mitigation at financial institutions. Forrester conducted an online survey with 413 fraud risk and mitigation strategy leaders at financial services institutions in the U.S. to explore this topic.
The study found respondents want to upgrade fraud prevention solutions, upskill employees, and improve customer experience (CX) by diagnosing and interrupting scams before customers fall for them.
The report said. “Authorized transfer scams, which occur when a fraudulent party manipulates or deceives an authorized account owner to transfer funds to an account under the fraudulent party’s control, are particularly lucrative for fraudsters. In these types of scams, bad actors engage and manipulate consumers to authorize transfers under false pretense, exploiting consumer legitimacy to bypass conventional fraud prevention approaches.”
The study recommends financial institutions must work to understand and implement better
strategies for detecting target coaching and transfers to mitigate these scams.
Among the key findings:
· Improving both CX and customer outreach are high priorities. Respondents are consistently prioritizing the human element of scam detection and mitigation. Over the next 12 months, respondents are leaning into improving CX and confident, personal outreach to customers. However, the act of contacting a customer is just one essential component of the larger imperative. Respondents are less confident in their ability to convince targets that they are actively being scammed.
· Current capabilities and solutions are not enough to mitigate scams. Nearly two-thirds of respondents reported challenges with their organization’s current solutions’ abilities to mitigate authorized transfer scams. This new generation of scams and scammers requires additional systems for detection and the adoption of advanced technologies that use insights to gauge risk, determine if outreach is necessary, and stop a scam before it concludes.
· Detecting target coaching, malicious transfers, and mitigating scams requires a comprehensive strategy. Respondents are taking a multilayered approach to scam detection and mitigation. From upgrading their current solutions and capabilities to emphasizing softer skills like improving customer outreach techniques, respondents want to be more proactive and protective of customers, thereby improving CX. “Financial institutions can transform the shame customers may feel when falling for a scam into gratitude and even loyalty by reaching out.”
Study Reveals the U.S. Fraud Hotspots
A new study announced the areas hit the hardest by fraud in the period between the second quarter of 2023 and the first quarter of 2024. The data compiled by Smyrna, Ga.-based injury lawyers Bader Scott, examined the number of fraud cases reported in each state according to the Federal Trade Commission (FTC) between April 2023 and March 2024. The data was then scaled against each state’s population to ensure fair comparisons among states and investigate the areas with the highest volume per 100,000 residents.
The data revealed that Georgia suffered from the highest rates of fraud. In the assessed period, there were over 177,000 reports filed, resulting in a rate of 1,605 cases per 100,000 residents – a 62% rise above the national average (988 per 100,000). In the first quarter of 2024, the FTC reported over 4,300 reports of imposter scams in Georgia with other top scams relating to online shopping, internet service fraud and business and job opportunities.
Second hardest hit is Georgia’s southern neighbor Florida, which saw a rate of 1,589 cases per 100,000 people. Florida’s residents reported over 359,300 incidents in this period and have consistently ranked in the top four places worst hit over the last five years. As of the first three months of this year, Florida residents have already lost $171.1 million to fraudsters. The FTC’s report on 2024 data so far names imposter scams as the most common scam type in the Sunshine State, with online shopping and negative reviews coming in second. In the first quarter of 2024, the FTC has reported over 32,000 incidents of all types of scams, a worrying figure.
Nevada ranks third, with a rate of 1,532 reports per 100,000 residents. In the period measured, there were over 48,900 cases. At the end of the first quarter, the FTC reported over 1,600 imposter crime complaints. Other common ways to be targeted include investment scams, cyber threats and telephone and mobile texts or calls.
In fourth place, with a rate of 1,486 reports per 100,000 residents, is Delaware. For such a small population, this figure is a concerning 50% above the average. According to the FTC’s report on the first quarter of the year, residents here have already lost $6.3 million to fraud. Over the time frame analyzed, there were over 15,300 cases of fraud reported. As with most states, the most common type of scam is imposter fraud.
Ranking fifth is Maryland. Here, there are approximately 1,428 reports per 100,000 residents – 44% above the national average. Within the assessed period, there were over 88,200 instances reported. Within the top ten types, mortgage foreclosure relief and debt management fraud rank high in Maryland.
Commenting on the findings, Seth Bader from Bader Scott said: “Each year, the US suffers losses of billions of dollars because of fraud, so it is important to remain aware of the diverse ways scammers can target you and your loved ones.
“A few factors contribute to why certain areas are worse off than others on this list. For example, economic vulnerability can play a part. Where people are more financially insecure, the lure of scams supposedly delivering high returns can seem more promising. Additionally, regions with older populations can face a larger number of cases as technology can be harder for older adults to navigate.
Bader continued, “The FTC reported a total of 2.6 million fraud reports in 2023, with an estimated $10 billion lost – an extra $1 billion in comparison to 2022. These figures are worrying, especially given that fraudsters have easy access to people now as they are targeting social media users meaning many more people are subject to their scams.”