IT Governance’s research found the following for January 2024:
- 4,645 publicly disclosed security incidents.
- 29,530,829,012 records known to be breached.
Incredibly, even though 2024 has only just begun, we’ve already surpassed the totals of 2023 – across the full year – in both incidents and records breached.
This is due to a major outlier event: the MOAB (mother of all breaches), where an open instance saw more than 26 billion data records leaked from 3,876 domain names.
We recognise that many of these records have been compiled from previous data breaches, and that this data set will undoubtedly contain duplicates, so appreciate that this event has to be treated differently to other, completely new incidents. Furthermore, a single event of this magnitude inevitably skews the other figures, which we want to account for.
This monthly report therefore provides two sets of numbers: including and excluding the MOAB.
Free PDF download: Data Breach Dashboard
For a quick, one-page overview of this month’s findings, please use our Data Breach Dashboards. This month, we provide two Dashboards: including and excluding the MOAB.
You can also download this and previous months’ Dashboards as free PDFs here.
This blog provides further analysis of the data we’ve collected. We also analyse the longer-term trends in our 2024 overview of publicly disclosed data breaches and cyber attacks.
You can learn more about our research methodology here.
Top 10 biggest breaches
Note 1: Where ‘around’, ‘about’, etc. is reported, we record the rounded number. Where ‘more than’, ‘at least’, etc. is reported, we record the rounded number plus one. Where ‘up to’, etc. is reported, we record the rounded number minus one.
Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.
1. The ‘mother of all breaches’: more than 26 billion records exposed
The security researcher Bob Diachenko and investigators from Cybernews have discovered an open instance with 26 billion data records, mostly compiled from previous breaches – although it likely also includes new data.
The data is more than mere credentials, too – according to Cybernews, most of the exposed data is sensitive. Given the extraordinary scale of the data breach, it’s been dubbed the ‘MOAB’ (mother of all breaches). In total, 3,876 domain names were included in the exposed data set.
Data breached: more than 26 billion records.
2. Russian research centre Planeta attacked by Ukraine, allegedly 2 PB of data wiped
The Main Directorate of Intelligence of the Ministry of Defense of Ukraine claims to have destroyed a 2-PB (petabyte) database belonging to Russia’s Far Eastern Research Center for Space Hydrometeorology, or Planeta.
With the caveat that news of state-sponsored attacks against combatants during wartime must be treated with a certain degree of caution, it appears that the cyber attack on Planeta – which receives and processes satellite data on behalf of more than 50 Russian state entities, including the Ministry of War – destroyed 280 servers at a cost of “at least $10 million”.
Data breached: 2 PB.
3. Mobile network database breach exposes 750 million Indians’ personal data
The Indian security company CloudSEK claims to have found the personal data of 750 million Indians for sale on an “underground forum”. Compromised data includes victims’ names, addresses, phone numbers and Aadhaar numbers (a 12-digit government identification number).
It remains unclear how the data breach occurred, but the attackers apparently suggested it was the result of “exploiting vulnerabilities within government databases of telecommunication systems”.
Data breached: 750 million victims’ personal data.
4. Massive data breach potentially exposes entire Brazilian population
Researchers have discovered a publicly accessible Elasticsearch instance containing the private data of hundreds of millions of Brazilians, including full names, dates of birth, sex and Cadastro de Pessoas Físicas numbers – the 11-digit number that identifies individual taxpayers.
The data is no longer publicly available.
Data breached: >223,000,000 victims’ personal data.
Sector overview
For our monthly analyses, we look at the top 5 most breached sectors by number of incidents and by known number of records breached.
We provide a full sector breakdown in our annual report.
Top 5 most breached sectors (by number of incidents)
Note: To make this table as informative as possible, the percentages exclude the ‘multiple’, ‘other’ and ‘unknown’ sectors. We’ve also excluded these sectors from the top 5. If we hadn’t, ‘multiple’ would have been in the top spot at 3,876 incidents due to the MOAB, and ‘unknown’ would have ranked above finance at 60 incidents.
Top 5 most breached sectors (by number of records)
Note: To make this table as informative as possible, we’ve excluded the ‘multiple’, ‘other’ and ‘unknown’ sectors. If we hadn’t, ‘multiple’ would have been in the top spot at 26,000,000,001 known records breached due to the MOAB, and ‘unknown’ would have ranked fourth at 293,840,772 known records breached, largely due to the unknown Brazilian organisation breached.
Security Spotlight
To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our free weekly newsletter: the Security Spotlight.
Every Wednesday, you’ll get a 4-minute email with:
- Industry news, including a round-up of the week’s publicly disclosed data breaches and cyber attacks;
- Our latest research and statistics;
- Interviews with our experts, sharing their insights and expertise;
- Free useful resources; and
- Upcoming webinars.