Global Data Breaches and Cyber Attacks in March 2024 – 299,368,075 Records Breached

IT Governance’s research found the following for March 2024:

  • 3,478 publicly disclosed security incidents.
  • 299,368,075 records known to be breached.

This month saw fewer records breached than in February (a 58% drop), but a staggering 388% rise in incidents.

This is largely caused by two outlier events:

  1. Misconfigured Google Firebase instances, exposing 124,605,664 records across 916 misconfigured websites.
  2. Thousands of publicly exposed – and compromised – Ray servers. The number of affected records is unknown.

To minimise data skewing, we’ve accounted for this by providing two Data Breach Dashboards this month: one including and one excluding the above events.


Free PDF download: Data Breach Dashboards

For quick, one-page overviews of this month’s findings, please use our Data Breach Dashboards:

The above Dashboard includes our complete data for the month. To offer a more direct comparison with last month’s data, we’ve created an extra Data Breach Dashboard this month, excluding the two outlier events: the thousands of exposed Ray servers and 916 misconfigured Google Firebase websites.

You can also download these and previous months’ Dashboards as free PDFs here.

This blog provides further analysis of the data we’ve collected. We also provide an annual overview and analyse the longer-term trends on our 2024 overview of publicly disclosed data breaches and cyber attacks.

You can learn more about our research methodology here.


Top 10 biggest breaches

Note 1: Where ‘around’, ‘about’, etc. is reported, we record the rounded number. Where ‘more than’, ‘at least’, etc. is reported, we record the rounded number plus one. Where ‘up to’, etc. is reported, we record the rounded number minus one.

Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.

Let’s take a closer look at the top 3:

1. Misconfigured Google Firebase instances expose almost 125 million user records

On 10 January, a security researcher known as ‘MrBruh’ reported on vulnerabilities in the AI hiring system Chattr.ai, which is used by many US fast food chains.

According to MrBruh, attackers could register profiles with full privileges by exploiting misconfigurations in Google Firebase – a Cloud-based mobile application platform.

This gave them access to names, phone numbers, emails, plaintext passwords, branch locations, confidential messages and shift information for Chattr employees, franchisee managers and job applicants.

MrBruh, alongside two other researchers who go by the names ‘Logykk’ and ‘xyzeva’/‘Eva’, then scanned more than 5 million domains for personally identifiable information exposed via other misconfigured Firebase instances.

They discovered 916 misconfigured websites, exposing 124,605,664 users’ records, including names, emails, phone numbers, passwords and financial data.

The researchers then alerted all affected organisations, sending 842 emails over 13 days. Only 24% of site owners fixed the misconfiguration.

Data breached: 124,605,664 records.

2. France Travail breach affects 43 million

The French data protection authority, the CNIL (Commission Nationale de l’Informatique et des Libertés), reports that the unemployment agencies France Travail (formerly Pôle emploi) and Cap Emploi have suffered a cyber attack that led to the exposure of 43 million people’s data.

According to France Travail, the breached data includes names, dates of birth, email and postal addresses, telephone numbers, social security numbers and France Travail identifiers. Passwords and bank details were not affected.

Last August, Pôle emploi suffered a data breach affecting 10 million people. At the time, the security firm Emsisoft attributed it to May 2023’s MOVEit Transfer breach, but removed the agency from its list of MOVEit victims the following month. It’s not known whether this breach relates to the MOVEit one.

Data breached: 43 million people’s data.

3. Threat actor allegedly leaks 36 million MX3 Nutrition records

A threat actor known as Chucky has leaked 36 million customer records apparently belonging to the French sports nutrition company MX3 Nutrition. According to a listing on a popular hacking forum, the database includes customers’ names, email addresses, hashed passwords, and more.

The claim is yet to be verified, but the listing included samples.

Data breached: 36,000,000 records.


Sector overview

For our monthly analyses, we look at the top 5 most breached sectors by number of incidents and by known number of records breached.

We’ll provide a full sector breakdown in our annual report.

Top 5 most breached sectors (by number of incidents)

Note: To make this table as informative as possible, the percentages exclude the ‘multiple’, ‘other’ and ‘unknown’ sectors. Technically, ‘multiple’ is in first place at 2,916 incidents due to the exposed Ray servers and misconfigured Google Firebase websites.

Top 5 most breached sectors (by number of records)

Note: Technically, ‘multiple’ is in first place with 124,605,664 known records breached due to the misconfigured Google Firebase websites. To make this table as informative as possible, we’ve excluded the ‘multiple’ category from it.


Suffered an incident?

Get FREE expert insight from Cliff Martin, head of incident response at our sister company GRCI Law, into:

  • Defence in depth, with prevention, detection and response;
  • Cyber incident response plans;
  • The different stages of incident response;
  • Staff training;
  • Internal expertise vs outsourcing;
  • Incident responder skills; and
  • Much more.

Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our free weekly newsletter: the Security Spotlight.

Every Wednesday, you’ll get a 4-minute email with:

  • Industry news, including a round-up of the week’s publicly disclosed data breaches and cyber attacks;
  • Our latest research and statistics;
  • Interviews with our experts, sharing their insights and expertise;
  • Free useful resources; and
  • Upcoming webinars.