Data Breaches and Cyber Attacks in the USA in February 2024 – 621,095,066 Records Breached

IT Governance USA’s research found the following for February 2024:

  • 322 publicly disclosed security incidents (45% of all incidents globally)
  • 621,095,066 records known to be breached

This month, globally, 719,366,482 records were known to be breached – 86% of them were in the USA.

This is unusual. Typically, the USA suffers more incidents than any other country, but these tend to lead to a disproportionately low number of records breached.

This month is different due to two outlier breaches:

  1. Zenlayer’s publicly exposed database, which contained 384,658,212 records
  2. Pure Incubation Ventures, which allegedly* had 183,754,481 records go up for sale

*The threat actor provided 100,000 records as a sample.


Free PDF download: Data Breach Dashboard

For a quick, one-page overview of this month’s findings, please use our Data Breach Dashboard:

You can also download this and previous months’ Dashboards as free PDFs here.

This blog provides further analysis of the data we’ve collected. We also provide an annual overview and analyze the longer-term trends in our 2024 overview of publicly disclosed data breaches and cyber attacks in the USA.

You can learn more about our research methodology here.


Top 5 biggest breaches

Note 1: Where ‘around,’ ‘about,’ etc. is reported, we record the rounded number. Where ‘more than,’ ‘at least,’ etc. is reported, we record the rounded number plus one. Where ‘up to,’ etc. is reported, we record the rounded number minus one.

Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.


Sector overview

For our monthly analyses, we just look at the top 5 most breached sectors in the USA by number of incidents and by known number of records breached.

We provide a full sector breakdown in our annual report.

Top 5 most breached sectors (by number of incidents)

Note: To make this table as informative as possible, the percentages exclude the ‘multiple,’ ‘other,’ and ‘unknown’ sectors.

Top 5 most breached sectors (by number of records)


Suffered an incident?

Get free expert insight from Cliff Martin, the head of incident response at our sister company GRCI Law, into:

  • Defense in depth, with prevention, detection, and response
  • Cyber incident response plans
  • The different stages of incident response
  • Staff training
  • Internal expertise vs outsourcing
  • Incident responder skills
  • And more

Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.

Every Tuesday, you’ll get a short email with:

  • Industry news, including a round-up of the week’s publicly disclosed data breaches and cyber attacks in the USA
  • Our latest research and statistics
  • Free useful resources
  • Upcoming webinars
  • Other ways we can help