Data Breaches and Cyber Attacks in the USA in March 2024 – 169,252,566 Records Breached

IT Governance USA’s research found the following for March 2024:

  • 1,161 publicly disclosed security incidents (33% of all incidents globally)
  • 169,252,566 records known to be breached

This month saw a significant 261% rise in incidents on February, but also a large drop (73%) in records breached. We found the same pattern this month globally.

This is largely caused by an outlier event: 916 misconfigured Google Firebase instances, exposing 124,605,664 records, largely affecting U.S. organizations.

To avoid data skewing, we’ve accounted for this by providing two Data Breach Dashboards this month: one including and one excluding this outlier.


Free PDF download: Data Breach Dashboards

For quick, one-page overviews of this month’s findings, please use our Data Breach Dashboards:

The above Dashboard includes our complete data for the month. To offer a more direct comparison with last month’s data, we’ve created an extra U.S. Data Breach Dashboard this month, excluding the outlier event of 916 misconfigured Google Firebase websites.

From the global figures, we’ve also excluded a second outlier event from this month: the thousands of exposed Ray servers, which we’ve logged as affecting ‘multiple’ countries.

You can also download these and previous months’ Dashboards as free PDFs here.

This blog provides further analysis of the data we’ve collected. We also provide an annual overview and analyze the longer-term trends in our 2024 overview of publicly disclosed data breaches and cyber attacks in the USA.

You can learn more about our research methodology here.


Top 5 biggest breaches

Note 1: Where ‘around,’ ‘about,’ etc. is reported, we record the rounded number. Where ‘more than,’ ‘at least,’ etc. is reported, we record the rounded number plus one. Where ‘up to,’ etc. is reported, we record the rounded number minus one.

Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.


Sector overview

For our monthly analyses, we just look at the top 5 most breached sectors in the USA by number of incidents and by known number of records breached.

We’ll provide a full sector breakdown in our annual report.

Top 5 most breached sectors (by number of incidents)

Note: To make this table as informative as possible, the percentages exclude the ‘multiple,’ ‘other,’ and ‘unknown’ sectors. In line with that, we excluded ‘multiple’ from the table above, which technically ranks in first place with 916 incidents due to the misconfigured Google Firebase websites.

Top 5 most breached sectors (by number of records)

Note: To make this table as informative as possible, we’ve excluded ‘multiple,’ which technically ranks in first place at 124,605,664 known records breached due to the misconfigured Google Firebase websites.


Suffered an incident?

Get FREE expert insight from Cliff Martin, head of incident response at our sister company GRCI Law, into:

  • Defense in depth, with prevention, detection, and response
  • Cyber incident response plans
  • The different stages of incident response
  • Staff training
  • Internal expertise vs outsourcing
  • Incident responder skills
  • And more

Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.

Every Tuesday, you’ll get a short email with:

  • Industry news, including a round-up of the week’s publicly disclosed data breaches and cyber attacks in the USA
  • Our latest research and statistics
  • Free useful resources
  • Upcoming webinars
  • Other ways we can help