Long Island companies among those facing data breaches in first half of 2024
Consumers fell victim to data breaches at an increasing rate in the first half of 2024, leaving their data exposed to cybercriminals, according to a new report from a national nonprofit.
There were more than 1 billion victims of data compromises in the first six months of the year in 1,571 incidents, which represented a 14% increase compared with the same period a year ago, the San Diego-based Identity Theft Resource Center wrote in a new report, including several affecting Long Island businesses.
"I wish I could say that we're making headway, but the reality is we're not, and in many respects, we're losing ground by the very nature of the fact we're still seeing increases," said James E. Lee, chief operating officer at Identity Theft Resource Center.
Lee said fewer businesses are providing detailed information after they suffer from breaches, which makes it more difficult for other businesses to learn about vulnerabilities and protect themselves.
The count of 1 billion victims includes individuals whose data was exposed in multiple incidents, and it is skewed by a few major cyberattacks this year. The largest was the data breach at Ticketmaster, which affected 560 million accounts when customer data was stolen from a vendor it uses, Snowflake, a cloud-based data storage company.
Snowflake said its investigation showed a hacker accessed customer data using stolen credentials obtained through malware. The compromised account did not have multifactor authentication enabled, the company said.
The breach at Snowflake also affected AT&T, which disclosed last week that nearly all its customers were affected by a data breach that disclosed call and text message records. AT&T’s breach was not included in ITRC’s report on the first half of the year.
A Ronkonkoma-based company had the largest breach this year among New York-based companies, according to ITRC. PipingRock Health Products, a manufacturer of vitamins and supplements including the brands Nature’s Truth, Pink and Sundance, experienced a breach earlier this year that affected more than 950,000 people.
A January breach at Port Washington-based Arden Claims Service, an administrator of class-action settlements, affected around 50,000 people, making it the fifth-largest of a New York-based company in the first half of the year. The exposed data included names and Social Security numbers, according to a notification filed with the Maine Attorney General.
Arden did not return a phone call seeking comment Thursday.
At PipingRock, the exposed data included customer names, email addresses, home addresses, phone numbers and purchases, according to Cybernews, which discovered an ad in April for the company’s data on a web forum.
The incident occurred because of a breach at a third-party company PipingRock works with, said John Aguanno, the company’s chief financial officer.
"Our company did not suffer a data breach," he said.
These types of events are known as supply chain attacks in the cybersecurity industry, said Steve Morgan, founder of Northport-based Cybersecurity Ventures and publisher of Cybercrime magazine.
"They are trending toward becoming as common as drinking coffee," Morgan said.
An analysis published by Morgan’s firm last year estimated the global cost of supply chain attacks to businesses would reach $60 billion in 2025, based on 15% annual growth. The growing cost of cybercrime has led corporate leaders to take notice, he said.
"Now that boardroom and C-suite executives have learned the hard way, they are taking cyberattacks as seriously as heart attacks," Morgan said.
Another emerging trend, Lee said, involves cybercriminals targeting driver's license information that could be used to open credit accounts or apply for government benefits.
"We've seen a big spike since the pandemic because of the use of the driver's license in places we haven't seen it before," Lee said. "It's not just showing it to the police officer who pulls you over on the side of the road or to get into a bar. It's now used to verify your identity when you're setting up accounts."
Consumers fell victim to data breaches at an increasing rate in the first half of 2024, leaving their data exposed to cybercriminals, according to a new report from a national nonprofit.
There were more than 1 billion victims of data compromises in the first six months of the year in 1,571 incidents, which represented a 14% increase compared with the same period a year ago, the San Diego-based Identity Theft Resource Center wrote in a new report, including several affecting Long Island businesses.
"I wish I could say that we're making headway, but the reality is we're not, and in many respects, we're losing ground by the very nature of the fact we're still seeing increases," said James E. Lee, chief operating officer at Identity Theft Resource Center.
Lee said fewer businesses are providing detailed information after they suffer from breaches, which makes it more difficult for other businesses to learn about vulnerabilities and protect themselves.
WHAT TO KNOW
- More than 1 billion fell victim to data compromises in the first six months of the year.
- The 1,571 incidents represented a 14% increase compared with the same period a year ago, according to a new report.
- Some victims had their data exposed in multiple incidents, and the numbers are skewed by a few major cyberattacks this year, including the data breach at Ticketmaster that affected 560 million accounts.
The count of 1 billion victims includes individuals whose data was exposed in multiple incidents, and it is skewed by a few major cyberattacks this year. The largest was the data breach at Ticketmaster, which affected 560 million accounts when customer data was stolen from a vendor it uses, Snowflake, a cloud-based data storage company.
Snowflake said its investigation showed a hacker accessed customer data using stolen credentials obtained through malware. The compromised account did not have multifactor authentication enabled, the company said.
The breach at Snowflake also affected AT&T, which disclosed last week that nearly all its customers were affected by a data breach that disclosed call and text message records. AT&T’s breach was not included in ITRC’s report on the first half of the year.
A Ronkonkoma-based company had the largest breach this year among New York-based companies, according to ITRC. PipingRock Health Products, a manufacturer of vitamins and supplements including the brands Nature’s Truth, Pink and Sundance, experienced a breach earlier this year that affected more than 950,000 people.
A January breach at Port Washington-based Arden Claims Service, an administrator of class-action settlements, affected around 50,000 people, making it the fifth-largest of a New York-based company in the first half of the year. The exposed data included names and Social Security numbers, according to a notification filed with the Maine Attorney General.
Arden did not return a phone call seeking comment Thursday.
At PipingRock, the exposed data included customer names, email addresses, home addresses, phone numbers and purchases, according to Cybernews, which discovered an ad in April for the company’s data on a web forum.
The incident occurred because of a breach at a third-party company PipingRock works with, said John Aguanno, the company’s chief financial officer.
"Our company did not suffer a data breach," he said.
These types of events are known as supply chain attacks in the cybersecurity industry, said Steve Morgan, founder of Northport-based Cybersecurity Ventures and publisher of Cybercrime magazine.
"They are trending toward becoming as common as drinking coffee," Morgan said.
An analysis published by Morgan’s firm last year estimated the global cost of supply chain attacks to businesses would reach $60 billion in 2025, based on 15% annual growth. The growing cost of cybercrime has led corporate leaders to take notice, he said.
"Now that boardroom and C-suite executives have learned the hard way, they are taking cyberattacks as seriously as heart attacks," Morgan said.
Another emerging trend, Lee said, involves cybercriminals targeting driver's license information that could be used to open credit accounts or apply for government benefits.
"We've seen a big spike since the pandemic because of the use of the driver's license in places we haven't seen it before," Lee said. "It's not just showing it to the police officer who pulls you over on the side of the road or to get into a bar. It's now used to verify your identity when you're setting up accounts."
Jonathan LaMantia covers residential real estate and other business news on Long Island. He previously covered the business of health care for Crain's New York Business.
Updated 56 minutes ago Summer wraps up with Labor Day celebrations ... Store worker charged with spying on girl ... New LIRR schedules ... Big changes at NCC
Updated 56 minutes ago Summer wraps up with Labor Day celebrations ... Store worker charged with spying on girl ... New LIRR schedules ... Big changes at NCC
