Insights from Identity Theft Resource Center’s Lee on Lessons from 2024’s Major Cyber Breaches
In 2024, the cybersecurity landscape witnessed an unprecedented surge in data breaches, with a staggering 1.7 billion notices dispatched to victims—a 312% increase compared to the previous year. This alarming rise has been driven largely by six significant cyber incidents, including the Change Healthcare ransomware attack, now recognized as the third largest breach, with victim counts nearly doubling to 190 million.
James E. Lee, President of the Identity Theft Resource Center, emphasized the critical findings from the organization’s 2024 Annual Data Breach Report. He pointed out that the current spike in breaches underscores major deficiencies in fundamental cybersecurity practices across the industry.
“Over 94% of these breaches could have been avoided through basic measures like implementing multifactor authentication,” Lee stated. “The widespread negligence associated with these protocols has resulted in cascading ramifications, leading to billions of notifications to affected individuals.”
Moreover, the report highlights a concerning trend whereby 70% of breach notifications fail to provide actionable insights regarding the methods of attack. This lack of clarity presents significant challenges in risk mitigation efforts. Lee noted that inconsistencies in breach disclosure laws across states hinder effective response measures. “A cohesive and enforceable federal framework is essential to enhance protections for both enterprises and consumers,” he asserted.
In a video discussion with Information Security Media Group, Lee elaborated on the implications of these extensive data breaches, particularly their relationship with rising identity theft and scam activity. He stressed that organizations must prioritize the adoption of multifactor authentication and passkeys to thwart credential-based attacks while also advocating for standardized breach disclosure protocols to bridge the existing information gaps associated with cyber threats.
Lee’s extensive background in data protection and technology includes tenure as the executive vice president and company secretary for Waratek, an Irish application security firm, and roles at ChoicePoint—now LexisNexis—as senior vice president and CMO. He has also led initiatives for the American National Standards Institute focusing on identity management and privacy, further enhancing his expertise in the field.
