Data breaches increased 7,6-times compared to the previous year, rising from 731,1-million in 2023 to 5,6-billion in 2024, according to an annual recap by Surfshark.
China ranks first (940-million) and accounts for 17% of all breaches in 2024. Russia (921-million) is in second place, followed by the US (689-million) in third, with France (146-million) and Germany (135-million) completing the top five.
“As we reflect on 2024, the data breach landscape has dramatically shifted, with the number of compromised accounts increasing nearly eightfold compared to the previous year,” says Emilija Kucinskaite, senior researcher at Surfshark. “This surge underscores the critical importance of effective cybersecurity practices.
“In an era where cyber threats are constantly evolving, taking proactive steps to protect your personal information is crucial. Individuals should use complex passwords, enable two-factor authentication, and stay informed about potential threats.”
In 2024, three new countries entered the top 10 for the highest number of breached accounts. China soared to the top spot (rising from 12th in 2023), Germany climbed to fifth place (up from 16th in 2023), and Poland secured the tenth position (up from 17th in 2023). Despite these shifts, Russia, the US, France, India, Brazil, Italy, and the UK remained in the top 10 for both years.
Q3 2024 had the most data breaches over the last year at 3,8-billion, while Q2 2024 had the fewest data breaches at 216-million.
China experienced 36% more data breaches compared to the US (689-million). The breach rate is 340-times higher than it was in 2023, with approximately 30 Chinese user accounts breached every second in 2024.
In 2024, China saw nearly 1 800 breached accounts per minute, with Russia close behind at over 1 700 per minute. The US followed, experiencing approximately 1 300 breaches per minute. This marks a dramatic increase from 2023, when the US recorded over 900 breaches per minute, Russia almost 160, and China only five.
Examining regional data breach statistics, Europe experienced the highest share, accounting for 29% of all breached accounts, with Russia at the forefront. This region saw over 1,6-billion breached accounts.
Asia followed as the second-most affected region, contributing 23% to the global total, or nearly 1,3-billion breached accounts, with China leading the way.
North America ranked third, making up 14% of all breaches, or nearly 770-million compromised accounts, primarily from the US.
In Europe, Russia (920-million breached accounts) was followed by Germany (135-million), France (146-million), Italy (73-million), and the UK (57-million).
In Asia, China (940-million) led, followed by India (92-million), Japan (40-million), Vietnam (38-million), and the Philippines (24-million). In North America, the US (690-million) has the highest number of breached accounts, followed by Canada (44-million), Mexico (23-million), El Salvador (1,7-million), and Costa Rica (1,5-million).
Compared to 2023, Europe, North America, and Asia remained the top three most affected regions, but their rankings shifted. In 2023, North America led, followed by Europe, and Asia, whereas in 2024, Europe and Asia moved up, while North America dropped to the third place.
Despite these shifts, all regions experienced year-over-year increases in data breaches. Europe saw a 13% rise, Asia surged by 31%, and North America recorded a smaller but significant 2% increase.
The biggest data breaches or leaks in 2024
In February 2024, a major data leak affected over 120-million individuals. The breach originated from DemandScience (formerly Pure Incubation), a B2B demand generation company. This firm gathers business data from public sources and third parties, including full names, physical addresses, email addresses, phone numbers, job titles, functions, and social media links. Such information is essential for digital marketers and advertisers to create detailed consumer profiles that drive lead generation and targeted marketing strategies. Surfshark’s researchers found that approximately 33-million of the breached accounts were American, 2,4-million British, 1,4-million Canadian, 1,2-million Australian, and 80 000 French, among others.
One of the biggest data leaks of 2024 involved a collection of over 3-billion unique email addresses, which surfaced in an underground crime forum in September 2024. The leak compiled data from previous breaches, with duplicates removed to create a cleaner dataset. Surfshark’s researchers found that approximately 790-million of the breached accounts were Russian, 310-million were American, 160-million were Chinese, 110-million were German, and 100-million were French, among others. This massive email leak provides cybercriminals and phishing scammers with a vast pool of potential targets. However, the hacker behind the leak claimed that none of these emails were obtained through private leaks — all of this information was already publicly available.