TransUnion Study Finds U.S. Data Breach Severity Reaches New High
TransUnion (NYSE: TRU) reports a significant shift in U.S. data breach patterns in 2024. While the total number of breaches decreased to 2,577 primary and 515 third-party breaches from previous year levels, breach severity reached unprecedented levels since measurement began in 2020. The Breach Risk Score increased by 34%, with primary breaches rising to 5.6 and third-party to 5.2 on a 10-point scale.
The study revealed that 11% of U.S. respondents fell victim to digital fraud between August-December 2024, with a median loss of $1,747 per victim. Communities and video gaming sectors were most targeted, with nearly 12% and 11% of transactions respectively flagged as suspected fraud. The logistics industry saw the highest growth in fraud attempts, increasing over 100% year-over-year.
Smishing emerged as the most common fraud scheme in the U.S., targeting users through text messages to obtain personal information.
TransUnion (NYSE: TRU) riporta un cambiamento significativo nei modelli di violazione dei dati negli Stati Uniti nel 2024. Sebbene il numero totale di violazioni sia diminuito a 2.577 violazioni primarie e 515 violazioni di terze parti rispetto ai livelli dell'anno precedente, la gravità delle violazioni ha raggiunto livelli senza precedenti da quando sono iniziati i rilevamenti nel 2020. Il Risk Score di Violazione è aumentato del 34%, con le violazioni primarie che salgono a 5,6 e quelle di terze parti a 5,2 su una scala di 10 punti.
Lo studio ha rivelato che l'11% dei rispondenti statunitensi è stato vittima di frode digitale tra agosto e dicembre 2024, con una perdita mediana di 1.747 dollari per vittima. Le comunità e i settori dei videogiochi sono stati i più colpiti, con quasi il 12% e l'11% delle transazioni, rispettivamente, contrassegnate come frodi sospette. L'industria della logistica ha registrato la crescita più alta nei tentativi di frode, aumentando di oltre il 100% anno su anno.
Il Smishing è emerso come lo schema di frode più comune negli Stati Uniti, prendendo di mira gli utenti tramite messaggi di testo per ottenere informazioni personali.
TransUnion (NYSE: TRU) informa sobre un cambio significativo en los patrones de violación de datos en EE. UU. en 2024. Aunque el número total de violaciones disminuyó a 2,577 violaciones primarias y 515 violaciones de terceros en comparación con los niveles del año anterior, la gravedad de las violaciones alcanzó niveles sin precedentes desde que comenzaron las mediciones en 2020. El Índice de Riesgo de Violación aumentó un 34%, con violaciones primarias subiendo a 5.6 y de terceros a 5.2 en una escala de 10 puntos.
El estudio reveló que el 11% de los encuestados en EE. UU. fue víctima de fraude digital entre agosto y diciembre de 2024, con una pérdida media de $1,747 por víctima. Las comunidades y los sectores de videojuegos fueron los más afectados, con casi el 12% y el 11% de las transacciones, respectivamente, marcadas como fraude sospechoso. La industria de la logística vio el mayor crecimiento en intentos de fraude, aumentando más del 100% interanualmente.
El Smishing surgió como el esquema de fraude más común en EE. UU., dirigiéndose a los usuarios a través de mensajes de texto para obtener información personal.
TransUnion (NYSE: TRU)는 2024년 미국의 데이터 유출 패턴에서 중요한 변화를 보고했습니다. 총 유출 건수는 이전 연도 수준에서 2,577건의 주요 유출과 515건의 제3자 유출로 감소했지만, 유출의 심각성은 2020년 측정이 시작된 이후 전례 없는 수준에 도달했습니다. 유출 위험 점수는 34% 증가했으며, 주요 유출은 10점 척도에서 5.6으로, 제3자 유출은 5.2로 상승했습니다.
연구에 따르면 미국 응답자의 11%가 2024년 8월부터 12월 사이에 디지털 사기의 피해를 입었으며, 피해자당 중간 손실액은 $1,747로 나타났습니다. 커뮤니티와 비디오 게임 부문이 가장 많이 타겟이 되었으며, 각각 거의 12%와 11%의 거래가 의심되는 사기로 표시되었습니다. 물류 산업은 사기 시도가 가장 높은 성장을 보였으며, 전년 대비 100% 이상 증가했습니다.
스미싱은 미국에서 가장 일반적인 사기 방식으로 등장했으며, 개인 정보를 얻기 위해 사용자에게 문자 메시지를 통해 접근합니다.
TransUnion (NYSE: TRU) signale un changement significatif dans les modèles de violation de données aux États-Unis en 2024. Bien que le nombre total de violations ait diminué à 2 577 violations principales et 515 violations de tiers par rapport aux niveaux de l'année précédente, la gravité des violations a atteint des niveaux sans précédent depuis le début des mesures en 2020. Le Score de Risque de Violation a augmenté de 34%, les violations principales atteignant 5,6 et celles de tiers 5,2 sur une échelle de 10 points.
L'étude a révélé que 11% des répondants américains ont été victimes de fraude numérique entre août et décembre 2024, avec une perte médiane de 1 747 $ par victime. Les communautés et les secteurs du jeu vidéo ont été les plus ciblés, avec près de 12% et 11% des transactions respectivement signalées comme des fraudes suspectes. L'industrie logistique a connu la plus forte croissance des tentatives de fraude, augmentant de plus de 100% d'une année sur l'autre.
Le Smishing est apparu comme le schéma de fraude le plus courant aux États-Unis, ciblant les utilisateurs par le biais de messages texte pour obtenir des informations personnelles.
TransUnion (NYSE: TRU) berichtet über einen signifikanten Wandel in den Mustern von Datenverletzungen in den USA im Jahr 2024. Während die Gesamtzahl der Verletzungen auf 2.577 primäre und 515 Drittanbieterverletzungen im Vergleich zum Vorjahr gesenkt wurde, erreichte die Schwere der Verletzungen seit Beginn der Messungen im Jahr 2020 beispiellose Höhen. Der Verletzungsrisikowert stieg um 34%, wobei primäre Verletzungen auf 5,6 und Drittanbieterverletzungen auf 5,2 auf einer 10-Punkte-Skala anstiegen.
Die Studie ergab, dass 11% der Befragten in den USA zwischen August und Dezember 2024 Opfer von digitalem Betrug wurden, mit einem medianen Verlust von 1.747 $ pro Opfer. Gemeinschaften und der Videospielsektor waren am stärksten betroffen, wobei fast 12% bzw. 11% der Transaktionen als verdächtiger Betrug gekennzeichnet wurden. Die Logistikbranche verzeichnete das höchste Wachstum bei Betrugsversuchen, die im Vergleich zum Vorjahr um über 100% zunahmen.
Smishing hat sich als das häufigste Betrugsschema in den USA herausgestellt, das Benutzer über Textnachrichten anspricht, um persönliche Informationen zu erhalten.
- Total number of primary data breaches decreased to 2,577 from 2,842
- Third-party data breaches significantly reduced to 515 from 2,731
- Telecommunications sector saw 79% decrease in suspected digital fraud volume
- 34% increase in data breach severity indicates higher risk for future fraud
- 11% of U.S. consumers fell victim to digital fraud in H2 2024
- Communities sector faced 12% suspected digital fraud rate
- Logistics industry experienced 100% increase in suspected fraud attempts
More Than One in 10 U.S. Survey Respondents Indicated They Fell Victim to Online, Email, Phone or Text Messaging Fraud in H2 2024
CHICAGO, March 27, 2025 (GLOBE NEWSWIRE) -- Despite the volume of U.S. data breaches declining in 2024 from highs reached a year prior, data breach severity reached levels never seen since TransUnion’s measurement began in 2020. These findings were revealed as part of the newly-released TransUnion® (NYSE: TRU) H1 2025 Update to the State of Omnichannel Fraud Report.
In 2024, the number of primary data breaches dipped to 2,577 from 2,842 the year prior, while third-party data breaches fell precipitously to 515 from 2,731 in 2023. However, the severity of those data breaches increased by
A primary data breach represents a direct attack on an organization. A third-party data breach, also known as a supply-chain attack, value-chain attack, or backdoor breach, is when an attacker accesses an entity’s network via third-party vendors or suppliers — payroll processing or medical billing, for instance.
The study found that the 2024 U.S. data breaches targeted more high-quality credentials, and consumers reported being targeted by data harvesting scams in every channel, including email, text, phone and online. Exposed identity data enables cybercriminals to power automated, identity-based attacks on organizations and individuals more readily.
“The reversal of the multi-year U.S. data breach growth is certainly a step in the right direction. However, the significant jump in data breach severity is a cause for concern,” said Steve Yin, global head of fraud at TransUnion. “Breach severity is a leading indicator of future fraud. This year’s growth in severity means organizations must be even more diligent moving forward and work even harder to defend against the oncoming identity fraud attacks such as those in account creations, social engineering scams, and account takeovers.”
_______________
1 The BRS is based on the quantity and severity of the particular identity credentials the affected entity determined to have been exposed.
| While U.S. Data Breach Volume Ticked Down in 2024, Data Breach Severity Reached Record Levels | |||||
| 2020 | 2021 | 2022 | 2023 | 2024 | |
| Volume | |||||
| Primary data Breaches | 1,248 | 1,841 | 1,834 | 2,842 | 2,577 |
| Third-party data breaches | 689 | 567 | 1,757 | 2,731 | 515 |
| Average Breach Risk Score | |||||
| Primary data Breaches | 3.9 | 4.0 | 4.0 | 4.1 | 5.6 |
| Third-party data breaches | 2.8 | 3.1 | 3.4 | 4.2 | 5.2 |
| Source: TransUnion TruEmpower™ | |||||
These data breaches played a key role in significant financial losses faced by consumers due to fraud. Among consumers TransUnion surveyed in 18 countries and regions in November and December 2024,
Communities and Video Gaming Among Top Industries Targeted by Suspected Digital Fraud Globally
Communities, which include venues such as online dating and forums, had the highest rate of suspected digital fraud2 attempts globally in 2024. Nearly
The logistics industry, which has seen growth in shipping fraud (often perpetrated by organized crime rings), saw the greatest suspected digital fraud volume growth globally in 2024, up more than
“Digital fraud on community platforms is by no means a new phenomenon. However, in 2024, it appears that fraudsters targeted these areas with a renewed vigor,” said Richard Tsai, senior director of global fraud solutions at TransUnion. “Cybercriminals, taking advantage of the trust inherent on community-based platforms, targeted members with a wide range of scammer solicitations, the most reported type of digital fraud in communities.”
For transactions where the consumer or fraudster was located in the U.S., gaming continues to see the highest suspected digital fraud rate. About
_______________
2 The rate or percentage of suspected digital fraud attempts reflects those which TransUnion customers determined met one of the following conditions: 1) denial in real time due to fraudulent indicators, 2) denial in real time for corporate policy violations, 3) fraudulent upon customer investigation, or 4) a corporate policy violation upon customer investigation — compared to all transactions assessed. The country and regional analyses examined transactions in which the consumer or suspected fraudster was located in a select country or region when conducting a transaction. Global statistics represents every country worldwide and not just the select countries and regions.
| Communities Saw the Highest Suspected Digital Fraud Rates in 2024 Globally, While Logistics Saw the Greatest Volume Increase | ||
| Industry | Suspected digital fraud attempt rate 2024 | Change in volume of suspected digital fraud attempts from 2023 to 2024 |
| Communities (online dating, forums, etc.) | 11.6% | + |
| Video gaming | 10.8% | - |
| Gaming (online sports betting, poker, etc.) | 7.8% | + |
| Retail | 7.6% | - |
| Financial services | 4.9% | + |
| Telecommunications | 3.0% | - |
| Logistics | 2.6% | + |
| Insurance | 2.0% | - |
| Government | 1.7% | + |
| Travel & leisure | 0.9% | - |
| Source: TransUnion TruValidate™ | ||
As part of the same aforementioned consumer survey,
“While cybercriminals will attack at any time using any channel, they appear to focus on channels most popular in the regions they are targeting,” said Yin. “Text messaging remains incredibly popular in the U.S. and, among many demographic groups, is a far more ubiquitous way to communicate with mobile devices than phone calls. As such, it would stand to reason that smishing would be such a common fraud tactic among fraudsters targeting this region.”
In contrast, nearly half of respondents (
| India and South Africa Saw the Greatest Percentage of Respondents Falling Victim to Digital Fraud in H2 2024 | ||||
| Country | Targeted and fell victim | Targeted but didn’t fall victim | Not targeted | Most reported fraud scheme |
| India | Identity theft | |||
| South Africa | Phishing | |||
| Dominican Republic | Vishing | |||
| Kenya | Smishing | |||
| Mexico | Stolen credit card | |||
| Namibia | Vishing | |||
| Philippines | Phishing | |||
| Puerto Rico | Stolen credit card | |||
| United States | Smishing | |||
| Brazil | Vishing | |||
| Rwanda | Money mule | |||
| Spain | Phishing | |||
| Canada | Phishing | |||
| Chile | Vishing | |||
| Colombia | Vishing | |||
| Zambia | Smishing | |||
| Hong Kong | Phishing | |||
| United Kingdom | Phishing | |||
| Source: TransUnion consumer survey | ||||
TransUnion came to its conclusions about digital fraud and data breaches based on intelligence from TransUnion TruValidate and TruEmpower respectively.
Specific country and regional data in the report include the United States, Botswana, Brazil, Canada, Chile, Colombia, the Dominican Republic, Guatemala, Hong Kong, India, Kenya, Mexico, Namibia, the Philippines, Puerto Rico, Rwanda, South Africa, Spain, the United Kingdom and Zambia. Download the TransUnion H1 2025 Update to the State of Omnichannel Fraud Report for more information and insights about the global fraud trends.
About TransUnion (NYSE: TRU)
TransUnion is a global information and insights company with over 13,000 associates operating in more than 30 countries. We make trust possible by ensuring each person is reliably represented in the marketplace. We do this with a Tru™ picture of each person: an actionable view of consumers, stewarded with care. Through our acquisitions and technology investments we have developed innovative solutions that extend beyond our strong foundation in core credit into areas such as marketing, fraud, risk and advanced analytics. As a result, consumers and businesses can transact with confidence and achieve great things. We call this Information for Good® — and it leads to economic opportunity, great experiences and personal empowerment for millions of people around the world.
http://www.transunion.com/business
| Contact | Dave Blumberg TransUnion | |
| david.blumberg@transunion.com | ||
| Telephone | 312-972-6646 | |
FAQ
What was the severity increase in U.S. data breaches for TRU's 2024 report?
How much money did victims lose to fraud according to TransUnion's 2024 survey?
Which industries were most targeted by digital fraud in TRU's 2024 analysis?
What percentage of U.S. consumers fell victim to digital fraud in late 2024?
Which industry showed the highest growth in digital fraud attempts in TRU's 2024 report?
