Core Insights - The volume of U.S. data breaches decreased in 2024, but the severity of these breaches reached unprecedented levels since TransUnion began tracking in 2020 [1][5] Data Breach Volume and Severity - In 2024, primary data breaches fell to 2,577 from 2,842 in 2023, while third-party data breaches dropped significantly to 515 from 2,731 [2] - The severity of data breaches increased by 34%, with the primary U.S. Breach Risk Score rising from 4.1 to 5.6 and the third-party score increasing from 4.2 to 5.2 [2][5] Types of Data Breaches - Primary data breaches are direct attacks on organizations, while third-party breaches involve access through vendors or suppliers [3] - The 2024 breaches targeted higher-quality credentials, with consumers facing data harvesting scams across multiple channels [4] Financial Impact on Consumers - A survey indicated that 29% of consumers lost money due to various types of fraud, with a median loss of $1,747 [8] Digital Fraud Trends - Communities and video gaming were among the top industries targeted by suspected digital fraud, with communities experiencing a 12% fraud attempt rate [9][14] - The logistics industry saw the greatest increase in suspected digital fraud volume, up over 100% from 2023 [10][14] Consumer Awareness and Experience - In the U.S., 11% of respondents reported being targeted by fraud, with smishing being the most common scheme [14][15] - Nearly half of the respondents (48%) claimed they were not targeted by fraud, raising questions about awareness [16]

Core Viewpoint - Several insurance companies, including National General and Allstate, are facing a lawsuit from the New York State Attorney General for failing to protect consumer personal information and mishandling data breaches [1][2]. Group 1: Allegations and Breaches - The lawsuit alleges that National General failed to notify consumers about a data breach in 2021 and allowed a larger breach to occur in 2022 [2][5]. - The first data breach exposed the driver's license numbers of nearly 12,000 individuals, while the second breach compromised the driver's license numbers of an additional 187,000 consumers [5]. - National General is accused of not implementing reasonable data security measures before and after Allstate took over its data security operations [3][4]. Group 2: Company Responses - Allstate stated that they resolved the issue years ago by securing their systems after identifying vulnerabilities and notified regulators and affected consumers [4]. - The lawsuit seeks penalties and an injunction to prevent any continued violations of data security laws [5].