Almost 20 million user accounts leaked in the UK in 2024 so far One user account was leaked in the UK every second over Q3 2024
October 2024 by Sarunas Sereika a privacy and security expert at Surfshark
The UK witnessed 8.3M leaked online user accounts in Q3 2024, a 42% increase compared to Q2 2024 (5.9M), according to the Global data breach monitoring tool by cybersecurity company Surfshark. For comparison, the US had 93.7M breached users in the last quarter and Ireland had 450k. The UK witnessed 19.5M leaked online user accounts in 2024 so far. The UK is ranked 6th in Q3 2024. Globally, a total of 422.6 million accounts were breached.
Globally, breach rates have increased compared to the the same period last year
Almost 423M accounts were leaked in the 3rd quarter of 2024 — 96% higher compared with 215M in Q2. For a sense of scale, the third quarter saw 3,261 accounts breached every minute, versus 1,662 the previous quarter. The trend in the UK is no different. The breach rate is 42% higher in Q3 2024 than it was in Q2 2024, rising from 45 to 64 breached accounts per minute.
North America continues to lead in data breaches
In Q3, North America had the highest number of breached accounts — 101M. While this is a slight decrease from Q2’s 129M, North American accounts still make up a quarter of those affected globally. North America moved up from 2nd in Q1 to 1st in Q2 and remained in this position in Q3. As indicated previously, in North America, the most breached country was the US, responsible for the vast majority (93%) of breached North American accounts.
Europe saw the second-highest number of breaches in the most recent quarter - 88M. This is an increase of over 70% from 51M in the previous quarter. European accounts make up 21% of all those breached. An additional 10% of the accounts originated from Asia (44M). All other regions comprised less than 6% of the years’s total, and almost 39% remain unknown.
In descending order, the ten most breached countries in Q3 2024 were the US (93.7M), France (17.2M), Russia (16.5M), Germany (14.6M), Japan (9.7M), the UK (8.3M), China (7.9M), Italy (7.8M), India (7.4M), and Brazil (5.1M).
The countries with the highest breach density over Q3 2024 (number of leaked accounts per 1,000 residents): the US (276), France (265), Finland (224), Germany (175), Australia (175), Taiwan (165), Italy (133), Singapore (127), the UK (123) and Russia (114).
The comment from Sarunas Sereika a privacy and security expert at Surfshark :
"Access to user accounts is extremely valuable for cyber crooks who are looking to exploit personal data in nefarious ways. Account breaches can have really serious, real-world consequences.
“Hackers can use financial and personally identifiable information to make fraudulent payments, open new online accounts via Facebook, X or Amazon, or sell this information on the dark web - where they’re traded for further illegal use, from fraud to extortion.
“The rise of deepfakes has seen scammers use images and videos to assume the identifies of account breach victims, and create convincing fake videos or audio clips to trick friends, family, or colleagues into sharing more personal information or even money.
“When account details are leaked, reacting quickly is key. Users should immediately seek to change any passwords for accounts that have been compromised. These should be replaced with strong passwords of twelve or more characters, including numbers, symbols, uppercase and lowercase letters. If financial details have been compromised, individuals should contact their bank and proactively monitor for any fraudulent transactions.
“Additionally, if an account has been breached and is no longer in use, GDPR rules and the ‘right to be forgotten’ to request deletion of the account and limit further exposure. Ultimately, being proactive and monitoring your data is vital to reduce the impact of a data breach."
METHODOLOGY
A data breach happens when confidential and sensitive data gets exposed to unauthorized third parties. In this study, we treat every breached or leaked email address used to register for online services as a separate user account, which may have been leaked with additional information, such as password, phone number, IP address, zip code, and more.
The data was collected by our independent partners from 29,000 publicly available databases and aggregated by email address. To determine the location of the email address, our partners’ mechanism looked into several associated parameters, such as domain names, IP addresses, locales, coordinates, currency, or phone numbers. This data was then anonymized and passed on to Surfshark’s researchers to analyze their findings statistically.
The Data Breach World Map is updated monthly with the most recent data from our independent partners. Countries with a population of less than 1M people were not included in the analysis.