TransUnion Study Finds U.S. Data Breach Severity Reaches New High
Rhea-AI Summary
TransUnion (NYSE: TRU) reports a significant shift in U.S. data breach patterns in 2024. While the total number of breaches decreased to 2,577 primary and 515 third-party breaches from previous year levels, breach severity reached unprecedented levels since measurement began in 2020. The Breach Risk Score increased by 34%, with primary breaches rising to 5.6 and third-party to 5.2 on a 10-point scale.
The study revealed that 11% of U.S. respondents fell victim to digital fraud between August-December 2024, with a median loss of $1,747 per victim. Communities and video gaming sectors were most targeted, with nearly 12% and 11% of transactions respectively flagged as suspected fraud. The logistics industry saw the highest growth in fraud attempts, increasing over 100% year-over-year.
Smishing emerged as the most common fraud scheme in the U.S., targeting users through text messages to obtain personal information.
Positive
- Total number of primary data breaches decreased to 2,577 from 2,842
- Third-party data breaches significantly reduced to 515 from 2,731
- Telecommunications sector saw 79% decrease in suspected digital fraud volume
Negative
- 34% increase in data breach severity indicates higher risk for future fraud
- 11% of U.S. consumers fell victim to digital fraud in H2 2024
- Communities sector faced 12% suspected digital fraud rate
- Logistics industry experienced 100% increase in suspected fraud attempts
News Market Reaction 1 Alert
On the day this news was published, TRU declined 1.19%, reflecting a mild negative market reaction.
Data tracked by StockTitan Argus on the day of publication.
More Than One in 10 U.S. Survey Respondents Indicated They Fell Victim to Online, Email, Phone or Text Messaging Fraud in H2 2024
CHICAGO, March 27, 2025 (GLOBE NEWSWIRE) -- Despite the volume of U.S. data breaches declining in 2024 from highs reached a year prior, data breach severity reached levels never seen since TransUnion’s measurement began in 2020. These findings were revealed as part of the newly-released TransUnion® (NYSE: TRU) H1 2025 Update to the State of Omnichannel Fraud Report.
In 2024, the number of primary data breaches dipped to 2,577 from 2,842 the year prior, while third-party data breaches fell precipitously to 515 from 2,731 in 2023. However, the severity of those data breaches increased by
A primary data breach represents a direct attack on an organization. A third-party data breach, also known as a supply-chain attack, value-chain attack, or backdoor breach, is when an attacker accesses an entity’s network via third-party vendors or suppliers — payroll processing or medical billing, for instance.
The study found that the 2024 U.S. data breaches targeted more high-quality credentials, and consumers reported being targeted by data harvesting scams in every channel, including email, text, phone and online. Exposed identity data enables cybercriminals to power automated, identity-based attacks on organizations and individuals more readily.
“The reversal of the multi-year U.S. data breach growth is certainly a step in the right direction. However, the significant jump in data breach severity is a cause for concern,” said Steve Yin, global head of fraud at TransUnion. “Breach severity is a leading indicator of future fraud. This year’s growth in severity means organizations must be even more diligent moving forward and work even harder to defend against the oncoming identity fraud attacks such as those in account creations, social engineering scams, and account takeovers.”
_______________
1 The BRS is based on the quantity and severity of the particular identity credentials the affected entity determined to have been exposed.
| While U.S. Data Breach Volume Ticked Down in 2024, Data Breach Severity Reached Record Levels | |||||
| 2020 | 2021 | 2022 | 2023 | 2024 | |
| Volume | |||||
| Primary data Breaches | 1,248 | 1,841 | 1,834 | 2,842 | 2,577 |
| Third-party data breaches | 689 | 567 | 1,757 | 2,731 | 515 |
| Average Breach Risk Score | |||||
| Primary data Breaches | 3.9 | 4.0 | 4.0 | 4.1 | 5.6 |
| Third-party data breaches | 2.8 | 3.1 | 3.4 | 4.2 | 5.2 |
| Source: TransUnion TruEmpower™ | |||||
These data breaches played a key role in significant financial losses faced by consumers due to fraud. Among consumers TransUnion surveyed in 18 countries and regions in November and December 2024,
Communities and Video Gaming Among Top Industries Targeted by Suspected Digital Fraud Globally
Communities, which include venues such as online dating and forums, had the highest rate of suspected digital fraud2 attempts globally in 2024. Nearly
The logistics industry, which has seen growth in shipping fraud (often perpetrated by organized crime rings), saw the greatest suspected digital fraud volume growth globally in 2024, up more than
“Digital fraud on community platforms is by no means a new phenomenon. However, in 2024, it appears that fraudsters targeted these areas with a renewed vigor,” said Richard Tsai, senior director of global fraud solutions at TransUnion. “Cybercriminals, taking advantage of the trust inherent on community-based platforms, targeted members with a wide range of scammer solicitations, the most reported type of digital fraud in communities.”
For transactions where the consumer or fraudster was located in the U.S., gaming continues to see the highest suspected digital fraud rate. About
_______________
2 The rate or percentage of suspected digital fraud attempts reflects those which TransUnion customers determined met one of the following conditions: 1) denial in real time due to fraudulent indicators, 2) denial in real time for corporate policy violations, 3) fraudulent upon customer investigation, or 4) a corporate policy violation upon customer investigation — compared to all transactions assessed. The country and regional analyses examined transactions in which the consumer or suspected fraudster was located in a select country or region when conducting a transaction. Global statistics represents every country worldwide and not just the select countries and regions.
| Communities Saw the Highest Suspected Digital Fraud Rates in 2024 Globally, While Logistics Saw the Greatest Volume Increase | ||
| Industry | Suspected digital fraud attempt rate 2024 | Change in volume of suspected digital fraud attempts from 2023 to 2024 |
| Communities (online dating, forums, etc.) | 11.6% | + |
| Video gaming | 10.8% | - |
| Gaming (online sports betting, poker, etc.) | 7.8% | + |
| Retail | 7.6% | - |
| Financial services | 4.9% | + |
| Telecommunications | 3.0% | - |
| Logistics | 2.6% | + |
| Insurance | 2.0% | - |
| Government | 1.7% | + |
| Travel & leisure | 0.9% | - |
| Source: TransUnion TruValidate™ | ||
As part of the same aforementioned consumer survey,
“While cybercriminals will attack at any time using any channel, they appear to focus on channels most popular in the regions they are targeting,” said Yin. “Text messaging remains incredibly popular in the U.S. and, among many demographic groups, is a far more ubiquitous way to communicate with mobile devices than phone calls. As such, it would stand to reason that smishing would be such a common fraud tactic among fraudsters targeting this region.”
In contrast, nearly half of respondents (
| India and South Africa Saw the Greatest Percentage of Respondents Falling Victim to Digital Fraud in H2 2024 | ||||
| Country | Targeted and fell victim | Targeted but didn’t fall victim | Not targeted | Most reported fraud scheme |
| India | Identity theft | |||
| South Africa | Phishing | |||
| Dominican Republic | Vishing | |||
| Kenya | Smishing | |||
| Mexico | Stolen credit card | |||
| Namibia | Vishing | |||
| Philippines | Phishing | |||
| Puerto Rico | Stolen credit card | |||
| United States | Smishing | |||
| Brazil | Vishing | |||
| Rwanda | Money mule | |||
| Spain | Phishing | |||
| Canada | Phishing | |||
| Chile | Vishing | |||
| Colombia | Vishing | |||
| Zambia | Smishing | |||
| Hong Kong | Phishing | |||
| United Kingdom | Phishing | |||
| Source: TransUnion consumer survey | ||||
TransUnion came to its conclusions about digital fraud and data breaches based on intelligence from TransUnion TruValidate and TruEmpower respectively.
Specific country and regional data in the report include the United States, Botswana, Brazil, Canada, Chile, Colombia, the Dominican Republic, Guatemala, Hong Kong, India, Kenya, Mexico, Namibia, the Philippines, Puerto Rico, Rwanda, South Africa, Spain, the United Kingdom and Zambia. Download the TransUnion H1 2025 Update to the State of Omnichannel Fraud Report for more information and insights about the global fraud trends.
About TransUnion (NYSE: TRU)
TransUnion is a global information and insights company with over 13,000 associates operating in more than 30 countries. We make trust possible by ensuring each person is reliably represented in the marketplace. We do this with a Tru™ picture of each person: an actionable view of consumers, stewarded with care. Through our acquisitions and technology investments we have developed innovative solutions that extend beyond our strong foundation in core credit into areas such as marketing, fraud, risk and advanced analytics. As a result, consumers and businesses can transact with confidence and achieve great things. We call this Information for Good® — and it leads to economic opportunity, great experiences and personal empowerment for millions of people around the world.
http://www.transunion.com/business
| Contact | Dave Blumberg TransUnion | |
| david.blumberg@transunion.com | ||
| Telephone | 312-972-6646 | |
FAQ
What was the severity increase in U.S. data breaches for TRU's 2024 report?
How much money did victims lose to fraud according to TransUnion's 2024 survey?
Which industries were most targeted by digital fraud in TRU's 2024 analysis?
What percentage of U.S. consumers fell victim to digital fraud in late 2024?
Which industry showed the highest growth in digital fraud attempts in TRU's 2024 report?
