Hackers are looking to breach U.S. critical infrastructure, targeting industrial control systems at ‘record levels,’ warned an intelligence official.
The number of data breach victims in the United States surged by almost five-fold during the January–June period this year, mostly due to a few large hacking events that affected millions of people, according to the nonprofit Identity Theft Resource Center (ITRC).
The second quarter of 2024 saw the third-highest data breach victim count in any quarter, the nonprofit stated. However, the estimated victim count is considerably higher as the report did not account for the Change Healthcare supply chain attack. This breach affects one-third of Americans, a company official stated in May.
Even though the number of breach victims in the first half surged by almost fivefold, the number of security incidents did not see any such spike. There were 1,571 publicly reported data compromises in the first half of 2024, a roughly 14 percent increase from the first half of 2023, the ITRC said.
“The takeaway from this report is simple: Every person, business, institution and government agency must view data and identity protection with a greater sense of urgency,” said Eva Velasquez, president and CEO of ITRC.
Data compromises rose in 10 of the 16 industries tracked by ITRC. Financial services were the most affected, with 407 compromises, followed by the health care, professional services, manufacturing, and education sectors.
The company with the largest number of reported victims was Ticketmaster Entertainment, with an estimated 560 million affected individuals, followed by Advance Auto Parts, Dell, LoanDepot, and the Kaiser Foundation.
Cyber Threat Facing America
The report follows warnings from security experts that critical U.S. infrastructure such as communication networks and energy supplies face an increasing threat from cyber criminals.
She said the number of cyberattacks rose by 74 percent globally last year, with many of these attacks targeting U.S. health care and industrial control systems.
“Cyber actors are attacking U.S. industrial control systems which are typically used to automate industrial processes at record levels,” Ms. Haines said. “These actors put a premium on preparing offensive capability during peacetime, in part by preemptively planting footholds in our infrastructure.”
Hackers sponsored by China were “pre-positioned” for potential cyberattacks against U.S. natural gas and oil companies in 2011, he said during a security conference.
“But these days, it’s reached something closer to a fever pitch,” he stated. “What we’re seeing now is China’s increasing build-out of offensive weapons within our critical infrastructure, poised to attack whenever Beijing decides the time is right.”
In the event of any conflict, China will use such cyber access to “cripple” critical systems such as communication platforms and power grids.
The Chinese regime has heavily invested in boosting its cyber capabilities since its national strategy calls for “actively and intentionally” dominating these areas, he said.
“Beijing sees cyber and emerging technology as critical to the strategy to reshape the United States-led international order to be more favorable to the priorities of the Chinese Communist Party,” he said.