What were the cybersecurity statistics for week 52 of 2024?

Week 52 (Dec. 23-30, 2024) saw 6 advisory/vulnerability events and 18 incident/data breach events. The total number of impacted individuals was 1,822,882 across 6 incidents.

How did week 52 compare to week 51 of 2024?

Advisories decreased from 9 in week 51 to 8 in week 52. Incidents increased from 11 in week 51 to 18 in week 52. The number of impacted individuals increased slightly from 1.442 million to 1.822 million.

What were the main causes of cybersecurity incidents?

The leading causes were Social Engineering and Phishing (3 incidents), followed by Malware/Ransomware Attacks (2), Third Party Compromise (2), and Denial-of-Service Attacks (2). Other causes included Unauthorized access, Physical Security Breach, Software Vulnerability Exploits, and System Misconfiguration Exploits.

Which industries were most affected by cybersecurity incidents?

Education led with 3 incidents, followed by Aviation, Manufacturing, Finance, Government, and Healthcare with 2 incidents each. Other affected industries included Transport/Logistics, Insurance, IT/Software/Technology, Non-profit/Charity, and Automotive with 1 incident each.

What was the largest data breach reported during this period?

The largest breach was reported by the Illinois Department of Human Services, which exposed over 1,000,000 individuals. However, since not all incidents report the number of impacted individuals, the total number affected is likely higher than the reported 1,822,882.

Knowledge

State of (in)security - Week 52, 2024

published: Dec. 31, 2024

Take action: Chrome extensions are always a risk. Even if the vendor is trusted, injecting of an extension that can access and read all your data is not to be taken lightly. Be very careful of the browser extensions you use - and keep track of any reported issues.

Learn More

In the week between Dec. 23, 2024, midnight and Dec. 30, 2024, midnight we witnessed a total of:

6 advisory/vulnerability events
18 incident/data breach events

Week over Week comparison of week 52 2024 vs week 51 2024:

We also shared 4 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 1,822,882 impacted individuals across 6 incidents, with the largest breach being the Illinois Department of Human Services reports data breach exposing over 1M people incident exposing 1,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Social Engineering and Phishing	3
Malware, Ransomware and Related Attacks	2
Third Party Compromise	2
Denial-of-Service Attacks	2
Unauthorized access	1
Physical Security Breach	1
Software Vulnerability and SDLC Exploits	1
System Misconfiguration Exploits	1

Industry breakdown of incidents

Industry	Number of incidents
Education	3
Aviation	2
Manufacturing	2
Finance	2
Government	2
Healthcare	2
Transport/Logistics	1
Insurance	1
IT/Software/Technology	1
Non-profit/Charity	1
Automotive	1

Read the Event Details of the Week

Knowledge

awareness | Attackers compromise accounts of admins, inject malicious code in multiple Chrome extensions
active attack | Botnet actively exploits flaws in NVRs, TP-Link routers
active attack | Hackers abuse outdated D-Link routers for botnets
active exploit | Palo Alto Networks reports actively exploited DoS flaw in PAN-OS

Vulnerabilities

critical vulnerability | Adobe releases out-of schedule patch for a ColdFusion flaw with a exploit PoC
critical vulnerability | Apache patches critical remote code executuion flaw in Tomcat Web Server
critical vulnerability | Apache Software Foundation reports critical vulnerability in Apache MINA Java network
critical vulnerability | Critical flaw reported in Apache HugeGraph-Server
critical vulnerability | Critical flaws reported in WordPress WPLMS theme required plugins
critical vulnerability | Critical SQL injection flaw identified in Apache Traffic Control

Incidents

data breach | Japan Airlines hit by cyberattack, disrupts operations and flights
data breach | Access TeleCare reports data breach caused by breached employee email accounts
data breach | Effortless Office Files reports data breach
data breach | General Dynamics hit by phishing attack, exposes employee benefits accounts
data breach | LegalNurse.com reports data breach
data breach | Randolph Brooks Federal Credit Union reports data breach affecting 4.6K people
data breach | Volkswagen group leaks data of over 800K EV owners
data breach | Regional Financial Management Information System of Indonesia breached
data breach | Colonial Surety Company reports data breach
data breach | McMurry University reports data breach, impacting 18K people
data breach | Hacktivist group NoName targets Italian infrastructure entities with DDoS
data breach | ZAGG Inc reports third party breach affecting customer's credit card information
data breach | Allendale long term care reports data breach
data breach | Illinois Department of Human Services reports data breach exposing over 1M people
data breach | Kentucky Boone and Kenton counties report data breach caused by phishing attacks
ransomware | Vallianz Holdings reports ransomware attack, claims minimal impact
ransomware | Pittsburgh Regional Transit hit by ransomware attack
ransomware | European Space Agency web store hacked to steal payment card information

Read More
State of (in)security - Week 40, 2024
State of (in)security - Week 27, 2024
State of (in)security - Week 12, 2024
Researchers report Apple silicon CPU vulnerability that can …
State of (in)security - Week 13, 2025