CHICAGO–Despite the volume of U.S. data breaches declining in 2024 from highs reached a year prior, TransUnion is reporting data breach severity reached levels never seen since the company’s measurement began in 2020.
The findings were released as part of TransUnion’s news 2025 Update to the State of Omnichannel Fraud Report.
“In 2024, the number of primary data breaches dipped to 2,577 from 2,842 the year prior, while third-party data breaches fell precipitously to 515 from 2,731 in 2023,” TransUnion stated. “However, the severity of those data breaches increased by 34% from one year earlier, with the primary US Breach Risk Score (BRS)[1] rising from 4.1 to 5.6 and third party rising from 4.2 to 5.2.”
Breach Risk Score is measured on a 1–10 scale, where 1 represents the least severe and 10 most.
TransUnion said a primary data breach represents a direct attack on an organization. A third-party data breach, also known as a supply-chain attack, value-chain attack, or backdoor breach, is when an attacker accesses an entity’s network via third-party vendors or suppliers — payroll processing or medical billing, for instance.
The Targets
According to TransUnion, the study found the 2024 U.S. data breaches targeted more high-quality credentials, and consumers reported being targeted by data harvesting scams in every channel, including email, text, phone and online. Exposed identity data enables cybercriminals to power automated, identity-based attacks on organizations and individuals more readily, the company noted.
‘Step in Right Direction,’ But…
“The reversal of the multi-year U.S. data breach growth is certainly a step in the right direction. However, the significant jump in data breach severity is a cause for concern,” Steve Yin, global head of fraud at TransUnion, said in a statement. “Breach severity is a leading indicator of future fraud. This year’s growth in severity means organizations must be even more diligent moving forward and work even harder to defend against the oncoming identity fraud attacks such as those in account creations, social engineering scams, and account takeovers.”
According to TransUnion, the data breaches played a “key role in significant financial losses faced by consumers due to fraud.”
Among consumers TransUnion surveyed in 18 countries and regions in November and December 2024, 29% said they lost money due to online, email, phone or text message fraud in the last year. The TransUnion 2025 Update to the State of Omnichannel Fraud Report found that the median amount those consumers said they lost due to fraud in the past year was $1,747.
The Top Industries Targeted
TransUnion reported that the communities such as online dating and forums had the highest rate of suspected digital frau[2] attempts globally in 2024.
Among the findings:
- Nearly 12% of all attempted communities transactions were suspected to be digital fraud last year. This is closely followed by video gaming (11%), with gaming (including online betting, poker, etc.) at 8% and retail (8%) rounding out the top four.
- The logistics industry, which has seen growth in shipping fraud (often perpetrated by organized crime rings), saw the greatest suspected digital fraud volume growth globally in 2024, up more than 100% over 2023. “That being said, the fraud rate remains at a relatively modest 3%.”
- Gaming also saw a significant year-over-year (YoY) volume change, up 20%. Telecommunications (-79%), insurance (-29%) and video gaming (-23%) saw the greatest decreases in suspected digital fraud volume YoY.
Renewed Vigor
“Digital fraud on community platforms is by no means a new phenomenon. However, in 2024, it appears that fraudsters targeted these areas with a renewed vigor,” Richard Tsai, senior director of global fraud solutions at TransUnion, said in a statement. “Cybercriminals, taking advantage of the trust inherent on community-based platforms, targeted members with a wide range of scammer solicitations, the most reported type of digital fraud in communities.”
According to TransUnion, for transactions where the consumer or fraudster was located in the U.S., gaming continues to see the highest suspected digital fraud rate.
“About 14% of attempted transactions were suspected to be digital fraud, roughly the same as 2023,” TransUnion said. “This marks the fifth consecutive year since TransUnion began research on this metric five years ago, where 13% or more of attempted gaming transactions in the U.S. were suspected to be digital fraud.”
How People Were Targeted
As part of the same aforementioned consumer survey, 11% of U.S. respondents indicated that they were targeted by online, email, phone call or text messaging fraud from August to December 2024 and fell victim to it. Four in 10 respondents (41%) indicated that they were aware of being targeted, but did not fall victim. Among those able to identify being targeted, the most commonly reported fraud scheme in the U.S. was smishing. Smishing is a type of phishing that uses text messages to mislead people into giving away personal information. The term combines “SMS” and “phishing”.
“While cybercriminals will attack at any time using any channel, they appear to focus on channels most popular in the regions they are targeting,” said Yin. “Text messaging remains incredibly popular in the U.S. and, among many demographic groups, is a far more ubiquitous way to communicate with mobile devices than phone calls. As such, it would stand to reason that smishing would be such a common fraud tactic among fraudsters targeting this region.”
In contrast, nearly half of respondents (48%) indicated that they were not targeted by these types of fraud at all.
“This raises questions as to whether these respondents were in fact targeted, yet simply unaware,” TransUnion said.