Kiteworks, which empowers organisations to effectively manage risk in every send, share, receive, and save of sensitive data, today releases its “Top 11 Data Breaches of 2024” report. The research applies Kiteworks’ Risk Exposure Index (REI), a proprietary methodology introduced in summer 2024, to quantify and compare the severity of the year’s most significant breach events.
The REI assessment reveals that raw numbers of records exposed, while important, tell only part of the story. By analysing factors including data sensitivity, financial impact, regulatory implications, and attack sophistication, the report provides a nuanced measurement of organizational and consumer risk far beyond traditional metrics.
“Our Risk Exposure Index assessment of these breaches demonstrates what traditional reporting often misses,” says Tim Freestone, Chief Marketing Officer at Kiteworks. “When we look beyond headline figures, we see that data sensitivity outranks all other factors in determining breach severity, confirming that what was stolen matters more than how much was taken. This insight enables organisations to more effectively prioritize their security investments.”
Key Risk Exposure Index Findings
Supply Chain Impact Reaches Perfect Score: The Change Healthcare breach received a 10.0 Supply Chain Impact score, the highest possible rating, reflecting the catastrophic downstream effects on thousands of healthcare providers nationwide. By comparison, the National Public Data breach scored 8.5 for Supply Chain Impact, illustrating how our methodology quantifies ecosystem-wide risk.
Attack Vector Sophistication Varies Significantly: The report’s analysis shows significant variation in Attack Vector Sophistication scores, ranging from 5.4 (DemandScience) to 8.4 (National Public Data). This variance highlights how some breaches exploit advanced persistent techniques while others leverage basic misconfigurations.
Risk Score Rankings Reveal True Impact: The National Public Data breach achieved the highest overall risk score (8.93) due to its unprecedented scale, while the Change Healthcare breach ranked second (8.7) despite affecting fewer records. Hot Topic (7.7), LoanDepot (7.6), and Kaiser Foundation Health Plan (7.6) demonstrate how breaches of varying sizes can pose similar risk levels when analyzed comprehensively.
Data Sensitivity Drives Risk: Multi-factor analysis across all breaches indicates that the three most influential factors in determining breach severity are:
- Data Sensitivity (24% influence): The nature of compromised information proved the single most important factor in determining real-world impact, with financial and health data breaches creating the most significant individual harm.
- Financial Impact (22% influence): The economic consequences for the breached organisation and affected individuals strongly influenced overall risk assessment, with ecosystem disruption creating particularly severe impacts.
- Regulatory Compliance (18% influence): The regulatory environment significantly shaped breach outcomes, with highly regulated industries facing more substantial consequences and response requirements.
This correlation between data sensitivity and risk score (r=0.78) was particularly strong in healthcare and financial services breaches.
“What makes our Risk Exposure Index particularly valuable is its ability to quantify factors that typically defy measurement,” says Patrick Spencer, VP of Corporate Marketing and Research at Kiteworks. “Our multi-factor analysis reveals that data sensitivity is the single most influential factor in determining breach severity, accounting for 24% of the overall risk impact. This indicates that what was stolen matters more than how much was taken. Organisations must prioritise protecting their most sensitive data throughout its life cycle, especially in an environment where third-party risk management remains the least mature security domain in 2024, creating systematic vulnerabilities that threat actors increasingly target.”
| Rank | Data Breach | Supply Chain Impact | Attack Vector Sophistication | Risk Score |
| 1 | National Public Data | 8.5 | 8.4 | 8.9 |
| 2 | Change Healthcare | 10.0 | 8.2 | 8.7 |
| 3 | Ticketmaster Entertainment | 6.8 | 8.2 | 8.7 |
| 4 | AT&T | 5.4 | 6.5 | 8.5 |
| 5 | Hot Topic | 8.2 | 7.8 | 7.7 |
| 6 | LoanDepot | 4.2 | 7.1 | 7.6 |
| 7 | Kaiser Foundation Health Plan | 7.8 | 6.9 | 7.6 |
| 8 | DemandScience by Pure Incubation | 6.9 | 5.4 | 7.1 |
| 9 | Dell Technologies | 5.9 | 7.4 | 7.2 |
| 10 | MC2 Data | 5.2 | 5.7 | 6.9 |
| 11 | U.S. Environmental Protection Agency | 4.2 | 6.8 | 6.2 |
Risk Exposure Score of Top 11 Data Breaches in 2024
The full “Top 11 Data Breaches of 2024” report can be downloaded here.
About Kiteworks
Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and use of private data. The Kiteworks platform provides customers with a Private Data Network that delivers data governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive data moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive data exchanges. Headquartered in Silicon Valley, Kiteworks protects over 100 million end-users for over 35,000 global enterprises and government agencies.
