Data Breaches and Cyber Attacks in Europe in February 2024 – 50,884,709 Records Breached

IT Governance Europe’s research found the following for February 2024:

Europe saw significantly fewer records breached in February than in January: a 98% drop, after a 2-PB breach on Russian research centre Planeta.* However, there was a significant rise in the EU: a 273% increase.

Both Europe and the EU also saw a big rise in the number of publicly disclosed security incidents: 90% and 212% increases respectively. This is despite a global drop in incidents over the same period.

This month, there were two outlier incidents in Europe, one in terms of the amount of data breached, and one in terms of the number of organisations affected:

  1. Viamedis and Almerys, which suffered a breach affecting more than 33 million people. We elaborate below.
  2. supply chain attack that affected 100 Romanian hospitals – specifically, via their healthcare management system, Hipocrate Information System.

*For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (for instance, pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.

Data Breach Dashboard

For a quick, one-page overview of this month’s findings, check out our Data Breach Dashboard:

This blog provides further analysis of the data we’ve collected. We also provide an annual overview and analyse the longer-term trends on our 2024 overview of publicly disclosed data breaches and cyber attacks in Europe.

You can learn more about our research methodology here.

Top 2 biggest breaches

1. Viamedis and Almerys

Two French healthcare service providers, Viamedis and Almerys, which manage third-party payments for supplementary health insurance, suffered data breaches that are being investigated by the French data protection authority, the CNIL.

Compromised data includes policyholders’ and their families’ civil status, dates of birth and social security numbers, as well as the name of their health insurer and information relating to their contracts.

In total, more than 33 million people – nearly half France’s population – have been affected.

Data breached: >33,000,000 people’s data.

2. Hyundai Motor Europe

Hyundai Motor Europe – the motoring giant’s European subsidiary, which is headquartered in Germany – has suffered a cyber attack by the Black Basta ransomware group. Black Basta claims to have exfiltrated 3 TB of data.

Bleeping Computer reports that the folder names show that the stolen data is “related to various departments at the company, including legal, sales, human resources, accounting, IT, and management”.

Data breached: 3 TB data.

Breached countries

This month, the following countries suffered at least one publicly disclosed incident: Albania (1), Austria (4), Belgium (2), Croatia (1), Cyprus (1), Denmark (3), France (16), Germany (13), Hungary (1), Iceland (1), Italy (10), Luxembourg (1), the Netherlands (7), Poland (4), Portugal (1), Romania (104), Slovakia (1), Spain (10), Sweden (5), Switzerland (5) and the UK (24).

Top 3 (by number of incidents)

Top 3 (by number of records)

Sector overview

For our monthly analyses, we just look at the top 3 most breached sectors in Europe by number of incidents and by known number of records breached.

We provide a full sector breakdown in our annual report.

Top 3 most breached sectors (by number of incidents)

Note: To make this table as informative as possible, the percentages exclude the ‘multiple’, ‘other’ and ‘unknown’ sectors.

Top 3 most breached sectors (by number of records)

Suffered an incident?

Get FREE expert insight from Cliff Martin, head of incident response at our sister company GRCI Law, into:

  • Defence in depth, with prevention, detection and response;
  • Cyber incident response plans;
  • The different stages of incident response;
  • Staff training;
  • Internal expertise vs outsourcing;
  • Incident responder skills; and
  • Much more.

Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our free weekly newsletter: the Security Spotlight.

Every Tuesday, you’ll get a short email with:

  • Industry news, including a round-up of the week’s publicly disclosed data breaches and cyber attacks in Europe;
  • Our latest research and statistics;
  • Interviews with our experts, sharing their insights and expertise;
  • Free useful resources; and
  • Upcoming webinars.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.