Data Breaches and Cyber Attacks in Europe in March 2024 – 102,499,341 Records Breached

IT Governance Europe’s research found the following for March 2024:

This month, Europe suffered fewer publicly disclosed security incidents than in February, but more than double the number of known records breached.

The number of incidents appears particularly low against the global figures. This is largely due to 2 outliers: 916 misconfigured Google Firebase websites, and thousands of compromised Ray servers.

Note that we logged the compromised Ray servers as ‘multiple’ countries. As such, they aren’t accounted for in this European report, but some of those servers are likely in Europe.

Europe also saw two outlier events this month, both in France:

  1. A France Travail incident, leading to 43 million individuals’ data breached.
  2. A 36-million-record listing on a hacking forum, allegedly* belonging to MX3 Nutrition.

*The threat actor provided a sample.

Data Breach Dashboard

For a quick, one-page overview of this month’s findings, check out our Data Breach Dashboard:

Note: The global figures under ‘Key incident metrics’ have excluded two outlier events this month – 916 misconfigured Google Firebase instances, which exposed 124,605,664 records; and thousands of publicly exposed – and compromised – Ray servers – to prevent data skewing, and make the comparison between Europe and global as informative as possible.

This blog provides further analysis of the data we’ve collected. We also provide an annual overview and analyse the longer-term trends on our 2024 overview of publicly disclosed data breaches and cyber attacks in Europe.

You can learn more about our research methodology here.

Top 2 biggest breaches

1. France Travail breach affects 43 million

The CNIL (Commission Nationale de l’Informatique et des Libertés), the French data protection authority, reported that France Travail (formerly Pôle emploi) and Cap Emploi – the unemployment agencies – have suffered a cyber attack that exposed 43 million individuals’ data.

According to France Travail, the breached data includes names, dates of birth, email and postal addresses, telephone numbers, social security numbers and France Travail identifiers. The attack didn’t affect passwords and bank details.

Last August, Pôle emploi suffered a data breach affecting 10 million people. At the time, the security company Emsisoft attributed it to May 2023’s MOVEit Transfer breach, but removed the agency from its list of MOVEit victims the following month. It’s not known whether this breach relates to the MOVEit one.

Data breached: 43 million people’s data.

2. Threat actor allegedly leaks 36 million MX3 Nutrition records

A threat actor known as ‘Chucky’ has leaked 36 million customer records apparently belonging to MX3 Nutrition, a French sports nutrition company.

According to the hacking forum’s listing, the database includes, among other information, customers’ names, email addresses and hashed passwords.

The claim is currently unverified, but the listing included samples.

Data breached: 36 million records.

Breached countries

This month, the following countries suffered at least one publicly disclosed incident: Belgium (6), Bulgaria (1), the Channel Islands (1), Czech Republic (1), Estonia (24), France (16), Germany (12), Greece (1), Ireland (2), Italy (9), Latvia (1), Liechtenstein (2), Luxembourg (2), the Netherlands (5), Poland (2), Russia (6), Slovenia (2), Spain (3), Sweden (1), Switzerland (2), Turkey (2), the UK (20) and Ukraine (6).

Top 3 (by number of incidents)

Top 3 (by number of records)

Sector overview

For our monthly analyses, we just look at the top 3 most breached sectors in Europe by number of incidents and by known number of records breached.

We’ll provide a full sector breakdown in our annual report.

Top 3 most breached sectors (by number of incidents)

Note: To make this table as informative as possible, the percentages exclude the ‘multiple’, ‘other’ and ‘unknown’ sectors.

Top 3 most breached sectors (by number of records)

Suffered an incident?

Get FREE expert insight from Cliff Martin, head of incident response at our sister company GRCI Law, into:

  • Defence in depth, with prevention, detection and response;
  • Cyber incident response plans;
  • The different stages of incident response;
  • Staff training;
  • Internal expertise vs outsourcing;
  • Incident responder skills; and
  • Much more.

Security Spotlight

To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our free weekly newsletter: the Security Spotlight.

Every Tuesday, you’ll get a short email with:

  • Industry news, including a round-up of the week’s publicly disclosed data breaches and cyber attacks in Europe;
  • Our latest research and statistics;
  • Interviews with our experts, sharing their insights and expertise;
  • Free useful resources; and
  • Upcoming webinars.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.