We’re halfway through 2024, and already this year we’ve seen some of the largest and most damaging data breaches in recent history. And just when you think some of these hacks can’t get any worse, they actually do.
From the massive volumes of customer personal information scraped, stolen, and published online to the theft of medical data on most Americans, the worst data breaches of 2024 have already surpassed 1 billion stolen records and counting. to increase. These breaches not only affect people whose data has been irreparably exposed, but also embolden criminals who profit from their malicious cyberattacks.
Travel with us into the not-so-distant past to discover how some of the biggest security incidents of 2024 unfolded, their impact and, in some cases, how they could have been stopped.
Mysterious AT&T data leak exposed 73 million customer accounts
About three years after a hacker leaked a published sample of allegedly stolen AT&T customer data, a data breach broker in March dumped the entire cache of 73 million online customer records on a popular cybercrime forum for anyone to see. The published data included customers’ personal information, including their names, phone numbers and mailing addresses, along with some customers confirming their data was accurate.
But it wasn’t until a security researcher discovered that the exposed data contained encrypted passcodes used to access a customer’s AT&T account that the telecom giant took action. The security researcher told TechCrunch at the time that the encrypted passcodes could be easily cracked, putting some 7.6 million existing AT&T customer accounts at risk of hacking. AT&T Forces Reset of Customer Account PINs after TechCrunch alerted the company to the researcher’s findings.
A big mystery remains: AT&T still does not know how the data was leaked or where it came from.
Change Healthcare hackers stole medical data from ‘a substantial proportion’ of people in America
In 2022, the U.S. Justice Department sued health insurance giant UnitedHealth Group to block its attempted acquisition of health tech giant Change Healthcare, citing concerns that The deal would give the health care conglomerate broad access Half of Americans’ health insurance claims are due each year. The attempt to block the deal ultimately failed. Then, two years later, something much worse happened: Change Healthcare has been hacked by a prolific ransomware gang; its all-powerful banks of sensitive health data were stolen because one of the critical systems were not protected by multi-factor authentication.
The long period of downtime caused by the cyberattack lasted for weeks, causing widespread outages in hospitals, pharmacies and healthcare practices across the United States. But the consequences of the data breach are not yet fully felt, although the consequences for those affected are likely to be irreversible. UnitedHealth claims the stolen data – which he paid the pirates to get a copy — includes personal, medical and billing information on a “substantial proportion” of people in the USA.
UnitedHealth has not yet put a figure on how many people were affected by the breach. The health care giant’s chief executive, Andrew Witty, told lawmakers that The breach could affect about a third of Americansand potentially more. For now, it is simply How much Hundreds of millions of people in the United States are affected.
Synnovis ransomware attack caused widespread outages in London hospitals
A cyberattack in June on UK pathology lab Synnovis – a blood and tissue testing lab for hospitals and health services in the UK capital – caused widespread disruption to patient services for weeks. Local National Health Service authorities that rely on the lab postponed thousands of operations and procedures following the hack, prompting the declaration of a critical incident in the UK healthcare sector.
A Russia-based ransomware gang has been blamed for the cyberattack, which saw the theft of data linked to some 300 million patient interactions The data was leaked a “significant number” of years ago. Much like the data breach at Change Healthcare, the consequences for those affected are likely to be significant and long-lasting.
Some of the data has already been published online in an attempt to extort the lab into paying a ransom. Synnovis is said to have refused to pay the pirates’ $50 million ransompreventing the gang from profiting from the hack but leaving the British government is scrambling to come up with a plan in case hackers put millions of health records online.
One of the NHS trusts which runs five hospitals in London affected by the outages would not have complied with data security standards as demanded by the UK Health Service in the years leading up to the June cyberattack on Synnovis.
Ticketmaster had 560 million records stolen in Snowflake hack
A series of data thefts by cloud data giant Snowflake quickly turned into one of the most significant breaches of the year, thanks to the large amounts of data stolen from its enterprise clients.
Cybercriminals have stolen hundreds of millions of customer data from some of the world’s biggest companies, including 560 million alleged records from Ticketmaster, 79 million Advance Auto Parts records And approximately 30 million TEG records – using stolen credentials data engineers with access to their employer’s Snowflake environments. For its part, Snowflake does not require (or impose) its customers to use the security feature, which protects against intrusions that rely on stolen or reused passwords.
Mandiant, an incident response company, said around 165 Snowflake customers had data stolen of their accounts, in some cases a “significant volume of customer data.” Only a handful of the 165 companies have so far confirmed that their environments were compromised, which also includes tens of thousands of employee records from Neiman Marcus And Bank of SantanderAnd millions of student records from the Los Angeles Unified School DistrictExpect lots of Snowflake customers to show up.
