As 2024 draws to a close, it will be remembered as the year for the largest and most damaging data breach in recent history. And just when you think it can't get any worse, some of these hacks do.
From huge amounts of customers' personal information being harvested, stolen, and posted online to massive amounts of medical data being stolen covering most people in the United States, the 10 worst data breaches in 2024 The number of thefts exceeds the record of 100 million thefts and is on the rise. These breaches not only impact individuals whose data has been irretrievably exposed, but also criminals who profit from malicious cyberattacks.
Join us as we journey to the not-too-distant past to see how the biggest security incidents of 2024 happened, their impact, and in some cases, how they could have been stopped.
AT&T's data breach affects 'nearly all' of the company's customers and many more non-customers
For AT&T, 2024 was a very bad year for data security. The telecom giant has confirmed not one, but two separate data breaches in just a few months.
AT&T said in July that cybercriminals had stolen data, including phone numbers and call records, for “nearly all” of its customers, or about 110 million customers, over a six-month period in 2022, and in some cases longer. He announced that he had stolen the cash. The data was not stolen directly from AT&T's systems, but from an account at data giant Snowflake (more on that below).
The stolen AT&T data has not been made public (and one report suggests AT&T paid a ransom to the hackers to delete the stolen data), and the data itself does not include calls or text messages. Although the content is not included, “metadata” reveals who is calling. Who knows when, and in some cases, that data can be used to infer approximate location. To make matters worse, this data includes the phone numbers of non-customers who received calls from AT&T customers during that time. Releasing the data could be dangerous for people at high risk, such as victims of domestic violence.
This was AT&T's second data breach this year. In early March, the data breach broker posted a complete cache of 73 million customer records online for anyone to view on known cybercrime forums. It's been about three years since a much smaller sample was published online.
The data released included customers' personal information such as names, phone numbers, and addresses, and some customers confirmed that the data was accurate.
But it wasn't until security researchers discovered that the leaked data included encrypted passcodes used to access customers' AT&T accounts that the telecom giant took action. The security researcher told TechCrunch at the time that the encrypted passcodes could be easily cracked, potentially putting about 7.6 million existing AT&T customer accounts at risk of hijacking. AT&T forcefully reset passcodes on customers' accounts after TechCrunch alerted the company to the researchers' findings.
One big mystery remains. AT&T still doesn't know how the data was compromised or where it came from.
Change Healthcare hackers steal medical data of a 'significant percentage' of Americans
In 2022, the U.S. Department of Justice filed a lawsuit to block health insurance giant UnitedHealth Group's planned acquisition of health tech giant Change Healthcare. They feared the deal would give health care conglomerates broad access to “about half of all Americans' health insurance claims” each year. . Bids to block the deal ultimately failed. Two years later, something even worse happened. Change Healthcare was hacked by a prolific ransomware gang. One of the company's critical systems was not protected with multi-factor authentication, leading to the theft of a universal bank of sensitive health data.
The cyberattack caused extensive downtime that lasted several weeks and caused widespread outages at hospitals, pharmacies, and medical facilities across the United States. However, the aftermath of a data breach is not yet fully realized, and the impact on those affected is likely to be irreversible. UnitedHealth said the stolen data (it paid hackers to obtain a copy) included personal, medical and billing information for a “significant percentage” of people in the United States. Ta.
UnitedHealth has not yet disclosed the number of individuals affected by this breach. The healthcare giant's CEO, Andrew Whitty, told lawmakers that the breach could affect about a third of Americans, and possibly more. For now, the question is how many billions of people in the United States will be affected.
Synnovis ransomware attack causes widespread outage at hospitals across London
In June, a cyber attack on the UK pathology laboratory Synnovis, a blood and tissue testing laboratory for hospitals and health services across the UK capital, caused widespread disruption to patient services for several weeks. Local NHS bodies that rely on the institute have postponed thousands of surgeries and procedures following the hack, prompting a declaration of a major incident across the UK's health sector.
The cyber attack, which involved a Russia-based ransomware gang, allegedly stole data related to interactions with around 300 million patients dating back “to a significant number of” years. As with the data breach at Change Healthcare, the impact on those affected can be significant and lifelong.
Some of the data had already been published online in an attempt to force the lab to pay a ransom. Synobis reportedly refused to pay the hackers' $50 million ransom, and although the gang did not profit from the hack, the hackers posted millions of health records online. The British government hastened to make plans just in case.
One of the NHS trusts that runs five London hospitals affected by the blackout reportedly maintained data security standards required by the UK health service in the years leading up to the June cyberattack on Synovis. It is said that the requirements were not met.
Ticketmaster allegedly had 560 million records stolen in Snowflake hack
A series of data thefts by cloud data giant Snowflake quickly snowballed into one of the year's biggest breaches, thanks to the sheer volume of data stolen from enterprise customers.
Cybercriminals used stolen data engineer credentials to swipe hundreds of millions of customer data from the world's largest companies. This includes 560 million records from Ticketmaster, 79 million records from Advance Auto Parts, and approximately 30 million records from TEG. Employer's Snowflake environment. Snowflake, for its part, does not require (or force) customers to use security features that protect against intrusions that rely on stolen or reused passwords.
Incident response firm Mandiant said about 165 Snowflake customers had data stolen from their accounts, and in some cases “substantial amounts of customer data.” Only a handful of 165 companies have confirmed that their environments have been compromised so far, including tens of thousands of employee records at Neiman Marcus and Santander Bank, and Los Angeles Unified School District. Contains millions of student records. We expect many Snowflake customers to come forward.
Honorable Mention (Not)
Cecora has notified more than 1 million people of data loss.
US pharmaceutical giant Cencora disclosed a data breach in February involving the disclosure of patient health data obtained by Cencora through its partnerships with pharmaceutical companies. Cencora has steadfastly refused to say how many people will be affected, but well over 1 million people have been notified so far, according to a tally compiled by TechCrunch. Cencora says it has served more than 18 million patients to date.
Medi-Secure data breach affects half of Australia:
In April, a ransomware attack on prescription provider MediSecure in Australia had personal and health data stolen from nearly 13 million people, or about half of the country's population. MediSecure, which distributed prescriptions to most Australians until the end of 2023, declared bankruptcy shortly after mass theft of customer data.
Kaiser shared the health data of millions of patients with advertisers.
In April, U.S. health insurance giant Kaiser was arrested for inadvertently sharing the personal health information of 13.4 million patients, specifically their website search terms related to diagnosis and medication, with technology companies and advertisers. Revealed a data breach. Kaiser said it used tracking codes to analyze the website. The health insurance company made the incident public after several other telemedicine startups, including Cerebral, Monument, and Tempest, admitted to sharing data with advertisers.
The USPS also shared postal addresses with major technology companies.
Now, the U.S. Postal Service has been caught sharing logged-in users' addresses with advertisers like Meta, LinkedIn, and Snap using similar tracking codes provided by the companies. After TechCrunch notified the Postal Service of improper data sharing in July, the USPS removed the tracking code from its website, but the agency did not say how many individuals had their data collected. USPS has more than 62 million Informed Delivery users as of March 2024.
Evolve Bank's data breach affected fintech and startup customers.
In July, cybercriminals stole the personal information of more than 7.6 million people in a ransomware attack targeting Evolve Bank. Evolve is a banking-as-a-service giant that primarily serves fintech companies and startups, such as Affirm and Mercury. As a result, many of the individuals who were notified of a data breach had never heard of Evolve Bank or had a relationship with the company prior to the cyberattack.
Millions of SSNs stolen, national public data destroyed
The company behind data broker National Public Data suffered a massive data breach that exposed around 3 billion records affecting around 270 million people, according to various analyzes by security researchers. Several months later, in October, the company filed for Chapter 11 bankruptcy protection. The data broker gave its paying customers access to a vast database of names, dates of birth, email addresses, addresses, phone numbers, social security numbers, and more (even if all the data wasn't accurate). . The company said it needed to file for bankruptcy because it could no longer generate the revenue to deal with a slew of class-action lawsuits and growing liability from state and federal regulators.
First published on June 28th and updated on October 14th.