We're halfway through 2024, but this year has already seen some of the largest and most damaging data breaches in recent history. And just when you thought these hacks couldn't get any worse, they do.
From untold amounts of personal customer information being scraped, stolen and posted online to the mass theft of medical data for most people in the United States, the worst data breaches to date in 2024 have already seen at least a billion records stolen and counting. These breaches not only impact the individuals whose data has been irretrievably compromised, but they also embolden criminals who profit from malicious cyberattacks.
Take a journey with us into the not-too-distant past to see how some of the biggest security incidents of 2024 happened, what impact they had, and in some cases, how they could have been prevented.
AT&T's data breach affected “almost all” of the company's customers, as well as many more non-customers.
2024 has been a very bad year for data security for AT&T, as the telecommunications giant confirmed not one but two data breaches just a few months apart.
AT&T said in July that cybercriminals had stolen a cache of data including phone numbers and call records for “almost all” of its customers — roughly 110 million people — over a six-month period and possibly longer in 2022. The data wasn't stolen directly from AT&T's systems, but rather from an account at data giant Snowflake (more on that below).
While the stolen AT&T data has not been made public (one report said AT&T paid a ransom to have the hackers delete the stolen data), and the data itself does not include the contents of calls or text messages, the “metadata” still reveals who called whom and when, and in some cases the data can be used to infer approximate locations. Worse yet, the data also includes the phone numbers of non-customers who received calls from AT&T customers during that time. If that data were made public, it could be dangerous for high-risk individuals, such as victims of domestic violence.
This is AT&T's second data breach this year: Earlier in March, a data breach broker leaked a complete cache of 73 million customer records online for anyone to see on a popular cybercrime forum, nearly three years after a much smaller sample was leaked online.
The exposed data included personal information about customers, such as names, phone numbers and postal codes, and some customers confirmed that the data was accurate.
But it wasn't until a security researcher discovered that the leaked data included encrypted passcodes used to access customers' AT&T accounts that the telecommunications giant took action. At the time, the security researcher told TechCrunch that the encrypted passcodes were easily cracked, putting approximately 7.6 million existing AT&T customer accounts at risk of being compromised. After TechCrunch reported the researcher's findings to the company, AT&T forced a reset of customer account passcodes.
One big mystery remains: AT&T still doesn't know how the data was leaked or where it came from.
Change Healthcare hackers stole medical data from a “significant percentage” of Americans
In 2022, the US Department of Justice sued health insurance giant UnitedHealth Group to block its acquisition of health tech giant Change Healthcare, fearing that the acquisition would give the health care conglomerate broad access to “roughly half of all Americans' health insurance claims” each year. The attempt to block the acquisition ultimately failed. And two years later, something even worse happened: Change Healthcare was hacked by a gang that heavily uses ransomware. One of the company's critical systems wasn't protected by multi-factor authentication, leading to the theft of an all-purpose bank of sensitive medical data.
The cyberattack caused extended downtime lasting weeks and caused widespread power outages at hospitals, pharmacies, and healthcare facilities across the U.S. But while the full impact of the data breach is yet to be fully determined, the impact on those affected is likely to be irreversible. UnitedHealth said the stolen data, which it paid hackers to obtain a copy of, included personal, medical, and billing information for a “significant proportion” of Americans.
UnitedHealth has not yet released figures on how many individuals were affected by the breach. The health care giant's CEO, Andrew Whitty, told lawmakers that the breach affected about a third of Americans, and that the number could be higher. For now, the question is how many hundreds of millions of people in the US are affected.
Synnovis ransomware attack causes widespread outages at hospitals across London
In June, a cyber attack hit the UK pathology lab Synnovis, a blood and tissue testing laboratory serving hospitals and the health service in the UK capital, causing widespread disruption to patient services for several weeks. A local National Health Service trust that relies on the lab postponed thousands of surgeries and procedures after the hack, and a major incident was declared across the UK healthcare sector.
The cyberattack, which involved the theft of data on around 300 million patient interactions going back many years, was allegedly carried out by a Russia-based ransomware gang and, as with the Change Healthcare data breach, the impacts on those affected are likely to be severe and lifelong.
Some of the data had already been published online in an attempt to force the lab to pay a ransom. Synobius reportedly refused to pay the hackers' $50 million ransom, preventing them from profiting from the hack, but the UK government is scrambling to figure out what to do if hackers post millions of medical records online.
One of the NHS trusts that runs five hospitals across London affected by the outage reportedly had not met data security standards required by the UK Health Service for several years leading up to the Synnovis cyberattack in June.
Ticketmaster allegedly had 560 million records stolen in Snowflake hack
A series of data thefts at cloud data giant Snowflake has quickly escalated into one of the biggest data breaches this year, with massive amounts of data stolen from corporate customers.
Cybercriminals used stolen credentials from a data engineer with access to their employer's Snowflake environment to steal hundreds of millions of customer records from some of the world's largest companies, including 560 million records from Ticketmaster, 79 million from Advance Auto Parts, and nearly 30 million from TEG. Snowflake did not require (or enforce) its customers to use security features that would have prevented intrusions using stolen or reused passwords.
Incident response firm Mandiant said data was stolen from the accounts of about 165 Snowflake customers, including in some cases “significant amounts of customer data.” Of the 165, only a few have admitted so far that their environments were compromised, including tens of thousands of employee records from Neiman Marcus and Santander Bank, and millions of student records from the Los Angeles Unified School District. Many of Snowflake's customers are expected to come forward.