We’re more than halfway through 2024, and already this year we’ve seen some of the biggest and most damaging data breaches in recent history. And just when you think some of these hacks can’t get any worse, they do.
From vast amounts of personal customer information being extracted, stolen, and published online to the theft of vast amounts of medical data for the majority of individuals in the United States, the worst data breaches of 2024 to date have already surpassed at least one billion stolen records and the number continues to rise. These breaches not only affect the individuals whose data was irreparably exposed, but they also embolden the criminals who profit from their malicious cyberattacks.
Travel with us to the not-so-distant past to see how some of the biggest security incidents of 2024 occurred, their impact, and in some cases, how they could have been stopped.
AT&T’s mysterious data breach exposed 73 million customer accounts
About three years after a hacker mocked a published sample of allegedly stolen AT&T customer data, a data breach agent dumped the entire cache of 73 million customer records online in March on a well-known crime forum. cyber so that anyone could see them. The published data included personal information of customers, including names, telephone numbers and postal addresses, with Some customers confirmed that their data was accurate.
But it wasn’t until a security researcher discovered that the exposed data contained encrypted passwords used to access an AT&T customer’s account that the telecom giant took action. The security researcher told TechCrunch at the time that the encrypted passwords could easily be cracked, putting some 7.6 million existing AT&T customer accounts at risk of being hijacked. AT&T forces customer account password resets after TechCrunch alerted the company to the researcher’s findings.
One big mystery remains: AT&T still You don’t know how the data was leaked or where it came from.
Change Healthcare hackers stole medical data from a “substantial proportion” of people in the United States
In 2022, the US Department of Justice sued health insurance giant UnitedHealth Group to block its attempt to acquire health technology giant Change Healthcare, fearing that The deal would give the healthcare conglomerate broad access to about “half of all Americans’ health insurance claims” each year. The attempt to block the deal ultimately failed. Then, two years later, something much worse happened: Change Healthcare was hacked by a prolific ransomware gang; their powerful confidential health data banks were stolen because one of the Critical systems were not protected with multi-factor authentication.
The long downtime caused by the cyberattack lasted for weeks, causing widespread outages in hospitals, pharmacies and healthcare offices throughout the United States. But the consequences of the data breach are not yet fully understood, although the consequences for those affected are likely to be irreversible. UnitedHealth says the stolen data, which Paid hackers to get a copy — includes personal, medical and billing information in a “substantial proportion” of people in the U.S.
UnitedHealth has yet to give a figure for how many people were affected by the breach. The healthcare giant’s chief executive, Andrew Witty, told lawmakers that Rape could affect about a third of Americansand potentially more. For now, it’s just a matter of how many Hundreds of millions of people in the United States are affected.
Synnovis ransomware attack caused widespread outages at hospitals across London
In June, a cyberattack on the Synnovis pathology laboratory – a blood and tissue testing laboratory for hospitals and health services in the UK capital – led to widespread disruption to patient services for weeks. Local NHS trusts that rely on the laboratory postponed thousands of operations and procedures following the attack, leading to a critical incident being declared across the UK healthcare sector.
A Russia-based ransomware gang was blamed for the cyberattack, which saw data theft related to some 300 million patient interactions It goes back a “significant number” of years. Like the Change Healthcare data breach, the ramifications for those affected are likely significant and lifelong.
Some of the data was already posted online in an effort to extort the lab into paying a ransom. Synnovis supposedly refused to pay hackers’ $50 million ransompreventing the gang from profiting from the hack but leaving The UK government is fighting for a plan. in case hackers posted millions of medical records online.
One of the NHS trusts that runs five hospitals in London affected by the cuts allegedly failed to meet data security standards as demanded by the UK health service in the years leading up to the June cyberattack on Synnovis.
Ticketmaster Allegedly Had 560 Million Registrations Stolen in Snowflake Hack
A series of data thefts from cloud data giant Snowflake quickly became one of the biggest breaches of the year, thanks to the vast amounts of data stolen from its corporate customers.
Cybercriminals stole hundreds of millions of customer data from some of the world’s largest companies, including an alleged 560 million Ticketmaster registrations, 79 million Advance Auto Parts records and about 30 million TEG records – through the use stolen credentials of data engineers with access to their employers’ Snowflake environments. For its part, Snowflake does not require (or force) its customers to use the security feature, which protects against intrusions based on stolen or reused passwords.
Incident response company Mandiant said About 165 Snowflake customers had data stolen of their accounts, in some cases, a “significant volume of customer data.” So far, only a handful of the 165 companies have confirmed that their environments were compromised, which also includes tens of thousands of employee records from Neiman Marcus and Santander Bankand Millions of student records in the Los Angeles Unified School District. Expect plenty of Snowflake customers to show up.