We’re already more than halfway through 2024, and this year we’ve seen some of the biggest and most damaging data breaches in recent history. And just when you think some of these hacks can’t get any worse, they do.
From vast stores of customers’ personal information being scraped, stolen, and posted online, to troves of medical data covering most people in the United States being stolen, the worst data breaches of 2024 so far have already surpassed at least 1 billion stolen records and counting. These breaches not only affect the individuals whose data was completely exposed, but also embolden criminals who profit from their malicious cyber attacks.
Take a trip back in time with us and see how some of the biggest security incidents of 2024 happened, what their impact was, and in some cases, how they could have been prevented.
Mysterious AT&T data leak exposes 73 million customer accounts
Nearly three years after hackers first published samples of allegedly stolen AT&T customer data, a data breach broker in March put the full cache of 73 million customer records online on a known cybercrime forum for anyone to view. The published data included customers’ personal information, including names, phone numbers and mailing addresses, with some customers confirming their data was accurate.
But the telecom giant didn’t take any action until a security researcher discovered that the exposed data included encrypted passcodes used to access customer’s AT&T accounts. The security researcher told TechCrunch at the time that encrypted passcodes could be easily unscrambled, putting about 7.6 million existing AT&T customer accounts at risk of being compromised. AT&T forcibly reset its customers’ account passcodes after TechCrunch alerted the company to the researcher’s findings.
One big mystery still remains: AT&T still doesn’t know how the data was leaked or where it came from.
Healthcare hackers stole medical data of “largely” people in the US
In 2022, the US Justice Department sued health insurance giant UnitedHealth Group to stop its attempt to acquire health tech giant Change Healthcare, fearing the deal would give the healthcare conglomerate sweeping access to “half of all Americans’ health insurance claims” each year. The attempt to stop the deal ultimately failed. Then, two years later, something even worse happened: Change Healthcare was hacked by a prolific ransomware gang; its vast banks of sensitive health data were stolen because one of the company’s critical systems was not secured with multi-factor authentication.
The cyberattack led to weeks of prolonged downtime, causing widespread disruption to hospitals, pharmacies and healthcare establishments across the US. But the aftermath of the data theft is yet to be fully known, although the consequences for those affected are likely to be irreversible. UnitedHealth says the stolen data – which it paid the hackers to obtain a copy of – includes personal, medical and billing information on a “substantial proportion” of people in the United States.
UnitedHealth has not yet released a number on how many people have been affected by the breach. Andrew Witty, the healthcare giant’s chief executive, told lawmakers that the breach may have affected about a third of Americans, and possibly more. For now, that’s just a question How many? Crores of people in America are affected by this.
Synovis ransomware attack causes widespread disruption to London hospitals
In June, a cyber attack hit UK pathology lab Synovis – a blood and tissue testing lab for hospitals and healthcare services in the UK capital – causing widespread disruption to patient services for several weeks. Local National Health Service trusts that rely on the lab postponed thousands of operations and procedures following the hack, leading to a critical incident being declared across the UK healthcare sector.
The cyberattack blamed on a Russia-based ransomware gang stole data relating to nearly 300 million patient interactions dating back “a considerable number” of years. Like the data breach at Change Healthcare, the consequences for those affected are likely to be significant and life-long.
Some of the data had already been published online in an attempt to extort ransom from the lab. Synovis reportedly refused to pay the hackers’ $50 million ransom, preventing the gang from profiting from the hack, but the U.K. government faced trouble in coming up with a plan in case hackers posted millions of health records online.
One of the NHS trusts that runs five hospitals in London affected by the power cuts reportedly failed to meet data security standards expected by the UK health service in the years before the cyberattack on Synovis in June.
Ticketmaster’s alleged 560 million records stolen in Snowflake hack
A series of data thefts from cloud data giant Snowflake soon turned into one of the biggest thefts of the year, thanks to the massive amount of data stolen from its corporate customers.
Cybercriminals stole hundreds of millions of customer data from some of the world’s largest companies – including a reported 560 million records from Ticketmaster, 79 million records from Advance Auto Parts and nearly 30 million records from TEG – using stolen credentials of data engineers who had access to their employer’s Snowflake environments. For its part, Snowflake does not require (or force) its customers to use a security feature that protects against intrusions that rely on stolen or reused passwords.
Incident response firm Mandiant said data was stolen from the accounts of about 165 Snowflake customers, in some cases “significant amounts of customer data.” Only a handful of the 165 companies have so far confirmed that their environments were compromised, including thousands of employee records at Neiman Marcus and Santander Bank and millions of student records at the Los Angeles Unified School District. Many of Snowflake’s customers are expected to come forward.
