We’re already halfway through 2024, and already this yr we have seen some of the biggest, most damaging data breaches in recent memory. And just while you think some of these hacks couldn’t get any worse, they do occur.

From vast troves of customer personal data which were stolen, stolen and posted online, to tons of medical records regarding most individuals within the United States which were stolen, the worst data breaches of 2024 have already surpassed not less than 1 billion stolen records, and this number is growing. These breaches not only affect individuals whose data has been irretrievably exposed, but in addition embolden criminals who take advantage of their malicious cyberattacks.

Travel with us to the recent past to see how the largest security incidents of 2024 occurred, what their impact was, and in some cases, how they might have been prevented.

Mysterious AT&T data breach exposes 73 million customer accounts

About three years after a hacker released a printed sample of allegedly stolen AT&T customer data, the info breach broker in March put its entire cache of 73 million customer records online on a distinguished cybercrime forum for anyone to see. The data published included customers’ personal information, including names, telephone numbers and mailing addresses, and some customers confirmed that their details were accurate.

However, the telecom giant only took motion after a security researcher discovered that the leaked data included encrypted passwords used to access the client’s AT&T account. A security researcher told TechCrunch on the time that encrypted passwords may very well be easily decrypted, putting roughly 7.6 million existing AT&T customer accounts in danger of being compromised. AT&T forced password resets on its customer accounts after TechCrunch notified the corporate of the researcher’s findings.

One big mystery stays unsolved: AT&T still doesn’t understand how the info was leaked or where it got here from.

Change Healthcare hackers stole medical data from a “significant portion” of people in America

In 2022, the U.S. Department of Justice sued medical health insurance giant UnitedHealth Group to dam its attempted takeover of health tech giant Change Healthcare, fearing that the transaction would give the healthcare conglomerate broad access to about “half of all Americans’ health insurance claims” annually. The try to block the transaction ultimately failed. Then, two years later, something much worse happened: An influential ransomware gang hacked Change Healthcare; its massive banks of sensitive health data were stolen because one of the corporate’s key systems wasn’t protected with multi-factor authentication.

The cyberattack’s lengthy outages dragged on for weeks, causing widespread disruptions to hospitals, pharmacies and healthcare facilities across the United States. But the complete impact of the info breach has yet to be realized, although the implications for those affected are more likely to be irreversible. UnitedHealth says the stolen data — which it paid hackers to repeat — includes personal, medical and billing information for a “significant portion” of people within the United States.

UnitedHealth has not yet said how many individuals were affected by the breach. The health giant’s CEO, Andrew Witty, told lawmakers that the breach could affect a few third of Americans, and potentially more. For now, it says it only affects tons of of hundreds of thousands of people within the U.S.

The Synnovis ransomware attack caused widespread outages in hospitals across London

A June cyberattack on UK pathology laboratory Synnovis – a blood and tissue testing laboratory for hospitals and healthcare facilities across the UK – caused widespread disruption to patient services for weeks. Local National Health Service trusts that depend on the laboratory postponed 1000’s of surgeries and procedures after the breach, prompting the declaration of a critical incident within the UK health sector.

The cyberattack was blamed on a Russian-based ransomware gang that led to theft of data related to roughly 300 million patient interactions from a “significant number” of years ago. As with the Change Healthcare data breach, the implications for those affected are more likely to be significant and lasting.

Some of the info has already been published online to be able to force the laboratory to pay a ransom. Synnovis apparently refused to pay the hackers a ransom of $50 millionstopping the gang from cashing in on the break-in but leaving it UK government searching for plan in case hackers put hundreds of thousands of medical records online.

One of the NHS trusts that manages five hospitals in London affected by the outages reportedly failed to fulfill data security standards required by the NHS before the June cyberattack on Synnovis.

560 million records were allegedly stolen within the Snowflake Ticketmaster hack

A series of data thefts from cloud data giant Snowflake quickly was one of the largest breaches of the yr, with massive amounts of data stolen from corporate customers.

Cybercriminals have stolen tons of of hundreds of thousands of customer data from some of the world’s largest corporations, including alleged 560 million records from Ticketmaster, 79 million records from Advance Auto Parts and roughly 30 million records from TEG – using stolen credentials of data engineers with access to their employers’ Snowflake environments. Snowflake, for its part, doesn’t require (or force) its customers to make use of a security feature that protects against hacks that depend on stolen or reused passwords.

Incident response firm Mandiant said about 165 Snowflake customers had their accounts stolen, and in some cases, “a significant amount of customer data.” So far, only a handful of the 165 corporations have confirmed that their environments were breached, which also includes tens of 1000’s of worker data from Neiman Marcus AND Bank SantanderAND (*1*)hundreds of thousands of Los Angeles Unified School District student recordsYou can expect many Snowflake customers to come back forward.