Technology
Biggest data breaches of 2024: 1 billion records stolen and counting
The end of 2024 is approaching – a yr that can go down in history as one of the most important and most damaging data breaches in recent history. And just once you think some of these hacks couldn’t get any worse, they do.
From vast troves of customer personal data that were stolen, stolen, and published online, to tons of medical records referring to most individuals within the United States that were stolen, the worst data breaches in 2024 have surpassed 1 billion stolen records and counting. These breaches not only affect individuals whose data has been irretrievably exposed, but in addition embolden criminals who benefit from their malicious cyberattacks.
Travel with us into the recent past to see how some of the largest security incidents of 2024 happened, what their impact was and, in some cases, they might have been stopped.
AT&T’s data breaches affect “almost all” of its customers and many more non-customers
For AT&T, 2024 was a really bad yr for data security. The telecommunications giant confirmed not one, but two separate data breaches inside just a few months of one another.
In July, AT&T said cybercriminals had stolen a data cache containing the phone numbers and call records of “almost all” of its customers, or about 110 million people, over a six-month period in 2022 and in some cases longer. The data wasn’t stolen directly from AT&T’s systems, but from an account she had with data giant Snowflake (more on that later).
Although the stolen AT&T data is just not public (i.e one report suggests that AT&T paid a ransom to hackers to delete stolen data), and the data itself doesn’t contain the content of calls or text messages, the “metadata” still reveals who called whom and when, and in some cases the data will be used to find out approximate location. Worse still, the data includes the phone numbers of non-customers that AT&T customers called during that point. Making data public could also be dangerous for people belonging to the next risk group, e.g. individuals who have experienced domestic violence.
This was AT&T’s second data breach this yr. In early March, the data breach broker placed a full cache of 73 million customer records online on a distinguished cybercrime forum for anyone to see, about three years after a much smaller sample appeared online.
The data published included customers’ personal information, including names, telephone numbers and postal addresses, and some customers confirmed that their details were accurate.
However, the telecom giant only took motion after a security researcher discovered that the leaked data included encrypted passwords used to access the shopper’s AT&T account. A security researcher told TechCrunch on the time that encrypted passwords may very well be easily decrypted, putting roughly 7.6 million existing AT&T customer accounts in danger of being compromised. AT&T forced password resets on its customer accounts after TechCrunch alerted the corporate to the researcher’s findings.
One big mystery stays: AT&T still doesn’t know the way the data leaked or where it got here from.
Hackers from Change Healthcare stole medical data from a “significant portion” of the American population
In 2022, the US Department of Justice sued medical health insurance giant UnitedHealth Group to dam its attempted takeover of health tech giant Change Healthcare, fearing that the deal would give the healthcare conglomerate broad access to about “half of all Americans’ health insurance claims” every year. The try and block the transaction ultimately failed. Then, two years later, something much worse happened: an influential ransomware gang hacked Change Healthcare; its massive banks of sensitive health data were stolen because one of the corporate’s key systems was not protected by multi-factor authentication.
Long outages brought on by the cyberattack continued for weeks, causing widespread outages at hospitals, pharmacies and doctor’s offices across the United States. However, the consequences of a data breach will not be yet fully understood, although the results for those affected will likely be irreversible. UnitedHealth says the stolen data – which it paid hackers to repeat – includes personal, medical and billing information for a “significant portion” of U.S. residents.
UnitedHealth has not yet released the number of people affected by the breach. The health care giant’s chief executive, Andrew Witty, told lawmakers the breach could affect a couple of third of Americans, and potentially more. For now, the purpose is that it only affects lots of of thousands and thousands of people within the US.
The Synnovis ransomware attack caused widespread outages in hospitals across London
A June cyberattack on British pathology laboratory Synnovis – a blood and tissue testing laboratory for hospitals and healthcare facilities across the UK capital – caused widespread disruption to patient services for weeks. Local National Health Service trusts that depend on the laboratory postponed hundreds of surgeries and procedures after the breach, prompting the declaration of a critical incident within the UK health sector.
A Russian ransomware gang was blamed for the cyberattack theft of data related to roughly 300 million patient interactions from a “significant number” of years ago. As with the Change Healthcare data breach, the results for those affected are more likely to be significant and lasting.
Some of the data has already been published online in an try and force the lab to pay a ransom. According to Synnovis reports refused to pay the hackers a ransom of $50 millionstopping the gang from making the most of the break-in, but leaving it behind the UK government is working on a plan in case hackers put thousands and thousands of medical records online.
One of the affected NHS trusts, which runs five hospitals across London, reportedly failed to fulfill data security standards required by the NHS within the years leading as much as the June cyber attack on Synnovis.
560 million records were allegedly stolen within the Snowflake Ticketmaster hack
A series of data thefts from cloud data giant Snowflake quickly escalated into one of the largest breaches of the yr, with massive amounts of data stolen from corporate customers.
Cybercriminals have stolen lots of of thousands and thousands of customer data from some of the world’s largest corporations, including: alleged 560 million records from Ticketmaster, 79 million records from Advance Auto Parts and roughly 30 million records from TEG – using stolen credentials of data engineers with access to their employers’ Snowflake environments. For its part, Snowflake doesn’t require (or force) its customers to make use of a security feature that protects against hacks involving stolen or reused passwords.
Incident response firm Mandiant said about 165 Snowflake customers had their data stolen and, in some cases, “significant amounts of customer data.” So far, only a handful of 165 corporations have confirmed that their environments were breached, which also includes tens of hundreds of worker data from Neiman Marcus AND Bank SantanderAND (*1*)thousands and thousands of records about Los Angeles Unified School District students. Expect lots of Snowflake customers to come back forward.
(Im)honorable mentions
Cencora notifies over 1,000,000 and still counts that it has lost their data:
US pharmaceutical giant Cencora disclosed a February data breach involving compromise of patient health data. Cencora obtained this information through cooperation with drug manufacturers. Cencora steadfastly refuses to say how many individuals have been affected, but TechCrunch calculations show that well over 1,000,000 people have been notified up to now. Cencora says it has served greater than 18 million patients up to now.
MediSecure data breach affects half of Australia:
Nearly 13 million people in Australia – roughly half the country’s population – have had their personal and health information stolen ransomware attack on prescription drug supplier MediSecure in April. MediSecure, which was distributing prescriptions to most Australians by the tip of 2023, declared insolvency shortly after the large theft of customer data.
Kaiser has made the health data of thousands and thousands of patients available to advertisers:
U.S. medical health insurance giant Kaiser disclosed a data breach in April after it inadvertently shared the private health information of 13.4 million patients, particularly search terms on web sites about diagnoses and medications, with technology corporations and advertisers. Kaiser stated that it used their tracking code for website analytics. The medical health insurance provider disclosed the incident within the wake of several other telehealth startups corresponding to Cerebral, Monument and Tempest admitting that they, too, had shared data with advertisers.
USPS also shared its mailing address with tech giants:
Then got here the U.S. Postal Service, which was caught sharing logged-in users’ mailing addresses with advertisers like Meta, LinkedIn and Snap, using the same tracking code provided by those corporations. USPS removed the tracking code from its website after TechCrunch alerted the Postal Service in July to the improper sharing of data, however the agency didn’t say how many individuals collected the data. As of March 2024, USPS has over 62 million Informed Delivery users.
Evolve Bank data breach affected fintech clients and startups:
In July, cybercriminals stole the private data of over 7.6 million people in a ransomware attack against Evolve Bank. Evolve is a banking services giant that mainly serves fintech corporations and startups corresponding to Affirm and Mercury. As a result, many individuals notified in regards to the data breach had never heard of Evolve Bank, let alone interacted with the corporate, before the cyberattack.
National public records bankrupt after thousands and thousands of SSNs stolen
The company behind data broker National Public Data filed for Chapter 11 bankruptcy protection in October, based on various analyzes by security researchers, months after an enormous data breach exposed about three billion records referring to roughly 270 million people. The data broker allowed its paying customers access to extensive databases containing names, dates of birth, email and postal addresses, phone numbers and social security numbers (even when not all of the data was accurate). The company said it needed to file for bankruptcy since it could now not generate enough revenue to deal with the deluge of class motion lawsuits and growing liability from state and federal regulators.
.
Technology
US medical device giant Artivion says hackers stole files during a cybersecurity incident
Artivion, a medical device company that produces implantable tissue for heart and vascular transplants, says its services have been “disrupted” resulting from a cybersecurity incident.
In 8-K filing In an interview with the SEC on Monday, Georgia-based Artivion, formerly CryoLife, said it became aware of a “cybersecurity incident” that involved the “compromise and encryption” of information on November 21. This suggests that the corporate was attacked by ransomware, but Artivion has not yet confirmed the character of the incident and didn’t immediately reply to TechCrunch’s questions. No major ransomware group has yet claimed responsibility for the attack.
Artivion said it took some systems offline in response to the cyberattack, which the corporate said caused “disruptions to certain ordering and shipping processes.”
Artivion, which reported third-quarter revenue of $95.8 million, said it didn’t expect the incident to have a material impact on the corporate’s funds.
Technology
It’s a Raspberry Pi 5 in a keyboard and it’s called Raspberry Pi 500
Manufacturer of single-board computers Raspberry Pi is updating its cute little computer keyboard device with higher specs. Named Raspberry Pi500This successor to the Raspberry Pi 400 is just as powerful as the present Raspberry Pi flagship, the Raspberry Pi 5. It is on the market for purchase now from Raspberry Pi resellers.
The Raspberry Pi 500 is the simplest method to start with the Raspberry Pi because it’s not as intimidating because the Raspberry Pi 5. When you take a look at the Raspberry Pi 500, you do not see any chipsets or PCBs (printed circuit boards). The Raspberry Pi is totally hidden in the familiar housing, the keyboard.
The idea with the Raspberry Pi 500 is you could connect a mouse and a display and you are able to go. If, for instance, you’ve got a relative who uses a very outdated computer with an outdated version of Windows, the Raspberry Pi 500 can easily replace the old PC tower for many computing tasks.
More importantly, this device brings us back to the roots of the Raspberry Pi. Raspberry Pi computers were originally intended for educational applications. Over time, technology enthusiasts and industrial customers began using single-board computers all over the place. (For example, when you’ve ever been to London Heathrow Airport, all of the departures and arrivals boards are there powered by Raspberry Pi.)
Raspberry Pi 500 draws inspiration from the roots of the Raspberry Pi Foundation, a non-profit organization. It’s the right first computer for college. In some ways, it’s a lot better than a Chromebook or iPad because it’s low cost and highly customizable, which inspires creative pondering.
The Raspberry Pi 500 comes with a 32GB SD card that comes pre-installed with Raspberry Pi OS, a Debian-based Linux distribution. It costs $90, which is a slight ($20) price increase over the Raspberry Pi 400.
Only UK and US keyboard variants will probably be available at launch. But versions with French, German, Italian, Japanese, Nordic and Spanish keyboard layouts will probably be available soon. And when you’re in search of a bundle that features all the things you would like, Raspberry Pi also offers a $120 desktop kit that features the Raspberry Pi 500, a mouse, a 27W USB-C power adapter, and a micro-HDMI to HDMI cable.
In other news, Raspberry Pi has announced one other recent thing: the Raspberry Pi monitor. It is a 15.6-inch 1080p monitor that’s priced at $100. Since there are quite a few 1080p portable monitors available on the market, this launch is not as noteworthy because the Pi 500. However, for die-hard Pi fans, there’s now also a Raspberry Pi-branded monitor option available.
Technology
Apple Vision Pro may add support for PlayStation VR controllers
According to Apple, Apple desires to make its Vision Pro mixed reality device more attractive for gamers and game developers latest report from Bloomberg’s Mark Gurman.
The Vision Pro was presented more as a productivity and media consumption device than a tool geared toward gamers, due partly to its reliance on visual and hand controls moderately than a separate controller.
However, Apple may need gamers if it desires to expand the Vision Pro’s audience, especially since Gurman reports that lower than half one million units have been sold to this point. As such, the corporate has reportedly been in talks with Sony about adding support for PlayStation VR2 handheld controllers, and has also talked to developers about whether they may support the controllers of their games.
Offering more precise control, Apple may also make other forms of software available in Vision Pro, reminiscent of Final Cut Pro or Adobe Photoshop.
-
Press Release8 months ago
CEO of 360WiSE Launches Mentorship Program in Overtown Miami FL
-
Press Release8 months ago
U.S.-Africa Chamber of Commerce Appoints Robert Alexander of 360WiseMedia as Board Director
-
Business and Finance6 months ago
The Importance of Owning Your Distribution Media Platform
-
Business and Finance9 months ago
360Wise Media and McDonald’s NY Tri-State Owner Operators Celebrate Success of “Faces of Black History” Campaign with Over 2 Million Event Visits
-
Ben Crump8 months ago
Another lawsuit accuses Google of bias against Black minority employees
-
Theater9 months ago
Telling the story of the Apollo Theater
-
Ben Crump9 months ago
Henrietta Lacks’ family members reach an agreement after her cells undergo advanced medical tests
-
Ben Crump9 months ago
The families of George Floyd and Daunte Wright hold an emotional press conference in Minneapolis