Connect with us

Technology

Biggest data breaches of 2024: 1 billion records stolen and counting

Published

on

The end of 2024 is approaching – a yr that can go down in history as one of the most important and most damaging data breaches in recent history. And just once you think some of these hacks couldn’t get any worse, they do.

From vast troves of customer personal data that were stolen, stolen, and published online, to tons of medical records referring to most individuals within the United States that were stolen, the worst data breaches in 2024 have surpassed 1 billion stolen records and counting. These breaches not only affect individuals whose data has been irretrievably exposed, but in addition embolden criminals who benefit from their malicious cyberattacks.

Travel with us into the recent past to see how some of the largest security incidents of 2024 happened, what their impact was and, in some cases, they might have been stopped.

AT&T’s data breaches affect “almost all” of its customers and many more non-customers

For AT&T, 2024 was a really bad yr for data security. The telecommunications giant confirmed not one, but two separate data breaches inside just a few months of one another.

In July, AT&T said cybercriminals had stolen a data cache containing the phone numbers and call records of “almost all” of its customers, or about 110 million people, over a six-month period in 2022 and in some cases longer. The data wasn’t stolen directly from AT&T’s systems, but from an account she had with data giant Snowflake (more on that later).

Although the stolen AT&T data is just not public (i.e one report suggests that AT&T paid a ransom to hackers to delete stolen data), and the data itself doesn’t contain the content of calls or text messages, the “metadata” still reveals who called whom and when, and in some cases the data will be used to find out approximate location. Worse still, the data includes the phone numbers of non-customers that AT&T customers called during that point. Making data public could also be dangerous for people belonging to the next risk group, e.g. individuals who have experienced domestic violence.

This was AT&T’s second data breach this yr. In early March, the data breach broker placed a full cache of 73 million customer records online on a distinguished cybercrime forum for anyone to see, about three years after a much smaller sample appeared online.

The data published included customers’ personal information, including names, telephone numbers and postal addresses, and some customers confirmed that their details were accurate.

However, the telecom giant only took motion after a security researcher discovered that the leaked data included encrypted passwords used to access the shopper’s AT&T account. A security researcher told TechCrunch on the time that encrypted passwords may very well be easily decrypted, putting roughly 7.6 million existing AT&T customer accounts in danger of being compromised. AT&T forced password resets on its customer accounts after TechCrunch alerted the corporate to the researcher’s findings.

One big mystery stays: AT&T still doesn’t know the way the data leaked or where it got here from.

Hackers from Change Healthcare stole medical data from a “significant portion” of the American population

In 2022, the US Department of Justice sued medical health insurance giant UnitedHealth Group to dam its attempted takeover of health tech giant Change Healthcare, fearing that the deal would give the healthcare conglomerate broad access to about “half of all Americans’ health insurance claims” every year. The try and block the transaction ultimately failed. Then, two years later, something much worse happened: an influential ransomware gang hacked Change Healthcare; its massive banks of sensitive health data were stolen because one of the corporate’s key systems was not protected by multi-factor authentication.

Long outages brought on by the cyberattack continued for weeks, causing widespread outages at hospitals, pharmacies and doctor’s offices across the United States. However, the consequences of a data breach will not be yet fully understood, although the results for those affected will likely be irreversible. UnitedHealth says the stolen data – which it paid hackers to repeat – includes personal, medical and billing information for a “significant portion” of U.S. residents.

UnitedHealth has not yet released the number of people affected by the breach. The health care giant’s chief executive, Andrew Witty, told lawmakers the breach could affect a couple of third of Americans, and potentially more. For now, the purpose is that it only affects lots of of thousands and thousands of people within the US.

The Synnovis ransomware attack caused widespread outages in hospitals across London

A June cyberattack on British pathology laboratory Synnovis – a blood and tissue testing laboratory for hospitals and healthcare facilities across the UK capital – caused widespread disruption to patient services for weeks. Local National Health Service trusts that depend on the laboratory postponed hundreds of surgeries and procedures after the breach, prompting the declaration of a critical incident within the UK health sector.

A Russian ransomware gang was blamed for the cyberattack theft of data related to roughly 300 million patient interactions from a “significant number” of years ago. As with the Change Healthcare data breach, the results for those affected are more likely to be significant and lasting.

Some of the data has already been published online in an try and force the lab to pay a ransom. According to Synnovis reports refused to pay the hackers a ransom of $50 millionstopping the gang from making the most of the break-in, but leaving it behind the UK government is working on a plan in case hackers put thousands and thousands of medical records online.

One of the affected NHS trusts, which runs five hospitals across London, reportedly failed to fulfill data security standards required by the NHS within the years leading as much as the June cyber attack on Synnovis.

560 million records were allegedly stolen within the Snowflake Ticketmaster hack

A series of data thefts from cloud data giant Snowflake quickly escalated into one of the largest breaches of the yr, with massive amounts of data stolen from corporate customers.

Cybercriminals have stolen lots of of thousands and thousands of customer data from some of the world’s largest corporations, including: alleged 560 million records from Ticketmaster, 79 million records from Advance Auto Parts and roughly 30 million records from TEG – using stolen credentials of data engineers with access to their employers’ Snowflake environments. For its part, Snowflake doesn’t require (or force) its customers to make use of a security feature that protects against hacks involving stolen or reused passwords.

Incident response firm Mandiant said about 165 Snowflake customers had their data stolen and, in some cases, “significant amounts of customer data.” So far, only a handful of 165 corporations have confirmed that their environments were breached, which also includes tens of hundreds of worker data from Neiman Marcus AND Bank SantanderAND (*1*)thousands and thousands of records about Los Angeles Unified School District students. Expect lots of Snowflake customers to come back forward.

(Im)honorable mentions

Cencora notifies over 1,000,000 and still counts that it has lost their data:

US pharmaceutical giant Cencora disclosed a February data breach involving compromise of patient health data. Cencora obtained this information through cooperation with drug manufacturers. Cencora steadfastly refuses to say how many individuals have been affected, but TechCrunch calculations show that well over 1,000,000 people have been notified up to now. Cencora says it has served greater than 18 million patients up to now.

MediSecure data breach affects half of Australia:

Nearly 13 million people in Australia – roughly half the country’s population – have had their personal and health information stolen ransomware attack on prescription drug supplier MediSecure in April. MediSecure, which was distributing prescriptions to most Australians by the tip of 2023, declared insolvency shortly after the large theft of customer data.

Kaiser has made the health data of thousands and thousands of patients available to advertisers:

U.S. medical health insurance giant Kaiser disclosed a data breach in April after it inadvertently shared the private health information of 13.4 million patients, particularly search terms on web sites about diagnoses and medications, with technology corporations and advertisers. Kaiser stated that it used their tracking code for website analytics. The medical health insurance provider disclosed the incident within the wake of several other telehealth startups corresponding to Cerebral, Monument and Tempest admitting that they, too, had shared data with advertisers.

USPS also shared its mailing address with tech giants:

Then got here the U.S. Postal Service, which was caught sharing logged-in users’ mailing addresses with advertisers like Meta, LinkedIn and Snap, using the same tracking code provided by those corporations. USPS removed the tracking code from its website after TechCrunch alerted the Postal Service in July to the improper sharing of data, however the agency didn’t say how many individuals collected the data. As of March 2024, USPS has over 62 million Informed Delivery users.

Evolve Bank data breach affected fintech clients and startups:

In July, cybercriminals stole the private data of over 7.6 million people in a ransomware attack against Evolve Bank. Evolve is a banking services giant that mainly serves fintech corporations and startups corresponding to Affirm and Mercury. As a result, many individuals notified in regards to the data breach had never heard of Evolve Bank, let alone interacted with the corporate, before the cyberattack.

National public records bankrupt after thousands and thousands of SSNs stolen

The company behind data broker National Public Data filed for Chapter 11 bankruptcy protection in October, based on various analyzes by security researchers, months after an enormous data breach exposed about three billion records referring to roughly 270 million people. The data broker allowed its paying customers access to extensive databases containing names, dates of birth, email and postal addresses, phone numbers and social security numbers (even when not all of the data was accurate). The company said it needed to file for bankruptcy since it could now not generate enough revenue to deal with the deluge of class motion lawsuits and growing liability from state and federal regulators.

.

This article was originally published on : techcrunch.com
Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

Canoo’s latest defeat, stories from Waymo players and what Trump’s victory means for Elon (and his corporations)

Published

on

By

Welcome back TechCrunch Mobility – Your central hub for news and insights on the long run of transport. Register here for free – just click TechCrunch Mobility!

The election has only been two days and there may be already numerous speculation concerning the next election Trump’s presidency will mean for transport and technology, in addition to related sectors akin to energy and climate. Many of those questions will take months to reply. We will observe and report on what impact this may increasingly have on the long run of transport.

Early on, we produced several articles that examined who might win, who might lose, and how specific sectors might deal with changes in governance in the chief and legislative branches. TC reporter Tim De Chant provided evaluation on why President-elect Trump may find it difficult to lighten the mood Act on reducing inflationand reporter Rebecca Bellan examined what this victory could mean Elon Musk and his corporations including Tesla, SpaceX and X.

Little bird

Image credits:Bryce Durbin

A little bit bird told us that Tesla has definitely given up on its $25,000 electric vehicle and replaced it with a robotaxi. The breakthrough that got here in April, when Musk announced that Tesla would unveil its robotaxi this 12 months, got here as a surprise to many Tesla employees who were enthusiastic about the opportunity of constructing a less expensive electric vehicle that their children could sooner or later afford. This change in strategy, combined with mass layoffs earlier this 12 months, led to low morale amongst employees and even some departures. But our little bird says morale is slowly improving.

In other baby bird news…

Just a few little birds told us concerning the launch of electrical vehicles Canoo struggled with executive departures and more furloughs. Just a few days later, before the newsletter was able to ship, our information was verified in a regulatory document: the CFO and general counsel had left, which, amongst other things, resulted within the furloughing of 30 employees.

You can even see these instructions to learn the best way to contact us via the encrypted messaging app or SecureDrop.

Offers!

money for the station
Image credits:Bryce Durbin

Beta technologiesstartup developing electric planes for vertical takeoff and landing had an enormous round of funding — 318 million largeand yes, I mean dollars. The Series C financing round was led by Qatar’s sovereign wealth fund. Fidelity, TPG and United Therapeutics, which can also be a client, joined the round. This brings Beta’s total funding to over $1 billion. Not a word concerning the valuation.

As Rebecca Bellan noted in an article earlier this 12 months, Beta doesn’t wish to run its own urban air taxi network. Beta is positioning itself more as an OEM that may sell aircraft and charging solutions to multiple customers. The company has assured security for customers within the defense, cargo delivery and medical logistics industries – akin to United Therapeutics, UPS, Air New Zealand and the United States Air Force – with plans to launch products in these markets by 2025.

Other offers that caught my attention…

DeepRoute.aiShenzhen-based autonomous driving technology startup raised $100 million from Great Wall Motor. The funding is meant to assist DeepRoute introduce automated driving systems to as many vehicles as possible in China before Tesla launches next 12 months.

Last week we reminded you Waymo closing a $5.6 billion round from parent company Alphabet. Well, Bloomberg spotted the valuation, which their sources say is currently at $45 billion.

Van revised the valuation of Indian passenger transport startup Ola to around $2 billion at the tip of August.

Xavveostart-up coping with autonomous vehicle sensor technology, raised $8.6 million in a seed round co-led by Vsquared Ventures and imec.xpand.

Noteworthy reading and other interesting facts

Image credits:Bryce Durbin

Autonomous vehicles

Lift announced three separate partnerships — with a startup May mobilityautomated vehicle company Mobileyeand the corporate’s smart dash camera Nexar — all aimed toward gaining a foothold within the emerging autonomous vehicle market. All of those Uber and Lyft partnerships take me back to the hype days of AV in 2017 and 2018.

Electric vehicles, charging and batteries

Ferry said it is going to halt production of the F-150 Lightning electric pickup truck starting in mid-November for nearly two months because it grapples with reduced demand, increased competition and losses in the electrical vehicle industry.

Hurry up unveiled by an Electric camper concept which he describes as “the perfect escape pod,” Ars Technica reports.

Technology and software within the automotive

Reporter Sean O’Kane spoke with Rivian’s software chief Wassym Bensaid on the sidelines of TechCrunch Disrupt and learned that it’s working on an ecosystem for third-party developers that may make more apps available on the vehicle’s infotainment system.

This week’s wheels

Waymo Jaguar i-Pace fully autonomous robotaxi in San Francisco
Image credits:Waymo

This week, I’m reaching out to a handful of TechCrunch staffers who took their first Waymo rides while in San Francisco for Disrupt 2024. I’ve ridden many autonomous vehicles, including a driverless Waymos, so I assumed it might be fun to share a newbie’s perspective.

Venture reporter Dominic-Madori Davis said: “I thought I would hate Waymo, but I didn’t. He drove like my mother. Quite careful, very slow. I felt as safe as I could in the self-driving car, and honestly, I was glad I didn’t have to talk about the weather.”

AI and enterprise reporter Kyle Wiggers said “it’s nerve-wracking, especially when other cars pass us.” Sitting with a shotgun, the entire experience felt unnerving. I expected the worst.” I asked him if he would take one other Waymo, and his answer was, “Yes, but carefully.”

Venture editor Julie Bort went on three rides. She noted that her first ride was somewhat scary because she “turned a bit wobbly in a narrow lane next to a row of parked cars.” He also did not turn right on a red light, which resulted in frustrated people honking. She also noticed that sometimes the costs were much higher than what Uber would charge, and the drop-off locations were strange and just across the corner.

“All in all, it was a fun experience and if the car price is as affordable as other rideshares, I will do it regularly,” Bort told me. “But while it solved one security problem, it introduced others.”

Reporter Amanda Silberling said: “Waymo is like a roller coaster. It’s funny because it seems a little dangerous, but like a roller coaster, you know it’s been tested ad nauseam so it’s probably okay? If I wasn’t on a business trip with a corporate card, I don’t know if I could see myself using it because in many cases it was more expensive than Uber. Overall, I’m surprised at how safe I felt on Waymo rides, even though when I told my friends I was riding Waymo, they made me promise to text them once I arrived safely at my destination. My friends would react the same way if I was alone on the subway after midnight.”

This article was originally published on : techcrunch.com
Continue Reading

Technology

Anthropic partners with Palantir and AWS to sell artificial intelligence to defense customers

Published

on

By

Anthropic Claude 3.5 logo

Anthropic on Thursday announced that it’s working with Palantir, a knowledge mining company, and Amazon Web Services (AWS) to provide U.S. intelligence and defense agencies with access to Anthropic’s Claude family of artificial intelligence models.

The news comes as an increasing variety of AI vendors seek to sign contracts with U.S. defense customers for strategic and fiscal reasons. Meta recently revealed that it’s sharing its llama models with defense industry partners, while OpenAI does searching establishing closer relations with the Department of Defense.

Anthropic’s head of sales, Kate Earle Jensen, says the corporate’s partnership with Palantir and AWS will “operationalize the use of Claude” on the Palantir platform, leveraging AWS hosting. Claude, which became available on the Palantir platform earlier this month, can now be utilized in Palantir’s defense-accredited Impact Level 6 (IL6) environment, hosted on AWS infrastructure.

The Department of Defense’s IL6 is reserved for systems containing data considered critical to national security and requiring “maximum protection” against unauthorized access and manipulation. Information in IL6 systems can reach the “secret” level – one step less top secret.

“We are proud to be a leader in bringing responsible AI solutions to classified environments in the U.S., increasing analytical capabilities and operational efficiency in key government operations,” Jensen said. “Access to Claude on Palantir on AWS will equip U.S. defense and intelligence organizations with powerful artificial intelligence tools that can quickly process and analyze massive amounts of complex data. This will dramatically improve intelligence analysis and decision-making for officials, streamline resource-intensive tasks and increase operational efficiency across all departments.”

This summer, Anthropic introduced select Claude models to AWS’s GovCloud service, signaling its ambition to expand its public sector customer base. (GovCloud is an AWS service designed for US government cloud workloads). Anthropic positions itself as a more security-conscious provider than OpenAI. However, the corporate’s terms of service allow it to use AI for tasks reminiscent of “legally authorized foreign intelligence analysis,” “identifying covert influence or sabotage campaigns,” and “providing advance warning of potential military activities.”

There is actually interest in artificial intelligence amongst government agencies. March 2024 Brookings Institute evaluation found 1,200% increase in government procurement related to artificial intelligence. But some branches, reminiscent of the US military, do slow implementation of this technology — and skeptical concerning the return on investment.

Anthropic, which has recently expanded into Europe, is he said conduct talks on obtaining a brand new round of financing value up to USD 40 billion. To date, the corporate has raised about $7.6 billion, including forward commitments. Amazon is by far the most important investor.

This article was originally published on : techcrunch.com
Continue Reading

Technology

Truecaller founders step down as spam blocker gains momentum

Published

on

By

The co-founders of Swedish caller ID app Truecaller are stepping back from day-to-day operations, ending an era for considered one of Sweden’s most successful consumer technology corporations as it pursues a goal of 1 billion users.

Alan Mamedi and Nami Zarringhalam, who co-founded Truecaller in 2009 and are pictured above, will hand over their responsibilities to Rishit Jhunjhunwale, the corporate’s chief product officer and head of its key India division, in January. Both founders will remain strategic advisors and board members.

The succession comes as Truecaller, which operates the eponymous call and spam blocking app, finds its feet after a difficult period, with third-quarter revenue rising 15% to SKr457.3 million ($42.3 million). More importantly, promoting revenues – which had been a cause for concern – rose 8% after several quarters of decline.

“We are approaching half a billion users and I am confident that we can reach one billion users within a few years,” Mamedi said in his last quarterly statement as CEO. “We are one of the few companies in the world whose product has managed to attract hundreds of millions of people. This is how we put Sweden on the world map. This achievement is something that my co-founder Nami and I are incredibly proud of.”

Jhunjhunwala, who joined the corporate in 2015 and holds Swedish citizenship despite his Indian roots, inherits an organization that’s finding its feet after a difficult post-IPO period. Truecaller, which went public in October 2021, dominates caller identification in emerging markets but in addition faces recent challenges in developed economies, particularly on Apple’s iPhone platform.

The group plans to launch what executives call the “biggest product improvement ever” for iOS this quarter, which can match some Android features. Although iPhone users make up just 7% of Truecaller’s base, they generate 40% of subscription revenue – a difference that highlights each future challenges and opportunities.

“I have been working closely with Alan and Nami since 2015 and I know this is a big challenge,” said Jhunjhunwala, who oversaw product development and the corporate’s two largest revenue streams.

The move comes as Truecaller shares have rallied greater than 70% from March lows, with JPMorgan analysts noting that recent market entries and emerging revenue streams could further boost growth.

However, challenges remain. The company is undergoing regulatory scrutiny in India, where it generates greater than 70% of its revenues. Recent reports suggest that Airtel’s recent spam blocking tool could threaten its dominance, although early reviews favor Truecaller’s offering.

The founders’ departure was announced alongside accelerated third-quarter results, which showed promising growth in strategic markets such as Colombia and Nigeria, where user numbers increased by 40% year-over-year. Subscription revenue within the U.S. grew greater than 60% as the corporate focused on converting users into paying customers.

“We have a fantastic management team in whom we have the utmost confidence,” Mamedi and Zarringhalam said in a joint statement. “With these elements, we are confident that the company is well-positioned for future success.”


This article was originally published on : techcrunch.com
Continue Reading
Advertisement

OUR NEWSLETTER

Subscribe Us To Receive Our Latest News Directly In Your Inbox!

We don’t spam! Read our privacy policy for more info.

Trending