Biggest data breaches of 2024: 1 billion records stolen and counting

The end of 2024 is approaching – a yr that can go down in history as one of the most important and most damaging data breaches in recent history. And just once you think some of these hacks couldn’t get any worse, they do.

From vast troves of customer personal data that were stolen, stolen, and published online, to tons of medical records referring to most individuals within the United States that were stolen, the worst data breaches in 2024 have surpassed 1 billion stolen records and counting. These breaches not only affect individuals whose data has been irretrievably exposed, but in addition embolden criminals who benefit from their malicious cyberattacks.

Travel with us into the recent past to see how some of the largest security incidents of 2024 happened, what their impact was and, in some cases, they might have been stopped.

AT&T’s data breaches affect “almost all” of its customers and many more non-customers

For AT&T, 2024 was a really bad yr for data security. The telecommunications giant confirmed not one, but two separate data breaches inside just a few months of one another.

In July, AT&T said cybercriminals had stolen a data cache containing the phone numbers and call records of “almost all” of its customers, or about 110 million people, over a six-month period in 2022 and in some cases longer. The data wasn’t stolen directly from AT&T’s systems, but from an account she had with data giant Snowflake (more on that later).

Although the stolen AT&T data is just not public (i.e one report suggests that AT&T paid a ransom to hackers to delete stolen data), and the data itself doesn’t contain the content of calls or text messages, the “metadata” still reveals who called whom and when, and in some cases the data will be used to find out approximate location. Worse still, the data includes the phone numbers of non-customers that AT&T customers called during that point. Making data public could also be dangerous for people belonging to the next risk group, e.g. individuals who have experienced domestic violence.

This was AT&T’s second data breach this yr. In early March, the data breach broker placed a full cache of 73 million customer records online on a distinguished cybercrime forum for anyone to see, about three years after a much smaller sample appeared online.

The data published included customers’ personal information, including names, telephone numbers and postal addresses, and some customers confirmed that their details were accurate.

However, the telecom giant only took motion after a security researcher discovered that the leaked data included encrypted passwords used to access the shopper’s AT&T account. A security researcher told TechCrunch on the time that encrypted passwords may very well be easily decrypted, putting roughly 7.6 million existing AT&T customer accounts in danger of being compromised. AT&T forced password resets on its customer accounts after TechCrunch alerted the corporate to the researcher’s findings.

One big mystery stays: AT&T still doesn’t know the way the data leaked or where it got here from.

Hackers from Change Healthcare stole medical data from a “significant portion” of the American population

In 2022, the US Department of Justice sued medical health insurance giant UnitedHealth Group to dam its attempted takeover of health tech giant Change Healthcare, fearing that the deal would give the healthcare conglomerate broad access to about “half of all Americans’ health insurance claims” every year. The try and block the transaction ultimately failed. Then, two years later, something much worse happened: an influential ransomware gang hacked Change Healthcare; its massive banks of sensitive health data were stolen because one of the corporate’s key systems was not protected by multi-factor authentication.

Long outages brought on by the cyberattack continued for weeks, causing widespread outages at hospitals, pharmacies and doctor’s offices across the United States. However, the consequences of a data breach will not be yet fully understood, although the results for those affected will likely be irreversible. UnitedHealth says the stolen data – which it paid hackers to repeat – includes personal, medical and billing information for a “significant portion” of U.S. residents.

UnitedHealth has not yet released the number of people affected by the breach. The health care giant’s chief executive, Andrew Witty, told lawmakers the breach could affect a couple of third of Americans, and potentially more. For now, the purpose is that it only affects lots of of thousands and thousands of people within the US.

The Synnovis ransomware attack caused widespread outages in hospitals across London

A June cyberattack on British pathology laboratory Synnovis – a blood and tissue testing laboratory for hospitals and healthcare facilities across the UK capital – caused widespread disruption to patient services for weeks. Local National Health Service trusts that depend on the laboratory postponed hundreds of surgeries and procedures after the breach, prompting the declaration of a critical incident within the UK health sector.

A Russian ransomware gang was blamed for the cyberattack theft of data related to roughly 300 million patient interactions from a “significant number” of years ago. As with the Change Healthcare data breach, the results for those affected are more likely to be significant and lasting.

Some of the data has already been published online in an try and force the lab to pay a ransom. According to Synnovis reports refused to pay the hackers a ransom of $50 millionstopping the gang from making the most of the break-in, but leaving it behind the UK government is working on a plan in case hackers put thousands and thousands of medical records online.

One of the affected NHS trusts, which runs five hospitals across London, reportedly failed to fulfill data security standards required by the NHS within the years leading as much as the June cyber attack on Synnovis.

560 million records were allegedly stolen within the Snowflake Ticketmaster hack

A series of data thefts from cloud data giant Snowflake quickly escalated into one of the largest breaches of the yr, with massive amounts of data stolen from corporate customers.

Cybercriminals have stolen lots of of thousands and thousands of customer data from some of the world’s largest corporations, including: alleged 560 million records from Ticketmaster, 79 million records from Advance Auto Parts and roughly 30 million records from TEG – using stolen credentials of data engineers with access to their employers’ Snowflake environments. For its part, Snowflake doesn’t require (or force) its customers to make use of a security feature that protects against hacks involving stolen or reused passwords.

Incident response firm Mandiant said about 165 Snowflake customers had their data stolen and, in some cases, “significant amounts of customer data.” So far, only a handful of 165 corporations have confirmed that their environments were breached, which also includes tens of hundreds of worker data from Neiman Marcus AND Bank SantanderAND (*1*)thousands and thousands of records about Los Angeles Unified School District students. Expect lots of Snowflake customers to come back forward.

(Im)honorable mentions

Cencora notifies over 1,000,000 and still counts that it has lost their data:

US pharmaceutical giant Cencora disclosed a February data breach involving compromise of patient health data. Cencora obtained this information through cooperation with drug manufacturers. Cencora steadfastly refuses to say how many individuals have been affected, but TechCrunch calculations show that well over 1,000,000 people have been notified up to now. Cencora says it has served greater than 18 million patients up to now.

MediSecure data breach affects half of Australia:

Nearly 13 million people in Australia – roughly half the country’s population – have had their personal and health information stolen ransomware attack on prescription drug supplier MediSecure in April. MediSecure, which was distributing prescriptions to most Australians by the tip of 2023, declared insolvency shortly after the large theft of customer data.

Kaiser has made the health data of thousands and thousands of patients available to advertisers:

U.S. medical health insurance giant Kaiser disclosed a data breach in April after it inadvertently shared the private health information of 13.4 million patients, particularly search terms on web sites about diagnoses and medications, with technology corporations and advertisers. Kaiser stated that it used their tracking code for website analytics. The medical health insurance provider disclosed the incident within the wake of several other telehealth startups corresponding to Cerebral, Monument and Tempest admitting that they, too, had shared data with advertisers.

USPS also shared its mailing address with tech giants:

Then got here the U.S. Postal Service, which was caught sharing logged-in users’ mailing addresses with advertisers like Meta, LinkedIn and Snap, using the same tracking code provided by those corporations. USPS removed the tracking code from its website after TechCrunch alerted the Postal Service in July to the improper sharing of data, however the agency didn’t say how many individuals collected the data. As of March 2024, USPS has over 62 million Informed Delivery users.

Evolve Bank data breach affected fintech clients and startups:

In July, cybercriminals stole the private data of over 7.6 million people in a ransomware attack against Evolve Bank. Evolve is a banking services giant that mainly serves fintech corporations and startups corresponding to Affirm and Mercury. As a result, many individuals notified in regards to the data breach had never heard of Evolve Bank, let alone interacted with the corporate, before the cyberattack.

National public records bankrupt after thousands and thousands of SSNs stolen

The company behind data broker National Public Data filed for Chapter 11 bankruptcy protection in October, based on various analyzes by security researchers, months after an enormous data breach exposed about three billion records referring to roughly 270 million people. The data broker allowed its paying customers access to extensive databases containing names, dates of birth, email and postal addresses, phone numbers and social security numbers (even when not all of the data was accurate). The company said it needed to file for bankruptcy since it could now not generate enough revenue to deal with the deluge of class motion lawsuits and growing liability from state and federal regulators.

.