The year 2024 has seen a surge in massive data breaches that have exposed over 1 billion records and counting. These breaches have had far-reaching impacts on individuals and emboldened cybercriminals to continue their malicious activities.
One of the major data breaches of 2024 involved AT&T, where cybercriminals stole data containing phone numbers and call records of nearly all of its customers. This data, which was obtained from AT&T’s account with Snowflake, also included metadata that could reveal caller information and locations. The breach also exposed phone numbers of non-customers who were called by AT&T customers, raising concerns about privacy and safety.
Another significant breach occurred at Change Healthcare, where a ransomware gang stole sensitive medical data affecting a substantial proportion of Americans. The breach, attributed to the lack of multi-factor authentication, caused widespread disruptions in healthcare services across the United States. The stolen data included personal, medical, and billing information, posing long-term risks to those affected.
In the UK, a ransomware attack on Synnovis, a pathology lab, led to widespread outages at hospitals in London. The attack, attributed to a Russia-based gang, resulted in the theft of data related to 300 million patient interactions. Despite refusing to pay the hackers’ ransom, Synnovis faced challenges in preventing the publication of health records online, prompting the UK government to intervene.
Snowflake, a cloud data giant, experienced multiple data theft incidents, with cybercriminals stealing millions of customer records from various companies. The stolen credentials of data engineers with access to Snowflake environments enabled the attackers to compromise sensitive data from corporate customers. Incident response firm Mandiant reported that around 165 companies had data stolen from their accounts, highlighting the widespread impact of the breaches.
Other notable breaches in 2024 included incidents at Cencora, MediSecure, Kaiser, and the U.S. Postal Service, where millions of individuals had their data compromised due to security vulnerabilities or improper data sharing practices. These breaches underscore the urgent need for organizations to enhance their cybersecurity measures and protect sensitive information from cyber threats.
As data breaches continue to escalate in frequency and scale, individuals and businesses must remain vigilant and take proactive steps to safeguard their data and privacy. By implementing robust security protocols, conducting regular security audits, and raising awareness about cybersecurity best practices, we can collectively mitigate the risks posed by cyber threats and prevent future breaches from occurring.
