The year 2024 has been marked by some of the most significant and damaging data breaches in recent history. These breaches have not only exposed sensitive information but have also emboldened cybercriminals who profit from their malicious activities. Let’s dive into some of the biggest security incidents of 2024, their impact, and how they could have been prevented.
AT&T, one of the largest telecoms giants, suffered two major data breaches this year. In July, it was revealed that cybercriminals had stolen phone numbers and call records of nearly all its customers over a six-month period. This data was not stolen directly from AT&T’s systems but from an account it had with data giant Snowflake. The stolen data, although not made public, could be dangerous if it falls into the wrong hands, especially for higher-risk individuals like domestic abuse survivors. This was AT&T’s second breach, with the first one occurring in March when a data breach broker dumped 73 million customer records online.
Change Healthcare, a health insurance giant, experienced a devastating cyberattack that resulted in the theft of medical data on a substantial proportion of people in America. The breach occurred because one of the company’s critical systems was not protected with multi-factor authentication. The downtime caused by the cyberattack led to widespread outages at hospitals and healthcare practices across the United States. The stolen data includes personal, medical, and billing information, and the full consequences of the breach are yet to be realized.
A ransomware attack on Synnovis, a pathology lab in the UK, caused significant disruptions to patient services. The hack resulted in the theft of data related to approximately 300 million patient interactions spanning several years. The hackers attempted to extort the lab by publishing some of the stolen data online. The attack highlighted the failure of one of the NHS trusts to meet data security standards, raising concerns about the overall security of the UK health sector.
Snowflake, a cloud data giant, suffered a series of data thefts which led to one of the biggest breaches of the year. Cybercriminals used stolen credentials of data engineers to steal hundreds of millions of customer data from major companies. Snowflake’s lack of enforcement of security features that protect against intrusions using stolen passwords contributed to the breach. Incident response firm Mandiant confirmed that around 165 Snowflake customers had their data stolen, including employee records and student data.
Other notable breaches in 2024 include U.S. pharma giant Cencora losing the health data of over a million patients, Australian prescriptions provider MediSecure experiencing a ransomware attack that affected half of the country’s population, U.S. health insurance giant Kaiser inadvertently sharing private health information with tech companies and advertisers, and the U.S. Postal Service sharing postal addresses of logged-in users with tech giants.
These breaches highlight the urgent need for enhanced data security measures. Companies must prioritize the implementation of robust authentication protocols, encryption, and regular security audits to prevent unauthorized access to sensitive data. Additionally, organizations should invest in employee training to raise awareness about potential cyber threats and ensure proper data handling procedures are in place. The consequences of data breaches are far-reaching, affecting individuals, businesses, and society as a whole. It is crucial to learn from these incidents and take proactive steps to safeguard our digital infrastructure.
