Cyber Shocks of 2024: Unpacking the Year’s Biggest Security Breaches
The catastrophic surge in data breaches in 2024 has left virtually no industry untouched. You name it, this year has witnessed it: high-profile corporate hacks, billions of daily phishing emails, ransomware attacks targeting industry giants, endless supply chain compromises, the largest healthcare data breach in history impacting a third of the population of the United States, national election breaches compromising our democracy and the enormous role that Artificial Intelligence (AI) has had by empowering cybercriminals even more.
Here is a breakdown of the top data breaches that rocked the world this year:
– National Public Data Breach: In early 2024, National Public Data (NPD), an online background check and fraud prevention service, reported that a malicious actor gained access to their systems in December 2023 and leaked sensitive data starting in April 2024. Bloomberg Law stated that “the breach allegedly exposed 2.9 billion records containing highly sensitive personal data of up to 170 million people in the US, UK, and Canada.” This breach has been described as potentially one of the largest in history, with personal information, including Social Security numbers, full names, mailing addresses, email addresses, phone numbers and family member details, being sold on the Dark Web. For a review of our recommendations and details of the breach, review our blog on the subject HERE.
– Snowflake Data Breach: This prominent cloud data platform with 9,800+ global customers, suffered a breach where hackers used stolen passwords to access data from companies like Adobe, AT&T, Honeywell, Mastercard, Pfizer and Ticketmaster. Campaigns have targeted at least 165 organizations associated with Snowflake cloud storage systems. This particular type of crime highlights vulnerabilities in cloud data storage and the critical importance of securing access credentials to prevent unauthorized data access. To read how millions were potentially exposed by a Snowflake breach, click HERE for our blog about Neiman Marcus.
– CDK Global Breach: If you tried to buy a car this summer, you might have hit a snag or two. In June 2024, CDK Global, a leading provider of dealer management solutions to the automotive industry, experienced a significant ransomware attack affecting approximately 15,000 auto dealerships. The attack paralyzed dealerships leaving them to go back to pen and paper to complete deals. Read More
– Salt Typhoon Attack: A Chinese hacking group known as Salt Typhoon infiltrated U.S. telecommunications networks, enabling them to geolocate millions of Americans and record their phone calls. Politico.com reported that high-profile victims included President-elect Donald Trump and senior Biden administration officials. Details of this breach that targeted AT&T and Verizon are still coming to light. It raises significant national security concerns and highlights vulnerabilities in critical infrastructure, prompting calls for enhanced cybersecurity measures in the telecommunications sector. Read More
– Change Healthcare Ransomware Attack: Change Healthcare is a major healthcare technology company that suffered a massive ransomware attack by the ALPHV/BlackCat group, impacting over 100 million people. Hackers broke into one of its subsidiaries and disrupted healthcare providers across the United States for months. The Verge reported that UnitedHealth paid a $22 million ransom to regain access to their systems. Read More
– “Mother of All Data Breaches” (MOAB) is an extraordinary aggregation of over 4,000 breaches that took place over several years with data amassed from thousands of companies and platforms. This collection of data breaches involved the exposure of 26 billion records making it the largest consolidated data breach in history affecting millions of individuals across multiple countries. The breach included records from major platforms and services such as Adobe, Canva, Dropbox, LinkedIn, X (formerly Twitter) and Venmo. The records contained usernames, email addresses, passwords and, in some cases, financial information leaving those impacted facing increased risks of identity theft, phishing attacks and financial fraud. The data was sold on the Dark Web and widely distributed among cybercriminal communities. Read More
The breaches of 2024 taught many things:
1) The dangers of reusing passwords across multiple accounts. We suggest that you use strong, unique passwords and change them regularly. Also consider enabling two-factor authentication where possible.
2) The importance of persistent, regular credit and threat monitoring. Keep a close eye on your bank accounts, credit cards and other financial records for any suspicious or unauthorized transactions. We also suggest that you consider setting up alerts to notify you of any unusual activity.
3) The need for companies to continue to reduce the collection and storage of unnecessary data to limit exposure in the event of a breach.
Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].
Image courtesy credit: Chris Ried via unsplash.com.