We’re halfway through 2024, and this year has already seen some of the biggest and most destructive data breaches in recent history. And just when you think some of these hacks can’t get any worse, they actually do.
From mass collection, theft, and posting of personal information of consumers online to the theft of healthcare data of most Americans, the worst data breaches so far in 2024 have already surpassed at least 1 billion stolen records and are continuing to grow. These breaches not only impact individuals whose data is irretrievably exposed, but also inspire criminals who profit from malicious cyberattacks.
Join us on a journey back in time to the not-so-distant past to see how some of the biggest security breaches of 2024 happened, their impact, and in some cases, how to prevent them.
AT&T's data breach affects 'almost' all of its customers and many more non-customers
For AT&T, 2024 was a very bad year for data security, as the telecom giant confirmed two separate data breaches just months apart.
In July, AT&T revealed that cybercriminals had stolen a cache of data containing the phone numbers and call records of “virtually all” of its customers — roughly 110 million people — over a six-month period through 2022, and in some cases longer. The data wasn’t stolen directly from AT&T systems, but from accounts held by data giant Snowflake (more on that later).
While the stolen AT&T data has not been made public (one report says AT&T paid a ransom to the hackers to delete the stolen data), and the data itself does not contain the content of calls or text messages, the “metadata” still shows who called whom and when, and in some cases, the data can be used to infer a rough location. Even worse, the data includes the phone numbers of non-customers who were calling AT&T customers at the time. If made public, that data could be dangerous to high-risk individuals, such as domestic violence survivors.
It was AT&T’s second data breach of the year. In early March, a data breach broker dumped the entire cache of 73 million customer records online for anyone to see on a well-known cybercrime forum, about three years after a much smaller sample was teased online.
The disclosed data included personal information about customers, including their names, phone numbers and postal addresses, and some customers confirmed that their data was accurate.
But the telecom giant didn’t take action until security researchers discovered that the exposed data contained encrypted passcodes used to access customers’ AT&T accounts. The security researchers told TechCrunch at the time that the encrypted passcodes were easily crackable, putting roughly 7.6 million existing AT&T customer accounts at risk of being hijacked. After TechCrunch reported the researchers’ findings to the company, AT&T forcibly reset customer account passcodes.
One big mystery still remains: AT&T still doesn't know how the data was leaked or where it came from.
Healthcare hackers stole medical data on 'significant portion' of Americans
In 2022, the U.S. Department of Justice sued health insurance giant UnitedHealth Group to block its attempted acquisition of health tech giant Change Healthcare, citing concerns that the deal would give the healthcare giant broad access to “approximately half of Americans’ health insurance claims” each year. The attempt to block the deal ultimately failed. Then, two years later, something much worse happened: Change Healthcare was hacked by a ransomware gang. One of the company’s critical systems was not protected by multifactor authentication, allowing the almighty bank of sensitive health data to be stolen.
The cyberattack caused extensive downtime that lasted for weeks and caused widespread disruptions at hospitals, pharmacies, and medical facilities across the U.S. But while the full impact of the data breach has yet to be fully realized, the consequences for those affected are likely to be irreversible. UnitedHealth says the stolen data, which it paid hackers to obtain copies of, includes personal, medical, and billing information for a “significant percentage” of people in the U.S.
UnitedHealth has not yet put a number on how many individuals were affected by the breach. The health giant's chief executive, Andrew Witty, told lawmakers that the breach could affect about a third of Americans, and potentially more. For now, it's just how much Hundreds of millions of people in the United States are affected.
Synnovis ransomware attack causes widespread disruption to hospitals across London
In June, a cyberattack on the UK pathology laboratory Synnovis (a blood and tissue testing laboratory for hospitals and health services across the UK capital) caused widespread disruption to patient services for weeks. Local National Health Service Trusts that rely on the laboratory postponed thousands of surgeries and procedures following the hack, leading to a major incident being declared across the UK healthcare sector.
A Russian-based ransomware gang has been blamed for the cyberattack that resulted in the theft of data relating to approximately 300 million patient interactions over a “significant” period of time. As with the Change Healthcare data breach, the impact on those affected is significant and likely to be lifelong.
Some of the data has already been posted online in an attempt to blackmail the lab into paying a ransom. Synnovis reportedly refused to pay the hackers’ $50 million ransom, which prevented the gang from profiting from the hack but left the British government scrambling to come up with a plan in case the hackers ended up posting millions of health records online.
One of the NHS trusts that ran five hospitals across London was affected by the outage, which was reported to have failed to meet data security standards required by the UK's health service before the cyberattack on Synnovis in June.
Ticketmaster reportedly had 560 million records stolen in the Snowflake hack.
A series of data thefts at cloud data giant Snowflake quickly grew into one of the largest breaches of the year, with massive amounts of data stolen from enterprise customers.
Cybercriminals have stolen hundreds of millions of customer data from some of the world’s largest companies, including 560 million records from Ticketmaster, 79 million records from Advance Auto Parts, and approximately 30 million records from TEG. This was done using stolen credentials from a data engineer who had access to their employer’s Snowflake environment. Snowflake does not require (or force) customers to use security features that protect against breaches that rely on stolen or reused passwords.
Incident response firm Mandiant says about 165 Snowflake customers had data stolen from their accounts, in some cases “significant amounts of customer data.” Only a handful of the 165 companies have confirmed so far that their environments were compromised, including tens of thousands of employee records at Neiman Marcus and Santander Bank, and millions of student records at the Los Angeles Unified School District. Expect more Snowflake customers to come forward.
(dis)honorable mention
Cencora has sent notifications to over a million customers that they have lost data.
Cencora, a U.S. pharmaceutical giant, disclosed a data breach in February in which patient health data was compromised, information that Cencora obtained through partnerships with pharmaceutical companies. Cencora has been adamant about revealing how many people were affected, but according to a TechCrunch tally, more than a million people have been notified so far. Cencora says it has served more than 18 million patients so far.
MediSecure data breach impacts half of Australians
Personal and health data of around 13 million Australians – around half the Australian population – was stolen in April in a ransomware attack on prescription provider MediSecure. MediSecure, which distributed prescriptions to most Australians until the end of 2023, declared bankruptcy shortly after the mass theft of customer data.
Kaiser shared millions of patients' health data with advertisers.
Kaiser, the U.S. health insurance giant, disclosed a data breach in April after it mistakenly shared personal health information of 13.4 million patients, particularly website search terms for diagnoses and medications, with tech companies and advertisers. Kaiser said it used tracking code to analyze its website. The health insurance provider disclosed the incident after several other telehealth startups, including Cerebral, Monument, and Tempest, admitted to sharing data with advertisers.
The USPS also shared mailing addresses with tech giants.
Then came the USPS’s turn to share logged-in users’ mailing addresses with advertisers like Meta, LinkedIn, and Snap, using similar tracking codes provided by those companies. The USPS removed the tracking codes from its website after TechCrunch notified the agency of the inappropriate data sharing in July, but the agency did not disclose how many individuals had their data collected. As of March 2024, the USPS had over 62 million Informed Delivery users.
Evolve Bank data breach impacts fintech and startup customers
In July, cybercriminals stole the personal information of over 7.6 million people in a ransomware attack targeting Evolve Bank. Evolve is a banking-as-a-service giant that primarily targets fintechs and startups like Affirm and Mercury. As a result, many of the individuals who were notified of the data breach had never heard of Evolve Bank and had no relationship with the company before the cyberattack.
