We’re over midway via 2024, and already this yr we’ve seen a number of the largest, most damaging knowledge breaches in current historical past. And simply whenever you suppose that a few of these hacks can’t get any worse, they do.
From enormous shops of consumers’ private info getting scraped, stolen and posted on-line, to reams of medical knowledge overlaying most individuals in america getting stolen, the worst knowledge breaches of 2024 so far have already surpassed at the very least 1 billion stolen data and rising. These breaches not solely have an effect on the people whose knowledge was irretrievably uncovered, but in addition embolden the criminals who revenue from their malicious cyberattacks.
Journey with us to the not-so-distant previous to have a look at how a number of the largest safety incidents of 2024 went down, their impression, and in some circumstances, how they may have been stopped.
Thriller AT&T knowledge leak uncovered 73 million buyer accounts
Some three years after a hacker teased a printed pattern of allegedly stolen AT&T buyer knowledge, an information breach dealer in March dumped the complete cache of 73 million buyer data on-line to a recognized cybercrime discussion board for anybody to see. The printed knowledge included prospects’ private info, together with names, cellphone numbers and postal addresses, with some prospects confirming their knowledge was correct.
But it surely wasn’t till a safety researcher found that the uncovered knowledge contained encrypted passcodes used for accessing a buyer’s AT&T account that the telecoms big took motion. The safety researcher advised TechCrunch on the time that the encrypted passcodes might be simply unscrambled, placing some 7.6 million current AT&T buyer accounts prone to hijacks. AT&T force-reset its prospects’ account passcodes after TechCrunch alerted the corporate to the researcher’s findings.
One massive thriller stays: AT&T nonetheless doesn’t understand how the information leaked or the place it got here from.
Change Healthcare hackers stole medical knowledge on “substantial proportion” of individuals in America
In 2022, the U.S. Justice Division sued medical insurance big UnitedHealth Group to dam its tried acquisition of well being tech big Change Healthcare, fearing that the deal would give the healthcare conglomerate broad entry to about “half of all Individuals’ medical insurance claims” every year. The bid to dam the deal in the end failed. Then, two years later, one thing far worse occurred: Change Healthcare was hacked by a prolific ransomware gang; its almighty banks of delicate well being knowledge had been stolen as a result of one of many firm’s important programs was not protected with multi-factor authentication.
The prolonged downtime attributable to the cyberattack dragged on for weeks, inflicting widespread outages at hospitals, pharmacies and healthcare practices throughout america. However the aftermath of the information breach has but to be absolutely realized, although the implications for these affected are prone to be irreversible. UnitedHealth says the stolen knowledge — which it paid the hackers to acquire a replica — consists of the non-public, medical and billing info on a “substantial proportion” of individuals in america.
UnitedHealth has but to connect a quantity to what number of people had been affected by the breach. The well being big’s chief government, Andrew Witty, advised lawmakers that the breach could have an effect on round one-third of Individuals, and doubtlessly extra. For now, it’s a query of simply what number of lots of of tens of millions of individuals within the U.S. are affected.
Synnovis ransomware assault sparked widespread outages at hospitals throughout London
A June cyberattack on U.Ok. pathology lab Synnovis — a blood and tissue testing lab for hospitals and well being companies throughout the U.Ok. capital — brought on ongoing widespread disruption to affected person companies for weeks. The native Nationwide Well being Service trusts that depend on the lab postponed 1000’s of operations and procedures following the hack, prompting the declaration of a important incident throughout the U.Ok. well being sector.
A Russia-based ransomware gang was blamed for the cyberattack, which noticed the theft of knowledge associated to some 300 million affected person interactions courting again a “vital quantity” of years. Very like the information breach at Change Healthcare, the ramifications for these affected are prone to be vital and life-lasting.
A few of the knowledge was already printed on-line in an effort to extort the lab into paying a ransom. Synnovis reportedly refused to pay the hackers’ $50 million ransom, stopping the gang from cashing in on the hack however leaving the U.Ok. authorities scrambling for a plan in case the hackers posted tens of millions of well being data on-line.
One of many NHS trusts that runs 5 hospitals throughout London affected by the outages reportedly failed to fulfill the information safety requirements as required by the U.Ok. well being service within the years that ran as much as the June cyberattack on Synnovis.
Ticketmaster had an alleged 560 million data stolen within the Snowflake hack
A sequence of knowledge thefts from cloud knowledge big Snowflake shortly snowballed into one of many largest breaches of the yr, due to the huge quantities of knowledge stolen from its company prospects.
Cybercriminals swiped lots of of tens of millions of buyer knowledge from a number of the world’s largest firms — together with an alleged 560 million data from Ticketmaster, 79 million data from Advance Auto Elements and some 30 million data from TEG — by utilizing stolen credentials of knowledge engineers with entry to their employer’s Snowflake environments. For its half, Snowflake doesn’t require (or implement) its prospects to make use of the safety characteristic, which protects towards intrusions that depend on stolen or reused passwords.
Incident response agency Mandiant stated round 165 Snowflake prospects had knowledge stolen from their accounts, in some circumstances a “vital quantity of buyer knowledge.” Solely a handful of the 165 firms have thus far confirmed their environments had been compromised, which additionally consists of tens of 1000’s of worker data from Neiman Marcus and Santander Financial institution, and tens of millions of data of scholars at Los Angeles Unified College District. Count on many Snowflake prospects to return ahead.
