We’re over midway by means of 2024, and already this yr we have now seen among the largest, most damaging knowledge breaches in latest historical past. And simply while you assume that a few of these hacks can’t get any worse, they do.
From big shops of consumers’ private info getting scraped, stolen and posted on-line, to reams of medical knowledge masking most individuals within the United States getting stolen, the worst knowledge breaches of 2024 up to now have already surpassed at the very least 1 billion stolen information and rising. These breaches not solely have an effect on the people whose knowledge was irretrievably uncovered, but additionally embolden the criminals who revenue from their malicious cyberattacks.
Travel with us to the not-so-distant previous to have a look at how among the largest safety incidents of 2024 went down, their affect and. in some instances, how they may have been stopped.
AT&T’s knowledge breaches have an effect on “nearly all” of its clients, and lots of extra non-customers
For AT&T, 2024 has been a really unhealthy yr for knowledge safety. The telecoms large confirmed not one, however two separate knowledge breaches simply months aside.
In July, AT&T stated cybercriminals had stolen a cache of knowledge that contained cellphone numbers and name information of “nearly all” of its clients, or round 110 million individuals, over a six-month interval in 2022 and in some instances longer. The knowledge wasn’t stolen immediately from AT&T’s methods, however from an account it had with knowledge large Snowflake (extra on that later).
Although the stolen AT&T knowledge isn’t public (and one report suggests AT&T paid a ransom for the hackers to delete the stolen knowledge) and the information itself doesn’t comprise the contents of calls or textual content messages, the “metadata” nonetheless reveals who known as who and when, and in some instances the information can be utilized to deduce approximate areas. Worse, the information contains cellphone numbers of non-customers who have been known as by AT&T clients throughout that point. That knowledge changing into public could possibly be harmful for higher-risk people, corresponding to home abuse survivors.
That was AT&T’s second knowledge breach this yr. Earlier in March, a knowledge breach dealer dumped on-line a full cache of 73 million buyer information to a recognized cybercrime discussion board for anybody to see, some three years after a a lot smaller pattern was teased on-line.
The revealed knowledge included clients’ private info, together with names, cellphone numbers and postal addresses, with some clients confirming their knowledge was correct.
But it wasn’t till a safety researcher found that the uncovered knowledge contained encrypted passcodes used for accessing a buyer’s AT&T account that the telecoms large took motion. The safety researcher informed TechCrunch on the time that the encrypted passcodes could possibly be simply unscrambled, placing some 7.6 million present AT&T buyer accounts susceptible to hijacks. AT&T force-reset its clients’ account passcodes after TechCrunch alerted the corporate to the researcher’s findings.
One huge thriller stays: AT&T nonetheless doesn’t understand how the information leaked or the place it got here from.
Change Healthcare hackers stole medical knowledge on “substantial proportion” of individuals in America
In 2022, the U.S. Justice Department sued medical insurance large UnitedWell being Group to dam its tried acquisition of well being tech large Change Healthcare, fearing that the deal would give the healthcare conglomerate broad entry to about “half of all Americans’ health insurance claims” every year. The bid to dam the deal in the end failed. Then, two years later, one thing far worse occurred: Change Healthcare was hacked by a prolific ransomware gang; its almighty banks of delicate well being knowledge have been stolen as a result of one of many firm’s important methods was not protected with multi-factor authentication.
The prolonged downtime brought on by the cyberattack dragged on for weeks, inflicting widespread outages at hospitals, pharmacies and healthcare practices throughout the United States. But the aftermath of the information…