We’re virtually on the finish of 2024, a yr that can go down as having seen a few of the largest, most damaging knowledge breaches in current historical past. And simply once you suppose that a few of these hacks can’t get any worse, they do.
From large shops of consumers’ private info getting scraped, stolen and posted on-line, to reams of medical knowledge protecting most individuals within the United States getting stolen, the worst knowledge breaches of 2024 have surpassed the 1 billion stolen information and rising. These breaches not solely have an effect on the people whose knowledge was irretrievably uncovered, but additionally embolden the criminals who revenue from their malicious cyberattacks.
Travel with us to the not-so-distant previous to take a look at how a few of the largest safety incidents of 2024 went down, their influence and, in some instances, how they may have been stopped.
AT&T’s knowledge breaches have an effect on “nearly all” of its clients, and lots of extra non-customers
For AT&T, 2024 has been a really dangerous yr for knowledge safety. The telecoms large confirmed not one, however two separate knowledge breaches simply months aside.
In July, AT&T stated cybercriminals had stolen a cache of information that contained cellphone numbers and name information of “nearly all” of its clients, or round 110 million individuals, over a six-month interval in 2022 and in some instances longer. The knowledge wasn’t stolen immediately from AT&T’s programs, however from an account it had with knowledge large Snowflake (extra on that later).
Although the stolen AT&T knowledge isn’t public (and one report suggests AT&T paid a ransom for the hackers to delete the stolen knowledge) and the info itself doesn’t include the contents of calls or textual content messages, the “metadata” nonetheless reveals who known as who and when, and in some instances the info can be utilized to deduce approximate areas. Worse, the info consists of cellphone numbers of non-customers who have been known as by AT&T clients throughout that point. That knowledge turning into public might be harmful for higher-risk people, corresponding to home abuse survivors.
That was AT&T’s second knowledge breach this yr. Earlier in March, an information breach dealer dumped on-line a full cache of 73 million buyer information to a recognized cybercrime discussion board for anybody to see, some three years after a a lot smaller pattern was teased on-line.
The revealed knowledge included clients’ private info, together with names, cellphone numbers and postal addresses, with some clients confirming their knowledge was correct.
But it wasn’t till a safety researcher found that the uncovered knowledge contained encrypted passcodes used for accessing a buyer’s AT&T account that the telecoms large took motion. The safety researcher advised TechCrunch on the time that the encrypted passcodes might be simply unscrambled, placing some 7.6 million present AT&T buyer accounts susceptible to hijacks. AT&T force-reset its clients’ account passcodes after TechCrunch alerted the corporate to the researcher’s findings.
One massive thriller stays: AT&T nonetheless doesn’t know the way the info leaked or the place it got here from.
Change Healthcare hackers stole medical knowledge on “substantial proportion” of individuals in America
In 2022, the U.S. Justice Department sued medical insurance large UnitedWell being Group to dam its tried acquisition of well being tech large Change Healthcare, fearing that the deal would give the healthcare conglomerate broad entry to about “half of all Americans’ health insurance claims” annually. The bid to dam the deal in the end failed. Then, two years later, one thing far worse occurred: Change Healthcare was hacked by a prolific ransomware gang; its almighty banks of delicate well being knowledge have been stolen as a result of one of many firm’s vital programs was not protected with multi-factor authentication.
The prolonged downtime brought on by the cyberattack dragged on for weeks, inflicting widespread outages at hospitals, pharmacies and healthcare practices throughout the United States. But the aftermath of the info breach has but to…