Article
Four Catastrophic Cybersecurity Data Breaches of 2024
Cybersecurity breaches are an annual occurrence, and their severity escalates yearly as technology advances and hackers refine their tactics. 2024 witnessed a dramatic surge in cyberattacks across sectors like healthcare, finance, and critical infrastructure, with unprecedented volumes of data compromised. According to IBM’s annual Cost of a Data Breach Report, the global average cost of a data breach reached a staggering US$4.88 million (approx. £3.9 million) in 2024. This marks a 10 percent increase from the previous year, the largest annual jump since the pandemic, as breaches became more disruptive and placed greater demands on cybersecurity teams. Alarmingly, 70 percent of breached organisations reported that these incidents caused significant or very significant disruption.
In this article, we will explore the most significant data breaches of 2024, focusing on the methodologies employed by attackers, the sectors impacted, and the far-reaching consequences for both individuals and organisations.
AT&T data breach
In July 2024, AT&T, one of the largest telecom companies in the U.S., announced a massive data breach that compromised the call and text records of around 109 million customers. This breach stemmed from a vulnerability in the Snowflake cloud platform, a third-party service used by AT&T for customer data storage. Although the breach occurred in April 2024, it wasn’t publicly disclosed until July. AT&T delayed the announcement to adhere to security protocols and coordinate with law enforcement.
While the breach did not expose sensitive personal information or the content of calls and messages, it did include customer phone numbers and the numbers of those they contacted. Additionally, location data, represented by cell tower IDs, may have been compromised.
Following the announcement, AT&T indicated that the investigation is ongoing and that they have engaged cybersecurity experts to assess the extent of the breach. The company has since closed the unauthorized access point and reported that at least one suspect has been apprehended.
National Public Data breach
In August 2024, National Public Data (NPD), a leading consumer data provider for background checks, announced a major data breach that exposed around 2.9 billion personal records. This compromised data included sensitive details such as names, addresses, emails, phone numbers, and Social Security Numbers belonging primarily to U.S., U.K., and Canadian individuals.
The breach was linked to the activities of a hacker group known as USDoD, which began in late December 2023 and resulted in multiple leaks throughout 2024. In April 2024, the hacker reportedly attempted to sell 2.9 billion personal records on the dark web for US$3.5 million. The incident remained largely unnoticed until August 2024, when a California resident filed a class action lawsuit after his identity theft protection service notified him that his data had been compromised and leaked online.
Following the public exposure, NPD acknowledged the incident and immediately took action to minimize the damage and prevent future breaches. They collaborated with law enforcement to investigate the source of the breach and thoroughly reviewed all potentially affected records.
Dell data breach
In May 2024, technology giant Dell emailed customers to inform them that their personal information might have been exposed to a significant data breach. The exposed information included customer names, home addresses, and details about Dell hardware and orders, such as service tags, item descriptions, order dates, and warranty information.
While the company did not specify the cause, reports surfaced of an individual attempting to sell data allegedly obtained from the Dell breach on a hacking forum. This individual claimed to have accessed information belonging to 49 million Dell customers across various countries, including the United States, China, India, Australia, and Canada.
Dell confirmed that the breached data did not include sensitive information such as email addresses, phone numbers, or financial or payment details. To address the situation, Dell advised concerned customers to promptly report any suspicious activity related to their Dell accounts or purchases to the company’s security team via email.
Change Healthcare ransomware attack
The Change Healthcare data breach has become the largest digital theft of U.S. medical records and one of history’s most significant data breaches.
In late February, a Russian-speaking cybercriminal group known as Blackcat or Alphv claimed responsibility for hacking Change Healthcare, a major healthcare payment processor in the United States. The hackers disrupted the company’s operations for weeks, stealing a vast amount of data—potentially up to 4 terabytes—containing sensitive information such as personal details, payment information, insurance records, and medical records. This attack led to an IT system shutdown that prevented many pharmacies, hospitals, and other healthcare facilities from processing claims and receiving payments.
In response to the attack, a $22 million ransom payment was made in March. However, this payment failed to guarantee the recovery of stolen data or restore full system functionality. In April, UnitedHealth Group, the parent company of Change Healthcare, publicly acknowledged the breach. Investigations revealed that the attackers exploited a critical vulnerability: the lack of multi-factor authentication (MFA) on a Change Healthcare Citrix portal. This oversight allowed the threat actors to gain unauthorized access to the company’s systems.
Distilled
These major data breaches highlight the need for strong security measures and proactive threat intelligence. Organisations should invest in advanced technologies, enforce strict access controls, and prioritize employee cybersecurity training to protect their assets and reduce breach impacts.
.
