Key Takeaways
Today we live in a computer-dominated cloud-based world, and this comes with many benefits, including global connectivity, increased efficiency, and automation. However, every coin is two-sided, and the world’s reliance on cyber systems goes hand-in-hand with the need for increased cybersecurity. In fact, Check Point Research found that in Q2 of 2024 alone, there was a 30% year-on-year increase in global cyber attacks. So, let’s jump into 10 of the biggest data breaches of 2024 so far.
1. Ticketmaster Ransomed for $500,000
Back in May, Ticketmaster discovered a data breach and submitted a breach notification to the Office of the Maine Attorney, stating that less than 1,000 customers had been affected. According to the Ticketmaster support document, the data breach “may include email, phone number, encrypted credit card information as well as some other personal information.”
However, Shinyhunters, the group claiming responsibility for the attack, states that they’ve breached 560 million accounts and are requesting a $500,000 ransom to prevent the sale of the data.
2. Ivanti’s in Trouble With the CISA
Ivanti is a remote-access and VPN solution provider used by government agencies like the Cybersecurity and Infrastructure Security Agency (CISA) and the Norwegian National Cyber Security Centre.
So, when threat actors unlawfully accessed Ivanti systems at the beginning of 2024, hackers reportedly “were able to steal credentials on these Ivanti devices and even access full domain compromise,” affecting up to an estimated 2,100 users. Due to a national security risk, the CISA took some of its systems offline but, luckily, reported no operational impact. Several criminal groups have claimed responsibility for the breach and Invanti has promised a complete security overhaul.
3. Change Healthcare Pay $22 million in Ransom
Change Healthcare, a separate division of UnitedHealth, processes around $15 billion in medical transactions annually — one-third of US patient records. Unfortunately, in February 2024, Change Healthcare became a victim of one of the most prominent ransomware attacks in recent history.
The root cause of the breach was that one of Change Healthcare’s servers lacked multi-factor authentication (MFA) and is thought to have affected 131 million patients. The healthcare billing company paid the $22 million ransom to the Russian-based group Blackcat. However, while the ransom has damaged Change Healthcare’s reputation and put patient data at risk, one of the most significant factors reported by the American Hospital Association was that 74% of hospitals affected reported direct patient care impact.
Cyber Risk Management Guide
4. Dell Leaks Sensitive Data
Many Dell customers received a worrisome email on the evening of May 9th from the technology giant informing them of a data breach.
Dell admitted that a database containing customer data like names, addresses, and order information had been breached through a portal. However, other personally identifiable information like payment details, email addresses, and phone numbers were not accessed.
Dark Daily Web reported that the threat actor responsible had actually accessed 49 million customer records between 2017 and 2024 and was selling the stolen customer data on the dark web. It is currently unclear if Dell paid a ransom for the data or if it was sold to a third party.
5. Tile Tracker Confirms Data Breach
Tile Trackers are bluetooth tracking devices — think the Android rival of air tags — and are used by over 20 million people. However, in June this year, Tile Tracker’s parent company, Life360, confirmed that client data had been accessed in an extortion attempt. The hacker supposedly gained access by using login credentials from a former Tile employee.
The Verge reports that “the hacker was able to collect customer information by accessing a tool made for responding to law enforcement requests about Tile Trackers. [However] the stolen information did not include precise Tile location data.”
6. AT&T Customers’ Call and Text Records Exposed in a Massive Breach
AT&T hasn’t had a great year, cybersecurity-wise. In July, the telecoms company disclosed that phone records of current and former customers were hacked three months previously. CNN reports that the FBI told AT&T to delay filing a disclosure with the Securities and Exchange Commission (SEC) due to “potential national security and public safety concerns.”
The compromised data mainly included calls and other logs like text messages between May 1, 2022, and October 31, 2022. However, since it’s relatively easy to find the names attached to phone numbers, it’s thought that the hackers could use the information to try and scam victims.
7. Ascension Suffers Ransomware Attack
Everyone makes mistakes, and unfortunately, an employee at Ascension Healthcare — a nonprofit Catholic healthcare network — made a major blunder. The worker accidentally downloaded malicious files that enabled a ransomware attack on Ascension, which manages 140 hospitals and 40 senior living facilities across 19 states.
Black Basta, the ransomware gang responsible, obtained entry to seven servers and is thought to have accessed some Protected Health Information (PHI) and Personally Identifiable Information (PII).
8. Snowflake Issues Go From Bad to Worse
Snowflake has been in a lot of trouble lately. The cloud-based data storage company has customers like Santander, AT&T, Ticketmaster, and Neiman Marcus, all of whose data has been stolen. In total, it’s thought 165 businesses have been affected.
But how could this happen? It mainly boils down to the issue that the affected account holders didn’t have MFA, so all it took was for the hackers to use stolen usernames and passwords to access the treasure trove of data.
In May, a threat actor identified as UNC5537 began publicly advertising Ticketmaster and Santander data for sale on a cybercrime forum.
9. Trello Website ‘Scraped’ for Data
At the start of the year, 15 million customers’ data was found for sale, taken from the project management tool Trello. However, a Trello spokesperson stated: “We completed an exhaustive investigation and have not found evidence to support that this data was gathered by unauthorized access. All evidence points to a threat actor testing a pre-existing list of email addresses against publicly available Trello user profiles.”
So, while Trello data hasn’t been directly hacked — rather, its website has been ‘scraped’ — the compromised data could be used for phishing attacks.
10. Bank of America Blunder Puts 57,000 Clients’ Data at Risk
Around 57,000 Bank of America (BoA) clients have had their data stolen by the LockBit ransomware group. The stolen data includes sensitive information like BoA customer names, addresses, dates of birth, and Social Security numbers, which were accessed through Infosys McCamish Systems, a financial software provider. However, only customers enrolled in the deferred compensation plan were affected
While the breach actually occurred in November 2023, customers were only informed in February 2024. Due to the delayed incident notification, BoA and Infosys McCamish Systems could be subject to law enforcement investigations.
Shield Your Data: Prevent Catastrophic Breaches
So what can businesses do to prevent a breach? Strategies like frequent employee cybersecurity training, implementing MFA, reviewing security measures on your third party cloud platform and conducting regular cybersecurity audits can be of service.
Data shows that 68% of breaches are caused by non-malicious human activity, like a worker falling victim to a phishing scam. Therefore, employee training should be a business priority. Some key training areas include phishing awareness and password security. Additionally, businesses can use simulations tools and quizzes to help engage employees and make training more effective.
Prevention is better than a cure, but sometimes things don’t go to plan. So one top tip to help businesses bounce back from a data breach is to have cyber liability insurance. It can cover loss or damage to electronic data, loss of income, cyber extortion, and forensic investigations and data recovery. This type of support and advice is an essential lifeline when companies are battling through the trenches of a cyber attack.