Cyberattacks and data breaches have become an ongoing threat in this ever-growing digital world. However, it is proven that each year, the scale of cyber-attacks and data breaches has significantly increased compared to the previous year. And 2024 has been no exception. Attacks by hackers have targeted a wide range of companies and individuals, including tech companies and government institutions.
Thus, for those who are curious to find out what the major cyberattacks and data breaches rattled organizations and individuals. In this article, we have deep-dived into the main data breaches that have dominated headlines so far in 2024. While also providing valuable insights into the constantly evolving cyber threat landscape and revealing critical security flaws.
Table of Contents
Here are the ten major cyberattacks and data breaches in 2024 that you should be aware of
1. Change Healthcare
Change Healthcare is an independent subsidiary of UnitedHealth that handles one-third of US patient records, which is $15 billion in medical transactions every year. However, in February 2024, Change Healthcare was the target of one of the most severe ransomware attacks in recent history. The attack caused widespread disruption in the US healthcare system for weeks.
The IT system shutdown in reaction to the ransomware attack impacted numerous pharmacies, hospitals, and other healthcare facilities, prohibiting them from processing claims and accepting payments. According to testimony before Congress in May, UnitedHealth paid a $22 million ransom following the incident.
The breach was caused by a lack of Multi-Factor Authentication (MFA) on one of Change Healthcare’s servers, affecting an estimated 131 million patients. According to the American Hospital Association, 74% of affected hospitals saw a direct impact on patient care. In late April, UnitedHealth stated that a “substantial proportion” of Americans’ data may have been stolen in the Change Healthcare hack.
Change Healthcare announced in June that the hack compromised sensitive patient medical data. Medical data obtained during the incident could have included “diagnoses, medicines, test results, images, care, and treatment,” according to a data breach notification posted by Change Healthcare.
2. Ivanti
The Ivanti breach took place when attackers accessed the enterprise VPN equipment. The US Cybersecurity and Infrastructure Security Agency (CISA) validated these security holes since it was one of the organizations affected. In this case, the impact was restricted to two systems, which were quickly shut down. Numerous organizations work together to detect and prevent cyber dangers.
The United States National Security Agency is one of those that continuously tracks such cyberattacks. A combined security advisory identified three vulnerabilities in Connect Secure and Policy Secure. It exposes two crucial findings, including the Ivanti Integrity Checker Tool, which can be tricked and is ineffective at detecting breaches. Furthermore, attackers can keep root-level persistence on an Ivanti device after a factory reset.
Volexity discovered vulnerabilities CVE-2023-46805 and CVE-2024-21887 during forensic examination of memory samples. These two different zero-day exploits can be coupled to allow unauthenticated remote code execution (RCE). Additionally, a third vulnerability, CVE-2024-21893, has been discovered.
The National Institute of Standards and Technology defines it as a server-side request forgery vulnerability in the SAML component of the Ivanti Connect Secure, Ivanti Policy Secure, and ZTA gateways that allow an attacker to access restricted sites without authentication.
3. Ticketmaster
Ticketmaster, an established player in the ticketing industry, suffered a serious data breach that could affect millions of customers. The company detected the breach in May and reported it to the Office of the Maine Attorney General. The breach was caused by a vulnerability in the company’s customer care portal, allowing hackers to get unauthorized access to customer information.
The gang claiming responsibility for the hack alleged to have accessed 560 million accounts and demanded a $500,000 payment to prevent the data from being sold. Thus, the exposure of personal information can lead to identity theft, financial fraud, and other security risks for affected customers.
According to a Ticketmaster support page, the data breach might include order history, email, phone number, payment information, encrypted credit card information, as well as some other personal information. After acknowledging the data breach, the company has notified its consumers via email to keep track of their accounts and credit statements. Consequently, a leak of personal information might result in financial fraud, identity theft, and other security problems for affected customers.
4. Bank of America
Bank of America was hit by a ransomware attack in February 2024, specifically targeting Mccamish Systems, one of the bank’s financial software service providers. The ransomware group reportedly took data from around 57,000 Bank of America accounts. The stolen data contains confidential data such as customer names, addresses, dates of birth, phone numbers, account numbers, and Social Security numbers. However, only customers registered in the deferred compensation scheme were impacted.
Although the incident was detected in November 2023, customers were not notified until February 2024. Due to the delay in incident notification, BoA and McCamish Systems might be subject to law enforcement investigations.
5. AT&T
AT&T announced in March that it was investigating a potential data breach after personal information from more than 70 million current and past customers was discovered on the dark web. Attackers broke into AT&T’s servers, obtaining personal data from current and previous customers, including private data such as social security numbers, account numbers, and passcodes.
After detecting the breach, AT&T claimed that the data set appeared to be dated 2019 or earlier and reappeared on the dark web in mid-March 2024. This is the most recent cyberattack AT&T has had since a January 2023 leak that affected nine million users. Following a preliminary review, the company indicated that the data set looked to be from 2019 or earlier, affecting roughly 7.6 million current AT&T account holders and about 65.4 million past account holders.
6. CDK Global
CDK Global is one of the major providers of automotive software, serving 15,000 dealerships. The company provides SaaS-based CRM, payroll, finance, and other dealership-related software services. On June 18 and 19, it was hit by cyberattacks that caused the majority of its systems to shut down. This attack specifically targeted Personally Identifiable Information (PII) such as Social Security numbers, bank account numbers, phone numbers, addresses, and credit card information.
Despite the current interruptions, CDK has confirmed that its customer service channels are presently operational. However, while recovering from the initial attack, the company was targeted by a second hack on June 19. As a result, it requires the proactive closure of most systems, resulting in major outages for a large number of vehicle dealerships. CDK is said to be considering a ransom payment, potentially worth tens of millions of dollars, to speed up system recovery.
7. Ascension
Ascension, a health group with 140 hospitals and 40 senior living facilities in 19 states, revealed in May that clinical activities had been disrupted by a ransomware attack. The nonprofit and Catholic health institution reported that on May 8, they saw strange behavior on some technology network systems. The incident led Ascension to redirect ambulances, close pharmacies, turn off vital IT systems, and record patient information on paper.
An employee at Ascension Healthcare mistakenly downloaded infected files, resulting in a ransomware attack. The ransomware gang in question acquired access to seven systems and is thought to have obtained some Protected Health Information (PHI) and Personally Identifiable Information (PII). Ascension later verified that data, including patient health information, was likely stolen during the hack. In addition, the ransomware attack caused delays in revenue cycle procedures, claims submission, and payment processing, as well as substantial remediation expenditures.
8. Dell
Dell had a severe cyberattack in May 2024, which could have an impact on its 49 million customers. Several Dell customers received a concerning email from the technology giant notifying them of a security issue. Dell acknowledged that a database containing customer information such as names, addresses, and order details had been compromised via a reseller’s client portals. Other personally identifying information, such as payment information, email addresses, and phone numbers, were not accessed.
According to reports, data reportedly gained from the breach is already being offered for sale on multiple hacker sites, implying that information belonging to about 49 million consumers between 2017 and 2024 may have been compromised.
9. Snowflake
Snowflake clients were attacked by multiple breaches in June 2024, resulting in the theft of significant amounts of data. According to reports, over 165 clients of the cloud-based data storage provider have been compromised. Clients affected include Santander Bank, AT&T, Pure Storage, Ticketmaster, Advance Auto Parts, and Neiman Marcus.
Neiman Marcus has confirmed a data breach that affected more than 64,000 customers. Also, Advance Auto Parts has disclosed that more than 2 million customers’ data has been compromised.
The attackers are thought to have used stolen usernames and passwords to get access to the data. It has been established that the impacted accounts did not have MulMulti-Factor authentication (MFA) enabled. Hackers broke into the system, obtaining access to client information like names, contact information, birthdays, and gift card numbers.
10. Tile Tracker
The Tile Tracker’s parent business, Life360, reported that user data was compromised and obtained in an extortion attempt in June 2024. Tile Trackers are Bluetooth tracking devices that are primarily designed for Android devices. And they are used by more than 20 million people worldwide. It is reported that customer names, addresses, email addresses, phone numbers, and purchase order information are among the stolen data.
The hacker allegedly got access to the server by using the login credentials of a former Tile employee. It is also said that hackers had access to tools that are used to process law enforcement location requests. However, according to the tracking device company, the hack did not compromise the location details of Tile devices or the financial information of users, such as bank account credentials.
Conclusion
As you can see, the year is not even over, and cyberattacks and data breaches have been catastrophic in many sectors. With the increased number of cyberattacks and data breaches across the globe, it is high time that individuals and businesses practice efficient security measures. Basic measures like periodic cybersecurity education, implementing biometrics in cyber security for added protection, MFA implementation, evaluating security measures on third-party cloud systems, and performing routine cybersecurity assessments can all be beneficial.
In addition, as the saying goes, prevention is better than cure. Major cyberattacks and breaches can be prevented by staying careful against phishing attacks along with installing an antivirus. Thus, it is important to enhance awareness regarding robust password security. It should include two-factor authentication and never access suspicious links or contents.
FAQs
What is the major data breach in 2024?
There were many major data breach attacks on organizations in 2024 that caused a significant amount of data theft. However, some of the major incidents include the Snowflake data breach, causing over 2.5 million customer private data breaches from over 165 clients. This massive data breach included sensitive data such as names, emails, phone numbers, and other security details.
How many ransomware attacks in 2024?
While 2023 was a record-breaking year for ransomware attacks, with over 5000 documented occurrences, 2024 is expected to be far more serious. More than 2,500 attacks involving ransomware have been detected in the first half of 2024. Each day, there are more than 14 publicly declared attacks. At this pace, 2024 will be another difficult year.
How did Snowflake get hacked?
The Snowflake data breach happened by a combination of scenarios. The breach took use of a flaw in client account security, eliminating the need for a direct vulnerability in Snowflake’s platform itself. Particularly, a Snowflake employee’s credentials were compromised. The attackers used the stolen credentials to log into Snowflake accounts, evading multi-factor authentication (MFA) in some cases.
Discover more from TheLatestTechNews
Subscribe to get the latest posts sent to your email.