3 min read
The rise of data breaches in 2024: 1 billion records stolen and counting
Farah Amod Aug 20, 2024 10:37:36 AM
Even though 2024 isn’t over yet, it’s already marked by some of the most severe data breaches in recent history. Each time it seems like the situation couldn’t get worse, it does. Huge volumes of customer information have been stolen and leaked online, while medical data for millions in the US has been compromised. With over 1 billion records breached so far, these attacks continue to harm individuals and fuel criminal activity.
What happened
AT&T's double whammy
The telecommunications giant AT&T found itself at the center of not one, but two major data breaches in 2024. The first incident occurred in July, where cybercriminals managed to steal a cache of data containing phone numbers and call records of nearly all of AT&T's 110 million customers, spanning a six-month period in 2022 and, in some cases, even longer. While the stolen data did not include the contents of calls or text messages, the metadata alone revealed sensitive information about who called whom and when, potentially putting high-risk individuals like domestic abuse survivors at risk.
Just months earlier, in March, a data breach broker had dumped online a full cache of 73 million AT&T customer records, including personal information such as names, phone numbers, and postal addresses. The exposure of encrypted passcodes used for accessing customer accounts further compounded the issue, putting millions of existing AT&T accounts at risk of hijacking.
Change Healthcare hack
The healthcare sector faced a blow when the ransomware attack on Change Healthcare, a health tech company, resulted in the theft of sensitive medical data on a substantial proportion of people in the United States. The attack, which lasted for weeks, caused widespread outages at hospitals, pharmacies, and healthcare practices across the country, disrupting patient services.
While the exact number of affected individuals remains unclear, UnitedHealth, the parent company of Change Healthcare, has acknowledged that the stolen data may impact around one-third of Americans, and potentially even more. The ramifications of this breach are likely to be far-reaching and long-lasting, as the personal, medical, and billing information of millions of Americans has now fallen into the hands of cybercriminals.
Synnovis ransomware attack
Across the Atlantic, the U.K. healthcare system faced its own crisis when a Russian ransomware gang targeted Synnovis, a pathology lab that serves hospitals and health services in the U.K. capital. The cyberattack resulted in the theft of data related to some 300 million patient interactions, dating back several years.
The impact of this breach was immediate and severe, as local National Health Service (NHS) trusts were forced to postpone thousands of operations and procedures, leading to the declaration of a critical incident across the U.K. health sector. Despite Synnovis' refusal to pay the $50 million ransom, the stolen data remains a looming threat, as the hackers have already published some of it online in an effort to extort the lab.
Going deeper
The data breaches of 2024 were not limited to individual companies; they also exposed the vulnerabilities in modern data ecosystems. The cloud data giant Snowflake found itself at the center of a series of data thefts, as cybercriminals exploited stolen credentials of data engineers to access the Snowflake environments of some of the world's biggest companies.
The impact affected an alleged 560 million customer records stolen from Ticketmaster, 79 million from Advance Auto Parts, and 30 million from TEG. Mandiant, the incident response firm, reported that around 165 Snowflake customers had data stolen from their accounts, in some cases a "significant volume of customer data." This incident represented the need for stronger security measures and better oversight of third-party data providers.
Why it matters
The data breaches of 2024 have far-reaching effects beyond their immediate impact on individuals and organizations. They reveal the ongoing struggle between cybercriminals and those protecting sensitive information.
With over 1 billion records compromised, these breaches showcase the increasing sophistication of attackers. The exposure of personal, medical, and financial data puts individuals at risk of identity theft and fraud while eroding public trust in the ability of companies and institutions to safeguard their information.
Incidents like the Synnovis ransomware attack and Change Healthcare hack stress the need for stronger cybersecurity in healthcare, where breaches can have life-altering effects. The Snowflake incident also points to the need for careful scrutiny of third-party providers, whose vulnerabilities can impact both clients and individuals.
As digital reliance continues to grow, these breaches reiterate the pressing demand for better cybersecurity strategies, stronger regulatory oversight, and a unified effort to protect sensitive data.
FAQs
What is a data breach?
A data breach is an incident where sensitive, protected, or confidential data is accessed, disclosed, or stolen by unauthorized individuals. This can include personal information such as names, social security numbers, credit card details, and medical records. Data breaches can occur through various means, such as hacking, malware attacks, insider threats, or inadequate security measures.
Can legal action result from a data breach?
Yes, legal action can result from a data breach, as affected individuals or organizations may sue for damages caused by the breach.
How can healthcare organizations prevent data breaches?
Healthcare organizations can reduce the risk of data breaches by implementing strong cybersecurity measures, conducting regular security training for employees, and using encryption to protect sensitive data.
What should a healthcare organization do immediately after discovering a data breach?
Upon discovering a data breach, a healthcare organization should contain the breach, assess the scope of the impact, notify affected individuals and relevant authorities, and begin an investigation to understand how the breach occurred and how to prevent future incidents.