Topics

late

AI

Amazon

Article image

Image Credits:Bryce Durbin / TechCrunch

Apps

Biotech & Health

Climate

render of a data breach

Image Credits:Bryce Durbin / TechCrunch

Cloud Computing

Commerce

Crypto

go-ahead

EVs

Fintech

Fundraising

Gadgets

Gaming

Google

Government & Policy

Hardware

Instagram

layoff

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

societal

infinite

inauguration

TikTok

Transportation

Venture

More from TechCrunch

Events

Startup Battlefield

StrictlyVC

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

We ’re almost at the oddment of 2024 , a twelvemonth that will go down as having seen some of the cock-a-hoop , most damaging data breaches in late history . And just when you think that some of these hacks ca n’t get any worse , they do .

From huge stores of client ’ personal data getting scrape , stolen , and post online , to reams of medical data covering most people in the United States getting stolen , the worst information breaches of 2024 have surpassed 1 billion stolen platter and are rising . These falling out not only affect the individuals whose information was irretrievably exposed , but also embolden the criminals who profit from their malicious cyberattacks .

Travel with us to the not - so - distant past to attend at how some of the big security incidents of 2024 went down , their wallop , and , in some typesetter’s case , how they could have been stopped .

AT&T’s data breaches affect “nearly all” of its customers, and many more non-customers

For AT&T , 2024 has been a very unsound year for information security . The telecoms giant confirmed not one , but two separate data breaches just months apart .

In July , AT&T aver cybercriminals had slip acache of datum that contained phone numbers and call records of “ nearly all ” of its customers , or around 110 million people , over a six - month period in 2022 and in some character longer . The data was n’t steal now from AT&T ’s system , but from an news report it had with data point heavyweight Snowflake ( more on that later ) .

Although the stolen AT&T data is n’t public ( andone news report suggests AT&T paid a ransom money for the hack to delete the steal data ) and the datum itself does not contain the contents of calls or textbook subject matter , the “ metadata ” still reveals who phone who and when , and in some cases the data can be used to infer approximate locations . Worse , the data include phone number of non - customers who were call by AT&T customer during that time . That data becoming publiccould be dangerous for higher - risk individuals , such as domesticated abuse survivors .

That was AT&T ’s second data breach this year . Earlier in March , a data point breach broker dump online a full cache of 73 million customer records to a known cybercrime assembly for anyone to see , some three old age after a much pocket-size sample was teased online .

The print information include customer ’ personal info , include name , speech sound number and postal address , withsome customer confirming their data was accurate .

But it was n’t until a security researcher discovered that the uncover data hold in encrypted passcodes used for accessing a client ’s AT&T describe that the telecoms monster assume action . The security researcher told TechCrunch at the time that the code passcodes could be easily unscrambled , putting some 7.6 million existing AT&T client accounts at risk of exposure of hijack . AT&T personnel - readjust its customers ’ account passcodesafter TechCrunch alarm the society to the researcher ’s finding .

One large whodunit remains : AT&T stilldoesn’t know how the data leaked or where it came from .

Change Healthcare hackers stole medical data on “substantial proportion” of people in America

In 2022 , the U.S. Justice Department action health indemnity colossus UnitedHealth Group to lug its attempt skill of wellness tech colossus Change Healthcare , fearing thatthe deal would give the healthcare conglomerate broad accessto about “ half of all Americans ’ health insurance claims ” each year . The bid to block the deal in the end break . Then , two years afterward , something far worse hap : Change Healthcare was hackedby a prolific ransomware gang ; its almighty depository financial institution of sensitive wellness information were steal because one of the company’scritical system was not protect with multi - factor assay-mark .

The lengthy downtime have by the cyberattack dragged on for weeks , causing widespread outagesat infirmary , pharmacies and health care practices across the United States . But the consequence of the data severance has yet to be in full realise , though the consequences for those affected are probable to be irreversible . UnitedHealth say the stolen information — whichit paid the cyberpunk to incur a transcript — includes the personal , medical and charge informationon a “ substantial symmetry ” of peoplein the United States .

The wellness behemoth ’s main executive , Andrew Witty , told lawmakers thatthe breach may dissemble around one - third of Americans , and potentially more . At least100 million multitude are now known to be affectedby the breach , but the final bit is likely to mount .

Synnovis ransomware attack sparked widespread outages at hospitals across London

A June cyberattack on U.K. pathology science laboratory Synnovis — a blood and tissue examination lab for hospitals and health services across the U.K. Washington — caused ongoing far-flung disturbance to patient services for weeks . The local National Health Service trusts that rely on the laboratory remit thousands of operation and procedure following the hack , prompt the proclamation of a decisive incident across the U.K. health sphere .

A Russia - base ransomware crew was blame for the cyberattack , which sawthe thievery of datum pertain to some 300 million patient interactionsdating back a “ significant number ” of years . Much like the data falling out at Change Healthcare , the ramifications for those affected are probable to be significant and life - long-lived .

Some of the data point was already publish online in an effort to extort the lab into paying a ransom money . Synnovis reportedlyrefused to pay the cyber-terrorist ’ $ 50 million ransom , preventing the gang from profiting from the hacker but leavingthe U.K. governance scramble for a planin showcase the hackers post millions of wellness disc online .

One of the NHS trusts that runs five hospitals across London affected by the outagesreportedly betray to encounter the data point security standardsas required by the U.K. wellness avail in the year that ran up to the June cyberattack on Synnovis .

Ticketmaster had an alleged 560 million records stolen in the Snowflake hack

A series of data point larceny from cloud data giant star Snowflake quickly snowballed into one of the biggest break of the twelvemonth , thanks to the vast amounts of information steal from its corporal customers .

Cybercriminals swiped hundreds of meg of customer data from some of the world ’s biggest company — includingan alleged 560 million records from Ticketmaster,79 million records from Advance Auto Partsandsome 30 million phonograph record from TEG — by usingstolen credentialsof data railroad engineer with access to their employer ’s Snowflake environments . For its part , Snowflake does not require ( or enforce ) its client to use the security department feature , which protects against intrusions that rely on stolen or reprocess passwords .

Incident response firm Mandiant saidaround 165 Snowflake customers had data stolenfrom their accounts , in some case a “ significant volume of customer information . ” Only a smattering of the 165 companies have so far confirmed their environments were compromise , which also includes decade of thousands of employee record fromNeiman MarcusandSantander Bank , andmillions of record of students at Los Angeles Unified School District . look many Snowflake customers to come forwards .

(Dis)honorable mentions

Cencora apprize over a million and count that it lost their data point :

U.S. pharma titan Cencoradisclosed a February data breachinvolving the via media of patient ’ health data , selective information that Cencora obtained through its partnerships with drug makers . Cencora has steadfastly turn down to say how many citizenry are affected , buta counting by TechCrunch shows well over a million peoplehave been notified so far . Cencora say it ’s served more than 18 million patients to escort .

MediSecure data breach affects one-half of Australia :

nigh to 13 million people in Australia — roughly half of the country ’s population — had personal and health data stolen ina ransomware attack on prescriptions supplier MediSecurein April . MediSecure , which distribute prescription medicine for most Australians until tardy 2023,declared insolvencysoon after the mass theft of customer data point .

Kaiser shared wellness data on meg of affected role with advertisers :

U.S. wellness insurance giantKaiser unwrap a data breachin April after inadvertently sharing the private wellness information of 13.4 million affected role , specifically internet site search terms about diagnosing and medications , with technical school troupe and advertizer . Kaiser said it used their tracking code for web site analytics . The wellness insurance provider disclosed the incident in the wake of several   other telehealth startups , likeCerebral , Monument and Tempest , let in they too shared datum with advertisers .

USPS shared postal address with technical school giants , too :

And then it was the tour of theU.S. Postal Service caught sharing postal addressesof logged - in users with advertisers like Meta , LinkedIn and Snap , using a interchangeable tracking code provide by the companies . USPS removed the tracking code from its internet site after TechCrunch notify the postal help in July of the unlawful data sharing , but the government agency would n’t say how many individuals had data collected . USPS has over 62 million Informed Delivery users as of March 2024 .

Evolve Bank data breach feign fintech and startup customer :

A ransomware attack targetingEvolve Banksaw the personal information of more than 7.6 million mass stolen by cybercriminals in July . Evolve is a banking - as - a - service giant servingmostly fintech companies and inauguration , like Affirm and Mercury . As a solution , many of the person notified of the data point breach had never heard of Evolve Bank , let alone have a relationship with the business firm , prior to its cyberattack .

National Public Data depart broke after millions of SSNs stolen

The society behind the data agent National Public Datafiled for Chapter 11 bankruptcy protection in October , months after a massive data severance expose some 3 billion records impress around 270 million individual , according to various analysis by security researchers . The data broker allowed its pay customers access to its vast database of names , date of birth , email and postal addresses , phone numbers , and Social Security numbers ( even thoughnot all of the data was accurate ) . The fellowship said it had to file for failure , as it can no longer engender the revenue to treat the pelter of course - action lawsuits and jump on liability from state and Union regulators .

First published on June 28 and update on October 14 .