The year 2024 was marked by a significant rise in cyberattacks, with several high-profile data breaches causing widespread concern.

By the third quarter, tracker Check Point reported an all-time high weekly average of 1,876 cyberattacks around the world, a 75% increase from the same period in 2023.

The top targets of the cyberattacks include the education, government, healthcare, and communications sectors, according to the report.

These data breach incidents not only compromised sensitive personal information but also resulted in substantial financial losses for both individuals and organisations.

Learning how these incidents happen is important to prevent future attacks, so here’s a rundown of the seven largest data breach incidents of 2024.

Also Read: Are your employees equipped vs cyber threats?

1. Change Healthcare: Medical information exposed

The Change Healthcare data breach of 2024 was a significant cybersecurity incident that exposed the protected health information of an estimated 100 million individuals. The breach, initially detected on 21 February 2024, involved a ransomware attack where hackers not only encrypted sensitive data but also exfiltrated it from Change Healthcare's systems. This data included names, addresses, dates of birth, Social Security numbers, medical diagnoses, treatment information, and insurance details, making it the largest healthcare data breach in US history.

While the exact causes of the breach haven't been fully disclosed, it is believed that a combination of factors contributed to the incident. These likely include phishing attacks targeting employees to gain initial access, weak security practices such as inadequate password protection or insufficient employee training, and potential exploitation of software vulnerabilities within Change Healthcare's systems. The delay in discovering the data exfiltration and the subsequent analysis further exacerbated the situation, leading to a protracted investigation and notification process.

The consequences of this massive data breach were far-reaching. Affected individuals faced a significant risk of identity theft and medical fraud. Change Healthcare suffered reputational damage and incurred substantial financial losses related to the investigation, notification, and remediation efforts. The incident also prompted regulatory scrutiny and investigations by authorities like the HHS Office for Civil Rights. This breach serves as a stark reminder of the increasing cyber threats in the healthcare sector and the critical need for robust security measures to safeguard sensitive patient data.

2. The Synnovis ransomware attack

The Synnovis ransomware attack in June 2024 caused significant disruption to healthcare services across London, impacting hundreds of thousands of patients. Synnovis, a pathology partnership providing crucial diagnostic services to several NHS trusts, was targeted by hackers who gained access to their systems through a phishing email. This allowed them to deploy ransomware, encrypting critical files and demanding a ransom payment. The attack crippled essential pathology services, including blood tests, leading to the cancellation of appointments, delays in diagnoses, and postponement of critical treatments, including cancer surgeries.

The attack had a cascading effect on healthcare services across London. Hospitals like Guy's and St Thomas', King's College Hospital, and South London and Maudsley NHS Foundation Trust, which relied on Synnovis for pathology services, faced severe disruptions. The inability to process blood tests and other diagnostic results led to delays in patient care, impacting various departments and specialties. Emergency patients had to be diverted, and elective surgeries were postponed, causing significant distress and anxiety for patients and their families.

This incident highlighted the vulnerability of critical healthcare infrastructure to cyberattacks and the devastating consequences that can arise from such disruptions. It underscored the need for robust cybersecurity measures, including staff training on phishing awareness, strong email security protocols, and effective data backup and recovery systems.

3. The Ticketmaster breach

The Ticketmaster data breach in May 2024 was a major cybersecurity incident that exposed the personal information of over 500 million customers. Attributed to the notorious hacker group ShinyHunters, the breach involved the theft of sensitive data, including names, email addresses, physical addresses, and partial credit card numbers. This massive data breach impacted Ticketmaster users globally, raising serious concerns about potential identity theft and financial fraud.

While the exact details of the attack remain undisclosed, reports suggest that ShinyHunters may have exploited a vulnerability in a third-party cloud-based data warehouse used by Ticketmaster. This allowed them to gain unauthorised access to the company's systems and exfiltrate vast amounts of customer data. The breach highlighted the risks associated with relying on third-party vendors and the importance of ensuring robust security measures across the entire supply chain.

The fallout from the Ticketmaster breach was significant. Affected customers faced an increased risk of identity theft, phishing attacks, and fraudulent activities. Ticketmaster faced reputational damage and potential legal action from affected users. The incident also served as a wake-up call for businesses across all industries, emphasising the importance of strong cybersecurity practices, including data encryption, multi-factor authentication, and regular security assessments.

4. AT&T: Compromised customer data

The AT&T data breach in April 2024 involved the unauthorised access and download of customer data from the company's workspace on a third-party cloud platform. While AT&T did not initially disclose the full extent of the breach, it later revealed that the compromised data included call and text records of nearly all AT&T cellular customers, including those using MVNOs, and landline customers who interacted with those cellular numbers between May 2022 and October 2022. The breach exposed telephone numbers involved in calls and texts, and for some records, cell site identification numbers.

The attackers exploited a vulnerability in the third-party cloud platform to gain access to AT&T's data. While the stolen data did not include call or text content, personal information like Social Security numbers, or dates of birth, the exposed phone numbers and cell site data raised privacy concerns. It highlighted the potential for linking phone numbers to individuals using publicly available tools and raised questions about the security practices of both AT&T and its third-party vendor.

The AT&T data breach had significant implications for customer privacy and highlighted the growing risks associated with storing sensitive data on third-party cloud platforms. It emphasised the need for robust security measures, including strong access controls, data encryption, and regular security assessments, not only for an organisation's own systems but also for those of its vendors. The incident also sparked discussions about data retention policies and the potential for misuse of seemingly innocuous data like call records.

5. 'Grep' and Dell’s stolen data

The Dell data breach in September 2024 involved the compromise of the company's internal networks, leading to the exposure of sensitive employee data. A threat actor, using the alias "grep," claimed to have accessed and stolen data belonging to over 10,000 Dell employees and partners. The compromised data included employee IDs, full names, employment status (active or not), and internal identification strings. While Dell initially downplayed the incident as a "minor data breach," the exposed information raised concerns about potential misuse and the targeting of employees for further attacks.

The attackers reportedly gained access to Dell's internal systems through a targeted phishing campaign. This involved sending malicious emails to employees, potentially disguised as legitimate communications, which tricked them into revealing their login credentials or downloading malware. This incident highlighted the persistent threat of phishing attacks and the importance of continuous employee training and awareness programmes to mitigate such risks.

The Dell data breach served as a reminder that even large tech companies with significant resources can fall victim to cyberattacks. It emphasised the need for robust cybersecurity measures, including multi-factor authentication, strong email security protocols, and regular security assessments to identify and address vulnerabilities. The incident also underscored the importance of incident response planning and timely communication with affected individuals to mitigate the impact of a breach.

6. MediSecure: One of AU’s largest data breaches

The MediSecure data breach in May 2024 was a significant cyberattack on an Australian digital prescription service provider. Hackers targeted MediSecure, which facilitates the transfer of prescriptions between doctors and pharmacies, impacting an estimated 12.9 million Australians. This breach resulted in the theft of sensitive personal and health information, including names, dates of birth, addresses, Medicare numbers, and prescription details. The incident is considered one of the largest healthcare data breaches in Australia's history, raising serious concerns about the privacy and security of sensitive health information.

The attackers employed ransomware to encrypt MediSecure's systems and exfiltrate sensitive data before demanding a ransom payment. While MediSecure managed to restore their systems from backups, the stolen data remained compromised. The breach highlighted the vulnerability of healthcare data and the potential for misuse, including identity theft, medical fraud, and targeted phishing attacks.

The MediSecure data breach had far-reaching implications for the Australian healthcare sector. It underscored the need for robust cybersecurity measures, including strong data encryption, multi-factor authentication, and regular security assessments to protect sensitive patient information. The incident also prompted discussions about data retention policies and the importance of minimising the collection and storage of sensitive data.

Also Read: Is digital fatigue a welcome mat for cyber attacks?

7. The Snowflake attacks

The Snowflake attacks in 2024 represented a significant shift in the cybersecurity landscape, demonstrating the vulnerability of cloud-based data platforms and the potential for widespread impact. While not a direct breach of Snowflake itself, the attacks targeted its customers, exploiting compromised credentials to access their data stored on the platform. This campaign, attributed to the threat actor UNC5537, affected at least 165 organisations, including prominent names like Ticketmaster and Santander.

The attackers leveraged stolen credentials, often obtained from historical data breaches and credential stuffing attacks, to gain unauthorised access to Snowflake instances and exfiltrate sensitive data. The attacks highlighted a critical weakness in many organisations' security posture: the lack of multi-factor authentication (MFA). In most cases, the compromised accounts lacked MFA, allowing attackers to gain access with just a username and password. This incident underscored the importance of implementing MFA as a basic security measure to prevent unauthorised access, even with compromised credentials. Mandiant, a cybersecurity firm, conducted a detailed investigation into the attacks and published a report outlining the tactics, techniques, and procedures used by UNC5537.

The Snowflake attacks had a ripple effect across various industries, impacting millions of individuals and raising concerns about the security of cloud-based data storage. The incident emphasised the shared responsibility model in cloud security, where both the cloud provider and the customer play a crucial role in securing data. It also highlighted the need for proactive measures like credential monitoring, password hygiene, and regular security assessments to mitigate the risk of credential compromise.

Staying ahead of the curve in cybersecurity

These major data breaches of 2024 paint a stark picture of the evolving cyber threat landscape and the increasing vulnerability of organisations across all sectors. They serve as a wake-up call, highlighting the urgent need for a proactive and comprehensive approach to cybersecurity. Moving forward, organisations must prioritise the following:

Strengthening security fundamentals

This includes implementing robust security controls like multi-factor authentication, strong password policies, access controls, and regular security awareness training for employees.

Embracing zero trust

Adopting a Zero Trust security framework, where every user and device is verified before accessing resources, can significantly reduce the risk of unauthorised access and lateral movement within networks.

Investing in threat intelligence

Staying informed about emerging threats, vulnerabilities, and attack techniques can help organisations proactively defend against evolving cyberattacks.

Prioritising third-party risk management

Ensuring that vendors and partners adhere to stringent security standards is crucial to prevent supply chain attacks.

Developing robust incident response plans

Having a well-defined incident response plan can help organisations effectively manage and mitigate the impact of a breach.

Beyond these technical measures, organisations must also foster a culture of security awareness, where every employee understands their role in protecting sensitive data. This includes promoting responsible data handling practices, reporting suspicious activity, and staying vigilant against social engineering tactics.