The Biggest Data Breaches In 2024: 1 Billion Stolen Records and Rising

An anonymous reader quotes an excerpt from TechCrunch, written by Zack Whittaker: We're over halfway through 2024, and already this year we have seen some of the biggest, most damaging data breaches in recent history. And just when you think that some of these hacks can't get any worse, they do. From huge stores of customers' personal information getting scraped, stolen and posted online, to reams of medical data covering most people in the United States getting stolen, the worst data breaches of 2024 to date have already surpassed at least 1 billion stolen records and rising. These breaches not only affect the individuals whose data was irretrievably exposed, but also embolden the criminals who profit from their malicious cyberattacks. Travel with us to the not-so-distant past to look at how some of the biggest security incidents of 2024 went down, their impact and. in some cases, how they could have been stopped. These are some of the largest breaches highlighted in the report:

AT&T's Data Breaches: AT&T experienced two data breaches in 2024, affecting nearly all its customers and many non-customers. The breaches exposed phone numbers, call records, and personal information, risking account hijacks for 7.6 million customers.
Change Healthcare Hack: A ransomware attack on Change Healthcare resulted in the theft of sensitive medical data, affecting a substantial proportion of Americans. The breach caused widespread outages in healthcare services across the U.S. and compromised personal, medical, and billing information.
Synnovis Ransomware Attack: The cyberattack on U.K. pathology lab Synnovis disrupted patient services in London hospitals for weeks, leading to thousands of postponed operations and the exposure of data related to 300 million patient interactions.
Snowflake Data Theft (Including Ticketmaster): Cybercriminals stole hundreds of millions of records from Snowflake's corporate customers, including 560 million records from Ticketmaster. The breach affected data from multiple companies and institutions, exposing vast amounts of customer and employee information.

Here's a Thought

[The Cat]

Maybe you should re-consider firing all your tech people? Because whatever you replaced them with ain't movin' the football.

Free Lifelock!

[gavron]

Cost of being responsible, having a security plan, protecting user data, and deserving trust: a lot.

Cost of blowing it all off but saying "Hey sorry YOU got hacked, here's free LifeLock for a year, have a good time" - worthless.

This is where regulation and penalties really could make a difference. NOT with our feckless "regulators".

Damn right - statutory damages are the way to go

[alispguru]

A simple fine of $100 per person's data leaked.
Data not encrypted at rest is assumed to have leaked.
No need to show actual damages, no class action lawsuits to enrich law firms and leave consumers with a year of LifeLock.

Keeping big easy-to-steal data caches needs to be a liability in addition to an asset.

A 10 million record leak should cost the leaker a billion dollars - enough to get the attention of entities as big as AT&T.

Re:

[phantomfive]

In California, the fines are up to $7500 per record leaked [clarip.com], or a statutory minimum of $100 if you want to bring a claim yourself.

The Russians have come up with a solution

[InterGuru]

Russia’s government agencies are already big fans of typewriters, using them mostly for top-secret messages intended for the president or the minister of defense, reports The Moscow News. Now, in response to revelations of US electronic surveillance by the National Security Agency, Russia’s Federal Protection Service, which protects top state officials including President Vladimir Putin, has ordered 20 typewriters, as well as 600 ink cartridges for them

Re:

[Darinbob]

I'm certain that they want mere Russian citizens to do stuff online, just so that they can spy on their own people. Putin is a big germophobe, so possibly he's dubious about touching paper that others have touched, but maybe he someone read them to him.

In a startling twist, those 600 ink cartridges require a subscription!

Re:

[quonset]

Whatever, Vadim. The fact is Ukraine has been infiltrating Russian banks and military operations since Russia invaded and has exfiltrated hordes of valuable information or disrupted operations. They recently were able to get into personnel files of high level Russian military personnel as well as operational data. This is on top of those Russians who are working on the inside to provide information to Ukraine, such as this [reuters.com] group [yahoo.com].

Re:

[Seven Spirals]

Yay, bank records. Wonderful. Will that get Crimea or Donetsk back in Ukrainian control? It sure looks like they are getting their asses kicked and the only reason it's not worse is the Russians are trying to maintain some fiction about respecting human rights and the rules of war. Otherwise they'd already be flying the flag over a rubble-field name "Kiev". I cannot wait until we swap retard A out for retard B in the White House because maybe there is some chance we'll be able to put a clamp on the $175B h

Invest in credit monitoring businesses

[Required Snark]

The only outcome will be a free credit report requirement for all the users who were completely exposed (think naked pics of ugly people) in the breaches.

This costs the incompetent organizations under a dollar per victim, maybe as low as a quarter. Even so, when you multiply that by a billion or so it adds up. You might as well find some opportunity in the ongoing massive ongoing failure of big corporations. Since nothing is going to change this could be a modest but steady way to get some economic benefi

London Drugs in Canada

[Qybix]

Massive security breach with official response saying nothing was compromised...

Unofficially they've purchased credit monitoring for all staff...

This has been a very bad year for corporate security world wide!