As we approach halfway through 2024, we’ve witnessed some of the most significant and harmful data breaches on record. Each new hack surpasses the previous in severity. Here is a comprehensive analysis of the biggest data breaches in 2024, including data breaches in AT&T, Snowflake, UnitedHealth, and many more.

This year has seen extensive compromises involving vast amounts of personal and medical information affecting a significant portion of the US population. To date, these breaches have involved more than 1 billion records. These incidents have severe repercussions for the individuals whose information has been compromised and by empowering the criminals who carry out these attacks.

Biggest Data Breaches in 2024 Affecting Major Companies

In recent months, several high-profile data breaches have impacted major organizations across various industries, from telecommunications and financial services to healthcare and technology. These incidents highlight growing concerns over data security and the need for robust protective measures. Here’s an overview of the key breaches reported this year:

1. AT&T

• Date of Disclosure: July 12, 2024
• Data Breach Period: May 1, 2022 – October 31, 2022
• Affected Parties: Current and former AT&T customers, mobile virtual network operators using AT&T’s network, and landline users who interacted with these cellular numbers
• Compromised Data: Call and text logs, including recipients, timing, duration, and some cell tower locations

Image source

On July 12, AT&T reported that in April 2024, hackers accessed phone records of virtually all current and former customers. This breach also extended to individuals contacted by AT&T customers, as it included call and text logs. Upon being informed, the U.S. Department of Justice approved delaying public disclosure.

The compromised data was stored on third-party cloud services and included details such as the recipients of calls and texts, the timing, and the duration. This affected not only direct AT&T cellular subscribers but also mobile virtual network operators who utilize AT&T’s network and landline users who interacted with these cellular numbers from May 1, 2022, to October 31, 2022, and a few from January 2, 2023.

The breach did not expose the contents of the communications or sensitive personal information like social security numbers or credit card details. However, the exposed phone numbers could be linked to individual identities, providing insights into personal connections. Additionally, some of the data included cell tower locations, which could give information about the customers’ geographical movements and living areas.

Recently, it was revealed that AT&T paid approximately $370,000 in bitcoin to a hacker linked with the ShinyHunters group to ensure the deletion of the stolen customer data. This payment was made on May 17th after negotiations brought down the hacker’s initial demand of $1 million. Acting through an intermediary named Reddington, the hacker confirmed the deletion with video proof.

This marked the second data breach AT&T experienced in the year. In March, a data breach broker released 73 million customer records on a cybercrime forum accessible to the public. This event occurred three years after an initial, smaller data set was revealed online. The released records included personal details such as names, phone numbers, and postal addresses, which some customers verified as accurate.

The situation escalated when a security researcher found that the leaked data included encrypted passcodes that customers use to access their AT&T accounts. The researcher informed TechCrunch that these passcodes could be decrypted relatively easily, potentially compromising the security of approximately 7.6 million active customer accounts.

2. Snowflake

• Date of Disclosure: July 2024.
• Data Breach Period: Mid-April 2024 – May 23, 2024
• Affected Parties: Around 165 companies, including major companies like Ticketmaster, Santander Bank, Advance Auto Parts, and AT&T.
• Compromised Data: The stolen data included customer information and sensitive records, which hackers attempted to sell or use for extortion.

Image source

This year, Snowflake, a prominent cloud-based data storage and analytics provider, has been embroiled in a cybersecurity issue. Recent disclosures indicate that unauthorized parties accessed its systems, potentially compromising the sensitive data of several notable clients, including Santander Bank and Ticketmaster.

Snowflake detected unusual activities in its systems around April 2024 and confirmed the possibility of unauthorized access by May 23, 2024. The company has since been actively investigating the breach and informed the affected clients, offering guidance on Indicators of Compromise (IoCs) and measures to secure their accounts.

Snowflake asserts that the breach occurred due to compromised user credentials and not because of any defects or vulnerabilities in its products. The company clarified in a statement on the Snowflake Forums that the security issue was not caused by any product misconfigurations or malicious internal actions, urging customers to check their security settings.

The breach’s impact on Santander Bank could potentially affect 30 million customers, while the Ticketmaster incident might influence up to 560 million customers.

Advance Auto Parts also reported that an attack on its Snowflake setup in April affected over 2.3 million people, with stolen data possibly including names, driver’s license numbers, and Social Security numbers. Furthermore, AT&T was among over 165 companies whose data was compromised from unsecured Snowflake accounts during April and May.

The primary cause of the breach was the exploitation of single-factor authentication credentials, which were used in a credential-stuffing attack to access customer databases.

3. UnitedHealth

• Date of Disclosure: February 21, 2024
• Data Breach Period: February 17, 2024 – February 20, 2024
• Affected Parties: Change Healthcare (part of UnitedHealth Group’s Optum), over 67,000 pharmacies, and more than 100 million individuals
• Compromised Data: Data related to claims submission, benefits verification, prior authorization, and remittance data transmission

Image source

On February 21, 2024, a significant cyberattack struck Change Healthcare, affecting hundreds of pharmacies globally and disrupting patient care. The attack is attributed to the notorious ALPHV/BlackCat ransomware group. Change Healthcare, which became part of UnitedHealth Group’s Optum healthcare business following a 2022 merger, handles prescription processing services for Optum. This subsidiary provides technology services to over 67,000 pharmacies and serves more than 100 million people.

Change Healthcare processes half of all U.S. medical claims. The breach impacted over 100 services offered by Change Healthcare, including critical operations like claims submission, benefits verification, prior authorization, and the transmission of remittance data.

The cyberattack resulted in prolonged service disruptions, stretching into weeks and leading to significant outages in hospitals, pharmacies, and healthcare practices throughout the United States. The full extent of the breach’s aftermath is still unfolding, with potential long-term consequences for those impacted. In response to the breach, a ransom was paid to prevent further data disclosure, aligning with the company’s commitment to protect patient information.

However, UnitedHealth has not disclosed the total number of individuals affected. UnitedHealth’s CEO, Andrew Witty, indicated to lawmakers that the breach might impact around one-third of Americans, with the possibility of affecting even more.

4. Synnovis

• Date of Disclosure: June 3, 2024, when the pathology laboratory experienced significant disruptions to its IT systems.
• Data Breach Period: The exact period over which data was accessed or stolen is not specified, but the data published by the hackers began appearing online by June 20, 2024, suggesting that the breach occurred prior to this date.
• Affected Parties: Patients and health service users in these areas faced disruptions and potential privacy concerns.
• Compromised Data: The data published included a partial copy from Synnovis’ administrative working drives, potentially containing personal data like names, NHS numbers, and test codes. However, the Laboratory Information Management Systems, which hold patient test requests and results, were reportedly not compromised.

Image source

In June, a cyberattack targeted Synnovis, a UK pathology lab that performs blood and tissue tests for hospitals across London, resulting in significant service disruptions. This incident led to the postponement of thousands of medical procedures as local National Health Service trusts, which depend on the lab, struggled to cope. The attack impacted over 3,000 hospital and general practitioner appointments.

A Russian ransomware group known as Qilin was responsible for the cyberattack, which compromised data from approximately 300 million patient interactions over many years. The group leaked about 400GB of sensitive information on a darknet website, similar to a previous incident at Change Healthcare, posing severe and long-lasting risks to affected individuals.

Despite the hackers demanding a $50 million ransom, Synnovis chose not to comply, which prevented the criminals from profiting but left UK officials in a difficult position, especially if the health records were to be released publicly.

It was also reported that one of the NHS trusts managing five hospitals in London did not meet the required data security standards in the years leading to the cyberattack on Synnovis.

5. Truist Bank

• Date of Disclosure:  June 13, 2024
• Data Breach Period: October 2023
• Affected Parties: Approximately 65,000 Truist Bank employees are directly affected. The breach may also impact customers whose transaction details were part of the compromised data.
• Compromised Data: The stolen data includes employee records with personal and professional information, customer bank transactions (including names, account numbers, and balances), and the source code for the bank’s Interactive Voice Response (IVR) system.

Image source

In October 2023, Truist Bank, ranked among the top 10 U.S. commercial banks by assets, was the target of a cyberattack. The breach was only confirmed recently when, on June 12, 2024, a notorious data broker on the dark web, known as “Sp1d3r,” began selling what is purported to be a large cache of stolen data from Truist Bank.

Truist operates as a bank holding company with 2,781 branches across 15 states and Washington, D.C. The data being offered for $1,000,000 includes:

• Employee Records: 65,000 records with comprehensive personal and professional details.
• Bank Transactions: Information including customer names, account numbers, and account balances.
• IVR Source Code: The source code for Truist’s Interactive Voice Response (IVR) system, used for funds transfers.

The IVR system allows customers to interact with a computer-based telephone system using voice or keypad inputs (Dual-tone multi-frequency signaling, or DTMF). This source code could allow criminals to identify and exploit security weaknesses.

6. Dell

• Date of Disclosure: May 9, 2024, after being alerted by the threat actor about vulnerabilities in their system.
• Data Breach Period: Nearly three weeks.
• Affected Parties: Approximately 49 million customers.
• Compromised Data: The data accessed includes customer names, physical addresses, and specific details related to Dell hardware and order information, such as service tags, product descriptions, order dates, and warranty details.

Image source

In May 2024, Dell experienced a significant cyberattack that could potentially impact its 49 million customers. The attacker, Menelik, disclosed that he extracted substantial data by establishing partner accounts in Dell’s system.

Once these accounts were set up, the attacker initiated brute-force attacks, continuously sending over 5,000 requests per minute to the portal for almost three weeks. During this period, Dell did not detect these activities. After sending nearly 50 million requests and extracting data successfully, Menelik contacted Dell to report the security flaw.

Dell confirmed that although no financial information was compromised, there is a possibility that sensitive customer data such as home addresses and order details could be at risk. There are reports that the data from this breach has appeared for sale on various hacker forums, indicating that information on roughly 49 million customers has been compromised.

Conclusion

The data breaches of 2024 have underscored the critical need for enhanced cybersecurity measures across various industries. The breaches at AT&T, Snowflake, UnitedHealth, Synnovis, Truist Bank, and Dell have collectively impacted billions of records, exposing sensitive personal and professional information. These incidents have compromised individuals’ privacy and revealed significant vulnerabilities within major corporations and their data management practices.

As hackers refine their methods, organizations must invest in stronger security protocols, regular audits, and comprehensive response strategies. This year’s events serve as a stark reminder that robust cybersecurity defenses are essential in protecting corporate assets and individual privacy in an increasingly digital world.