We're more than halfway into 2024, and we've already witnessed some of the largest and the most damaging data breaches in recent history. And just when you thought some of these hacks couldn't be much worse, they did. The worst data breaches of 2024 to date have already surpassed at least 1 billion stolen records and are expected to rise further. These breaches have an impact not just on the individuals whose data was irretrievably compromised, but also embolden the criminals who profit from their malicious cyberattacks.
AT&T data leak
Three years after an internet hacker leaked a sample of allegedly stolen AT&T customer data, a data breach broker released the whole cache of 73 million user records to the public on an infamous cybercrime forum in March. consumers' names, phone numbers, and postal addresses were among the personal information released in the data, and some consumers attested to the accuracy of their information.
However, the telecom giant didn't respond until a security researcher found that the exposed data contained encrypted passwords needed to access a customer's AT&T account. The security researcher told TechCrunch at the time that the encrypted passwords were easily unscrambled, placing roughly 7.6 million existing AT&T user accounts at risk of hijacking. After TechCrunch reported the researcher's findings, AT&T asked its users to reset their account passwords.
Synnovis ransomware attack
A June cyberattack on Synnovis, a blood and tissue testing lab serving hospitals and health institutions in the United Kingdom's capital, caused weeks of severe disruption to patient services. Following the attack, the local National Health Service trusts that rely on the lab postponed thousands of operations and treatments, triggering the UK health sector to call for a serious emergency.
A Russia-based ransomware gang was blamed for the cyberattack, which resulted in the theft of data relating to nearly 300 million patient interactions over a "significant number" of years. The implications for those affected, similar to those of the Change Healthcare data breach, are expected to be severe and long-lasting.
Snowflake hack
A series of data thefts from cloud data provider Snowflake quickly escalated into one of the year's largest breaches, thanks to the massive volumes of data stolen from its corporate customers.
Cybercriminals stole hundreds of millions of customer records from some of the world's largest companies, including an alleged 560 million records from Ticketmaster, 79 million records from Advance Auto Parts, and approximately 30 million records from TEG, by using stolen credentials of data engineers with access to their employers' Snowflake environments. Snowflake, for its part, does not demand (or enforce) that its customers employ the security feature, which protects against breaches based on stolen or reused passwords.
