Top 10 Data Breaches

The past year has laid bare the vulnerability of critical systems, with cyberattacks targeting everything from healthcare to telecommunications. Themes of negligence, inadequate security protocols, and exploitation of software vulnerabilities dominate the narrative. Hackers are becoming more audacious, exposing billions of sensitive records, crippling operations, and threatening national infrastructure.

1. AT&T: Two Breaches Exposing Customers & Non-Customers

As one of the greatest data breaches of this year, hackers accessed in july 2024 a trove of 110 million customers' metadata over six months via AT&T’s account with Snowflake. Data included phone numbers, call records, and inferred locations, with non-customers affected if they interacted with AT&T users. High-risk groups, such as domestic abuse survivors, are particularly vulnerable to misuse of this data. While AT&T reportedly paid a ransom to delete the stolen data, its long-term security implications remain dire (AT&T).

A separate incident leaked 73 million customer records, exposing names, addresses, and encrypted passcodes. A researcher demonstrated how weak encryption made the passcodes susceptible to being unscrambled, endangering 7.6 million active accounts. Despite AT&T resetting these passcodes, it has yet to identify how or where the breach occurred, signaling ongoing vulnerabilities.

2. Change Healthcare: Medical Data for Over 100 Million Americans Stolen

UnitedHealth Group’s controversial 2022 acquisition of Change Healthcare gave the conglomerate access to 50% of Americans' health insurance claims annually. While this raised antitrust and privacy alarms, the real crisis emerged in 2024 (Infosecurity). The US healthcare system was rocked in February 2024 when BlackCat/ALPHV, a Russian-speaking ransomware group, targeted Change Healthcare. The attackers encrypted critical systems and leaked data for over 100 million patients, including medical and billing information.

The attack paralyzed hospitals and pharmacies for weeks, forcing UnitedHealth Group to pay a $22 million ransom. Thee breach disrupted hospital and pharmacy operations nationwide for weeks. UnitedHealth confirmed that the attack might ultimately affect one-third of the US population.

3. Synnovis: Widespread Disruption Across London Hospitals

A ransomware group targeted Synnovis, London’s leading pathology lab, disrupting operations tied to 300 million patient interactions over decades. Thousands of surgeries and medical procedures were delayed as NHS trusts struggled to manage the fallout (NHS).

Since Synnovis refused the hackers' $50 million ransom, this resulted in the publication of partial patient data. Investigations revealed that key NHS trusts had failed to meet cybersecurity standards in the years leading to the attack.

4. Snowflake: Massive Corporate Data Leak

A series of attacks on 165 Snowflake customers led to one of the most extensive corporate data breaches ever (SC Media). Hackers exploited stolen credentials from data engineers, exposing billions of records. Notable victims included:

• Ticketmaster: 560 million records stolen, including personal information and customer activity.
• Advance Auto Parts: 79 million records leaked.
• TEG: 30 million customer profiles compromised.

Additional victims include employee data from Neiman Marcus and Santander Bank and millions of student records from the Los Angeles Unified School District. Snowflake’s lack of mandatory security protocols, such as customer multi-factor authentication, compounded the problem. Experts warn that the breach's true impact will surface as more affected organizations disclose their losses.

5. CDK Global Ransomware Attack

In June 2024, CDK Global, a software provider serving over 15,000 car dealerships, was hit by two consecutive ransomware attacks within 24 hours (Techtarget). Hackers targeted the company’s core dealer management system (DMS), disrupting CRM, payroll, and finance systems essential to dealership operations across North America.

The company faced extensive operational downtime, affecting thousands of dealerships. CDK reportedly paid a $25 million ransom to expedite recovery efforts. Despite this, restoring full functionality took weeks, underlining vulnerabilities in critical SaaS platforms.

6. National Public Data Breach

National Public Data (operating as Jerico Pictures, Inc.) informed the Maine Attorney General on August 10 of a data breach impacting 1.3 million individuals. The company also issued a security notice revealing the breach stemmed from a hacking attempt in December 2023, with potential data exposure occurring earlier this year (Microsoft).

Known for offering background checks and criminal record search services, National Public Data compiles user profiles by scraping information from public sources. While the company acknowledges the breach's direct impact on 1.3 million people, a class action lawsuit filed on August 1 alleges far greater stakes. The lawsuit claims National Public Data failed to implement adequate security measures, such as encrypting sensitive personally identifiable information (PII) or deleting unnecessary data. It further asserts that a criminal group, USDoD, advertised 2.9 billion compromised records for sale. Allegedly, these records include PII from citizens across the U.S., Canada, and the UK.

7. Ascension Health System Ransomware Attack

In May 2024, Ascension Health, one of the largest US healthcare systems, suffered a ransomware attack that halted operations across its 140 hospitals in 19 states. The breach originated from a phishing email, leading to the encryption of critical systems and exposure of sensitive patient data. Emergency services were disrupted, with ambulances diverted and medical procedures postponed, highlighting the severe impact of cyberattacks on healthcare delivery (Bleeping Computer).

Financially, Ascension reported a net loss of $1.1 billion for the fiscal year ending June 30, 2024, attributing a significant portion to the ransomware incident. The attack caused delays in revenue cycle processes, claims submission, and payment processing, underscoring the extensive operational repercussions of such breaches (HIPAA).

8. Ivanti VPN Exploitation

A zero-day vulnerability in Ivanti Connect Secure VPNs allowed a China-linked espionage group, UNC5221, to breach thousands of systems – a move detected in January 2024. Victims included high-profile targets like CISA and Mitre, with some attacks traced back to December 2023 (Google Cloud).

The attackers leveraged vulnerabilities CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (arbitrary code execution) to infiltrate and control affected systems. Emergency patches were issued following detection, but the attack revealed significant delays in addressing zero-day vulnerabilities.

9. MOVEit File Transfer Exploitation

A vulnerability in the MOVEit Transfer software, widely used for file sharing, was exploited by the Russian Clop ransomware group, affecting over 600 organizations worldwide. High-profile victims included British Airways, the BBC, and Shell. The attackers exploited a SQL injection flaw (CVE-2023-34362) that allowed unauthorized access to sensitive data, resulting in the exfiltration of personal and financial information belonging to millions of individuals (NCSC).

Clop’s extortion tactics led some companies to pay ransoms, while others faced public exposure of stolen data on the dark web. British Airways reported that details of over 100,000 employees were compromised, including bank account information. The breach highlighted systemic vulnerabilities in supply chain software, as many affected organizations relied on MOVEit for critical operations.

10. Volt Typhoon Targets US Critical Infrastructure

In January 2024, the US Department of Justice disrupted a major cyber espionage campaign by Volt Typhoon, a Chinese state-backed group. The operation involved disabling hundreds of compromised routers used to infiltrate critical sectors like energy, communications, water, and transportation (Tenable).

Volt Typhoon’s tactics relied on stealth, using legitimate tools to hide in plain sight. A February advisory revealed the group’s long-term strategy: positioning itself to disrupt essential services during geopolitical conflicts. The attack heightened concerns about China’s capability to cripple infrastructure vital to national security.