Some of the most damaging data breaches of all time happened in 2024, as threat actors took advantage of tools like AI to launch the most sophisticated attacks cybersecurity teams have ever faced. Ransomware, credential stuffing, and phishing were the most popular methods among attackers, continuing the trends that started last year.
Massive security incidents at some of the world’s most well-known companies exposed over 1.1 billion records, sensitive customer data, and contributed to a combined $9.5 trillion that organizations spent dealing with cybercrimes.
Even with increased security measures and vigilance, the most catastrophic breaches are so destructive they can force companies out of business.
Keep reading for more about the cyberattacks that made headlines in 2024, and learn how evolving defenses like Zero Trust and passwordless authentication can keep your organization off the list in 2025.
The Top 5 Data Breaches of 2024
National Public Data
In April, a staggering cyberattack on National Public Data, a company that provides background checks and fraud prevention, may have affected as many as 2.9 billion records and exposed the sensitive information of individuals across the U.S., Canada, and the U.K.
A hacker gained access to a zip file containing passwords that were used to access the consumer database. The stolen data was put up for sale on the dark web, including names, birthdates, email addresses, phone numbers, and social security numbers.
National Public Data cooperated with law enforcement and investigators in addition to implementing stricter security protocols that made it incompatible with some browsers.
Despite the measures, National Public Data’s parent company was forced to file chapter 11 bankruptcy in October in order to cover the legal costs and liabilities that resulted from the breach.
Change Healthcare
The notorious cybercriminal group ALPHV/BlackCat breached Change Healthcare’s network via a ransomware attack in February. Hackers gained access to a trove of information including medical and health insurance records, social security numbers, and other sensitive patient data. Over 100 million people were affected by the attack.
Change shut down its servers immediately after learning of the attack, disrupting services and causing outages across the entire healthcare industry for weeks. It was reported that UnitedHealth Group, Change’s parent company, paid a $22 million ransom — but then fell prey to a double extortion attempt.
Change’s HIPAA compliance practices were investigated by the U.S. Department of Health and Human Services. The cost of mitigating the breach, fines, and legal fees added up to over $870 million in expenses for UnitedHealth.
At a hearing, chief executive Andrew Witty admitted that the breach was carried out using a single set password, meaning one of the most damaging cyberattacks on the healthcare system in history could have been prevented using a readily available security feature like multi-factor authentication (MFA).
Ticketmaster
Hacking group ShinyHunters breached Ticketmaster via a third-party database, using phishing to steal the credentials of a Snowflake employee. The group then deployed malware inside Ticketmaster’s systems that exposed 1.3 terabytes of data from 560 million customers.
It took several days before Ticketmaster’s parent company Live Nation revealed the breach to the public, drawing scrutiny from regulators and criticism from customers whose data was compromised. Calls for stricter security policies and laws followed.
Fallout from the attack is ongoing, with costs estimated to reach tens or even hundreds of millions of dollars. The breach prompted the U.S. Department of Justice to file an antitrust lawsuit against Live Nation.
Ticketmaster was further confounded when Snowflake denied any responsibility, claiming the breach was caused by compromised customer credentials. Better insights into their supplier’s security practices might have helped Ticketmaster prevent this attack.
AT&T
In March, a data breach broker posted 73 million AT&T customer records onto a dark web forum. Information included names, phone numbers, emails, addresses, and social security numbers for over 7.9 million current customers. Many customers confirmed their leaked data was accurate.
After the data was published, a security researcher discovered that the leaked information also included encrypted passcodes, giving anyone with the information access to customer accounts. AT&T forced a mass-reset of millions of customer passcodes.
AT&T’s public statements regarding the incident have been limited. At this point, it’s still unclear if the breach happened through AT&T’s network or through a third-party vendor. It’s believed that credential stuffing was used in the original attack, but it has not been confirmed or denied by the company. Costs related to the breach are estimated to be in the tens of millions of dollars.
If credential stuffing was the culprit, better password policies or conditional access controls may have helped to prevent the attack.
While AT&T was in the middle of dealing with this breach, news dropped that hackers had stolen phone numbers and call records for almost all of AT&T’s entire customer base during part of 2022. The attack was carried out on Snowflake, a third-party cloud vendor AT&T uses to house data. Snowflake said the attack could have been avoided if customers had opted in to multi-factor authentication on their accounts — an option Snowflake offers customers but does not require.
Dell Computers
Over 49 million customer records were obtained and apparently sold on the dark web, in a breach on Dell’s systems in May. The attack looks to have been launched with credential stuffing on Dell customer sales portal. The attackers obtained information covering transactions and order details between 2017 – 2024, but there were no reported thefts of more sensitive information like credit cards or phone numbers.
Then a hacker identified as “Melenik” put the information up for sale on a cybercriminal forum. The post was quickly taken down, likely because a buyer was found. Though the information wasn’t highly sensitive, Dell urged at-risk customers to be aware of phishing attempts that looked like they were official emails coming from the company and could lead to ransomware and malware attacks.
Better access and Zero Trust monitoring controls could have mitigated the initial breach.
Monthly Breakdown of 2024 Data Breaches
Attacks against healthcare and financial institutions were on the rise, but data breaches impacted all types of organizations in 2024. Hackers continued to exploit weaknesses related to increased adoption of hybrid work environments going back to the pandemic and 2021. Third-party software and cloud vulnerabilities continued to pose a problem for many companies, as well employees using shadow IT.
With data privacy laws coming into play across the globe, penalties and legal costs will continue to make breaches more costly every year. Security teams will need to find new ways to address ongoing vulnerabilities.
Let’s break down the most notable breaches by month.
January 2024
LoanDepot fell victim to a ransomware attack by the malicious group ALPHV/BlackCat. Almost 17 million customers had their data stolen, including social security numbers, financial data, and account details. LoanDepot quickly shut down its systems to contain the attack, and provided customers two years of identity monitoring and credit protection.
Hackers exposed email addresses of over 15 million Trello users by using a public-facing API that cyber criminals manipulated to link Trello profiles to email addresses. Only email addresses were leaked, but Trello warned the threat for phishing or other malicious activity would increase to follow.
A security misconfiguration at Mercedes-Benz gave hackers access to the company’s GitHub repository, revealing source code, designs, and passwords. A cybersecurity firm alerted Mercedes to the breach, and security teams were quickly able to patch the problem and pull the repository.
February 2024
Almost $300 million in cryptocurrency was stolen from blockchain gaming giant PlayDapp. Hackers initially gained access to the platform via a compromised private key and then through multiple strikes they created and made off with nearly 2 billion PLA tokens, the platform’s native cryptocurrency.
The U.S. Cybersecurity and Infrastructure Agency (CISA) revealed that malicious actors launched a cyberattack against an unidentified government agency by exploiting a former employee’s account. The attackers used the ex-employees admin account to breach a VPN, infiltrate the network, steal more credentials, and escalate their privileges within the system. The attack could leave the agency vulnerable for an extended time frame.
Lurie Children’s Hospital suffered a crippling attack at the hands of ransomware group Rhysida. The healthcare provider was forced to shut down their systems and delay care for many patients. The attackers encrypted stolen data and put it up for auction on the dark web, demanding a $3 million bitcoin ransom.
March 2024
A third-party security incident compromised the credit card details of scores of American Express customers. Though full details have yet to be disclosed, the company quickly alerted customers to monitor their accounts for fraudulent activity. The incident prompted fears of similar attacks on other third-party vendors, and highlighted the need for better vendor monitoring and IT unification protocols.
Hackers got inside Harvard Pilgrim Health Network’s system for over two weeks during a period in 2023. In March 2024 the company revealed the sensitive health information of almost 3 million patients was stolen. The investigation into the source of the breach is still ongoing.
The International Monetary Fund (IMF) was attacked in an apparent phishing scam that compromised the accounts of several workers. The attack was contained quickly and may have prevented malicious actors from gaining access to sensitive data. The IMF revealed few details, but assured the media that top officials’ accounts were not affected by the attack.
April 2024
The United Nations Development Program was hit by notorious ransomware group 8Base. The hackers leaked sensitive government information including employee data, contracts, invoices, and vendor information.
A cyberattack that launched against Omni Hotels in January wasn’t discovered until April. The sophisticated breach involved multiple steps that used a compromised admin account to create backdoors and harvest credentials. Hacking group Daixin demanded a $3.5 million ransom to return stolen customer data. It’s unclear whether Omni paid the ransom or not.
Chinese retail giant Pandabuy suffered a data breach affecting well over 1 million customers and exposed sensitive data. The company reportedly met the hackers ransom demands, but was then hit with a double extortion attempt. Pandabuy has made few public comments regarding the incident.
May 2024
Hackers infiltrated the BBC through a cloud storage service, gaining access to over 25,000 employees’ pension information and related data. The BBC is investigating the incident and urged affected individuals to be vigilant for signs of fraud.
Dropbox revealed a data breach to users of its Dropbox Sign service. Hackers accessed email addresses, phone numbers, passwords, and MFA details. Dropbox storage cloud users were not affected.
An unchecked software vulnerability left over 450,000 JP Morgan Chase retirement plan members exposed for years, allowing thieves to steal personal information, plan information, payment information, and social security numbers. The bank was required to disclose the breach to the Maine Attorney General’s office and quickly took steps to remediate the issue.
June 2024
Millions of Tile customers could have been compromised in a data breach on Tile, a popular Bluetooth tracking device company. Hackers were said to have demanded a ransom from Tile, though Tile assured customers that no credentials, location data, or credit card info was stolen.
Truist Bank first revealed a data breach that occurred in October 2023, after employee data went up for sale online in June of 2024. Hacking group Sp1d3r demanded a $1 million ransom for the data. The leak was initially linked to a string of other incidents involving third-party cloud storage provider Snowflake, but Truist has since denied this.
In another attack with ties to Snowflake, retailer Neiman Marcus reported a data breach that affected almost 70,000 customers. Hackers gained access to personal records and gift card numbers in the breach. Later, Neiman Marcus revealed a second breach that exposed 31 million customer email addresses.
July 2024
Hackers got into internal Slack accounts at Disney stealing over 1.3 terabytes of data and gaining access to proprietary designs, artwork, and concepts for upcoming projects. Disney subsequently dropped Slack from its suite of technology providers.
After ongoing investigations into an April 2024 breach, debt collection firm FBCS disclosed that up to 4 million customers may have had names, social security numbers, birthdates, and driver’s license numbers stolen. The company initially believed 1.9 million users were affected but discovered the breach was much more damaging than thought.
August 2024
Semiconductor designer AMD suffered a data breach where cybercriminals reportedly stole internal information including employee files, assignment groups, source codes, and proprietary plans. AMD is currently investigating the incident and has yet to confirm the hackers’ claims.
Malicious actors ZeroSevenGroup reportedly stole over 240GB worth of data from Toyota Motors’ U.S. operations. The data was leaked onto a dark web forum and includes contract and financial records, customer and employee data, and business plans. The hackers also said they gained access to network infrastructure and credentials, leaving the door wide open for additional attacks. Toyota claimed the data was stolen from a third-party provider, but refrained from naming the company.
September 2024
Third-party payment processor Slim CD revealed that credit card information of up to 1.7 million customers was stolen by hackers. The company did not reveal additional information about the attackers or the attack vector.
Fortinet, a widely used internet security vendor, suffered a data breach that affected nearly 800,000 customers. The cybercriminals gained access to data on a third-party SharePoint server, once again highlighting the trend to attack vulnerabilities on third-party systems. Fortinet said its corporate offices were not targeted in the attack.
Secure Your Organization with JumpCloud
In today’s cloud-based environment, security teams are often left unaware of vulnerabilities or unable to find the resources to address issues with third parties.
Learn how JumpCloud’s centralized user and device management and security access tools can help protect your organization in this challenging environment.
Sign up for a free trial to see how tools like single sign-on (SSO) and password management improve your users’ security experience.