Data Security

Most recent data breaches in 2024: updated stats

norman@preyhq.com
Norman G.
2024-08-30
0 minute read
Most recent data breaches in 2024: updated stats

In 2024, data breaches have become a harsh reality that none of us can ignore. From the biggest companies to essential government agencies, it feels like no one is safe from the increasing number of cyber threats. With so much of our personal and sensitive information being shared and stored online, the risks are higher than ever—and the consequences can be devastating.

Just in the first half of this year, over 1 billion records have been exposed in data breaches. These incidents, affecting everything from our finances to our healthcare, serve as a stark reminder of why we need to be vigilant about protecting our data. But it's not all doom and gloom—by learning from these events, we can take steps to better safeguard ourselves and our communities.

In this article, we’ll dive into some of the most significant data breaches of 2024. We’ll break down what happened, why it happened, and what we can learn from these situations to stay safer in the future. By understanding these stories, we can all get a little bit smarter about how to protect our digital lives.

August 2024

  1. Massive Data Breach Hits Indonesia's National Civil Service Agency
    • Date: August 11, 2024
    • Affected: National Civil Service Agency (BKN) in Indonesia
    • What Happened: A hacker, known by the alias TopiAx, infiltrated the database of Indonesia's National Civil Service Agency (BKN), extracting over 4.7 million records. This data included highly sensitive information such as names, phone numbers, and email addresses of civil servants. The breach was initially claimed by the hacker on social media, and local cybersecurity experts later confirmed the legitimacy of the leaked data.
    • Impact: The breach has caused significant concern in Indonesia, highlighting the vulnerabilities within government databases. The exposed information could be used for identity theft, blackmail, or other malicious activities. The incident has damaged public trust in the government's ability to protect personal data, leading to calls for stricter cybersecurity measures across governmental institutions.
    • Source: Indonesia Business Post
  2. Australia's Evolution Mining Targeted in Cyberattack
    • Date: August 10, 2024
    • Affected: Evolution Mining, a major gold mining company in Australia
    • What Happened: Evolution Mining reported a severe ransomware attack that led to a partial shutdown of its operations. The attackers encrypted critical data and demanded a ransom to unlock the systems. The breach caused significant operational disruptions, particularly in mining and production facilities.
    • Impact: The attack has exposed the vulnerabilities in critical infrastructure, particularly in the mining sector, which is crucial to Australia’s economy. The financial losses incurred due to the halted operations and potential ransom payment could be substantial. Additionally, the breach could lead to a loss of investor confidence and increased scrutiny from regulatory bodies, pushing the industry to adopt more stringent cybersecurity practices.
    • Source: Reuters
  3. Ohio School Boards Association Cyberattack
    • Date: August 8, 2024
    • Affected: Ohio School Boards Association (OSBA)
    • What Happened: A cyberattack compromised the IT infrastructure of the Ohio School Boards Association (OSBA), leading to the disruption of its website and email services. The timing of the attack, just before the new school year, exacerbated its impact, as communication between the OSBA and its 3,500 member school districts was critically hindered.
    • Impact: The breach significantly disrupted the start of the school year, affecting thousands of students, teachers, and administrators across Ohio. The incident has raised concerns about the security of educational institutions' IT systems and highlighted the need for stronger cybersecurity measures in the education sector. The OSBA may face legal challenges and reputational damage as a result.
    • Source: The CW Columbus

July 2024

  1. AT&T Data Breach
    • Date: July 11, 2024
    • Affected: Nearly all of AT&T's wireless customers
    • What Happened: A massive data breach occurred when hackers gained unauthorized access to AT&T’s third-party cloud service provider, Snowflake. The breach involved the theft of sensitive data from nearly 90 million AT&T wireless customers, including call logs, text message details, and some personal information. The breach was not immediately detected, allowing the hackers to exfiltrate data over an extended period.
    • Impact: This breach is one of the largest in 2024, with severe implications for the privacy and security of millions of AT&T customers. The stolen data could be used for identity theft, social engineering attacks, and other malicious activities. AT&T faces potential lawsuits, regulatory scrutiny, and a significant loss of customer trust, which could impact its market position and financial performance.
    • Source: The Wall Street Journal
  2. Lulu Hypermarket Breach
    • Date: July 10, 2024
    • Affected: Lulu Hypermarket, a major retail chain in the UAE
    • What Happened: The hacker group IntelBroker claimed responsibility for breaching the database of Lulu Hypermarket, one of the largest retail chains in the Middle East. The breach resulted in the exposure of personal details for over 200,000 customers, including names, addresses, and purchase histories. The attackers accessed the data through a vulnerability in the retailer's online shopping platform.
    • Impact: The breach has caused significant concern among Lulu Hypermarket customers, many of whom are high-net-worth individuals in the UAE. The incident has damaged the company’s reputation, potentially leading to a decline in customer trust and sales. Additionally, the retailer may face legal action from affected customers and increased regulatory scrutiny, prompting a review of its cybersecurity practices.
    • Source: HackRead
  3. Disney Slack Messages Leak
    • Date: July 15, 2024
    • Affected: Disney
    • What Happened: A hacktivist group known as NullBulge infiltrated Disney’s internal Slack channels, extracting 1.1 terabytes of data, including sensitive project details, internal communications, and employee login credentials. The hackers released a portion of the data publicly, claiming it was part of a campaign to expose corporate malpractices.
    • Impact: The leak poses significant risks to Disney's intellectual property and internal security. The exposure of sensitive project details could lead to financial losses, especially if proprietary information is used by competitors or other malicious entities. Additionally, the breach has raised concerns about the security of internal communication tools like Slack, prompting Disney and other companies to re-evaluate their security protocols. The incident could also lead to legal challenges and a loss of trust among employees and partners.
    • Source: WIRED

June 2024

  1. Life360 Data Breach
    • Date: June 12, 2024
    • Affected: Life360 and its Tile tracker users
    • What Happened: Hackers exploited a vulnerability in the backend systems used by Life360, specifically targeting the integration with law enforcement tools designed to help locate missing persons. The attackers gained unauthorized access to a massive database, exfiltrating names, addresses, phone numbers, and other personal data of millions of users.
    • Impact: The breach has serious implications for privacy, as the stolen data could be used for identity theft or stalking. Life360, a service trusted by families for safety, faces a significant loss of user trust. The breach also sparked a broader debate about the security of surveillance and tracking tools, especially those integrated with law enforcement.
    • Source: The Verge
  2. Cylance Data Breach
    • Date: June 11, 2024
    • Affected: Blackberry-owned cybersecurity firm Cylance
    • What Happened: A sophisticated cyberattack targeted Cylance’s internal systems, resulting in the theft of 34 million emails and other sensitive data. The attackers used advanced persistent threat (APT) techniques, bypassing multiple layers of security. The stolen data was later found for sale on the dark web.
    • Impact: This breach is particularly alarming because Cylance is a cybersecurity firm, trusted to protect other organizations. The incident undermines confidence in cybersecurity providers and highlights the risks of APTs. The exposure of sensitive communications could have long-lasting repercussions, potentially affecting Cylance’s partnerships and client base.
    • Source: TechRadar Pro
  3. Holograph Crypto Exchange Breach
    • Date: June 13, 2024
    • Affected: Holograph Crypto Exchange
    • What Happened: Attackers exploited a flaw in Holograph's smart contract code, enabling them to siphon off $26 million worth of Bitcoin and Ether. The breach was executed through a series of complex transactions that went unnoticed until it was too late to reverse the damage.
    • Impact: The breach has severely shaken trust in decentralized financial platforms, highlighting vulnerabilities in the coding of smart contracts. Investors and users of Holograph suffered significant financial losses, and the incident has led to calls for tighter regulation and security standards in the cryptocurrency industry.
    • Source: Coinspeaker

May 2024

  1. Ticketmaster Data Breach
    • Date: May 29, 2024
    • Affected: Ticketmaster customers
    • What Happened: The hacker group ShinyHunters infiltrated Ticketmaster's customer database, extracting sensitive data from over 500 million users. The breach involved stealing personal information such as names, email addresses, physical addresses, and partial credit card numbers.
    • Impact: This breach is one of the largest in recent history, affecting a vast number of customers worldwide. The stolen data could lead to widespread identity theft and financial fraud. For Ticketmaster, the breach has damaged its reputation, potentially leading to a loss of consumer confidence and legal repercussions.
    • Source: Mashable
  2. BBC Employee Data Breach
    • Date: May 30, 2024
    • Affected: BBC employees and former employees
    • What Happened: A data breach exposed the personal details of over 25,000 current and former BBC employees. The breach was caused by a vulnerability in the BBC's internal HR system, which hackers exploited to gain access to sensitive employee data, including Social Security numbers, birthdates, and bank account details.
    • Impact: The breach has significant implications for the affected employees, as their personal data could be used for identity theft or financial fraud. The incident also raises serious concerns about the security of sensitive employee information within large organizations. The BBC faces potential lawsuits and regulatory scrutiny as a result.
    • Source: The Guardian
  3. DMM Bitcoin Exchange Hack
    • Date: May 31, 2024
    • Affected: DMM Bitcoin, a Japanese cryptocurrency exchange
    • What Happened: Hackers exploited a vulnerability in DMM Bitcoin’s hot wallet system, allowing them to siphon off $305 million worth of Bitcoin. The attackers used a combination of phishing and social engineering tactics to gain access to the exchange’s private keys.
    • Impact: The breach is one of the largest cryptocurrency thefts of 2024, severely impacting the exchange and its users. The financial loss is substantial, and the breach has led to increased scrutiny of security practices in the cryptocurrency industry. The incident may also prompt regulatory changes, as governments and financial authorities seek to prevent similar breaches in the future.
    • Source: CoinDesk

April 2024

  1. Florida Memorial University Cyberattack
    • Date: April 1, 2024
    • Affected: Florida Memorial University
    • What Happened: A ransomware attack targeted Florida Memorial University, encrypting critical data and demanding a ransom for its release. The attackers gained access through a phishing email that tricked a staff member into downloading malicious software. The university’s systems, including those handling student records, financial information, and communication channels, were all affected.
    • Impact: The attack significantly disrupted the university’s operations, delaying the start of classes and preventing access to vital student services. The exposure of personal data also posed a risk to the privacy of students and staff. The university faced significant costs in restoring systems and improving cybersecurity measures to prevent future attacks.
    • Source: The Miami Times
  2. Jackson County Ransomware Attack
    • Date: April 2, 2024
    • Affected: Jackson County, Kansas
    • What Happened: A ransomware attack crippled Jackson County’s IT infrastructure, shutting down public services including tax payments, property data searches, and online court records. The attackers demanded a substantial ransom to decrypt the county’s data, which had been backed up but not in a fully recoverable state.
    • Impact: The attack brought county operations to a standstill, affecting thousands of residents who rely on these services. The disruption also led to financial losses for the county, as the ransom payment and subsequent recovery efforts were costly. The incident highlighted the vulnerabilities in public sector IT systems, prompting a review of security practices across other counties.
    • Source: The Kansas City Star
  3. Hoya Lens Cyberattack
    • Date: April 3, 2024
    • Affected: Hoya Corporation, a Japanese lens manufacturer
    • What Happened: A cyberattack on Hoya Corporation forced the company to halt production at its lens manufacturing facilities. The attackers used ransomware to encrypt critical manufacturing data, effectively stopping production lines. The attack is believed to have been carried out by a group targeting critical infrastructure in Japan.
    • Impact: The breach had a significant impact on Hoya’s operations, leading to delays in the production and delivery of eyeglass lenses worldwide. This disruption affected both consumers and businesses that rely on Hoya’s products. The incident also raised concerns about the security of manufacturing processes, especially in industries that rely heavily on just-in-time production methods.
    • Source: Reuters

March 2024

  1. France Travail Data Breach
    • Date: March 13, 2024
    • Affected: French government department France Travail
    • What Happened: A massive data breach occurred when hackers infiltrated France Travail’s IT systems, accessing a database containing the personal information of up to 43 million French citizens. The data included names, addresses, Social Security numbers, and employment details. The breach was traced back to a vulnerability in the department’s data management software.
    • Impact: The breach has far-reaching implications for millions of French citizens, potentially leading to identity theft and other forms of fraud. The incident has also sparked a national debate about the security of government-held data and the need for stronger data protection measures. France Travail has faced significant criticism for its handling of the breach, and the government is under pressure to improve its cybersecurity infrastructure.
    • Source: The Register
  2. Poh Heng Jewellery Data Breach
    • Date: March 25, 2024
    • Affected: Poh Heng Jewellery, Singapore
    • What Happened: Unauthorized access to Poh Heng’s customer database resulted in the exposure of sensitive customer information, including names, addresses, and purchase histories. The attackers exploited a weakness in the company’s e-commerce platform, gaining access to the data through an unsecured API.
    • Impact: The breach has affected the privacy of thousands of customers, many of whom are high-profile individuals in Singapore. The incident has damaged Poh Heng’s reputation as a trusted luxury retailer, and the company is facing potential legal action from affected customers. The breach also highlights the importance of securing online platforms, especially in industries that handle high-value transactions.
    • Source: Channel News Asia
  3. Big Issue Group Ransomware Attack
    • Date: March 28, 2024
    • Affected: Big Issue Group, UK
    • What Happened: The ransomware gang Qilin launched a cyberattack on Big Issue Group, a UK-based organization that supports the homeless. The attackers encrypted the organization’s data and demanded a ransom for its release, threatening to publish sensitive employee and financial information if the ransom was not paid.
    • Impact: The attack severely disrupted Big Issue Group’s operations, delaying the distribution of the magazine that funds their programs and affecting their ability to support the homeless community. The exposure of sensitive data could also have long-term consequences for the organization’s employees and donors. The incident underscores the vulnerability of non-profit organizations to cyberattacks, particularly those that rely on donations and public trust.
    • Source: Computing UK

February 2024

  1. American Vision Partners Data Breach
    • Date: February 6, 2024
    • Affected: American Vision Partners, a healthcare provider
    • What Happened: Hackers gained unauthorized access to American Vision Partners’ patient database, compromising the sensitive information of 2.35 million eyecare patients. The breach involved the theft of names, Social Security numbers, medical records, and insurance information.
    • Impact: The breach has severe implications for the affected patients, as the stolen data could be used for identity theft, insurance fraud, and other malicious activities. The incident has also raised concerns about the security of healthcare data and the need for stronger protections in the healthcare industry. American Vision Partners faces potential lawsuits and regulatory penalties as a result of the breach.
    • Source: Strauss Borelli
  2. Tangerine ISP Data Breach
    • Date: February 20, 2024
    • Affected: Tangerine, an Australian internet service provider
    • What Happened: A cyberattack on Tangerine’s customer database resulted in the exposure of personal information belonging to over 200,000 customers. The attackers exploited a vulnerability in the ISP’s billing system, gaining access to customer names, dates of birth, and contact details.
    • Impact: The breach has compromised the privacy of a significant number of customers, potentially leading to identity theft and phishing attacks. Tangerine’s reputation as a reliable ISP has been damaged, and the company may face regulatory scrutiny and legal action from affected customers. The incident also highlights the need for stronger security measures in the telecommunications industry.
    • Source: The Sydney Morning Herald
  3. Change Healthcare Cyberattack
    • Date: February 21, 2024
    • Affected: Change Healthcare, a U.S. health tech giant
    • What Happened: A cyberattack on Change Healthcare’s IT infrastructure led to a network disruption, forcing the company to disconnect its systems to prevent further damage. The attack involved sophisticated malware designed to steal sensitive healthcare data, including patient records and billing information.
    • Impact: The breach caused significant disruption to healthcare services, delaying patient care and affecting the operations of healthcare providers that rely on Change Healthcare’s systems. The incident has raised concerns about the security of health tech infrastructure and the potential impact of cyberattacks on patient care. Change Healthcare is facing regulatory investigations and potential legal action as a result of the breach.
    • Source: American Medical Association

January 2024

  1. Viamedis Data Breach
    • Date: January 15, 2024
    • Affected: Viamedis, a French healthcare payment provider
    • What Happened: A cyberattack on Viamedis resulted in the exposure of sensitive data belonging to millions of customers. The attackers exploited a vulnerability in the company’s payment processing system, gaining access to social security numbers, birthdates, and health insurance details.
    • Impact: The breach has significant implications for the affected individuals, as the stolen data could be used for identity theft and insurance fraud. The incident has also raised concerns about the security of healthcare payment systems and the need for stronger protections. Viamedis is facing potential regulatory penalties and legal action from affected customers.
    • Source: Tech Times
  2. SEIU Local 1000 Data Breach
    • Date: January 20, 2024
    • Affected: SEIU Local 1000, a California state worker union
    • What Happened: A data breach compromised the personal information of union members, including Social Security numbers, addresses, and financial details. The breach was caused by a vulnerability in the union’s membership management system, which the attackers exploited to gain access to sensitive data.
    • Impact: The breach has affected a large number of union members, exposing them to the risk of identity theft and financial fraud. The incident has also raised concerns about the security of membership data within labor unions and other organizations. SEIU Local 1000 is facing potential lawsuits and regulatory scrutiny as a result of the breach.
    • Source: The Sacramento Bee
  3. Icelandic University Cyberattack
    • Date: January 23, 2024
    • Affected: Reykjavík University, Iceland
    • What Happened: A cyberattack on Reykjavík University, believed to be carried out by Russian hackers, compromised the university's IT systems. The attackers gained access to student information, including names, addresses, and academic records, by exploiting a vulnerability in the university’s network security.
    • Impact: The attack disrupted university operations, delaying the start of the academic term and affecting thousands of students. The exposure of student data has raised concerns about the security of educational institutions, particularly those that may be targeted by state-sponsored cyberattacks. The incident has prompted a review of cybersecurity practices across universities in Iceland.
    • Source: Iceland Review

Takeaways

The data breaches of 2024 highlight the growing sophistication and impact of cyberattacks across various sectors, from government agencies to major corporations and educational institutions. These incidents underscore the importance of proactive cybersecurity measures, continuous monitoring, and the need for robust data protection strategies.

For individuals and organizations alike, staying vigilant and informed is crucial. As the digital landscape continues to evolve, so do the threats. It’s more important than ever to ensure that your data and systems are secure, and to respond quickly when breaches occur.

At Prey, we’re committed to helping you safeguard what matters most. While no one is immune to these threats, being prepared can make all the difference in minimizing risk and protecting your data.

Discover

Prey's Powerful Features

Protect your devices with Prey's comprehensive security suite.