Most Famous Data Leaks and Breaches in 2024

In recent quarters, news of large-scale data leaks from corporations of various sizes and industries have been spreading almost every month. This has demonstrated the level of vulnerability of corporate systems, undermining user confidence in a number of brands.

The problem is not even the disclosure of user or corporate data, although this is also unpleasant, but the fact that systems are easily hacked from the outside. 

That is why today you will learn some details about such incidents and get a more in-depth analysis of the situations.

Top Incidents

Victims of hacker attacks become aware of the vulnerabilities of their digital infrastructure only after the data is made public and publicized in the press. Naturally, they react accordingly and fix the issues as quickly as possible. However, this is not always the exact situation.

Some companies may unknowingly ignore the facts of an attempted intrusion, hush up leaks, or deny responsibility for such incidents in every possible way.

As a rule, they fail to do the latter, as publicity and lawsuits do their job. As was the case with the following list of brands whose data was leaked to the public.

AT&T

More than 70 million customer records were leaked to the darknet in March 2024. Of these, more than 7.6 million accounts belong to current customers, and the oldest records date back to 2019. 

The cause of the leak is currently unknown, but it is suspected that malware entered the system. The operator's specialists are figuring out how and when, but to no avail.

MOVEit

Just imagine: 77 million accounts have been exposed due to security flaws in the app. Thus, hackers from the CLOP group claim to have obtained not only customer but also corporate data of about 2,600 companies. The leak occurred back in 2023, but it became known only this year.

The collective losses of more than $12 billion should have taught MOVEit's owners the value of security flaws. In fact, they became the vulnerability that allowed ransomware to be installed on the platform's infrastructure.

Ticketmaster Entertainment, LLC

The record holder of the list is a company that lost more than 560 million customer records in May 2024.

The cause of the leak is not known for sure, but it is noted that hackers managed to penetrate the platform's systems, exploiting vulnerabilities and stealing information. The latter, by the way, includes addresses, personal, and payment data. 

Tile

Databases are almost always targeted by hackers, as in this case. Thus, hackers managed to steal about 450 thousand Life360 users' accounts in June 2024.

Some information has already appeared in the public domain, while others are being used by hackers to blackmail the platform owners and demand ransom. Well, the security system turned out to be as imperfect as possible, as the attackers took control of the tools for querying the location of Tile users, among other things. 

Dell

An interesting incident also took place at Dell in May 2024. At the same time, the hacker Menelik provided TechCrunch with almost every bit of information on the specifics of the hacking of the corporation, which resulted in data from 49 million tech giant customers.

The attacker admitted to breaking into the system using partner accounts. After registering, the attacker launched DDoS attacks with more than 5,000 requests every 60 seconds. However, three weeks and more than 50 million requests in total did not make Dell representatives react to the situation. It seems that they did not monitor the state of the systems at all and did not see these attacks. 

Bank of America

The beginning of the year was not the best for one of the most secure financial institutions in the United States. Thus, ransomware attacked Mccamish Systems (a service provider of Bank of America) and managed to gain access to more than 50 thousand accounts. 

In fact, this attack has shown that even a small vulnerability in affiliate networks can cost a company not only money but also reputational losses. The latter, unlike money, cannot be recovered and compensated so quickly. Therefore, you should be more cognizant to the software companies use to conclude cooperation agreements.

MediSecure

Almost half of Australians have become victims of a data breach in which a team of hackers obtained sensitive information about more than 13 million citizens. Thus, ransomware attacked MediSecure and compromised a large amount of data.

It is suspected that it was more of a leak than real exploitation of vulnerabilities, as MediSecure itself declared bankruptcy and began the process of exiting the market quite soon after the incident. 

Evolve Bank

Please note that in the case of Evolve Bank, the incident also involved ransomware. As a result of the latter, the financial institution lost information about 7.6 million users. However, interestingly, the victims were not the actual users of the bank's services but their clients, i.e., people who cooperated with fintech companies and startups.

The basis of the leak has not yet been disclosed, but there is every reason to believe that the vulnerability was again related to partner networks and infrastructure.

Conclusions

Cybersecurity is the foundation of any business that works with data. That is, for all companies, without exception. Yes, there are no perfect information security systems, but this does not mean that you can simply turn a blind eye to this issue.

I would advise you to follow the classic rules of cybersecurity and periodically test your digital infrastructure, in particular, using penetration testing and other types of QA. 

This way, you will understand the weaknesses of your systems, be able to further mitigate them, respond to incidents in time, or prevent them altogether. 

Or do you already have experience in infrastructure optimization and security?

Share your experience in the comments!