The year 2024 is cementing its place in history as one of the most destructive periods for global cybersecurity. With the total number of compromised records now exceeding 1 billion and continuing to climb, organizations across the healthcare, telecommunications, and financial sectors have faced unprecedented data exfiltration events. These incidents have not only exposed the private lives of millions but have also empowered cybercriminal syndicates to scale their malicious operations.
AT&T: A Year of Security Failures
Telecommunications giant AT&T suffered two major security crises in 2024. In July, the company confirmed that cybercriminals had harvested call logs and phone numbers belonging to approximately 110 million customers. This breach, spanning a six-month period in 2022, originated from a compromise of their account with the data platform Snowflake rather than AT&T’s internal servers.
While the stolen metadata does not include call content, it reveals communication patterns that could jeopardize high-risk individuals. Reports indicate the company may have paid a ransom to ensure the deletion of the stolen records. This followed a separate incident in March, where 73 million customer records—including names and social security numbers—were leaked on a cybercrime forum. The vulnerability was compounded by the exposure of encrypted passcodes that, once unscrambled, put 7.6 million accounts at risk of hijacking.
Change Healthcare and the Medical Data Crisis
The healthcare industry faced a catastrophic blow when Change Healthcare, a subsidiary of UnitedHealth Group, was hit by a ransomware attack. The breach occurred because a critical system lacked multi-factor authentication, allowing attackers to exfiltrate the sensitive medical and billing data of a “substantial proportion” of the U.S. population.
CEO Andrew Witty confirmed to lawmakers that at least 100 million people were affected, a figure that is expected to rise. The resulting operational paralysis across U.S. hospitals and pharmacies underscored the fragility of modern health infrastructure when faced with sophisticated cyber-extortion.
The Synnovis Ransomware Impact
In the United Kingdom, a ransomware attack on the pathology lab Synnovis in June triggered a critical incident across London hospitals. By targeting the blood and tissue testing provider, attackers forced the postponement of thousands of operations and procedures.
The incident involved the theft of data related to 300 million patient interactions. Despite hackers demanding a $50 million ransom, Synnovis refused to pay. The fallout remains a significant concern for the U.K. government, as the potential publication of these records poses long-term risks to patient privacy.
The Snowflake Supply Chain Breach
A series of breaches involving cloud data giant Snowflake revealed the dangers of weak credential management. Cybercriminals utilized stolen login credentials to bypass security and scrape massive datasets from corporate clients.
Confirmed victims include:
- Ticketmaster: Alleged 560 million records stolen.
- Advance Auto Parts: 79 million records.
- TEG: 30 million records.
Mandiant reports that approximately 165 Snowflake customers were targeted. Other high-profile victims include Neiman Marcus, Santander Bank, and the Los Angeles Unified School District.
Other Significant Security Failures
The scale of 2024’s security lapses extends across multiple sectors:
- MediSecure (Australia): A ransomware attack compromised the personal health data of 13 million people, leading the company to insolvency.
- Kaiser Permanente: 13.4 million patients had their search terms and health diagnoses inadvertently shared with third-party advertisers via tracking code.
- Evolve Bank: A ransomware event exposed the data of 7.6 million people, many of whom were customers of fintech startups using Evolve’s banking-as-a-service infrastructure.
- National Public Data: The company filed for bankruptcy after a massive breach exposed roughly 3 billion records, including Social Security numbers, affecting 270 million individuals.
- USPS: The postal service was found to be sharing user addresses with tech giants like Meta and LinkedIn through improper website tracking code, a practice that was ceased following discovery.
These incidents highlight a recurring theme: whether through misconfigured tracking tools, lack of multi-factor authentication, or third-party supply chain vulnerabilities, the protection of personal data remains a systemic failure in the digital age.