Snowflake Customers
Throughout the year, customers of Snowflake, a cloud-based data warehouse platform, were targeted as part of a mass customer theft and extortion by a cybercriminal group going by “UNC6637”. While Snowflake itself was not directly targeted, the hacker group used the method of credential stuffing to gain access into customer accounts which did not have multi-factor authentication enabled, and then through this gained access to the wider Snowflake environment. At least 165 organizations were notified of potential compromises, some of these were Ticketmaster, AT&T, Santander Bank, Neiman Marcus Group, and Advance Auto Parts. Snowflake collaborated with cybersecurity firms to investigate the incidents and urged customers to enable multi-factor authentication and regularly change credentials to enhance security.

Ticketmaster
In May, ticket sales giant Ticketmaster experienced a significant data breach that affected approximately 560 million customers worldwide. The data amounted to 1.3 terabytes and exposed email addresses, phone number, physical addresses, credit card details and IP addresses amongst other personal data. Ticketmaster’s parent company, Live Nation Entertainment, detected unauthorized access within a third-party cloud database primarily containing Ticketmaster data. Investigations would later find that attackers exploited compromised credentials lacking in multi-factor authentication to access Ticketmaster’s account on the aforementioned cloud data platform Snowflake. Eleven days after the attack Live Nation acknowledged the breach in a regulatory filing stating they were working to mitigate risks – one of the ways they did this is by offering a 12-month identity monitoring service to affected customers.

AT&T
AT&T unluckily suffered two separate breaches over the course of 2024. It was only partly to blame for the first as it was part of the Snowflake breach. During a six-month window, bad actors extracted call and text data for 110 million customers dating back to 2022. Though the breach did not include the content of communications, the breach exposed metadata associated with communications such as phone numbers and interaction details (counts of calls and texts, duration etc.). AT&T claimed to have implemented additional cybersecurity measures to prevent future unauthorized access, however in April it was targeted again.
The second breach compromised the personal information of approximately 73 million customers and included data such as names, email addresses, mailing addresses, dates of birth, phone numbers and social security numbers. Panicked by the disclosure, AT&T issues a rare force reset of passwords to 7 million customers. Beyond this, not much is known about the second breach, however experts have claimed that the two breaches together could be very powerful in the hands of bad actors.

National Public Data
In April, the American employee background check company National Public Data, suffered a data breach that resulted in the breach of 2.9 billion records affecting 1.3 billion people from the US, UK and Canada. The data breached was extensive and included addresses, social security numbers, dates of birth, phone numbers, criminal records, employment history. In the same month, the data was advertised for sale, pricing it at $3.5 million. By August, the extensive dataset was released for free on the same forum it was originally sold. Following the breach, three class-action lawsuits were filed against National Public Data, as well as 14 complaints filed in federal court, claiming did not do enough to protect its data. By October, the company filed for bankruptcy as it faced a mounting pile of lawsuits over the breach and is potentially liable for “for credit monitoring for hundreds of millions of potentially impacted individuals.” In December, they fully shut down, showing a closure notice on their website.

CrowdStrike
Although not a traditional data breach, the following incident had such a significant impact on the global cyber-community that it deserves mention. In July, cybersecurity firm CrowdStrike experienced a technical incident involving a faulty update to its Falcon software, leading to widespread disruption. It caused millions of Windows-based computers worldwide to enter a continuous reboot cycle, resulting in operational challenges across various industries including aviation, finance, healthcare and emergency services. Notably, commercial planes were grounded and emergency service call centres suffered outages. Within 78 minutes of identifying the issue, CrowdStrike engineers rolled back the faulty update to mitigate further disruptions, however for some the damage had already been done with some systems taking days or weeks to be fully operational again. Later in the year CrowdStrike published a post-incident review detailing the causes of the incident and the steps it had taken to resolve it and preventative measures so nothing like it happened again.

Change Healthcare
In February, Change Healthcare, a prominent medical billing company under the UnitedHealth Group umbrella, suffered a ransomware attack that disrupted healthcare services across the nation, and compromised the personal and medical data of millions of individuals. The data included health insurance member IDs, patient diagnoses, treatment details, social security number and billing codes. Affecting approximately 190 million individuals, it has been dubbed the largest healthcare data breach in history. As well as the stolen data, there were significant operational disruptions that hindered the process of medical claims and payments, with healthcare providers facing significant revenue loss, with some reporting up to $100 million in daily losses. UnitedHealth Group confirmed payment of $22 million ransom in Bitcoin to the attackers to regain access to the compromised data. And to mitigate the consequences on customers, offered them two years of complimentary credit monitoring and identity protection services to those impacted.

Intesa Sanpaolo
In October, Intesa Sanpaolo, Italy’s largest bank faced a security breach when an employee illicitly accessed account data of approximately 3,500 customers, including high-profile figures such as Prime Minister Giorgia Meloni and former Prime Minister Mario Draghi. The employee had a total of 6,600 instances of unauthorized access over a two-year span. Through internal checks, the bank reported that no data was downloaded or exported from the bank’s systems, so it is unclear exactly what his intentions were. After a disciplinary process, the employee was subsequently suspended and dismissed for serious violation of internal rules and procedures. The bank informed Italy’s Data Protection Authority and filed a complaint with the Public Prosecutors Office in Bari. The breach highlighted the importance of robust internal controls, especially in industry with such confidential data.

The major breaches of 2024 show the wide range of cybersecurity threats organisations face, from credential stuffing to ransomware and insider threats. Attacks on companies like Snowflake, Ticketmaster, AT&T, and Change Healthcare show how lapses in basic security measures like multi-factor authentication can lead to exposure of sensitive data. Whereas the CrowdStrike incident and Intesa Sanpaolo’s internal breach highlight that not all threats are external.

Sources
https://www.strongdm.com/what-is/national-public-data-breach 
https://www.frameworksec.com/post/ticketmaster-breach-a-deep-dive-into-the-may-2024-cyberattack-and-the-history-of-the-alleged-hackers 
https://www.cyberdefensemagazine.com/att-breach-2024-customer-data-exposed-in-massive-cyber-attack/ 
https://www.reuters.com/technology/cybersecurity/what-we-know-about-data-breach-intesa-sanpaolo-2024-10-22/ 
https://energycommerce.house.gov/posts/what-we-learned-change-healthcare-cyber-attack 
https://www.techtarget.com/whatis/feature/Explaining-the-largest-IT-outage-in-history-and-whats-next#:~:text=There%20was%20a%20logic%20flaw,Windows%20system%20crash%20and%20BSOD. 
https://www.reuters.com/technology/cybersecurity/unitedhealth-issues-breach-notification-change-healthcare-hack-2024-06-20/ 
https://nordlayer.com/blog/data-breaches-in-2024/ 
https://www.cm-alliance.com/cybersecurity-blog/top-10-biggest-cyber-attacks-of-2024-25-other-attacks-to-know-about 

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.