Skip to main content
  1. Home
  2. Computing
  3. Features

It was a horrible year for data breaches. These were the 5 worst in 2024

By
Person typing on a computer keyboard.
Image used with permission by copyright holder

This was a historically awful year in data breaches. We saw some record-breaking breaches this year that got the attention of the public, involving hackers accessing some very sensitive information, including Social Security numbers, credit card numbers, and more.

Let’s look back at the worst cybersecurity incidents of the year and let them encourage all of us to be as prudent as we can with our activity online.

Recommended Videos

National Public Data, where hackers claim to steal 2.9 billion personal records

Background check company National Public Data, also known as Jerico Pictures, suffered one of the worst data breaches when hackers allegedly stole 2.9 billion personal records. The class action lawsuit claimed that hackers leaked critical data such as full names, addresses, and relative information to the dark web.

Many were surprised to be on the list of affected users since they were unaware the company had their information in the first place. The class action lawsuit also demanded that NPD use a threat-management system, conduct database scanning, and hire a third-party assessor to evaluate its cybersecurity network for the next 10 years.

Related

According to a lawsuit, an identity theft protection service provider informed the affected user, Christopher Hofman, around July 24, but the breach possibly occurred in April. When sensitive information such as your Social Security number is exposed, it is best to take further action, such as contacting the Social Security Administration to inform them. You can also place a credit freeze with major credit bureaus such as TransUnion, Experian, and Equifax.

There is no official information on how the hackers obtained the data, but it’s been suggested that unencrypted personal information might have been the cause. Regardless of whether or not you use one of the best password managers, you can keep your data safe by creating a strong password.

Ticketmaster data breach where hackers allegedly stole 1.3TB of customer data files

In 2024, threat actors hacked into Ticketmaster’s systems, and hackers claimed they sold the user data of 560 million customers. This incident coincided with the Department of Justice lawsuit against Ticketmaster for allegedly monopolizing markets across the live conversion industry. User data, such as emails, phone numbers, partial-payment card data, names, and more, was at risk. The hackers offered the data they stole in Breach Forums (owned by the hacker group Shiny Hunters) for $500,000.

Ticketmaster filed an 8-K filing with the Federal Securities and Exchange Commission, which is what a company files when it suffers an unexpected major event of interest to investors and shareholders. The hackers that claimed responsibility are known as ShinyHunters and may also be behind the breach at Santander Bank.

Ticketmaster didn’t confirm how the hackers gained access, but as ShinyHunters hackers tell Wired, they breached a third-party contractor to access Ticketmaster’s Snowflake cloud account and others. Ticketmaster has not confirmed this, so you should take the news with a grain of salt. Skyhigh Security mentions that hackers used information-stealing malware to access the necessary login credentials. No one wants to fall victim to this type of malware, but you can stay safe by doing things such as enabling multi-factor authentication, which adds an extra layer of security to your accounts. It’s something that even Airbnb is using to keep user accounts safe.

Change Health Group healthcare data breach with 100 million affected

A ransomware attack caused chaos nationwide, halting pharmacies and affecting the data of 100 million users for weeks. The target was Change Healthcare, a UnitedHealth Group subsidiary that manages medical provider finances. Hackers entered the Change Healthcare employee system due to a lack of multi-factor authentication on login credentials.

The breach caused havoc — hospitals and doctors were not paid, prescriptions were not filled, and insurance companies could not reimburse medical providers. “The Change Healthcare hack is considered by many to be the biggest cybersecurity disruption to health care in American history,” Senator Ron Wyden said in the committee statement. Change Healthcare confirmed that the BlackCat ransomware group was responsible for the attack.

It’s important to know what ransomware is, and there are precautions you can take to stay safe, such as updating your software. You should also be cautious about the links or attachments you click on and ensure they are from trustworthy sources. Using the best antivirus software you can afford is also a plus.

AT&T data breach with 73 million affected users

AT&T

The second-largest carrier in the U.S. has experienced a lot this year, with at least one breach affecting 7.6 million current AT&T account holders and 65.4 million former account holders. The second breach the company went through happened in March, but the second breach occurred from May 1 to October 31, 2022. The compromised data also includes records from January 2, 2023, but only for a few customers.

The affected records included phone numbers with which AT&T wireless numbers interacted, including home phone numbers. Something you don’t usually hear is that police apprehended at least one person in the case. AT&T released a statement saying that sensitive information such as Social Security numbers were compromised.

AT&T urged customers to remain vigilant about suspicious activity on their accounts and change their account passcodes. They also offered customers credit monitoring at their expense but said nothing about providing one of the best identity theft protection plans.

Ransomware attack on Synnovis, a U.K. pathology lab with 300 million affected users

According to The Guardian, the records of 300 million U.K. patients were stolen in 2024 when the cybercrime gang Qilin reportedly stole information about blood test results for cancer and HIV. It was unknown if those affected paid the ransomware fee or how much user data the hackers stole. The sensitive information involved patients having different surgeries, such as organ transplants. Other patients involved included those who had had blood transfusions and STDs. Sensitive data included NHS numbers, patient names, and descriptions of tests.

The hackers claim to have posted 104 files containing 380GB on a messaging platform, including an image of the Synnovis logo.

The importance of cybersecurity

You can’t avoid all attacks, but taking cybersecurity more seriously can prevent many from affecting you. You can stay safe by not creating passwords that hackers can easily guess, such as 123456 or “password,” which amazingly made it to the most popular passwords used in 2024. If you need help, you can use the best password managers to create long and strong passwords. Also, constantly scan emails for malware, use firewalls and endpoint protection, keep your files backed up, only download from trusted sites, and never click on unverified links,

Even if you take every possible precaution, some things are beyond your control. You can only hope that companies entrusted with your data maintain the highest possible security standards. We’ll have to wait and see what 2025 has in store and how big or small the breaches will be.

Editors’ Recommendations

Topics
Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Use Comcast for internet? Your personal data may have been hacked
A building with the Xfinity logo on it.

Comcast, alongside several other big corporations, has recently suffered a devastating data breach. According to reports, it's possible that hackers got their hands on the data of up to 36 million Comcast Xfinity customers, meaning the company's cable television and internet department. Although the company is pretty tight-lipped about it, the data breach occurred over two months ago. Here's what we know and what you should do to protect yourself.

The hackers were able to access those masses of customer information through a vulnerability known as "CitrixBleed." It's found in Citrix networking devices that Comcast and other huge corporations use. The exploit was initially discovered in August and appears to have been used in cyberattacks on not just Comcast but also many other companies, including Boeing.

Read more
The 23andMe data breach just keeps getting scarier
A 23andMe kit

The 23andMe breach that took place in October has been confirmed as much worse than originally reported, affecting 6.9 million people, as opposed to the 14,000 users first thought.

Information stolen in the breach included users' full names, birth years, relationship labels, and locations. Approximately 1.4 million users also had Family Tree profile information on the service compromised. Hackers could also access genetic information in the breach, including details about common DNA percentages shared with relatives, and specifics such as chromosome matching, according to a spokesperson.

Read more
A massive data breach has left Intel scrambling for solutions
A render of an Intel Core HX chip.

A security breach in March robbed MSI of up to 1.5TB of sensitive data. However, MSI is not the only company impacted.

As a result of the breach, Intel is now investigating a major leak of Intel Boot Guard keys. The extent of the damage is still unclear, but the worst-case scenario is that the security feature is now useless on compromised devices -- and that's a pretty lengthy list.

Read more