These are the 7 most devastating data breaches. Now what?
In recent months, we've witnessed a shocking wave of data breaches that have put the personal information of millions at risk. With our online lives becoming more exposed than ever, it's essential to grasp the scale of these incidents and what they mean for us. We'll look at the seven biggest data breaches of 2024, revealing the staggering number of records compromised and the potential dangers for both individuals and businesses.
From AT&T's concerning double breaches to Ticketmaster's enormous leak, the fallout from these incidents highlights just how important it is to take cybersecurity seriously. We’ll also discuss some practical steps you can take to protect your information in today's volatile online environment.
GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE
AT&T's cybersecurity woes in 2024 have been nothing short of catastrophic. The telecom giant faced not one but two major data breaches, leaving millions of customers vulnerable and exposed. In March 2024, AT&T confirmed a significant data breach affecting approximately 73 million customers. This breach included sensitive information such as Social Security numbers, account numbers, passcodes, full names, email addresses, dates of birth and phone numbers. The compromised data, believed to originate from 2019 or earlier, was discovered on the dark web. This incident followed a previous cyberattack in January 2023 that impacted 9 million users, highlighting a troubling pattern of security vulnerabilities.
Just as the dust was settling from the March breach, AT&T was hit with another devastating blow in July. This time, cybercriminals managed to steal call and text records of "nearly all" AT&T customers, an estimated 110 million individuals. The breach extended over a six-month period in 2022, with some cases stretching even longer. The data wasn't stolen directly from AT&T's systems but from an account it had with data giant Snowflake. While the stolen data didn't include call or text content, it revealed metadata such as who called whom and when. The breach also affected noncustomers whose numbers were called by AT&T customers during the affected period.
DATA BREACH VICTIMS SKYROCKETS OVER 1,100%: HOW TO PROTECT YOURSELF
In May 2024, Ticketmaster Entertainment faced a staggering breach that dwarfed even AT&T's woes. The hack resulted in the compromise of over 560 million customer records. This massive breach included order history, payment information, names, addresses and email data. The severity of this breach cannot be overstated. With over half a billion records exposed, it represents one of the largest data breaches in history. Ticketmaster responded by sending emails to affected customers, advising them to monitor their accounts and credit statements closely.
MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS
While not as widely publicized, the MoveIt breach was a silent killer. It impacted 77 million individuals across 2,600 companies globally. The Clop malware gang exploited a security flaw, causing an estimated $12 billion in damage worldwide. This breach shows how a single vulnerability can have far-reaching consequences across industries.
WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
Dell, a titan in the tech industry, wasn't spared from 2024's cybersecurity onslaught. In May, the company faced a major cyberattack that potentially affected 49 million customers. The breach was particularly sophisticated. Hackers created authorized partner accounts to infiltrate Dell's systems. They launched a brute-force attack, sending over 5,000 requests per minute for nearly three weeks without detection. Sensitive customer data, including home addresses and order details, may have been compromised. While financial details were reportedly not breached, the stolen data is now being sold on hacker forums.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
The crown jewel of 2024's data breaches came from National Public Data. An eye-watering 2.7 billion records were leaked, including sensitive personal information like Social Security numbers, physical addresses and possible aliases. This breach underscores the massive scale at which our data is collected and the catastrophic consequences when it's not properly protected.
The Centers for Medicare & Medicaid Services (CMS) notified 946,801 Medicare beneficiaries that their personal information may have been compromised in a data breach last year. The incident involved a security vulnerability in the MOVEit file transfer software used by Wisconsin Physicians Service Insurance Corp., a CMS contractor. Exposed data potentially included names, addresses, Social Security numbers and Medicare Beneficiary Identifiers. This breach follows a similar incident reported in July 2023, affecting approximately 612,000 Medicare beneficiaries. These events underscore the ongoing challenges in protecting sensitive health care data and the importance of remaining vigilant about personal information security.
On Aug. 7, 2024, Cybernews researchers discovered that MC2 Data, a background check firm, had left an unprotected database containing 2.2TB of personal data accessible online without password protection. The exposed database contained 106,316,633 records with private information about U.S. citizens, affecting an estimated 100 million individuals. The leaked data included names, emails, IP addresses, encrypted passwords, partial payment information, home addresses, dates of birth, phone numbers, property records, legal records, family information and employment history. Additionally, the data of 2,319,873 MC2 Data subscribers, including individuals and organizations requiring background checks, was also exposed.
This massive data leak raises serious concerns about the security practices of background check companies and the potential misuse of sensitive personal information. The exposed data could be exploited by cybercriminals for various malicious purposes, including identity theft, targeted phishing attacks and fraud. The incident highlights the need for stricter data protection measures and regulatory oversight in the background check industry to safeguard individuals' privacy and prevent such large-scale data exposures in the future.
The impact of these breaches extends far beyond the immediate theft of data. Financial losses are a significant concern, as individuals face the risk of identity theft and fraud, while companies may incur significant fines, legal costs and lost revenue.
Reputational damage is another major consequence, as trust is the currency of the digital age, and these breaches severely erode customer confidence, potentially leading to reduced sales and business opportunities.
Legal ramifications are also a concern, with companies like AT&T now facing class-action lawsuits, adding to the financial and reputational toll. Operational disruption is common, as affected businesses often experience downtime and increased costs as they work to restore systems and implement new security measures. Privacy violations are a long-term risk for individuals, including potential blackmail, stalking or other forms of exploitation.
These breaches highlight a critical need for both companies and individuals to step up their cybersecurity game. Here are some key takeaways to protect yourself:
If a data breach has leaked your passwords, change them immediately. Hackers could use your password to access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc.
You want to do this on another device so that the hacker isn’t recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely. Changing passwords should be a part of your general cybersecurity hygiene, even if you’re not affected by a data breach.
Activate two-factor authentication (2FA) for an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.
If you have been affected by a data breach, check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.
If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges and issue new cards for you.
Consider investing in personal data removal services that specialize in continuously monitoring and removing your personal information from various online databases and websites. Hackers are also stealing your IDs to validate the data. These IDs can be misused in more ways than you can imagine, including impersonation. Check out my top picks for data removal services here.
If you’re certain that your personal information has been leaked in a data breach, sign up for an identity theft protection service. It can monitor personal information like your home title, Social Security number, phone number and email address and alert you if it is being used to open an account. These services can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
Regularly updating your software and operating systems is crucial for maintaining strong cybersecurity. When software companies release updates, they often include security patches that address newly discovered vulnerabilities. By installing these updates promptly, you close potential entry points for hackers.
To make this process easier, consider enabling automatic updates on most devices and software, ensuring that you are always running the latest, most secure versions. It is also important to remember to update all your devices, including smartphones, tablets, smart home devices and any other internet-connected gadgets, as they all require regular updates.
In addition to software updates, check for firmware updates on devices like routers, which may require manual intervention. Visit the manufacturer's website periodically to ensure you have the latest firmware installed.
Be cautious with software that has reached its end-of-life status, as it will no longer receive important security updates. If you find yourself using unsupported software, consider replacing it with a supported alternative.
Restarting your devices regularly can also be beneficial, as some updates require a system reboot to take effect fully. Therefore, reboot your devices periodically to ensure all updates are properly installed. Lastly, don’t neglect your mobile apps; regularly updating the apps on your smartphone and tablet is essential for maintaining security.
By keeping all your software and systems up to date, you significantly reduce the risk of falling victim to known vulnerabilities that hackers might exploit in outdated versions.
As we sail through the turbulent cybersecurity waters of 2024, it's clear that no organization is immune to data breaches. The incidents at AT&T, Ticketmaster, MoveIT, National Public Data, CMS, Dell and MC2 Data are stark reminders of the ever-present threats in our digital world. For you, as an individual, staying vigilant is key. Regularly monitoring your accounts, using strong and unique passwords and enabling two-factor authentication can go a long way in mitigating risks. As we move forward, it's crucial for both businesses and consumers like you to stay informed, adapt to evolving threats and prioritize data security. Remember, a proactive approach to cybersecurity helps protect not just your data but your peace of mind as well.
What steps do you think companies should take to be more accountable for protecting our personal information and how can we, as consumers, encourage them to prioritize cybersecurity? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you'd like us to cover.
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.