Biggest data breaches of 2024 (so far)

Flagstar bank data breach
© Awargula | Dreamstime.com

From big banks to car dealerships, 2024 has been a banner year for data breaches. Yes, I mean that in the worst way possible. I’d be shocked if there’s any American left unexposed at this point.

Let’s take a walk down the data breach memory lane. I’ve got steps for remediation at the end for you and everyone you care about.

🔍 National Public Data: 2.9 billion people

A background-check company, National Public Data (NPD), was allegedly hacked, exposing 2.9 billion people. Hackers accessed Social Security numbers, full names and addresses, selling the database for $3.5 million. NPD is being sued. FWIW, obviously, there aren’t 2.9 billion SSNs on the list.

🏥 Ascension: 140 hospitals

In May, a malware download led to a massive cyberattack on Ascension, which runs 140 hospitals across the U.S. The attack disrupted emergency services and patient care. Hackers compromised seven of Ascension’s 25,000 servers.

🛻 CDK Global: 15,000 car dealerships

In June, CDK Global, a major car dealership software provider, faced two cyberattacks, severely disrupting operations for 15,000 dealerships. Reports suggest tens of millions in ransom was paid out.

🩺 Change Healthcare: $22 million payout

The tech firm owned by UnitedHealth is used by thousands of pharmacies, hospitals and health care facilities to receive payments and process claims. UnitedHealth paid $22 million to prevent data leaks by Russia’s BlackCat hacker group. This one affected about 50% of all Americans.

Another group, RansomHub, also claimed to have stolen data belonging to Change in February. Estimates say as much as one-third of all Americans were impacted. That includes sensitive medical data, like test results, diagnoses and images.

📲 AT&T: 73 million customers

In March, AT&T disclosed hackers stole data from “nearly all” current and former customers. The data goes back as far as 2019 and includes some really personal information, such as Social Security numbers. They reportedly paid hackers a $370,000 ransom to delete the info.

(Dis)honorable mentions

  • Advance Auto Parts (July): The personal information of over 2.3 million individuals was stolen.
  • Roku (April): Through “credential stuffing,” aka using logins leaked in other breaches, hackers accessed around 591,000 accounts. No financial info was accessed.
  • Truist Bank (June): Hacking group Sp1d3r stole information about 65,000 employees and posted it for sale online.
  • Tile (June): Life360, the company behind Tile tracker devices, reported a breach that included the names, addresses, email addresses, phone numbers and device identification numbers of over 400,000 individuals.
  • Ticketmaster (June): This one impacted 560 million customers, and the hacked data included names, addresses, phone numbers, email addresses, order histories and partial payment info.
  • Dropbox (May): Attackers accessed Dropbox Sign’s development environment, compromising customers’ information.
  • TeamViewer (July): Employee directory data, including names and encrypted passwords, was exposed.

Locked down

You can’t stop a hacker from breaching a major company, but you can protect yourself from the fallout.

  • Double-check all health care communications. If you get an explanation of benefits (EOB) or bill for services you didn’t receive, contact your health care provider and insurance company ASAP. It likely means someone is using your benefits for their own care.
  • Treat email requests with caution. Be skeptical of anything that seems super urgent. It’s OK to slow down for safety. My rule of thumb: If it’s a strange written request, like a text or email, I make a phone call.
  • Freeze your credit. This will keep scammers from opening a credit card or loan in your name. Like setting up a fraud alert, you’ll need to contact each of the three credit bureaus.
  • Be wary of “old friends” who appear out of nowhere. It could be a hacker who happens to have a little (stolen) info. Take the time to confirm they are who they say they are.
  • Make a list of exposed data. Keep this digitally or on a Post-it. Be suspicious of anyone who references it in an email or phone call. Say the company you financed your car through was hacked. Alarm bells should sound if you get a call out of the blue about a major issue with your loan.
  • Update your PIN and banking login credentials, even if they weren’t involved directly in a breach. Keep an eye on your bank and credit card statements for anything out of the ordinary. Set up banking alerts on your phone while you’re at it.

🔐 Share this critical info with friends and family using the social icons. Let’s keep our loved ones safe and secure.

Don’t get left behind – Stay tech ahead

Award-winning host Kim Komando is your secret weapon for navigating tech.

Tags: devices, hackers, malware, security