Data Breaches And Hacking Disasters In 2024 - Andrews & Associates

Tech Info

Data Breaches And Hacking Disasters In 2024

Thursday, January 9th, 2025
an illustration on a light blue background of a man in a stereotypical burglar suit with a paper in his hand with an example of a login screen and he is carrying a gray sack that is assumed to be money and hopping out oh a cell phone with a blue background

2024 was a busy year for cybercriminals, with attacks affecting all industries and billions of people. It seems like experiencing a data breach is now a question of “when” instead of “if.” Here are some of the biggest and most alarming breaches that happened last year.

January 2024: The “Mother Of All Data Breaches”

In this breach, also called MOAB, over 12 terabytes (that’s 26 billion records) of previously accessed information were compromised again. It affected billions and tarnished the reputations of companies like Twitter, Myspace, LinkedIn, Adobe, and Canva throughout countries like Germany, the U.S., and Brazil, among many others. MOAB is so dangerous because the data is aggregated, which means the cybercriminals are likely storing it for use in multiple capacities like phishing schemes, targeted attacks, or even identity theft.

February 2024: UnitedHealth Customer Data Breach

This breach is one of the most disturbing, as it entails the personal and health information of over 100 million individuals. The hacker group ALPHV, also known as “BlackCat”, spent months causing outages and disruptions in the claims process, particularly through attacking UnitedHealth’s subsidiary, Change Healthcare. The cybercriminals were able to steal login credentials and access patient information that included the following.

  • Billing information, payments, and claims
  • Medical diagnoses, record numbers, and test results
  • Health insurance details
  • Social Security numbers
  • Driver’s license and state ID numbers

All of this was possible because the company did not use multifactor authentication practices for their Citrix profile, though they now say they do.

April 2024: The National Public Data Breach

This data breach affected 2.9 billion records from a background check and fraud prevention service called National Public Data. The data came from the U.K., U.S., and Canada. This breach was noticed when a file named “National Public Data” was found on the dark web being sold for $3.5 million by the group USDoD.

The leak happened in December of 2023 but the data was not released for sale until the spring and summer of 2024. A complaint filed in the U.S. The District Court for the Southern District of Florida stated that the files contain the social security numbers, full names, addresses, phone numbers, and email addresses of the victims.

May 2024: The Ticketmaster Data Breach

This well-known ticket sales company reported that almost 560 million users had their data leaked by ShinyHunters, the group that claimed they stole 1.3 terabytes of customer data. After they announced this, they offered the information up for sale on a hacking forum for $500,000. The files contain names, phone numbers, addresses, and even partial payment information.

September 2024: Texas Tech University Health Sciences Center Breach

Another breach within the healthcare industry, this event happened at Texas Tech University Health Sciences Center in El Paso, Texas. The patient data that was taken was also shared with Texas Tech Physicians and UMC Health System. Around 1,465,000 patients had their ePHI (electronically protected health information). The attack was found when Texas Tech experienced disruptions in their systems and computers that they called a “cybersecurity event.”

It was later discovered that the breach was caused by malware, though Texas Tech denied this. In October, the Interlock ransomware group (those responsible for the theft) released the data on their leak site because the ransom was not paid.

December 2024: The US Treasury Hack

The U.S. Treasury Department announced that their systems were likely breached by Chinese state-sponsored hackers in what they called a “major incident,” which gave access to unclassified documents. They were able to bypass security by going through the third-party cybersecurity service provider, BeyondTrust. Although China denies responsibility for the cyberattack, experts say that the breach fits certain patterns shared by previous PRC groups.

Protect your business from data breaches

Just because cyberattacks often affect large companies with a ton of sensitive data doesn’t mean they can’t happen to smaller organizations. In fact, smaller businesses are often targeted by cybercriminals because they may not have strong security measures in place.

The best way to protect your business is to implement an endpoint detection and response service and other cybersecurity measures, including the following.

  • A comprehensive cybersecurity plan with regular software updates
  • Employee training
  • The use of multi-factor authentication

Additionally, regularly backing up your data and having a response plan in case of a breach can greatly minimize the impact on your business.

Contact Andrews & Associates for Total Technology Solutions!

With the increasing frequency and severity of data breaches, it is crucial for all businesses to take proactive steps towards protecting their sensitive information. Don’t wait until it’s too late – start implementing these security measures now to keep your business and your customers’ data safe from cyber threats. You can reach us by calling 806-242-1088 or sending us an email here if you have any questions!