An In-Depth Look at Major Data Breaches of 2024
The year 2024 has witnessed several significant data breaches affecting major corporations and millions of individuals worldwide. These breaches have highlighted vulnerabilities in data protection and the ongoing challenges in cybersecurity. Below is an in-depth exploration of the major breaches that have occurred this year.
AT&T Data Breaches
AT&T, one of the largest telecommunications companies in the United States, experienced two major data breaches in 2024. The first breach involved the theft of data containing phone numbers and call records of nearly all its customers, affecting approximately 110 million people. This breach was particularly concerning as it included metadata that could be used to infer customers' locations during calls, posing a risk to vulnerable individuals such as domestic abuse survivors[5][8].
The second breach involved a data dump of 73 million customer records, including personal information such as names, phone numbers, and postal addresses. This breach exposed encrypted passcodes used for accessing customers' AT&T accounts, which could be unscrambled, putting millions of accounts at risk of hijacks[5][8]. Despite the severity of these breaches, AT&T has not fully determined how the data was leaked[5].
Cencora Data Breach
Cencora, a major pharmaceutical distributor, disclosed a data breach in February 2024 that compromised sensitive patient data. The breach affected information obtained through partnerships with drug makers and involved patient names, addresses, health diagnoses, and medications[1][7]. At least 540,000 individuals have been notified, with the total number expected to increase[1]. The breach underscores the risks associated with supply chain attacks, as data from multiple pharmaceutical companies was compromised[7].
Dell Data Breach
Dell, a leading technology company, reported a data breach affecting approximately 49 million customers. Hackers gained unauthorized access to Dell's databases, exposing names, email addresses, phone numbers, and other sensitive data[4]. Although financial information was not accessed, the breach highlights the potential misuse of customer data for phishing and targeted marketing schemes[4]. Dell is working with law enforcement and cybersecurity firms to investigate the incident and strengthen its security measures[4].
Sav-Rx Data Breach
Sav-Rx, a prescription management company, disclosed a data breach affecting nearly 2.8 million Americans. The breach involved unauthorized access to sensitive information, including names, addresses, Social Security numbers, and insurance identification numbers[2]. The company took eight months to complete its investigation, emphasizing the need for accurate results over speed. Sav-Rx has implemented new security measures and is offering credit monitoring services to affected individuals[2].
First American Data Breach
First American Financial Corporation, a major title insurance company, experienced a data breach in December 2023, impacting 44,000 individuals. The breach involved unauthorized access to sensitive data, prompting the company to take some systems offline to contain the impact[9]. First American is offering credit monitoring services to affected individuals and has faced scrutiny for previous cybersecurity lapses[9].
The New York Department of Financial Services (NYDFS) imposed a $1 million penalty on First American Title Insurance Company for violations of the NYDFS Cybersecurity Regulation related to a previous data breach in 2019. However, this fine is not directly related to the 2023 breach but highlights the company's ongoing compliance challenges.
Cooler Master Data Breach
Cooler Master, a computer hardware manufacturer, confirmed a data breach in May 2024 that exposed information of 500,000 customers. The breach involved the theft of 103GB of data, including names, emails, addresses, and partial credit card data[6]. The data was stolen from the Cooler Master Fanzone website, which is used for product warranties and support tickets. The company has alerted authorities and hired security experts to address the breach[6].
Conclusion
These breaches highlight the persistent challenges in data security and the need for robust cybersecurity measures. Companies must prioritize data protection and transparency to rebuild trust with their customers and mitigate the risks of future breaches. As cyber threats continue to evolve, both public and private sectors must collaborate to enhance cybersecurity and protect sensitive information.
Citations:
[1] https://www.cpomagazine.com/cyber-security/pharmaceutical-giant-cencora-confirms-patient-data-breach-impacting-over-a-dozen-pharma-companies/
[2] https://www.bleepingcomputer.com/news/security/sav-rx-discloses-data-breach-impacting-28-million-americans/
[3] https://www.forbes.com/sites/korihale/2024/07/23/the-unseen-consequences-of-atts-data-breach-on-minority-communities/
[4] https://www.secureworld.io/industry-news/dell-tolls-data-breach
[5] https://techcrunch.com/2024/08/12/2024-in-data-breaches-1-billion-stolen-records-and-rising/
[6] https://www.duocircle.com/announcements/cyber-security-news-update-week-23-of-2024
[7] https://www.soterosoft.com/blog/cencora-breach-fallout-shows-the-impact-of-supply-chain-attacks-on-pharmaceuticals/
[8] https://www.texasstandard.org/stories/att-data-breach-what-customers-should-know/
[9] https://www.bleepingcomputer.com/news/security/first-american-december-data-breach-impacts-44-000-people/