Data breaches kept increasing in 2024, so bad in the health care sector that it prompted changes to regulation in the United State
January 6, 2025 |
With the end of 2024 there has been a compiling of data breaches in 2024. It makes for sombre reading. According to Proven Data the biggest data breaches in the United States were:
National Public Data breach.
- Records compromised: 2.7-3 billion
- Scope: Affected individuals in the United States, Canada, and the United Kingdom
- Key details: Included social security numbers, names, addresses, and other personal information
Ticketmaster data breach
- Records compromised: 560 million
- Key details: Exposed personal and financial information, including names, email addresses, phone numbers, and payment details
Change Healthcare ransomware attack
- Records compromised: Approximately 145 million
- Scope: Potentially affecting one-third of Americans
- Key details: Exposed personal, medical, and billing information through a ransomware attack
AT&T data breach
- Records compromised: 73 million
- Key details: Exposed customer data, including Social Security numbers, account numbers, and passcodes
Snowflake Cloud data breaches
- Total records: Over 165 customer environments were compromised
- Notable victims:
- Ticketmaster: Up to 560 million customer records exposed
- Santander Bank: 30 million customer records compromised
- AT&T: Call and text records spanning multiple months
- Advance Auto Parts: Over 2.3 million individuals were affected, with sensitive job application data exposed
In December alone the significant data breaches were:
1. SRP Federal Credit Union Breach
On December 19, SRP Federal Credit Union disclosed a breach that impacted over 240,000 members. The incident occurred between September 5 and November 4, exposing sensitive data including Social Security numbers, driver’s license numbers, dates of birth, and financial account information. A ransomware group named Nitrogen claimed responsibility, alleging the theft of 650 GB of customer data.
2. Ascension Health Data Breach
On December 20, Ascension, one of the largest U.S. hospital operators, reported a ransomware attack from May 2024 that had compromised the data of nearly 5.6 million individuals. The breach included patient records, lab test results, and insurance information.
3. Rhode Island Government Data Breach
On December 15, Rhode Island officials revealed a breach affecting hundreds of thousands of residents. The compromised data included Social Security numbers and financial details.
4. Krispy Kreme Cyberattack
On December 11, Krispy Kreme Inc. reported a breach discovered on November 29, significantly impacting its online ordering systems. The incident affected the company’s revenue and financial condition.
5. Automation Personnel Services Settlement
, Automation Personnel Services reached a $1.375 million settlement on December 24 following a class-action lawsuit stemming from a 2020 breach. The financial and reputational repercussions of the breach continued into 2024.
6. LoanDepot Breach
LoanDepot, a leading mortgage lender based in Irvine, California, experienced a data breach affecting approximately 16.9 million customers. The attack, attributed to the Alphv (Blackcat) ransomware group, compromised personal information including names, addresses, financial account numbers, phone numbers, and dates of birth. The breach caused operational disruptions lasting nearly two weeks.
Lest any complacency sink in about Australia avoiding the scourge of data breaches and being as poor at meeting that challenge as overseas cousins are the significant, reported, dated breaches in Australia for December alone were:
WACER & University of Sydney-Based Fresh Produce Safety Centre Australia & New Zealand – December 2024
- Funksec ransomware gang allegedly targets pair of Aussie companies | Ransomware operators share data stolen from a West Australian cleaning supplier and ANZ food safety not-for-profit, but the “leaks” are exceedingly minor.
Waverley Christian College – December 2024
- Waverley Christian College confirms cyber incident after ransomware gang claims attack | The Fog ransomware group claims to have stolen five gigabytes of data.
Ainsworth Game Technology – December 2024
Thanks for the Help (TFTH) – December 2024
- KillSec ransomware claims breach on Australian educational support platform | Threat actors have claimed a ransomware attack on Australian private educational support firm.
Nicholsons Solicitors – December 2024
- Alleged hack on Qld firm exposes unprotected data | A ransomware gang claimed it has a raft of client documents that was left unprotected when a Queensland law firm closed its doors.