2024 has been an important year in cybersecurity. At PentestHero alone, our partners found over 300,000 vulnerabilities, including almost 2,500 critical vulnerabilities and over 9,000 high vulnerabilities. You’ve been hard at work helping clients to find and remediate risks before they turn into incidents and we’re proud to have been part of the journey. 

That aside, there’s still much work to do. According to our security partner SecureFrame, the average cost of a data breach in 2024 reached $4.88 million, up 10% from 2023. Attacks on large organizations climbed to an astounding 1800 per week in Q3 of 2024, and data breaches exposed more than 422 million user accounts in Q3 of 2024 alone. 

The following include some of the most important and impactful data breaches of 2024

  1. Seattle Airport Outage 

The Rhysida group conducted multiple high-profile attacks in 2024, two of which have made this list of the top cybersecurity attacks of 2024. One of those was the ransomware attack on the Seattle-Tacoma International Airport SEA-TAC on August 24. The attack led to outages spanning over 3 weeks, with the airport forced into handwriting boarding passes and manually sorting luggage. The airport was also able to switch to a temporary website while managing the outage, 

Still, basics like flight information displays were out for four days. Rhysida demanded $6/€5.7 million in bitcoin but the airport decided not to pay. Rhysida also posted a copy of 8 stollen files for sale for 100 bitcoin. 

  1. Ivanti-Zero Day Exploitation 

Ivanti is one of the largest IT security and software management organizations in the United States, delivering network, endpoint, and enterprise security management solutions to large businesses. In January of 2024, it was revealed that the company’s software contained zero day vulnerabilities, which were being actively exploited. That included a beach of U.S. government research activities. At the time, the vulnerabilities were thought to affect over 15,000 Ivanti users. By October, Ivanti had released patches for three new vulnerabilities, primarily including administrative privilege escalation, remote code execution, and OS command injection vulnerabilities. With over 45,000 Ivanti customers, those exploits, some of which were actively exploited for over a month before detection, may have resulted in the exposure of unknown records, as well as known breaches for the U.S. government. 

  1. Rhysida City of Columbus Attack 

A July 19 attack on the City of Columbus (Ohio, USA) by Ransomware group Rhysida exposed data for over 500,000 residents. The ransomware group was able to exfiltrate 6.5 terabytes of data, including names, addresses, social security numbers, bank account details, and driver’s license information before the city shut down critical services to contain the breach. After a failed negotiation, Rhysida released 3.1 terabytes of data on the dark web, including law enforcement and city employee databases. Data was originally claimed to be unusable, but was later shown to be completely unencrypted copies of personal information including personal and financial details for about half the city’s residents. 

  1. NHS Ransomware Incident 

On June 3, NHS service provider Synnovis was hit with a ransomware attack. The supplier delivers pathology and lab tests to the UK’s National Health Service, resulting in the loss of over 400GB of private patient information, which was subsequently released online but cyber-criminal group Qilin. In addition, over 3,000 hospital and GP appointments were disrupted. The attack also resulted in encryption of servers and data, but Synnovis was able to restore data without negotiating with the hackers. 

This follows a 2017 Wannacry ransomware incident at the NHS, in which over 200,000 computer systems were affected. 

  1. U.S. Telecoms Compromise 

In October, it was revealed that Chinese threat actors including Salt Typhoon had breached U.S. telecoms services and U.S. government officials phone lines and texts were actively compromised. By December, that compromise was still ongoing, with eight domestic telecom and internet service providers affected. At least one of those, AT&T could be related to the Snowflake Breach, but telecom companies are increasingly under pressure to increase cybersecurity measures

  1. Dell Breach 

Dell, the computer hardware firm, was attacked in May of 2024, resulting in over 49 million records breached. The attack was conducted through a partner account, where a brute-force attack sent over 5,000 login requests per minute for nearly three weeks. After over 50 million requests and successful data scraping, the threat actor, Menelink, alerted Dell of the security vulnerability. Data lost includes sensitive customer data such as home addresses and order information, much of which is now available for sale on the dark web.

This kind of simple vulnerability, which could likely have been prevented by proper security settings across partner portals, reinforces the validity of scanning and checking security and application settings. 

  1. MediSecure Ransomware Attack 

Australian prescription medication provider MediSecure was hit by a ransomware attack in May of 2024, resulting in theft of personal and health data from over 12.9 million patients (48.4% of the Australian population). At the time of the breach, MediSecure was not a current participant in prescribing and dispensing medication, meaning all affected records were 6+ months old. The breach originated in an attack on one of MediSecure’s third-party vendors, eventually resulting in a breach of Medisecure’s database. MediSecure was able to restore the affected data without paying a ransom. However, 6.5 terabytes of data were offered up online for sale following the attack. 

  1. Change HealthCare Data Breach 

In the largest known breach of protected health information, Change HealthCare lost over 145 million records, affecting 100 million+ Americans. The breach is believed to have originated when malicious actors stole or purchased access credentials to a Citrix Portal, used to access Change Healthcare systems, and subsequently extracted data before deploying malware. Change HealthCare admitted that no multi-factor authentication was in place, despite the fact that it would have prevented the breach.  UnitedHealth, the parent company, eventually paid the ransom, however, the breach cost ChangeHealthCare $87 million in the first quarter of the year. 

  1. Snowflake Breach 

Snowflake, a cloud-based data storage company serving 10,000+ customers, lost data to malicious actors after usernames and passwords were stored unencrypted on endpoint machines and in Jira. These resulted in the compromise of 165+ Snowflake account holders, none of which appeared to have 2FA linked. The result was multiple data breaches, including hacks of Ticketmaster, AT&T, Santander Bank, Advance Auto Parts, and others. AT&T alone lost over 50 billion customer records, Ticketmaster 560 million+. 

  1. National Public Data Breach 

National Public Data is an online background check and fraud prevention service based in the United States. The firm lost data after malicious actors discovered a zip file with plain text usernames and passwords to access the database. 272 million+ U.S. and Canadian citizens were affected, with data including names, phone numbers, social security numbers, email addresses, and physical addresses leaked to the dark web. 

The zip file, which was labelled members.zip included plain text passwords and usernames to access different components of the site, allowing malicious actors to access and exfiltrate data. The archive also indicated that most users were using their automatically generated 6-character passwords. 

Most of these cybersecurity incidents link to ransomware, but bad actors often get in by exploiting existing vulnerabilities like access management, file encryption, third-party vendor weaknesses, and basic security settings. That’s in trend with the top most common vulnerabilities as listed by MITRE, though, according to Verizon, human error still accounts for roughly 68% of all breaches. 

Thanks to our partners at PentestHero for helping us to create a more secure world!