2024 Cybersecurity Annual Breach Summary
Read more about the top cybersecurity breaches from July 2023 to June 2024, with a focus on the magnitude, type of credentials stolen, increases or decreases over prior years, and affected markets.
The global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over the last three years, as reported in the IBM Security and Ponemon Institute 2023 Cost of a Data Breach Report.
Verizon noted in their 2024 Data Breach Investigations Report “a substantial growth of attacks involving the exploitation of vulnerabilities to initiate a breach when compared to previous years. It almost tripled (a 180% increase) from last year. These attacks were primarily leveraged by ransomware and other extortion-related threat actors, and the initial entry points were web applications.”
Between July 2023 and June 2024, several significant cybersecurity breaches occurred, affecting a range of industries from healthcare to technology. Here are some of the most notable incidents:
- CDK Global (June 2024): CDK Global (a software-as-a-service platform that provides applications to handle a car dealership’s operation, including sales and service) was hit by a massive cyber attack on June 19, 2024. This attack forced the company to shut down its systems to prevent further damage. Just as recovery efforts began, a second breach occurred, exacerbating the disruption. Dealerships across the U.S. were affected, as service stations could not perform maintenance, and consumers could not purchase any vehicles.
- Ascension Health (May 2024): On May 8, Ascension detected unusual activity in its network systems, then later determined it was a ransomware attack. Ascension is one of the largest health systems in the United States, with some 140 hospitals located across 19 states and D.C. Operations were reduced to manual activity, causing major delays in patient care.
- AT&T (April 2024): AT&T’s internal investigation revealed that hackers had successfully exfiltrated files containing customer communication records from a third-party cloud platform workspace. Data stolen containing six months of call and text interactions of nearly all of its 109 million U.S. customers.
- UnitedHealth Group (2024): This breach resulted in a massive ransomware attack, with an estimated impact of $870 million affecting nearly 1/3 of all Americans. The healthcare sector remains a prime target for cybercriminals.
- Ticketmaster (2024): A major data breach exposed around 560 million records, including customer data from Ticketmaster and other organizations that use their services.
- Truist Bank (October 2023): Employee information was compromised in a significant data breach at one of the largest banks in America.
- Vanderbilt University Medical Center (November 2023): The medical center fell victim to a ransomware attack by the Meow ransomware gang. Although initial reports suggest that patient and employee data were not compromised, the incident underscores the persistent threat to healthcare institutions.
- Infosys (November 2023): The IT services company experienced a “security event” impacting its US unit, Infosys McCamish Systems, leading to disruptions in several applications. Infosys McCamish Systems (IMS) has disclosed that over 6 million people were impacted by the 2023 LockBit ransomware data breach.
- Sony (September 2023): The multinational technology company was breached by the ransomware group Ransomware.vc, which extracted and threatened to sell over 6,000 files after Sony refused to pay the ransom.
- 23andMe (October 2023): The genetic testing company suffered a breach where hackers used a credential-stuffing attack to steal genetic data, including sensitive information related to users’ ancestry and history. They notified 9 million individuals that their personal information was compromised in October 2023.
- Air Europa (October 2023): The Spanish airline carrier had financial information of customers, including credit card details, accessed by hackers. Air Europa did not specify the number of customers affected, nor did it estimate the financial impact of the cyberattack. The company said no other information had been exposed.
These incidents continue to highlight the evolving and persistent nature of cybersecurity threats across various sectors, emphasizing the need for robust security measures and timely responses to breaches.
What to Do If You’re a Data Breach Victim
For more information about recent data breaches, or the increase in data breaches discussed in the latest trend analysis, visit the ITRC’s data breach tracking tool, notified.
For more information about how to prevent identity theft, recover after a breach, or protect your business, visit the Identity Theft Resource Center’s website.
Businesses who would like an analysis of their security vulnerabilities can contact Cyber Solutions Technologies today to set up an expert consultation.