The digital world, for all its convenience and innovation, also brings with it significant risks. As businesses, we rely on data more than ever, making us prime targets for cybercriminals. The last 12 months have been a stark reminder of this reality, witnessing an unprecedented scale of cybersecurity breaches affecting billions of records across a myriad of sectors.

We’re here to learn from these breaches to build a more secure future for you and your business. Let’s take a closer look at some of the most impactful breaches from the last year and what they teach us.

The First 6 Months…

CROWDSTRIKE: Hitting Many Fortune 500 Companies at Once

The CrowdStrike outage in July 2024 exposed the critical dependency on centralized security solutions, highlighting the risk of single points of failure in endpoint protection.

• Affected an estimated 190 million individuals.
• With an 18% global market share, numerous companies found themselves impacted directly or through their supply chain.
• Total reported impact is at $5.4 billion in damages from Fortune 500 companies.

The Cloud Under Siege: The Snowflake Cloud Platform Breach

Sit for a minute and absorb the impact of the 2024 Snowflake Cloud breach.

• Over 50 billion records exposed, impacting more than 160 enterprise customers across diverse sectors like telecommunications, finance, healthcare, and retail.
• The consequent extortion of affected companies led to direct financial losses and an illicit gain upwards of $2 million.
• This attack appears to have affected hundreds of Snowflake customers and customer data. Known victims of the attack include AT&T, Ticketmaster, and Santander.

That’s the reality of the Snowflake Cloud Platform breach. What made this possible?

• A key vulnerability was the theft of usernames and passwords, often without Multi-Factor Authentication (MFA) in place, and facilitated by infostealer malware.
• This incident stands out as one of the largest cloud-specific breaches in recent history, highlighting a critical lesson: your cloud security is only as strong as your weakest access point.

Change Healthcare Attack: “Most Significant Incident in Industry History”

Rick Pollack, President and CEO of the American Hospital Association stated that “the Change Healthcare cyberattack is the most significant and consequential incident of its kind against the U.S. healthcare system in history.”

• And Congress members have said that “the breach of Change was tantamount to targeting the health care system in its entirety.”
• The intruders disrupted operations and stole up to 6TB of data, including personal information, payment details, insurance records, and other sensitive information.
• The cost of the Change Healthcare ransomware attack has risen to $2.457 billion, according to UnitedHealth Group’s Q3 2024 earnings report.
• A survey conducted by the American Hospital Association reveals that nearly 94% of hospitals have experienced financial repercussions from the cyberattack.

As a result, expect more stringent regulation, tighter controls, and stiffer penalties for non-compliance, which comes as no surprise as the stakes have never been higher.

Healthcare’s Ongoing Battle: The Episource Health/Billing Data Breach

The healthcare sector continues to be a prime target due to the sensitive nature of the data it holds.

• The Episource Health/Billing data breach, which affected approximately 5.4 million individuals, is a clear example.
• The data compromised included contact information (such as name, address, phone number and email), date of birth, and one or more of the following:
  • Health insurance data (such as health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers)
  • Health data (such as medical record numbers, doctors, diagnoses, medications, test results, images, care, and treatment)
• For any business handling sensitive personal or health information, this emphasizes the critical need for robust data encryption, strict access controls, and adherence to regulatory compliance.

The Last 6 Months Have Been No Better…

Microsoft SharePoint “ToolShell” Campaign

Microsoft failed to fully patch a security hole in its SharePoint server software, kicking off a scramble to fix the vulnerability when it was discovered.

• Records: ~400 organizations; including U.S. agencies like NNSA, NIH
• Stolen credentials: Stored credentials, sensitive internal files
• Market: Government, education, enterprise IT
• Trend: Spike in state-backed zero-day exploitation vs. past years

Infostealer Compilation Releases Mass Credentials

While this is not a new breach, many major platforms have advised users to reset their credentials and adopt MFA. This was an aggregation of credentials stolen over years.

• Records: ~16 billion credentials leaked globally
• Stolen credentials: Plaintext usernames/passwords, URLs
• Market: Consumer & enterprise across all digital platforms
• Trend: 312% increase in breach victims in 2024 vs 2023

Retail Gets Couped: Co-op Group Data Breach

The cyberattack at the Co-op Group is now confirmed to have involved the personal data of all 6.5 million members.

• Records: 6.5 million member records
• Stolen credentials: Names, addresses, birth dates, contact info
• Market: Retail (UK grocery cooperative)
• Trend: Higher than prior year’s retail breaches

Air Travelers Beware: Qantas Customer Database Breach

In one of the country’s biggest cyber breaches in years, Australia’s Qantas Airways disclosed a breach of customer records in July 2025.

• Records: ~6 million customer records
• Stolen credentials: Personal identifiers and frequent‑flyer IDs
• Market: Airline/travel
• Trend: Increase from sporadic airline breaches; linked to Scattered Spider tactics

Luxury Segment Targeted: Louis Vuitton Global Data Breach

In a trend of targeting luxury brands, Louis Vuitton is the latest to fall.

• Records: ~419,000 customers in Hong Kong; global impact ~400k+
• Stolen credentials: Names, DOB, passport numbers—no financial/ password data
• Market: Luxury retail
• Trend: Luxury segment sharply targeted; mirror of attacks on Qantas, Co-op

Key Trends and What They Mean for Your Business

Looking at these significant events, a few critical trends emerge that every business leader should be aware of:

• Record-Setting Scale: Cloud breaches have truly shattered previous records, with over 50 billion records exposed. This underscores the immense responsibility of cloud providers and the need for businesses to thoroughly vet their cloud security.
• Credentials Remain the Top Target: Over 30% of all breaches in the past year involved stolen credentials. This statistic alone should drive your security strategy.
• Sector-Specific Risks are Escalating: While all businesses are targets, cloud, telecommunications, and healthcare continue to lead in data exposure, facing unique and intensified risks.
• Year-over-Year Increase: We’re seeing a significant 25% year-over-year increase in healthcare and government data exposure, indicating that these sectors are under constant, growing pressure.

Your Best Defense: Actionable Mitigation Practices

So, what can your business do to protect itself? The good news is that many effective mitigation strategies are within your reach.

1. Enforce Multi-Factor Authentication (MFA): This is perhaps the single most impactful step you can take. By requiring a second form of verification beyond just a password, you significantly reduce the risk of credential theft leading to a full breach. If a hacker gets a password, they still can’t get in without that second factor.
2. Mandate Strong Password Hygiene: Move beyond simple passwords. Encourage (or enforce) the use of long, complex, and unique passwords for every service. Consider using password managers to help your employees manage these securely. Password rotation when warranted and eliminating password reuse are also crucial.
3. Vet Third-Party Vendors Rigorously: The Snowflake breach is a prime example of how a third-party vendor’s vulnerability can become your own. Before partnering with any vendor that handles your data, conduct thorough security assessments, understand their security posture, and ensure contractual obligations for data protection are in place.
4. Maintain Active Incident Response Playbooks: It’s not a matter of if a breach will occur, but when. Having a well-defined and regularly practiced incident response playbook is crucial. Your playbook should outline the steps to take immediately after a breach is detected, helping to minimize damage, ensure proper communication, and facilitate a swift recovery.

The Path Forward

The past year has delivered some tough lessons, but also clear guidance. Cybersecurity is no longer just an IT concern; it’s a fundamental business imperative.

By understanding the threats, implementing robust best practices, and fostering a culture of security within your organization, you can significantly enhance your resilience against the evolving cyber landscape.

Want a jumpstart on identifying your vulnerabilities? Contact Cyber Solutions Technologies today for an expert consultation.

Photo by Glenn Carstens-Peters on Unsplash