Key Takeaways from the Top Cybersecurity Breaches of 2024

2024 has been a year marked by significant cybersecurity breaches that have disrupted services, exposed sensitive data, and highlighted the relentless, ongoing challenges in cybersecurity. From massive data leaks impacting billions of records to ransomware attacks crippling critical infrastructure, the cyber threat landscape has continued to evolve in both scale and sophistication.

In this blog, we’ll explore some of the most noteworthy cyber-attacks of the year, examining their impact and the key takeaways cybersecurity leaders should be aware of.

Mother of All Breaches (MOAB)

2024 began with an unprecedented data leak known as the “Mother of All Breaches” (MOAB). This massive data leak aggregated over 26 billion records from various platforms, including LinkedIn, Twitter, Dropbox, and many others. The breach was a compilation of numerous data breaches, combining both old and new data, which highlighted severe vulnerabilities in data aggregation and storage practices across multiple platforms.

Key Takeaways:

• Implementing immediate password changes and two-factor authentication can mitigate risks.
• Continuous and proactive security audits, including penetration testing and vulnerability scans, are essential to identify and remediate potential vulnerabilities before they can be exploited.

UnitedHealth's Change Healthcare Ransomware Attack

One of the most devastating attacks of 2024 targeted UnitedHealth's Change Healthcare platform a critical hub for healthcare transactions across the United States. The ransomware attack, executed by the notorious BlackCat/ALPHV group, led to an astounding $872 million loss and caused significant disruptions in healthcare payments, affecting up to one-third of Americans.

The ransomware attack began when the BlackCat/ALPHV group exploited a vulnerability in the ChangeHealthcare platform's Citrix portal. The attackers used this entry point to infiltrate the network, deploy ransomware, and encrypt critical systems and data. The immediate impact was a suspension of the platform, which disrupted healthcare transactions nationwide. Hospitals, clinics, and other healthcare providers found themselves unable to process insurance claims, schedule appointments, or access patient records.

Key Takeaways:

• Healthcare organizations need to elevate the safeguarding of patient data to the top of their operational priorities.
• Securing critical systems with multifactor authentication and regular vulnerability assessments is essential.
• The dynamic nature of cyber threats necessitates that healthcare organizations adopt a stance of continuous cybersecurity improvement. 

EquiLend Cyber Attack

In January 2024, the securities lending platform EquiLend was attacked by the LockBit ransomware gang. The attackers used phishing emails to gain initial access, followed by exploiting a known vulnerability in the company's VPN software. This led to significant disruptions in financial services and the compromise of employee data. The breach highlighted the importance of securing financial platforms and the risks posed by phishing and software vulnerabilities​

Key Takeaways:

• Financial services platforms are attractive targets for cybercriminals due to their high-value data
• Employee training on phishing awareness and secure practices is essential to prevent initial access.
• Regularly updating and securing VPN software and other remote access tools is critical.

Bank of America Data Breach

The financial sector continued to be a target, as Bank of America experienced a significant data breach in February 2024. The breach was traced back to a third-party vulnerability at Infosys McCamish Systems, which handles the bank's customer data. Attackers exploited this vulnerability to access sensitive information, including names, social security numbers, and account details.

Key Takeaways:

• Third-party vulnerabilities can pose significant risks to financial institutions.
• Comprehensive vetting and continuous monitoring of third-party services are crucial.
• Financial institutions must enforce strict data protection measures to safeguard customer information.

Ticketmaster Data Breach

In one of the most high-profile breaches linked to the Snowflake attack, over half a billion Ticketmaster customers had their information leaked on the dark web. Data, including full names, addresses, phone numbers, email addresses, and order history, was put up for sale on a hacking forum. The “ShinyHunters” group claimed credit for the leak and reportedly attempted to make a ransom demand before posting the data for sale​

Key Takeaways:

• High-profile companies are major targets for cybercriminals due to the volume of data they handle.
• Data breaches can have long-lasting impacts on customer trust and company reputation.
• Proactive threat detection and response strategies are essential in mitigating breach impacts.

AT&T Data Breach

AT&T experienced a significant data breach in 2024 that compromised the personal information of 7.6 million current customers and 65.4 million former customers. The breach occurred due to a flaw in the company's mobile app API, which allowed attackers to access customer data, including names, phone numbers, email addresses, and billing information.

Key Takeaways:

• Ensuring APIs are secure and regularly tested for vulnerabilities is crucial.
• Encrypting sensitive customer data can help protect it even if access is gained.
• A comprehensive incident response plan is vital to quickly address breaches and mitigate damage.

China-Linked Telecommunications Breach

In August 2024, reports emerged that China-affiliated hackers, identified as the Salt Typhoon group, infiltrated major U.S. telecommunications providers, including AT&T, Verizon, Lumen Technologies, and T-Mobile. The hackers targeted systems related to legal wiretaps and surveillance, posing significant national security concerns.

The breach compromised sensitive data and communications, potentially affecting high-profile individuals and government operations. The U.S. government formed a multi-agency team to address the hack, and measures were taken to crack down on China Telecom's operations in the U.S.

Key Takeaways:

• Telecommunications infrastructure is a prime target for nation-state cyber espionage, necessitating heightened security measures.
• Collaboration between government agencies and private sector companies is crucial to effectively respond to and mitigate the impact of such breaches.

3. Slim CD Payment Processor Breach

Between August 2023 and June 2024, Florida-based payment processor Slim CD experienced a data breach that compromised customer information. The breach was discovered in September 2024, prompting the company to notify affected customers about the potential exposure of their data.

Compromised data included personal and financial information, posing risks of identity theft and financial fraud for affected individuals. The breach underscored vulnerabilities in payment processing systems and the importance of timely detection and response.

Key Takeaways:

• Payment processors must implement stringent security protocols to protect sensitive financial data.
• Regular monitoring and prompt notification to affected customers are essential components of effective breach response strategies.

American Water Works Cyber Incident

In October 2024, American Water Works Co. detected unauthorized activity within its computer networks. The company swiftly disconnected certain systems as a precaution, which prevented significant operational impacts but raised concerns about the vulnerability of critical infrastructure.

Key Takeaways:

• Critical infrastructure entities must maintain vigilant cybersecurity practices to protect essential services.
• Proactive measures and swift responses can prevent operational disruptions even when breaches occur.

Krispy Kreme Cybersecurity Breach

In early December 2024, Krispy Kreme reported unauthorized access to its IT systems, leading to disruptions in online ordering services across parts of the United States. The breach significantly impacted business operations, causing a 2% drop in stock prices and potential revenue losses. The company engaged cybersecurity experts and notified federal law enforcement to investigate and contain the breach.

Key Takeaways:

• Even retail and food service industries are vulnerable to cyber threats, necessitating robust cybersecurity measures.
• Timely incident response and collaboration with cybersecurity professionals are crucial in mitigating operational disruptions.

Conclusion

The cybersecurity breaches of 2024 have demonstrated the increasing sophistication and scale of cyber threats. From ransomware attacks on healthcare and financial institutions to massive data breaches affecting millions, these incidents underscore the urgent need for robust cybersecurity defenses. By learning from these attacks and implementing strong security measures, organizations can better protect themselves against future threats and safeguard their digital assets.

Stay informed about the latest cybersecurity trends and protect your organization from potential threats. Subscribe to our monthly Insights newsletter and explore our resources for further cyber defense strategies.

About ArmorPoint

ArmorPoint, LLC is a managed cybersecurity solution that combines the three pillars of a robust cybersecurity program — people, processes, and technology — into a single solution. Designed by cybersecurity experts, ArmorPoint’s cloud-hosted SIEM technology and extended detection and response capabilities enable businesses to implement a highly-effective, scalable cybersecurity program. With customizable pricing available, every ArmorPoint plan offers a dynamic level of managed security services that support the risk management initiatives of all companies, regardless of available budget, talent, or time. ArmorPoint is developed and powered by Trapp Technology, Inc., a Phoenix-based IT managed services provider. To learn more about ArmorPoint, visit armorpoint.com.