The most notable data breaches of 2024

The most notable data breaches of 2024: lessons learned, or history repeated?

Data has become one of the most valuable commodities on Earth. It drives business decisions, fuels economies and underpins every digital interaction we have. A decade ago, thieves might have targeted vaults and safe-deposit boxes. Now, their eyes are on servers and cloud storage.

The financial gains to be had from exploiting systems vulnerabilities, or from the sale of stolen data, are significant. So too are the costs associated with mitigating the fallout of a data breach. Earlier this year IBM revealed the average global cost of a data breach in 2024 reached $4.88 million.

2024 was a typical year, with a significant number of breach incidents reported around the world. As businesses plan for 2025, it’s important to reflect and apply what we have learned to prepare for a more secure new year. This retrospective doesn’t just recount the numbers but delves into what happened, to whom, and whether lessons have been learned to prevent future incidents.

What can we say about 2024? The number of records exposed in breaches continues to rise, with billions of sensitive data points compromised globally. Despite advancements in security tools, the challenge of protecting data across increasingly complex infrastructures remains critical.

Here, we highlight five notable breaches from 2024, explore their impacts, and consider what they tell us about the current state of cybersecuritycybersecurity. These breaches demonstrate the evolving landscape of cyber threats and the urgent need for enhanced security measures.

 

Notable data breaches in 2024

1. National Public Data Breach – US
   • Date: April 2024
   • Impact: Approximately 2.9 billion Social Security records exposed sensitive personal information.
   • Details:
     The National Public Data Breach exposed the Social Security records of nearly every American citizen, creating a profound ripple effect across financial institutions and government. Hackers exploited vulnerabilities in outdated server infrastructure maintained by Jerico Pictures, a contractor for federal data management.Investigations revealed that encryption standards were either insufficient or improperly implemented, leaving sensitive data unprotected. The breach sparked widespread criticism of government data policies and prompted urgent legislative hearings. Organisations scrambled to address fraud and identity theft concerns as Social Security numbers, addresses, and financial details became widely available on the dark web. The case remains a pivotal lesson in the need for government accountability in data security.
2. Chinese Hackers Target U.S. Telecommunications – US
   • Date: November 2024
   • Impact: Tens of millions of customer records accessed through major telecommunication providers.
   • Details:
     In this sophisticated cyberattack, Chinese state-sponsored hackers known as Salt Typhoon breached major U.S. telecommunication providers, accessing Call Detail Records (CDR) that revealed customer call logs, locations and duration of calls. This type of data, while not including message content, is highly valuable for espionage and surveillance purposes.The attackers leveraged zero-day vulnerabilities in network systems, bypassing multi-layered firewalls and monitoring tools. Security experts warned that this breach not only endangered consumer privacy but also posed significant risks to military and government communication channels. The incident triggered a re-evaluation of telecom supply chain security, with calls for stricter collaboration between private providers and federal agencies.The activities attributed to Salt Typhoon highlight a broader trend in cyber espionage: the strategic collection of encrypted data in anticipation of future decryption capabilities. This approach, observed across multiple state actors, raises concerns about long-term data security as quantum computing advances. While quantum-resistant encryption methods are being developed, the stockpiling of encrypted data poses potential future risks to organisations that haven’t implemented forward-looking cryptographic protections.This ‘harvest now, decrypt later’ approach is particularly concerning for network traffic, where inadequately encrypted data-in-motion can be intercepted and stored indefinitely.
3. Snowflake Customer Data Breach – US
   • Date: April 2024
   • Impact: Over 165 companies’ data compromised.
   • Details:
     Alexander “Connor” Moucka masterminded the breach of over 165 companies’ data stored on Snowflake’s cloud platform. Moucka exploited misconfigured permissions and API vulnerabilities to siphon data over several months. This breach illuminated a growing threat in shared cloud environments: the ability of attackers to target centralised platforms housing critical business data.It also emphasised the importance of zero-trust frameworks and multi-factor authentication in minimising exposure. Snowflake faced backlash for delayed detection of the breach and inadequate customer notifications, leading to increased scrutiny of cloud service providers. Moucka’s arrest and subsequent extradition highlighted international cooperation in addressing cybercrime.
4. Change Healthcare Ransomware Attack – US
   • Date: February 2024
   • Impact: The largest-ever breach of protected health information, affecting 100 million Americans.
   • Details:
     The ransomware attack on Change Healthcare paralysed operations for weeks, with hackers demanding an unprecedented ransom of $60 million in cryptocurrency. The breach exposed the healthcare sector’s vulnerability to ransomware, as attackers accessed and encrypted sensitive medical records, billing data and insurance information.As one of the largest providers of health information technology in the US, Change Healthcare’s compromised data included Social Security numbers, diagnostic codes and insurance claim details, affecting over 100 million individuals. The attack spurred debates on the necessity of mandatory cybersecuritycybersecurity frameworks for healthcare organisations, with experts advocating for sector-wide adoption of real-time threat detection and data segmentation.
5. IntelBroker’s Breach Series – Multiple
   • Date: Throughout 2024
   • Impact: Confidential data from organisations like Acuity, Europol, Apple and AMD stolen.
   • Details:
     IntelBroker, a shadowy hacking syndicate, executed a string of cyber-attacks targeting high-profile organisations like Cisco, Nokia, Europol, Apple and AMD. Using a combination of phishing campaigns and zero-day exploits, the group gained access to trade secrets, proprietary technologies and confidential user data. The stolen information ranged from Europol’s classified investigation files to AMD’s semiconductor designs.IntelBroker’s actions highlighted the evolving sophistication of organised cybercrime, capable of breaching even the most secure networks. Their attacks raised alarms about the inadequacy of current cybersecuritycybersecurity measures, with experts urging businesses to invest in predictive analytics, continuous network monitoring and employee training to mitigate insider risks.

 

The impact of a breach: why it matters

Data breaches ripple through organisations and individuals alike, leaving financial, operational and emotional scars. The $4.88 million figures quoted in the 2024 IBM Cost of a Data Breach Report reflects a range of direct and indirect consequences:

1. Financial losses
   Companies face direct costs like forensic investigations, alongside regulatory fines (e.g., GDPR violations) and legal settlements, such as Capital One’s $190 million payout following a 2019 breach.
2. Reputational damage
   A breach’s publicity can erode customer trust and brand loyalty. Publicly traded companies often see stock prices tumble post-breach, further amplifying losses.
3. Operational disruption
   Downtime during investigations and recovery efforts halts productivity, while inadequate backup systems can result in permanent data loss.
4. Intellectual property loss
   Stolen trade secrets, like those leaked by IntelBroker, can lead to competitive disadvantages.
5. Customer and partner attrition
   A tarnished reputation drives customers and partners to reconsider their relationships, leading to lost revenue and weakened supply chains.
6. Identity theft and personal risk
   Individuals bear the brunt of exposed personal information, often facing identity theft, financial fraud or emotional distress.
7. Regulatory scrutiny and compliance costs
   Post-breach investigations tighten oversight, forcing organisations to adopt stricter security measures.

 

Are lessons being learned?

Despite heightened awareness, significant gaps in cybersecurity remain. In 2022, only one-third of sensitive data in the Cloud was encrypted, and while many enterprises claim to have encryption strategies, execution lags far behind planning.

The breaches of 2024 highlight recurring challenges:

• Cloud Security Risks: The Snowflake breach illustrates how shared environments require better encryption and monitoring.
• Critical Infrastructure Vulnerabilities: Incidents like the telecom infiltration underscore the urgency of protecting national assets.
• Healthcare Weaknesses: Change Healthcare’s ransomware attack shows the sector’s under-preparedness for modern threats.

These breaches serve as a stark reminder that many vulnerabilities are preventable with proactive measures such as encryption. These recent breaches highlight a long history of exposed network vulnerabilities that could have been mitigated through robust encryption protocols. Understanding key encryption use cases can help organizations implement effective safeguards to protect sensitive data.

 

Conclusion

The onus is on organisations to adopt proactive cybersecurity measures, including encryption, regular audits, employee training and incident response plans. By prioritising encryption of all confidential data, organisations can safeguard their sensitive information, build trust with customers, and ensure business continuity in the face of evolving cyber threats. Governments, too, must legislate stronger compliance standards and invest in critical infrastructure defences.

While technical advancements in cybersecurity are promising, the human and organisational elements remain weak links. As we look ahead, the focus must shift from reactive responses to preventative strategies, ensuring that lessons from these incidents translate into meaningful change.

If 2024 has taught us anything, it’s that data security is a moving target. Whilst the breaches we have examined span industries, technologies and nations, they all underscore how vital it is to adapt and fortify. Let’s get 2025 started securely and safely. The stakes—financial, reputational and personal—are simply too high to ignore.