These are the 7 most devastating data breaches. Now what?

In recent months, we’ve witnessed a shocking wave of data breaches that have put the personal information of millions at risk. With our online lives becoming more exposed than ever, it’s essential to grasp the scale of these incidents and what they mean to us. We’ll look at the seven biggest data breaches of 2024, revealing the staggering number of records compromised and the potential dangers for both individuals and businesses.

From AT&T’s concerning double breaches to Ticketmaster’s enormous leak, the fallout from these incidents highlights just how important it is to take cybersecurity seriously. We’ll also discuss some practical steps you can take to protect your information in today’s volatile online environment.

For more current data breaches since the time this article was published, please see our list here.

 

 

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

 

 

1) The AT&T double whammy

AT&T’s cybersecurity woes in 2024 have been nothing short of catastrophic. The telecom giant faced not one but two major data breaches, leaving millions of customers vulnerable and exposed. In March 2024, AT&T confirmed a significant data breach affecting approximately 73 million customers. This breach included sensitive information such as Social Security numbers, account numbers, passcodes, full names, email addresses, dates of birth, and phone numbers. The compromised data, believed to originate from 2019 or earlier, was discovered on the dark web. This incident followed a previous cyberattack in January 2023 that impacted 9 million users, highlighting a troubling pattern of security vulnerabilities.

Just as the dust was settling from the March breach, AT&T was hit with another devastating blow in July. This time, cybercriminals managed to steal call and text records of “nearly all” AT&T customers – an estimated 110 million individuals. The breach extended over a six-month period in 2022, with some cases stretching even longer. The data wasn’t stolen directly from AT&T’s systems, but from an account, it had with data giant Snowflake. While the stolen data didn’t include call or text content, it revealed metadata such as who called whom and when. The breach also affected non-customers whose numbers were called by AT&T customers during the affected period.

Credit: AT&T

 

DATA BREACH VICTIMS SKYROCKETS OVER 1,100%: HOW TO PROTECT YOURSELF 

 

2) Ticketmaster’s ticketing tragedy

In May 2024, Ticketmaster Entertainment faced a staggering breach that dwarfed even AT&T’s woes. The hack resulted in the compromise of over 560 million customer records. This massive breach included order history, payment information, names, addresses, and email data. The severity of this breach cannot be overstated. With over half a billion records exposed, it represents one of the largest data breaches in history. Ticketmaster responded by sending emails to affected customers, advising them to monitor their accounts and credit statements closely.

Credit: Ticketmaster

 

MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS

 

3) The MoveIt mayhem

While not as widely publicized, the MoveIt breach was a silent killer. It impacted 77 million individuals across 2,600 companies globally. The Clop malware gang exploited a security flaw, causing an estimated $12 billion in damages worldwide. This breach shows how a single vulnerability can have far-reaching consequences across industries.

 

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

 

4) Dell’s digital disaster

Dell, a titan in the tech industry, wasn’t spared from 2024’s cybersecurity onslaught. In May, the company faced a major cyberattack that potentially affected 49 million customers. The breach was particularly sophisticated. Hackers created authorized partner accounts to infiltrate Dell’s systems. They launched a brute-force attack, sending over 5,000 requests per minute for nearly three weeks without detection. Sensitive customer data, including home addresses and order details, may have been compromised. While financial details were reportedly not breached, the stolen data is now being sold on hacker forums.

Credit: Dell

 

5) The National Public Data disaster

The crown jewel of 2024’s data breaches came from National Public Data. An eye-watering 2.7 billion records were leaked, including sensitive personal information like Social Security numbers, physical addresses, and possible aliases. This breach underscores the massive scale at which our data is collected and the catastrophic consequences when it’s not properly protected.

 

6) CMS alerts nearly 1 million Medicare beneficiaries to data breach

The Centers for Medicare & Medicaid Services (CMS) notified 946,801 Medicare beneficiaries that their personal information may have been compromised in a data breach last year. The incident involved a security vulnerability in the MOVEit file transfer software used by Wisconsin Physicians Service Insurance Corp., a CMS contractor. Exposed data potentially included names, addresses, Social Security numbers, and Medicare Beneficiary Identifiers. This breach follows a similar incident reported in July 2023, affecting approximately 612,000 Medicare beneficiaries. These events underscore the ongoing challenges in protecting sensitive healthcare data and the importance of remaining vigilant about personal information security.

 

7) MC2 Data’s major breach puts millions at risk

On August 7th, 2024, Cybernews researchers discovered that MC2 Data, a background check firm, had left an unprotected database containing 2.2TB of personal data accessible online without password protection. The exposed database contained 106,316,633 records with private information about U.S. citizens, affecting an estimated 100 million individuals. The leaked data included names, emails, IP addresses, encrypted passwords, partial payment information, home addresses, dates of birth, phone numbers, property records, legal records, family information, and employment history. Additionally, the data of 2,319,873 MC2 Data subscribers, including individuals and organizations requiring background checks, was also exposed.

 

The ripple effect

The impact of these breaches extends far beyond the immediate theft of data. Financial losses are a significant concern, as individuals face the risk of identity theft and fraud, while companies may incur significant fines, legal costs, and lost revenue.

Reputational damage is another major consequence, as trust is the currency of the digital age, and these breaches severely erode customer confidence, potentially leading to reduced sales and business opportunities.

Legal ramifications are also a concern, with companies like AT&T now facing class-action lawsuits, adding to the financial and reputational toll. Operational disruption is common, as affected businesses often experience downtime and increased costs as they work to restore systems and implement new security measures. Privacy violations are a long-term risk for individuals, including potential blackmail, stalking, or other forms of exploitation.

 

How to protect yourself from data breaches?

These breaches highlight a critical need for both companies and individuals to step up their cybersecurity game. Here are some key takeaways to protect yourself:

1) Change your passwords

If a data breach has leaked your passwords, change it immediately. Hackers could use your password to access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc.

You want to do this on another device so the hacker isn’t recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely. Changing passwords should be a part of your general cybersecurity hygiene, even if you’re not affected by a data breach.

 

2) Enable two-factor authentication

Activate two-factor authentication (2FA) for an extra layer of security on all your important accounts, including email, banking, and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.

 

3) Monitor your accounts and transactions

If you have been affected by a data breach, check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, immediately report it to the service provider or authorities. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.

 

4) Contact your bank and credit card companies

If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.

 

5) Use personal data removal services

Consider investing in personal data removal services that specialize in continuously monitoring and removing your personal information from various online databases and websites. Hackers are also stealing your IDs to validate the data. These IDs can be misused in more ways than you can imagine, including impersonation.

A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.

Special for CyberGuy Readers (60% off):  Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 175+ data brokers. You can add up to 3 emails, 3 home addresses and 3 phone numbers (U.S. citizens only) and have them removed from data-broker databases. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.

Get Incogni here

Get Incogni for your family (up to 4 people) here

 

6) Sign up for identity theft protection

If you’re certain that your personal information has been leaked in a data breach, sign up for an identity theft protection service. It can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account. These services can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

My top recommendation is Identity Guard. One of the best parts of using Identity Guard is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.

CyberGuy’s Exclusive Offer: Get the Identity Guard Ultra protection to protect your identity and credit for as little as $9.99/mo (lowest offered anywhere) for the first year. 

See my tips and best picks on how to protect yourself from identity theft.

Best identity theft protection services 2024

 

7) Alert your contacts

If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.

 

8) Have strong antivirus software

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.  

Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Best Antivirus Protection 2024

 

9) Keep your software and systems updated

Regularly updating your software and operating systems is crucial for maintaining strong cybersecurity. When software companies release updates, they often include security patches that address newly discovered vulnerabilities. By installing these updates promptly, you close potential entry points for hackers.

To make this process easier, consider enabling automatic updates on most devices and software, ensuring that you are always running the latest, most secure versions. It is also important to remember to update all your devices, including smartphones, tablets, smart home devices, and any other internet-connected gadgets, as they all require regular updates.

In addition to software updates, check for firmware updates on devices like routers, which may require manual intervention. Visit the manufacturer’s website periodically to ensure you have the latest firmware installed.

Be cautious with software that has reached its end-of-life status, as it will no longer receive important security updates. If you find yourself using unsupported software, consider replacing it with a supported alternative.

Restarting your devices regularly can also be beneficial, as some updates require a system reboot to take effect fully. Therefore, reboot your devices periodically to ensure all updates are properly installed. Lastly, don’t neglect your mobile apps; regularly updating the apps on your smartphone and tablet is essential for maintaining security.

By keeping all your software and systems up-to-date, you significantly reduce the risk of falling victim to known vulnerabilities that hackers might exploit in outdated versions.

 

Kurt’s key takeaways

As we sail through the turbulent cybersecurity waters of 2024, it’s clear that no organization is immune to data breaches. The incidents at AT&T, Ticketmaster, MoveIT, National Public Data, CMS, Dell, and MC2 Data are stark reminders of the ever-present threats in our digital world. For you, as an individual, staying vigilant is key. Regularly monitoring your accounts, using strong and unique passwords, and enabling two-factor authentication can go a long way in mitigating risks. As we move forward, it’s crucial for both businesses and consumers like you to stay informed, adapt to evolving threats, and prioritize data security. Remember, a proactive approach to cybersecurity helps protect not just your data but your peace of mind as well.

What steps do you think companies should take to be more accountable for protecting our personal information, and how can we, as consumers, encourage them to prioritize cybersecurity? Let us know in the comments below. 

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2024 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

Related posts

Massive data breach at federal credit union exposes 240,000 members

Here are 10 reasons you need a VPN at home

Unbeatable Holiday deals extended

1 comment

Frances S. October 11, 2024 - 5:18 pm
Thanks for sharing valuable info! I'd really like to know why so many companies have our personal information to begin with? I never gave my permission, yet there are countless companies that collect our information, including the U.S. government who only sell our info to others and can't protect any of it or won't protect it.
Add Comment