https://techcrunch.com/2024/07/16/2024-in-data-breaches-1-billion-stolen-records-and-rising/ TechCrunch Logo Login * Search * Startups * Venture * Apple * Security * AI * Apps * Events * Startup Battlefield * More + Fintech + Cloud Computing + Layoffs + Hardware + Google + Microsoft + Transportation + EVs + Meta + Instagram + Amazon + TikTok + Newsletters + Podcasts + Partner Content + Crunchboard Jobs + Contact Us Search [ ] Featured Article The biggest data breaches in 2024: 1 billion stolen records and rising Thanks to UnitedHealth, Snowflake and AT&T (twice) Zack Whittaker 1:20 PM PDT * July 16, 2024 Comment render of a data breachImage Credits: Bryce Durbin (opens in a new window) We're over halfway through 2024, and already this year we have seen some of the biggest, most damaging data breaches in recent history. And just when you think that some of these hacks can't get any worse, they do. From huge stores of customers' personal information getting scraped, stolen and posted online, to reams of medical data covering most people in the United States getting stolen, the worst data breaches of 2024 to date have already surpassed at least 1 billion stolen records and rising. These breaches not only affect the individuals whose data was irretrievably exposed, but also embolden the criminals who profit from their malicious cyberattacks. Travel with us to the not-so-distant past to look at how some of the biggest security incidents of 2024 went down, their impact and. in some cases, how they could have been stopped. AT&T's data breaches affect "nearly all" of its customers, and many more non-customers For AT&T, 2024 has been a very bad year for data security. The telecoms giant confirmed not one, but two separate data breaches just months apart. In July, AT&T said cybercriminals had stolen a cache of data that contained phone numbers and call records of "nearly all" of its customers, or around 110 million people, over a six-month period in 2022 and in some cases longer. The data wasn't stolen directly from AT&T's systems, but from an account it had with data giant Snowflake (more on that later). Although the stolen AT&T data isn't public (and one report suggests AT&T paid a ransom for the hackers to delete the stolen data) and the data itself does not contain the contents of calls or text messages, the "metadata" still reveals who called who and when, and in some cases the data can be used to infer approximate locations. Worse, the data includes phone numbers of non-customers who were called by AT&T customers during that time. That data becoming public could be dangerous for higher-risk individuals, such as domestic abuse survivors. That was AT&T's second data breach this year. Earlier in March, a data breach broker dumped online a full cache of 73 million customer records to a known cybercrime forum for anyone to see, some three years after a much smaller sample was teased online. The published data included customers' personal information, including names, phone numbers and postal addresses, with some customers confirming their data was accurate. But it wasn't until a security researcher discovered that the exposed data contained encrypted passcodes used for accessing a customer's AT &T account that the telecoms giant took action. The security researcher told TechCrunch at the time that the encrypted passcodes could be easily unscrambled, putting some 7.6 million existing AT&T customer accounts at risk of hijacks. AT&T force-reset its customers' account passcodes after TechCrunch alerted the company to the researcher's findings. One big mystery remains: AT&T still doesn't know how the data leaked or where it came from. Change Healthcare hackers stole medical data on "substantial proportion" of people in America In 2022, the U.S. Justice Department sued health insurance giant UnitedHealth Group to block its attempted acquisition of health tech giant Change Healthcare, fearing that the deal would give the healthcare conglomerate broad access to about "half of all Americans' health insurance claims" each year. The bid to block the deal ultimately failed. Then, two years later, something far worse happened: Change Healthcare was hacked by a prolific ransomware gang; its almighty banks of sensitive health data were stolen because one of the company's critical systems was not protected with multi-factor authentication. The lengthy downtime caused by the cyberattack dragged on for weeks, causing widespread outages at hospitals, pharmacies and healthcare practices across the United States. But the aftermath of the data breach has yet to be fully realized, though the consequences for those affected are likely to be irreversible. UnitedHealth says the stolen data -- which it paid the hackers to obtain a copy -- includes the personal, medical and billing information on a "substantial proportion" of people in the United States. UnitedHealth has yet to attach a number to how many individuals were affected by the breach. The health giant's chief executive, Andrew Witty, told lawmakers that the breach may affect around one-third of Americans, and potentially more. For now, it's a question of just how many hundreds of millions of people in the U.S. are affected. Synnovis ransomware attack sparked widespread outages at hospitals across London A June cyberattack on U.K. pathology lab Synnovis -- a blood and tissue testing lab for hospitals and health services across the U.K. capital -- caused ongoing widespread disruption to patient services for weeks. The local National Health Service trusts that rely on the lab postponed thousands of operations and procedures following the hack, prompting the declaration of a critical incident across the U.K. health sector. A Russia-based ransomware gang was blamed for the cyberattack, which saw the theft of data related to some 300 million patient interactions dating back a "significant number" of years. Much like the data breach at Change Healthcare, the ramifications for those affected are likely to be significant and life-lasting. Some of the data was already published online in an effort to extort the lab into paying a ransom. Synnovis reportedly refused to pay the hackers' $50 million ransom, preventing the gang from profiting from the hack but leaving the U.K. government scrambling for a plan in case the hackers posted millions of health records online. One of the NHS trusts that runs five hospitals across London affected by the outages reportedly failed to meet the data security standards as required by the U.K. health service in the years that ran up to the June cyberattack on Synnovis. Ticketmaster had an alleged 560 million records stolen in the Snowflake hack A series of data thefts from cloud data giant Snowflake quickly snowballed into one of the biggest breaches of the year, thanks to the vast amounts of data stolen from its corporate customers. Cybercriminals swiped hundreds of millions of customer data from some of the world's biggest companies -- including an alleged 560 million records from Ticketmaster, 79 million records from Advance Auto Parts and some 30 million records from TEG -- by using stolen credentials of data engineers with access to their employer's Snowflake environments. For its part, Snowflake does not require (or enforce) its customers to use the security feature, which protects against intrusions that rely on stolen or reused passwords. Incident response firm Mandiant said around 165 Snowflake customers had data stolen from their accounts, in some cases a "significant volume of customer data." Only a handful of the 165 companies have so far confirmed their environments were compromised, which also includes tens of thousands of employee records from Neiman Marcus and Santander Bank, and millions of records of students at Los Angeles Unified School District. Expect many Snowflake customers to come forward. More TechCrunch Get the industry's biggest tech news Explore all newsletters TechCrunch Daily News Every weekday and Sunday, you can get the best of TechCrunch's coverage. Startups Weekly Startups are the core of TechCrunch, so get our best coverage delivered weekly. TechCrunch Fintech The latest Fintech news and analysis, delivered every Tuesday. TechCrunch Mobility TechCrunch Mobility is your destination for transportation news and insight. Email address (required) [ ] Subscribe By submitting your email, you agree to our Terms and Privacy Notice. Tags AT&T, Change Healthcare, cyberattack, cybersecurity, data breach, evergreens, Snowflake, TicketMaster, UnitedHealth Transportation Fisker cleared to sell North American EVs for $46.25 million Sean O'Kane 35 mins ago Fisker has been given the green light by a bankruptcy judge to sell more than 3,000 of its Ocean SUVs to a vehicle leasing company, a deal that will net... Fisker cleared to sell North American EVs for $46.25 million Space Elon Musk vows to move X, SpaceX headquarters from California to Texas Aria Alamalhodaei 2 hours ago Elon Musk is doubling down on his commitment to Texas by vowing to move SpaceX's massive headquarters from its long-time Hawthorne, California home to the Lone Star State. Musk later... Elon Musk vows to move X, SpaceX headquarters from California to Texas Featured Article The biggest data breaches in 2024: 1 billion stolen records and rising Some of the largest, most damaging breaches of 2024 already account for over a billion stolen records. Zack Whittaker 2 hours ago The biggest data breaches in 2024: 1 billion stolen records and risingImage Credits: Bryce Durbin (opens in a new window) Startups After Tesla and OpenAI, Andrej Karpathy's startup aims to apply AI assistants to education Rebecca Bellan 2 hours ago Andrej Karpathy, former head of AI at Tesla and researcher at OpenAI, is launching Eureka Labs, an "AI native" education platform. In tech speak, that usually means built from the... After Tesla and OpenAI, Andrej Karpathy's startup aims to apply AI assistants to education Apps With the latest iOS 18 developer beta, Apple makes flashlight UI more fun Ivan Mehta 4 hours ago Apple initially added a new flashlight UI in iOS 18's third developer beta, and with iOS 18 now available in public beta, you can try one of the most underrated... With the latest iOS 18 developer beta, Apple makes flashlight UI more fun Featured Article Hacked, leaked, exposed: Why you should never use stalkerware apps Using stalkerware is creepy, unethical, potentially illegal, and puts your data and that of your loved ones in danger. Lorenzo Franceschi-Bicchierai 5 hours ago Hacked, leaked, exposed: Why you should never use stalkerware apps Fintech Sequoia bets big on Stripe, LatAm fintechs clean up and one African startup's outsized Series A Mary Ann Azevedo 6 hours ago Welcome to TechCrunch Fintech! This week, we're looking at Sequoia Capital's effort to give its LPs liquidity on the firm's investments in Stripe, how LatAm fintechs are still catching investors'... Sequoia bets big on Stripe, LatAm fintechs clean up and one African startup's outsized Series A AI Anthropic releases Claude app for Android Maxwell Zeff 7 hours ago Anthropic launched its Claude Android app on Tuesday to bring its AI chatbot to more users. This is Anthropic's latest effort to convince users to ditch ChatGPT by making Claude... Anthropic releases Claude app for Android Venture VC David Sacks delivers a fire-and-brimstone speech at the Republican National Convention Margaux MacColl 7 hours ago On the first night of the RNC, venture capitalist David Sacks took the stage to warn Republicans of "a world on fire." VC David Sacks delivers a fire-and-brimstone speech at the Republican National Convention Apps iOS 18 could 'sherlock' $400M in app revenue Sarah Perez 7 hours ago Apple's changes may affect apps that today have an estimated $393 million in revenue and have been downloaded roughly 58 million times over the past year. iOS 18 could 'sherlock' $400M in app revenue Apps WhatsApp introduces 'Favorites' for quick access to contacts and groups that matter most Jagmeet Singh 8 hours ago WhatsApp is rolling out a "Favorites" filter to let you quickly access chats and groups for sending them new messages or making calls. WhatsApp introduces 'Favorites' for quick access to contacts and groups that matter most TechCrunch Disrupt 2024 Perplexity's Aravind Srinivas on accelerating everyday AI at TechCrunch Disrupt 2024 Devin Coldewey 8 hours ago As AI competition heats up, Perplexity has proven resilient due to its focus on using the technology strictly as a tool to let people "learn anything in their own way."... Perplexity's Aravind Srinivas on accelerating everyday AI at TechCrunch Disrupt 2024 Gaming A company building Wordle for chess raises money from a16z Speedrun, Mark Pincus and Eric Wu Ivan Mehta 9 hours ago Echo Chunk, a company that is building Wordle-styled daily chess puzzle game Echo Chess, has raised $1.4 million in pre-seed from a16z Speedrun (Andreessen Horowitz's early stage games accelerator), founder... A company building Wordle for chess raises money from a16z Speedrun, Mark Pincus and Eric Wu Startups YC-backed CrowdVolt shakes up the secondary ticket market with its bid-ask model Lauren Forristal 9 hours ago CrowdVolt operates on a model similar to sneaker resell marketplace StockX, meaning buyers submit bids on tickets, and sellers set asking prices. YC-backed CrowdVolt shakes up the secondary ticket market with its bid-ask model Government & Policy Microsoft faces UK antitrust probe after hiring Inflection AI founders and employees Paul Sawers 9 hours ago U.K. authorities have until early September to decide whether the hiring is tantamount to a merger. Microsoft faces UK antitrust probe after hiring Inflection AI founders and employees Security Kaspersky to shut down US operations, lay off employees after US government ban Zack Whittaker 9 hours ago The Russia-based security software maker said its U.S. business is "no longer viable" following a U.S. Commerce Department sales ban. Kaspersky to shut down US operations, lay off employees after US government ban Apps Popular podcast player Overcast has been rebuilt from the ground up for its second decade Ivan Mehta 10 hours ago Developer Marco Arment launched the popular podcasting app Overcast a decade ago. Now, he has rebuilt and redesigned the app for the current era. While most of the changes aren't... Popular podcast player Overcast has been rebuilt from the ground up for its second decade Startups Exa raises $17M from Lightspeed, Nvidia, Y Combinator to build a Google for AIs Julie Bort 10 hours ago While there's no shortage of startups aiming to replace Google with AI-powered search, a startup called Exa has a different idea. Search for the AIs. Exa raises $17M from Lightspeed, Nvidia, Y Combinator to build a Google for AIs Fintech Astor's 'community' approach to financial advice aims to help women feel more confident about investing Christine Hall 10 hours ago Astor is a free personal finance platform for women that merges community and investing in an approachable way, came to be. Astor's 'community' approach to financial advice aims to help women feel more confident about investing Fundraising Female-founded startups have raised $15.5 billion so far this year, but that's not really good news Dominic-Madori Davis 11 hours ago The reality of the situation is that startups with all women founders will still probably raise 2% of venture capital funding this year. Female-founded startups have raised $15.5 billion so far this year, but that's not really good news Biotech & Health Ultrahuman's smart ring gets FDA-approved AFib detection Natasha Lomas 12 hours ago The smart ring has long played second fiddle to the smart watch. While tech giants like Apple and Google duked it out over wrists for years, the ring has been... Ultrahuman's smart ring gets FDA-approved AFib detection Government & Policy Byju's, once valued at $22 billion, faces insolvency proceedings Manish Singh 12 hours ago An Indian court has initiated insolvency proceedings against edtech giant Byju's, once-valued at $22 billion. Byju's, once valued at $22 billion, faces insolvency proceedings Apps Uber just added a way to search for rides in other cities-- here's how to use it Lauren Forristal 13 hours ago As Uber gears up for the summer travel season, the company announced Tuesday a new feature to ease the planning process for riders. The feature offers a convenient way for... Uber just added a way to search for rides in other cities-- here's how to use it Featured Article Toddle wants to 'change how we build software' with a collaborative visual web app builder Danish startup Toddle has launched a no-code web app builder that's designed as a full-featured alternative to Javascript frameworks. Paul Sawers 13 hours ago Toddle wants to 'change how we build software' with a collaborative visual web app builder AI Presti is using GenAI to replace costly furniture industry photo shoots Romain Dillet 16 hours ago If you've ever bought a sofa online, have you thought about the homes you can see in the background of the product shots? When it's time to release a new... Presti is using GenAI to replace costly furniture industry photo shoots Startups Google backs Indian open source Uber rival Manish Singh 17 hours ago Google has become one of the latest investors in Moving Tech, the parent firm of Indian open source ridesharing app Namma Yatri that is quickly capturing market share from Uber... Google backs Indian open source Uber rival Apps At last, Apple's Messages app will support RCS and scheduling texts Sarah Perez 18 hours ago These messaging features, announced at WWDC 2024, will have a significant impact on how people communicate every day. At last, Apple's Messages app will support RCS and scheduling texts Apps Here are all the devices compatible with iOS 18 Lauren Forristal 23 hours ago iOS 18 will be available in the fall as a free software update. Here are all the devices compatible with iOS 18 Commerce Some teens under 18 may have have access to TikTok Shop, despite adults-only policy Sarah Perez 23 hours ago The tests indicate there are loopholes in TikTok's ability to apply its parental controls and policies effectively in a situation where the teen user originally lied about their age, as... Some teens under 18 may have have access to TikTok Shop, despite adults-only policy Startups Lhoopa raises $80M to spur more affordable housing in the Philippines Jagmeet Singh 23 hours ago Lhoopa has raised $80 million to address the lack of affordable housing in Southeast Asian markets, starting with the Philippines. Lhoopa raises $80M to spur more affordable housing in the Philippines About * TechCrunch * Staff * Contact Us * Advertise * Crunchboard Jobs * Site Map Legal * Terms of Service * Privacy Policy * RSS Terms of Use * Privacy Placeholder 1 * Privacy Placeholder 2 * Privacy Placeholder 3 * Privacy Placeholder 4 * Code of Conduct * About Our Ads Trending Tech Topics * Kasperskyz * iOS 18 * Byju's * RNC * X and SpaceX HQs * Tech Layoffs * ChatGPT * Facebook * X * YouTube * Instagram * LinkedIn * Mastodon * Threads (c) 2024 Yahoo. All rights reserved. Powered by WordPress VIP