These were the poorly managed data breaches of 2024

for last few yearsThere is TechCrunch looked back hopefully the worst, poorly managed data breaches and security incidents – maybe! — other corporate giants will be careful and avoid making some of the same disasters of yesterday. To no one’s surprise, we’re re-listing many of the same bad behaviors from an entirely new class of companies this year.

23andMe blamed users for massive data breach

Last year, genetic testing giant 23andMe lost the genetic and ancestry data of nearly 7 million customers, thanks to a data breach that saw hackers brute force thousands of accounts to break into millions more. 23andMe has of late introduced multi-factor authentication, a security feature that can prevent account hacking.

It bought 23andMe on New Year’s Day to distract from sin for mass data theft on victims by claiming they did not adequately protect their users’ accounts. Lawyers representing a group of hundreds of 23andMe users suing the company after the hack said the finger-pointing was “absurd.” UK and Canadian authorities soon 23andMe announced a joint investigation into the data breach last year.

23andMe at the end of the year dismissed 40% of its employees as the beleaguered company faces an uncertain financial future extensive bank of genetic data of the company’s clients.

Change Healthcare took months to confirm that hackers had stolen most of America’s health information

Change Healthcare is a healthcare technology company few people had heard of until this February, when a cyberattack forced the company to shut down its entire network. immediate and widespread outages in the United States and has shut down much of the US health care system. Change, owned by health insurance giant UnitedHealth Group, handles payment and insurance for thousands of health care providers and medical practices, processing somewhere between one-third and one-half of all health care transactions in the United States each year.

Company hacking — resulting from a breach primary user account with lack of multi-factor authentication — was criticized by Americans who couldn’t get their medications refilled or get a hospital stay; health care workers affected by a cyber attack and lawmakers upset over the hacking of the company’s CEO during a May congressional hearing. Transform healthcare paid a ransom of 22 million dollars to hackers — helps cybercriminals profit from cyberattacks that the feds have long warned about — only buy a new ransom to ask else hacker group to delete their stolen data.

In the end, it took until October — nearly seven months later — to discover that more than 100 million people’s personal health information had been stolen in a cyberattack. Granted, it had to take some time, because by all accounts, it was the biggest healthcare data breach of the yearat least.

The Synnovis hack disrupted UK health services for months

The NHS has faced months of disruption this year after London-based pathology services provider Synnovis was hit by a ransomware attack in June. The alleged attack by the Qilin ransomware group left patients in south-east London unable to get blood tests from their doctors for more than three months and caused thousands of outpatient appointments and more than 1,700 surgeries to be cancelled.

The one in the attack light specialists Unite, the UK’s leading trade union, could have been prevented if two-factor authentication had been introduced. announced Synnovis staff will be on vacation for five days in December. Unite said the incident “had an alarming impact on staff who were forced to work overtime and without access to key computer systems for months while dealing with the attack”.

It is not known how many patients were affected by the incident. The Qilin ransomware group claims to have leaked 400 gigabytes of sensitive data it allegedly stole from Synnovis, including patient names, healthcare system registration numbers and descriptions of blood tests.

Snowflake client hacks have turned into massive data breaches

Cloud computing giant Snowflake has found itself at the center of a series of massive attacks this year targeting corporate customers such as AT&T, Ticketmaster and Santander Bank. Who were the hackers? later, a criminal case was opened regarding the interferenceCompanies that rely on Snowflake were hacked using credentials stolen by malware found on employees’ computers. Because Snowflake did not enforce multi-factor security, hackers were able to break into and rob major banks. data stored by hundreds of Snowflake customers and hold the data for ransom.

Snowflake, in turn, said a little about the events of that timebut admitted that the breaches were caused by a “targeted campaign targeting users with one-factor authentication”. Snowflake then introduced a multi-factor-standard to its customers, hoping to avoid a repeat incident.

The city of Columbus, Ohio is suing a security researcher for providing untruthful information about a ransomware attack

When the city of Columbus, Ohio, reported a cyberattack over the summer, Mayor Andrew Ginter moved to reassure concerned residents that the stolen city data was “encrypted or compromised” and useless to the hackers who stole it. All the while, a security researcher tracking data breaches on the dark web for his job found evidence of a ransomware crew. actually had access to residents’ information — at least half a million people — their Social Security numbers and driver’s licenses, as well as information about arrest records, juveniles and survivors of domestic violence. The researcher warned journalists about the database.

City successfully received the order The city’s objection to the researcher’s sharing of evidence that it found a breach was seen as an act by the city’s security researcher to silence the breach rather than fix it. After the city refused his claim.

Salt Typhoon hacked phone and internet providers thanks to US backdoor law

30 years old back door law has come back to bite This year, after hackers called Salt Typhoon – one of several hacker groups supported by China Creating a digital basis for a possible conflict with the United States — Found on the networks of some of the largest telephone and Internet companies in the United States. Hackers have accessed real-time calls, messages and communications metadata of top US politicians and government officials, including presidential candidates.

Hackers are said to have broken into some companies’ wiretapping systems, which were required to be installed by telecommunications companies after the 1994 law CALEA was passed. Now, thanks to continuous access to these systems and telecom data, companies shop over Americans – the US government now advises US citizens and older Americans using end-to-end encrypted messaging apps so no one, not even Chinese hackers, will be able to access their private communications.

Moneygram has yet to say how many people had their transaction information stolen in the data breach

US money transfer giant MoneyGram, which has more than 50 million customers, was hacked in September. Company confirmed The incident comes more than a week after customers faced days of unexplained outages, and only disclosed an undisclosed “cybersecurity issue.” MoneyGram did not say whether customer data was taken, but the UK’s data protection watchdog told TechCrunch In late September, it said it received a data breach report from a US-based company indicating that customer data had been stolen.

A few weeks later MoneyGram admitted to being hackers during the cyberattack, it deleted customer information, including Social Security numbers and government identification documents, as well as transaction data such as the dates and amounts of each transaction. The company acknowledged that the hackers also stole criminal investigation data on a “limited number” of customers. MoneyGram has yet to say how many customers had their data stolen or how many customers it directly notified.

After 57 million customer records leaked online, the hot topic remains mom

with 57 million customers were affectedThe October breach of US retail giant Hot Topic goes down as one of the biggest retail data breaches ever. However, despite the massive scale of the breach, Hot Topic has not publicly acknowledged the incident, nor has it notified customers or state attorneys general’s offices of the data breach. The retailer also declined TechCrunch’s multiple requests for comment.

Violation of warning site I have been Pwnedwarned the 57 million affected customers who received a copy of the breached data that the stolen information included their email addresses, physical addresses, phone numbers, purchases, gender and date of birth. The data also includes partial credit card information, including credit card type, expiration dates, and the last four digits of the card number.