2024 proved to be a tumultuous year for cybersecurity, with a relentless barrage of high-profile cyberattacks of 2024, targeting businesses of all sizes. The sheer scale and sophistication of these incidents underscore the critical need for robust, proactive security measures within the enterprise landscape. In this list of Top Cyberattacks 2024, we will analyze the the top Cyberattacks that rocked the world in 2024.
The Top 15 Cyberattacks 2024
1. The Mother of All Breaches (MOAB)
- Date of Breach: January 2024
- Amount of Data Stolen: Over 26 billion records
- Types of Data: Login credentials (usernames and passwords), other personal information
- Threat Actor: Unknown; a compilation of breaches over several years with potentially new data included.
The Mother of All Breaches (MOAB) lived up to its name, representing a massive data leak comprising 4,144 individual breaches spanning several years. The sheer volume of compromised data – over 26 billion records from sources including Canva, Tencent, Venmo, Adobe, LinkedIn, X (formerly Twitter), Weibo, Dropbox, and Telegram – highlights the devastating potential of aggregated data breaches.
The inclusion of login credentials and personal information poses a significant threat to individuals and organizations alike. The lack of a clearly identified threat actor underscores the challenges in attributing responsibility and preventing similar large-scale attacks. For enterprises, MOAB serves as a stark reminder of the interconnectedness of their data ecosystem and the importance of robust data loss prevention (DLP) strategies.
2. Ticketmaster Cyberattack 2024
- Date of Breach: June 2024
- Amount of Data Stolen: More than 560 million customer records (claimed by ShinyHunters)
- Types of Data: Customer data (specific types not fully detailed in source)
- Threat Actor: ShinyHunters ransomware gang
The Ticketmaster breach, perpetrated by the ShinyHunters ransomware gang, exposed the data of millions of customers. ShinyHunters gained access by stealing login details for Snowflake, Ticketmaster’s cloud storage service. This attack demonstrates the vulnerability of cloud-based data storage and the critical need for multi-factor authentication (MFA) and robust access control measures.
The incident also highlights the potential for ransomware groups to leverage stolen data for extortion beyond financial demands, impacting an organization’s reputation and customer trust. For enterprises, this incident emphasizes the importance of secure cloud infrastructure and the need for rigorous security audits of third-party vendors.
3. Change Healthcare Hack: The Worst of Healthcare Cyberattacks 2024
- Date of Breach: February 2024
- Amount of Data Stolen: Data of approximately 100 million people
- Types of Data: Social security numbers, medical records, patient diagnoses, passport numbers, health insurance plan data, and billing information.
- Threat Actor: APLHV (also known as BlackCat) ransomware gang
The Change Healthcare hack, orchestrated by the APLHV (BlackCat) ransomware gang, impacted roughly a third of Americans. The breadth of compromised data, encompassing sensitive medical records and financial information, highlights the severe consequences of breaches in the healthcare sector.
The attack underscores the critical need for robust security protocols within healthcare organizations and their third-party vendors to protect sensitive patient data. For enterprises, this case study emphasizes the importance of comprehensive data encryption, regular security assessments, and incident response planning.
4. National Public Data Breach
- Date of Breach: December 2023 (data leaked April-Summer 2024)
- Amount of Data Stolen: Allegedly 2.9 billion records
- Types of Data: Names, social security numbers, mailing addresses, email addresses, and phone numbers.
- Threat Actor: USDoD
The National Public Data hack resulted in the alleged exposure of 2.9 billion records, impacting 170 million people across the US, UK, and Canada. The scale of this breach underscores the vulnerability of large datasets containing sensitive personal information. The prolonged period between the initial breach and data leak highlights the challenges in detecting and responding to sophisticated attacks. For enterprises, this incident emphasizes the importance of proactive threat intelligence, robust data monitoring, and effective incident response capabilities.
5. Ascension Health Data Breach
- Date of Breach: May 2024 (discovered in December 2024)
- Amount of Data Stolen: Data of nearly 5.6 million individuals
- Types of Data: Patient records, lab test results, insurance information
- Threat Actor: Ransomware attack (Evidence Points to Black Basta)
Ascension, a major US hospital operator, suffered a ransomware attack in May 2024, the effects of which weren’t fully revealed until December. The breach compromised the data of almost 5.6 million individuals, including sensitive medical information. This incident highlights the vulnerability of the healthcare sector to ransomware attacks and the significant disruption such attacks can cause.
The delay in disclosure underscores the challenges in detecting and containing ransomware infections and the importance of thorough post-incident investigations. For enterprises, particularly in healthcare, this emphasizes the need for robust security infrastructure, regular penetration testing, and comprehensive incident response plans.
6. LoanDepot Breach
- Date of Breach: Unspecified (discovered and reported in December 2024)
- Amount of Data Stolen: Data of approximately 16.9 million customers
- Types of Data: Names, addresses, financial account numbers, phone numbers, and dates of birth
- Threat Actor: Alphv (Blackcat) ransomware group
LoanDepot, a major mortgage lender, experienced a data breach affecting 16.9 million customers. The Alphv (Blackcat) ransomware group was responsible, compromising sensitive personal and financial information. The breach caused operational disruptions lasting almost two weeks, highlighting the significant business impact of ransomware attacks. For enterprises, this emphasizes the need for strong data encryption, robust security monitoring, and effective incident response planning to minimize downtime and financial losses.
7. Krispy Kreme Cyberattack 2024
- Krispy Kreme Cyberattack
- Date of Breach: November 29th, 2024.
- Threat Actor: Claimed by the Play ransomware gang, known for double extortion. Krispy Kreme’s official statements do not confirm this.
- Data Stolen (Allegedly): Sensitive customer and financial data, including personal information, client documents, and financial records. Krispy Kreme has not confirmed the extent of the data breach.
- Impact: Significant disruption to online ordering (a key revenue stream), impacting US operations. The full financial impact is still being assessed.
The Krispy Kreme cyberattack, which began November 29th, 2024, caused significant operational disruptions, primarily affecting its online ordering system in the US. The Play ransomware gang later claimed responsibility, alleging the theft of sensitive customer and financial data, though Krispy Kreme has yet to confirm the extent of the breach or data loss.
8. Snowflake Cyberattack (Related to Ticketmaster Breach)
- Date of Breach: June 2024 (as part of the Ticketmaster breach)
- Amount of Data Stolen: Login credentials for Snowflake account used by Ticketmaster
- Types of Data: Access credentials
- Threat Actor: ShinyHunters ransomware gang
The Snowflake cyberattack, although not a direct breach of Snowflake itself, is significant because it served as the entry point for the ShinyHunters ransomware gang to access Ticketmaster’s customer data. This highlights the vulnerability of third-party vendors and the cascading effect of a security breach within a supply chain.
9. Synnovis Ransomware Cyberattack
- Date of Breach: Around June 3rd, 2024; precise date unknown. Further investigation is needed.
- Threat Actor: Strongly suspected to be the Qilin ransomware gang, known for double extortion tactics.
- Data Stolen: Amount and types unknown, but likely included sensitive patient health information impacting blood testing and other diagnostics.
- Impact: Crippled NHS services in South London, causing cancelled procedures, blood shortages, and a critical incident declaration.
The Synnovis ransomware attack, strongly suspected to be the work of the Qilin ransomware gang, began around June 3rd, 2024, severely disrupting NHS services in South London. The attack impacted pathology services, leading to cancelled procedures, blood shortages, and the declaration of a critical incident. While the exact amount and types of data stolen remain unclear, sensitive patient health information was likely compromised.
10. Discord Messages Leak
- Date of Breach: April 2024
- Amount of Data Stolen: Approximately 4.2 billion messages from 256 million users
- Types of Data: Discord messages (direct messages, public channel messages, etc.)
- Threat Actor: Unknown
The Discord data breach exposed billions of messages from millions of users. The hackers exploited a vulnerability in the platform’s website code. This breach demonstrates the vulnerability of large communication platforms and the vast amount of data they hold. For enterprises, this highlights the importance of secure communication channels and the need to carefully consider the security implications of using third-party communication platforms. Regular security audits and vulnerability assessments are crucial.
11. Double Data Leaks for AT&T
- Date of Breaches: March and July 2024
- Amount of Data Stolen: 7.6 million current and 65.4 million former customers’ data in March; phone numbers and call records of approximately 110 million people in July.
- Types of Data: Personal data (March), phone numbers and call records (July)
- Threat Actor: Unknown for both breaches
AT&T suffered two significant data breaches in 2024. The first exposed the personal data of millions of current and former customers, while the second compromised the phone numbers and call records of nearly all its customers. The lack of publicly available information on how these breaches occurred highlights the challenges in identifying and addressing vulnerabilities.
12. Disney Targeted by Furry Hackers
- Date of Breach: August 2024
- Amount of Data Stolen: Unspecified; focused on internal communications and documents.
- Types of Data: Internal communications, documents, potentially source code.
- Threat Actor: A group calling themselves “Furry Hackers” (likely a misdirection or cover). The true identity and motives remain unclear.
The attack on Disney, attributed to a group calling themselves “Furry Hackers,” targeted internal communications and documents. While the exact amount of data stolen remains unclear, the incident highlights the vulnerability of even the largest corporations to targeted attacks. The use of a seemingly playful name might be a deliberate attempt to downplay the seriousness of the breach or to obfuscate the true perpetrators.
13. Dell Cyberattack
- Dates of Breaches: September 19th, 2024 (first reported breach) and September 22nd, 2024 (second alleged breach).
- Threat Actors: The identity of the actors behind the first breach is unconfirmed. The second alleged breach was claimed by “grep” and “Chucky.”
- Data Stolen (Allegedly): The first breach involved sensitive information of 10,863 Dell employees. The second alleged breach involved 3.5 GB of uncompressed data from Jira, including files, database tables, and schema migrations, accessed via compromised Atlassian tools.
- Impact: Potential exposure of sensitive internal files, including system configurations, user credentials, security vulnerabilities, and development processes. The full impact is still being assessed. Dell has acknowledged the first breach and is investigating.
Dell experienced a second alleged data breach within a week, following an initial breach reported on September 19th, 2024. A hacker, using the alias “grep” on Breach Forums, claimed responsibility for the second incident, stating they and another hacker (“Chucky”) accessed internal systems via compromised Atlassian tools (Jira, Jenkins, Confluence). Dell is investigating the first incident, but has not yet publicly addressed the second.
14. Rhode Island Government Data Breach
- Date of Breach: December 15, 2024
- Amount of Data Stolen: Data of hundreds of thousands of residents
- Types of Data: Social Security numbers, financial details
- Threat Actor: Hackers demanding ransom (specific group not identified)
The Rhode Island government suffered a data breach affecting hundreds of thousands of residents. The compromised data included sensitive personal and financial information. The attackers demanded a ransom, targeting users of government assistance programs. The incident forced the temporary shutdown of the state’s RIBridges system, demonstrating the cascading effects a cyberattack can have on public services. For enterprises, this highlights the critical need for robust cybersecurity measures within government agencies and the importance of protecting vulnerable populations.
15. SRP Federal Credit Union Breach
- Date of Breach: September 5 – November 4, 2024 (discovered in December 2024)
- Amount of Data Stolen: Data of over 240,000 members; 650 GB of customer data claimed by attackers.
- Types of Data: Social Security numbers, driver’s license numbers, dates of birth, and financial account information
- Threat Actor: Nitrogen ransomware group
SRP Federal Credit Union disclosed a data breach impacting over 240,000 members. The Nitrogen ransomware group claimed responsibility, alleging the theft of 650 GB of customer data. The breach exposed highly sensitive personal and financial information. The incident underscores the vulnerability of financial institutions to ransomware attacks and the importance of proactive security measures. For enterprises, this emphasizes the need for robust security controls, regular security audits, and comprehensive incident response plans, including the provision of identity theft protection services to affected customers.
Conclusion
The Top 15 Cyberattacks of 2024 paint a stark picture of the evolving threat landscape. The scale, sophistication, and variety of these attacks highlight the need for a multi-layered, proactive approach to cybersecurity. Enterprises must invest in robust security infrastructure, implement strong access controls, employ comprehensive data loss prevention strategies, and cultivate a culture of security awareness. Regular security audits, penetration testing, and incident response planning are no longer optional—they are essential for survival in today’s increasingly hostile digital environment.
FAQs
Q: What were some of the top cyberattacks in 2024?
A: 2024 saw a significant number of impactful cyberattacks, including the MOAB (Mother of All Breaches), the Ticketmaster breach, the Change Healthcare hack, and many others targeting various sectors. These Top 15 Cyber Attacks of 2024 demonstrate the breadth and depth of the current threat landscape.
Q: How can enterprises protect themselves from these types of cyberattacks?
A: Enterprises need a multi-faceted approach, including robust security infrastructure, strong access controls, data encryption, regular security audits, employee training, and comprehensive incident response planning. Proactive threat intelligence and vulnerability management are also crucial.
