Data Breaches That Have Happened So Far in 2024
2024 has already witnessed a series of high-profile data breaches affecting various industries and sectors. These incidents underline the ongoing challenges organisations face in securing their business and customer information. Below is a detailed account of notable data breaches that have occurred so far this year.
June 2024
Life360, the company behind the popular Tile tracker device, announced a significant data breach on June 11th. The breach compromised databases containing names, addresses, email addresses, phone numbers, and Tile device identification numbers. Life360 revealed that the company was targeted for extortion, indicating that the attackers not only accessed the data but also demanded ransom to prevent its release or further misuse.
Ticketmaster confirmed a rumoured data breach from earlier in the year on June 1st, which exposed personal information of over 560 million customers. The compromised data included names, addresses, phone numbers, email addresses, order histories, and partial payment information. Hackers reportedly offered this data for sale, raising significant concerns about privacy and security for millions of Ticketmaster users.
May 2024
On May 13th, the Helsinki City Council disclosed a breach affecting their education systems. Personal information of students and guardians, accessed via a compromised remote access server, was stolen. The breach, which occurred earlier in the month, was part of a targeted attack, highlighting vulnerabilities in local government systems.
JPMorgan Chase notified the Maine District Attorney’s Office on May 10th about a breach potentially impacting nearly half a million customers. The breach resulted from a software flaw dating back to 2021. While there is no current evidence of misuse, the data could have been accessed by authorised parties within the bank, raising concerns about internal security protocols.
Dell informed its customers on May 9th about a breach involving its customer portal. The attack compromised home addresses and order information of around 49 million customers. Although no financial data was accessed, the breached information was later found for sale on hacker forums, indicating potential risks for affected customers.
Dropbox reported on May 1st that its Dropbox Sign service had been accessed by a threat actor. The breach exposed email addresses, phone numbers, hashed passwords, and multi-factor authentication details. Fortunately, Dropbox cloud customers remained unaffected by this incident.
April 2024
A Serbian hacking group claimed responsibility for a breach of Space-eyes, a contractor working with various US government agencies, including the Department of Justice and Department of Homeland Security. Announced on April 17th, the breach involved the theft of highly confidential documents related to government services, raising significant national security concerns.
Canadian retailer Giant Tiger disclosed a data breach on April 14th that affected nearly three million customers. The stolen data, which included email addresses, names, physical addresses, and phone numbers, was extracted in March but only reported in April, emphasising delays in breach disclosures.
Roku revealed on April 12th that it suffered a data breach affecting 576,000 customers. This incident followed an earlier breach in March. Roku's investigation and subsequent monitoring helped identify the second breach, which compromised customer account data, highlighting persistent security issues.
领英推荐
March 2024
On March 20th, Vans informed its customers about a breach that occurred in December 2023. External threat actors gained unauthorised access to the company’s IT systems, potentially putting customers at risk of fraud and identity theft. Although detailed financial information was not exposed, the breach highlighted the ongoing risks to customer data.
Fujitsu confirmed on March 18th that malware had infected its work computers, leading to a data breach. The multinational technology company did not specify the nature of the exposed information, underscoring the challenges large corporations face in safeguarding data across extensive global operations.
February 2024
Bank of America announced on February 13th that a ransomware attack on its service provider, Infosys Mccamish Systems, had exposed data of tens of thousands of customers. The breach, which occurred in November 2023, affected names, addresses, social security numbers, dates of birth, and some banking information, raising legal and privacy issues regarding timely notification.
January 2024
AI startup Anthropic experienced a data leak on January 27th when a contractor accidentally emailed non-sensitive customer information to an unauthorized third party. The leaked data included customer names and account balances, and affected individuals were promptly notified.
Project management platform Trello disclosed a breach on January 23rd, affecting 15 million users. Data scraped from Trello included email addresses, names, and usernames. The breach, resulting from enumerating a publicly accessible resource, did not involve unauthorised access to Trello’s systems.
On January 2nd, it was reported that the court system in Victoria, Australia had been hacked, granting unauthorized access to recordings of court hearings. However, other court records, including employee and financial data, remained secure. The incident highlighted the vulnerabilities in governmental digital infrastructure.
The data breaches of 2024 illustrate the pervasive and evolving threats that organisations across various sectors face.?
From government agencies to tech giants, the need for robust cybersecurity measures and timely breach disclosures remains critical to protecting sensitive information and maintaining public trust.?
As digital systems continue to grow in complexity, so too must the strategies and technologies designed to safeguard them.
—-
Read more from us: https://coolidgesolutions.com/blog