2024 is coming to a close, and while all of us here at Tom's Guide want everyone to have the absolute best online safety (whether this is using the best VPN or using unique passwords for every account), it's also important to recognise that sometimes online safety is a bit trickier than this.
So, it's time to look at some times when cyber security has gone wrong.
If you (like me) like to keep up with all the cyber attacks from across the globe, it might not surprise you that it's been a big year for data breaches. From July to September alone, more than 422 million records were exposed through various hacks, cyber attacks and network vulnerability exploitations.
The impact of data breaches is always widespread, with victims more likely to be victims of other cyber attacks like phishing, or may even get their identity stolen, but this year has been particularly devastating for the businesses that suffered them. The cost of data breaches was the highest it's ever been, with the global average cost of a data breach being $4.88 million.
It would take far too long to list every single data breach that happened this year, so instead I've put together a list of the top 10 most impactful data breaches of this year.
10. Life360 attacked by anonymous hacker
If you use Life 360 to keep an eye on your loved ones, unfortunately you now may have more eyes on you than you bargained for.
Around half a million users of the family networking app had their data leaked to the dark web after a hacker abused a flaw in Life 360's login API.
The hacker, who referred to themself as "emo," posted a database containing the emails, phone numbers and full names of 442,519 people to a dark web hacking forum. "Emo" gave details of how the breach happened, but claimed to not be the perpetrator of the breach. Instead, the anonymous poster simply said: "Credit to the original breacher for this leak yk who u are".
9. Millions of Discord messages leaked
Discord is one of the most popular messaging services, with over 200 million monthly active users. It's not exactly surprising that it would be the target of a data breach, then, considering the sheer amount of data shared on the platform every single day.
The instant messaging and VoIP platform suffered a data breach in April of this year. The hackers responsible for the attack and subsequent data leak exploited a vulnerability in its website code, and through this accessed Discord's data.
In total, the Discord data breach exposed roughly 4.2 billion Discord messages from 256 million users. That's a whole lot of memes, DMs and community servers exposed.
8. FBCS and the rapidly growing data leak
In a data breach that just kept getting worse as time went on, Financial Business and Consumer Solutions (FBCS) was breached in February of this year.
The breach took place after a hacker gained unauthorized access to the organisation's servers. It was initially thought that the data of 1.9 million people had been stolen in the hack, but this was then raised to 3.2 million in May, and then 4.2 million in July.
The data stolen included names, addresses, driver's license numbers and social security numbers, as well as information relating to customers' medical history. This included provider information, information related to medical claims, clinical information (e.g. conditions or diagnosis, treatment information and medications) and health insurance information.
7. Double data leaks for AT&T
It was a bad year for AT&T, as it was the victim of not one but two different data breaches this year.
In March, a hack was discovered after the personal data of 7.6 million current and 65.4 million former customers was posted to the dark web. While AT&T initially denied that the data posted to the hacking forum was stolen from their servers, they eventually admitted that it was their data.
Then in July, AT&T informed their customers that hackers had stolen a cache of data containing the phone numbers and call records of 110 million people, or "nearly all" its customers.
AT&T has not yet made public how either of these hacks happened.
6. Disney targeted by furry hackers
Another company to suffer multiple data breaches this year was Disney, resulting in a huge amount of corporate data being stolen.
The first data breach Disney suffered was in June of this year, with 2.5GB of Club Penguin and corporate data leaked on a 4chan message board after being stolen from the company's Confluence server.
Then, in July, notorious furry hacking gang NullBulge stole 1.2TB of data from Disney after the group breached Disney's Slack platform. According to the Wall Street Journal, the information stolen included 44 million internal Slack messages, 18,800 spreadsheets and 13,000 PDFs.
5. Dell suffers brute-force cyber attack
Computer software company Dell was another company to suffer a widespread breach following a targeted cyber attack.
In May, Dell suffered a brute force attack to its systems, meaning the hackers inputted potentially thousands of passwords to find the right one. The hack targeted a Dell portal that contained customer information related to purchases and resulted in the breach of 49 million records.
Among the data exposed were the names, addresses and order details of customers, although Dell claims no financial information was exposed in the hack.
4. Change Healthcare hack impacts a third of Americans
In a breach that impacted a huge portion of Americans, health insurance technology provider Change Healthcare was hacked early this year.
Roughly a third of Americans had their data compromised in February 2024 following the hack of Change Healthcare. The hack was extensive, impacting a number of other health insurance companies and pharmacies.
Orchestrated by ransomware gang APLHV (also known as BlackCat), the hack saw the sensitive data of around 100 million people exposed. The data stolen included social security numbers, medical records, patient diagnoses, passport numbers, health insurance plan data and billing information.
3. Billions of records exposed in National Public Data hack
This shocking breach saw billions (that's right, billions) of records in a single cyber attack.
Early this year, online background check and fraud prevention service National Public Data suffered an extensive data breach that allegedly exposed 2.9 billion records. The information exposed included the names, social security numbers, mailing addresses, email addresses and phone numbers of 170 million people across the US, UK and Canada.
The breach was caused by a hacker gaining access to National Public Data's systems in December 2023. This hacker then leaked data found on the system onto the dark web from April to the summer of 2024.
2. Millions of customers have data exposed in Ticketmaster breach
Bad news for anyone who went to a gig this year, as Ticketmaster suffered a data breach that exposed the data of millions of customers.
Ticketmaster was targeted by ransomware gang ShinyHunters in June of this year, who claimed to have stolen the data of more than 560 million customers. ShinyHunters posted about the data breach online, offering the data set for $500,000.
ShinyHunters gained access to the data by stealing login details for Snowflake, Ticketmaster's cloud storage service. ShinyHunters also targeted more than 160 other Snowflake customers with similar data theft, including banking group Santander.
1. The Mother of All Breaches lives up to its name
Considering the name, it's not surprising that the Mother of All Breaches (MOAB) is taking the number one spot.
This massive data leak occurred in January 2024, and was a collection of 4,144 breaches that had taken place over several years, although researchers believed that there was new data included within the breach.
Over 26 billion records from thousands of sources including Canva, Tencent, Venmo, Adobe, LinkedIn, X (formerly Twitter), Weibo, Dropbox and Telegram were exposed. The data leaked contained 12TB personal information, including login credentials like usernames and passwords, and other personal information.
