The US is one of the most targeted regions for cyber attacks. Between 2020 and 2021, it accounted for almost 46% of global cyber attacks. The average cost of a data breach in the US is around $9.44 million.
2024 was notable for the US in this respect, with some of the major companies experiencing notable cyber attacks. In the third quarter of 2024 alone, the average weekly cyber attacks per organization increased by 75% from the same period in 2023.
This blog will explore the top US companies that have been hacked this year and some practical tips organizations can implement to prevent future attacks.
What Companies Have Been Hacked in 2024 in the USA?
Here are some of the biggest US companies hacked in 2024.
1. National Public Data
On 10th August 2024, National Public Data suffered a data breach that affected 1.3 million people. They also posted a security incident notice on their website that stated that the attacker attempted to hack into their systems in December 2023, and the data leaked potentially in August 2024.
National Public Data stores billions of records that are utilized by its clients to conduct background checks and obtain criminal records, if any. It is also said that National Public Data removes such records from public access to put together an individual user profile.
A class action lawsuit was filed that claims the data breach was foreseeable and could have been prevented. The lawsuit also stated that National Public Data was not using reasonable security practices and procedures that were appropriate to protect the nature of the data they stored. These methods usually include encrypting data or deleting it once it is no longer needed. This led to the exposure of personally identifiable information (PII).
2. Patelco Credit Union
Patelco Credit Union notified the Attorney General in August 2024 that it suffered a ransomware attack. The data breach affected 724,000 individuals. The breach was first detected by Patelco in June.
Apart from notifying the Maine Attorney General, it also announced the data breach on its website through a notice and referred it to the California DFPI (Department of Financial Protection and Innovation).
While Patelco Credit Union was unable to identify who committed the attack, the RansomHub gang claimed responsibility for it. The gang has made the stolen data publicly available since negotiations with Patelco Credit Union failed.
3. US Library of Congress
The US Library of Congress reported that its communications systems were hacked, and the attackers were able to access all email correspondence with congressional offices for the majority of this year. The US Library of Congress, the biggest library in the world, provides Congress with a dedicated research staff.
A private notification was sent to congressional offices on 15th November 2024 to notify them that hackers accessed all email communication that was exchanged between some of the Library staff and the offices. The notice did not provide any insight into who was behind the attack.
The Library’s Director of Communications, Bill Ryan, stated in an email to NBC News that the software vulnerability the hackers exposed was mitigated. He also stated that the Library is conducting its analysis of the breach and that the matter has also been referred to law enforcement.
4. Young Consulting
Young Consulting, a software provider, notified the Attorney General of a data breach that impacted 954,177 individuals. It also announced the data breach to the public by putting up a notice on its website that it suffered a cyber attack in April 2024.
The notice did not provide many details about the attack or who was behind it. However, it stated that an “unauthorized actor” obtained access and that some data owners were affected.
Later in May, a gang that conducts ransomware attacks, BlackSuit, claimed that it had attacked Young Consulting and gained access to sensitive data. This data included financial, employee, and business-related data. The gang has made all data publicly available for download claiming that Young Consulting did not agree to their demand. The compromised data includes PII such as names, dates of birth, prescriptions, provider names, Social Security numbers, and insurance policy and claim information.
5. Ticketmaster Entertainment, LLC
More than 560 million records of customers were breached at Ticketmaster Entertainment in May 2024. Records include name, address, emails, order history, and payment information. These details were leaked online and made available for sale by the hackers. The company notified its customers of the same and advised them to monitor their bank accounts, credit statements, and emails closely.
6. Dell
Dell suffered a massive cyber attack in May 2024 that affected 49 million data records. A hacker going by ‘Menelik’ claimed responsibility for the attack. Menelik stated that they were able to extract a large amount of data when they set up partner accounts within the company portals at Dell.
Once they received authorization for the partner accounts, they launched brute-force attacks that sent more than 5,000 requests per minute to their page. This happened for three weeks continuously. Surprisingly, Dell did not find this activity suspicious.
Later, Dell acknowledged that no financial details were breached, however, sensitive information of the customers was compromised. This included home addresses and order data. Certain reports indicate that the data of 49 million customers is available on different hacker forums for sale.
Tips to Prevent Cyber Attacks & Data Breaches
A data breach and cyber attack can be prevented if your organization has the right and updated security tools and infrastructure. The following are a few simple tips to prevent cyber attacks and data breaches:
1. Use Strong Passwords:
One of the most frequent reasons for data breaches is still weak passwords. It enables attackers to steal login credentials for websites and applications and lets them access sensitive information. People often use the same password across multiple accounts. This lets attackers launch a brute-force attack and hack more accounts.
2. Keep Your Software Updated:
Keep your software system updated to its latest version to prevent the potential exploitation of any vulnerabilities. You can also switch on your automatic software update so that you don’t miss out on critical updates. Also, ensure that you are updating your security patches whenever you are prompted to do so.
3. Use Secure URLs:
Individuals should access web addresses and Uniform Resource Locators (URLs) that are secure. A simple way of identifying a secure URL is by looking for Hypertext Transfer Protocol Secure (HTTPS) at the beginning. Users must visit trustworthy URLs only and refrain from clicking any links in suspicious emails or messages.
4. Educate and Train Employees:
Organizations must conduct training programs and awareness sessions for the employees to educate them on the company’s security policies, dos and don’ts, and industry best practices. Your employees must be up to date with potential threats so that they can address them when they arise.
5. Create a Response Plan:
Because cyberattacks are getting more frequent and sophisticated, your company needs to be ready for the worst before it happens. A response plan lays down a clear line of action and steps that need to be taken in case the organization is under a cyber attack. A response plan usually includes identifying what data is stolen, strengthening passwords, and monitoring the system and networks for any suspicious activity.
Conclusion
Cyber attacks in 2024 are a reminder that the complexity of digital threats is rapidly increasing. With prominent companies being the target of these attacks, a comprehensive approach and proactive cybersecurity measures are important more than ever. If you prioritize security, your business will be better positioned to safeguard itself and customers’ data.
Protect Your Organization from Data Breaches with Imagine IT
Imagine IT is a leading provider of IT support services in Bloomington. Our expert team supports you in strengthening your security infrastructure and protocols. We understand that cybersecurity risks are one of the greatest threats that your organization may face. Our cybersecurity consultation and solutions focus on enterprise-level security but are designed for small and mid-sized organizations. We personalize our solutions to meet the specific needs of your company. Contact us today.
