The year 2024 has highlighted significant challenges for businesses worldwide. In the third quarter alone, over 422 million data records were breached globally, with the average cost of a data breach reaching around $4.88 million. This marks a dramatic increase compared to previous years, and the financial impact is just the beginning. Public trust can quickly erode, and a company’s reputation may suffer lasting damage. If you believe your network is secure, it’s time to reconsider. Let’s take a look at the most significant data breaches of 2024 and explore how businesses can better defend against the evolving threat of cybercrime.
What Is a Data Breach?
A data breach is typically a cybersecurity threat that occurs when sensitive data is accessed, stolen, or disseminated without authorization. The responsible parties often exploit vulnerabilities through malicious activities like hacking. Surprisingly, however, this is not always the case. Even if a business’s internal systems are protected, a data breach is often caused by unintentional errors. A misplaced device, an accidental email by an employee, or a seemingly valid-looking website—all of these can lead to the extraction of critical information.
One thing is certain: no matter the cause, the impact is always catastrophic.
Personal details like medical histories, credit card numbers, and login credentials can be misused by hackers, often resulting in identity theft and significant financial losses. For businesses, the consequences are even more severe: damage to reputation, loss of trust, financial penalties, and potential legal trouble.
Let’s delve into the top data breach incidents of 2024 and uncover the lessons we can learn from each case.
Top Data Breach Incidents in 2024
Here are the top incidents of data breaches every business should know about.
- Jerico Pictures Inc
Jerico Pictures notified the Maine Attorney General on August 10 of a data breach that affected 1.3 million people. On its website, the company shared a notice that stated that the hacker attempted to hack its systems in December 2023. However, they leaked the data in the early days of 2024.
Though the data breach notification by Jerico Pictures claimed the data breach affected more than a million people, an earlier class lawsuit filed in August revealed that it was ‘foreseeable and preventable’. The company had failed to implement essential security measures like data encryption or deleting unnecessary data. This caused the data breach and exposed personally identifiable information (PII).
According to the lawsuit, the criminal group USDoD put up almost 2.9 billion data records for sale. This included PII of Canadian, US, and even UK citizens.
What we can learn: There was improper data handling, and security practices were largely absent at Jerico. Encryption and regular data audits could have prevented the exposure of sensitive information.
- Dell
Dell was hit with a huge cyber attack in May 2024, potentially affecting its 49 million customers. The threat actor behind the cyber attack was a hacker with the pseudonym ‘Menelik’. They revealed that they set up partner accounts within Dell’s company portal to extract large amounts of data.
They even sent over 5,000 requests per minute to the page for almost three weeks. after Dell authorized the partner accounts. After Menelik sent almost 50 million requests and successfully extracted the data, they sent multiple emails about the data security breach to alert the company. Only then did the tech giant become aware of this hole in their defences.
According to Dell, no financial details were breached. However, sensitive information related to their customers was compromised.
What we can learn: Regularly monitor for attacks on third-party accounts and services. These could be as deadly as a direct attack. Frequent audits can be helpful in this regard.
- The Walt Disney Company
NullBulge is a hacker group that allegedly stole and leaked over a terabyte of Slack messages from Walt Disney in July 2024. This included every message and file sent across 10,000 channels. The data allegedly included unreleased projects, images, codes, login credentials, APIs, and even links to internal websites. The breach was triggered by the group’s disdain for artificial intelligence-generated content, highlighting a trend of ideologically motivated cyberattacks. Walt Disney even moved away from using Slack for in-house, company-related communication after the data breach incident.
What we can learn: Disney’s breach underscores the risk of disgruntled communities mobilizing in response to a damaged public image. Moreover, it emphasizes the critical importance of securing communication tools within businesses.
- Ticketmaster Entertainment, LLC
Ticketmaster Entertainment discovered unauthorized activity between April 2 and May 18, 2024. The company revealed on its website that the unauthorized third party gained access to important information from a database hosted by a third-party service provider. This exposed personal information, including payment and card details. By May 23, 2024, the company identified customers whose data may have been breached. However, they were not notified about this until a month later, in a letter dated June 22, 2024.
Ticketmaster suffered another database breach incident on May 20, 2024. This time the data compromised the company’s cloud database which is hosted by Snowflake Inc. Over 560 million customer records were leaked online and offered for sale. Data included names, addresses, order histories, payment details, and emails.
What we can learn: It’s crucial to closely monitor third-party services and work closely with vendors to ensure that there is an airtight adherence to security protocols.
- Twilio
Twilio posted a security alert on its website confirming it suffered a data breach after hackers leaked more than 33 million phone numbers. These numbers were associated with Authy, Twilio’s two-factor authentication service (2FA). In addition to phone numbers, hackers also leaked account IDs and other non-personal data.
This follows a 2022 data breach where Twilio employees were fooled into revealing their login credentials through a phishing campaign. As a result, hackers gained access to data from 163 Twilio accounts and registered additional devices on 993 Authy accounts. This continued the trend of social engineering and phishing attacks that have successfully breached high-profile organizations in recent years.
What we can learn: Providing employees with training to identify phishing attacks and implementing strong verification methods can greatly minimize the risk of such breaches.
How Can Businesses Prevent a Data Breach?
Here’s how businesses can safeguard themselves, their customers, and other stakeholders from data breaches.
- Strengthen your passwords and enable multi-factor authentication (MFA): Ask employees to use strong passwords and enable MFA for superior protection.
- Conduct regular updates: Regularly update all your software, including operating systems and applications, with the latest security patches.
- Employee training: Offer comprehensive employee training on cybersecurity best practices. These should include recognizing phishing emails, data handling protocols, protecting sensitive information, etc.
- Limit access: You can also bar access to sensitive data based on user roles and need-to-know basis.
- Keep track of vendors: Keep a close eye on any outside vendors who might have access to your data.
- Use intrusion detection systems and firewalls: Invest in sophisticated detection systems to monitor network activity for any suspicious activity.
- Encrypt data: To avoid unwanted access, even in the case of a hack, sensitive data must be encrypted while in transit and at rest.
- Have a plan: You must have a data breach response plan to respond to potential incidents of data breaches. It should also include steps to notify people who are affected and contain damage.
- Conduct frequent audits: To find and fix such risks and flaws, perform penetration tests, vulnerability scans, and security assessments on a regular basis.
- Prioritize data storage: You should only collect and store data that is absolutely necessary to minimize the impact of a data breach.
- Be prepared: Keep a repository of helpful information, including data breach identity theft resources to navigate possible incidents.
Conclusion
The data breach incidents we’ve discussed serve as a bleak reminder of the evolving threat of malicious activity online. As hacking methods evolve, businesses must adapt to stay ahead. Implementing robust security measures should be a top priority for companies of all sizes. These include advanced threat detection systems, comprehensive employee training, and proactive strategies to counter increasingly sophisticated cyber threats. While the initial investment in strengthening IT security may seem significant, the potential cost of inaction—in terms of financial losses and damage to reputation—can be far greater.
Learning from past breaches and taking a more proactive and defensive approach can help businesses stay one step ahead of cyber threats.
Prevent Data Breaches with Imagine IT
Imagine IT is an IT support company in Bloomington that offers cybersecurity solutions you can trust. Our cybersecurity solutions and consulting services are designed for businesses of all sizes. With access to expert IT consultants, you can protect your organization’s, employees’, and customers’ data. We offer a host of cybersecurity services, including the Security Shield, MFA, security risk assessments, cyber insurance, intrusion detection system, endpoint detection response, awareness training, incident response, and more. Schedule a free consultation today.
