For years, Bluefin has covered cyber-attacks, revealing the staggering statistics surrounding the causes and effects resulting from data breaches. Each year, the number of records stolen and costs surrounding breaches seem to outdo the previous year, and 2024 proves no different.
According to Cybersecurity Ventures, the global annual cost of cybercrime is predicted to reach $9.5 trillion USD in 2024 and reaching $10.5 trillion by 2025.
The report states ransomware is the “most immediate threat” on a global scale, with ransomware damages costing victims nearly $265 billion USD annually by 2031, a drastic increase from $42 billion in 2024 and $20 billion in 2021.
Verizon’s 2024 Data Breach Investigation Report – a study of 30,458 cyber threat incidents, with 10,626 confirmed data breaches – showed that roughly one-third of all breaches involved ransomware or some other type of extortion technique. These tactics represent 32% of the breaches studies in the report, and ransomware was the top threat across 92% of the industries.
Over the past three years, the combination of ransomware and other extortion techniques – phishing, malware, and DDoS attacks – accounted for nearly two-thirds of data breaches, fluctuating between 59% – 66%. (DBIR 2024). Some of the biggest data breaches within the last year include:
AT&T
Records Breached: 7.6 million current and 65.4 million former customers
Hackers breached AT&T’s systems, stealing personal data of current and former customers, including sensitive information like social security numbers, account numbers and passcodes.
AT&T announced that the data set appeared to be from 2019 or earlier and surfaced onto the dark web in mid-March 2024. The data breach is the latest cyberattack AT&T has experienced since a leak in January 2023, that affected nine million users.
AT&T has launched an investigation to stop the spread of malware all while keeping systems up and running for current customers. AT&T is currently facing the threat of multiple class action lawsuits.
MOVEit
Records Breached: 77 million
MOVEit, a Managed File Transfer (MFT) application that provides secure file transfer services used by thousands of organizations and government agencies, was hit with one of the largest breaches in 2023.
The CLOP malware gang was able to exploit a security flaw and deploy ransomware, leaking confidential data of 77 million individuals and over 2,600 companies globally. U.S. companies were hit the hardest – 78% of breached companies – including U.S. Department of Energy, Johns Hopkins, the University System of Georgia, and in Louisiana (LA), the Office of Motor Vehicles announced that anyone with an LA driver’s license or ID card could have had their data stolen in the breach. – CSO online
Total damages globally are upwards of $12 billion.
Ticketmaster Entertainment, LLC
Records Breached: 560 million
In May, 2024, over 560 million customer records, including order history, payment information, name, address and email data, were leaked online and offered for sale by hackers who infiltrated Ticketmaster’s systems. The company has sent emails to their customers, advising users to monitor their accounts and credit statements.
The Justice Department is preparing to file a federal antitrust lawsuit against Live Nation, the parent company of Ticketmaster. – The Hill
Tile
Records Breached: 450,000
Life360, the company behind the Tile tracker device, announced that their data base has been breached in June, 2024. Stolen data includes names, addresses, email addresses, phone numbers, and purchase order details. Hackers were also able to access tools that can process location requests by law enforcement and are extorting Life360 for a ransom. – Tech.co
Dell
Records Breached: 49 million
In May 2024, Dell was hit with a massive cyberattack that could affect their 49 million customers. Menelik, the threat actor behind the attack, openly revealed to TechCrunch that he extracted large amounts of data by setting up partner accounts within Dell’s company portal.
After partner accounts were authorized, the hacker launched brute-force attacks, sending over 5,000 requests per minute to the page continuously for nearly three weeks. Astonishingly, Dell remained oblivious to these activities. Following the barrage of nearly 50 million requests and successful data scraping, Menelik proceeded to alert Dell by sending multiple emails about the security vulnerability.
Dell acknowledged that while no financial details were breached, sensitive customer information such as home addresses and order data might have been compromised. Reports indicate that data allegedly sourced from the breach is now available for sale on various hacker forums, suggesting that details belonging to approximately 49 million customers have been obtained.
Bank of America
Records Breached: 57,000
In February 2024, Bank of America reported a ransomware attack targeting Mccamish Systems, one of the bank’s service providers, affecting more than 55,000 customers. According to Forbes, the breach involved unauthorized access to personal details including names, addresses, phone numbers, social security numbers, account numbers and credit card information.
The bank initially detected the breach through routine security monitoring on November 24. However, customers were not notified until February 1, approximately 90 days after the breach was discovered, indicating a violation of federal notification laws.
Solutions to Fight Data Breaches
Breach reports are never-ending, showing that even the largest companies with best-in-class cybersecurity measures in place can still fall prey to cyber-attacks. Every company, and every one of their customers, is at risk.
Securing sensitive data at rest and in transit can render the data useless to hackers in the event of a breach. By using a combination of point-to-point encryption (P2PE) and tokenization technologies, companies of all sizes can devalue data– protecting your brand and your best asset, your customer.
Bluefin developed ShieldConex® data security platform to secure all online consumer information upon entry, in transit, and in storage. Coupled with our PCI-validated point-to-point encryption (P2PE) solutions for point-of-sale (POS) payments, ShieldConex and P2PE provide the most holistic, Omni-channel data security approach.
Learn how Bluefin can eliminate clear-text PII, PHI and payment data from your system. Contact us today.