December 2024 - Main Article:

Hackers Are Targeting Small Construction Companies and Other Invoice-Heavy Businesses

This Year’s Most Significant Data Breaches

TechCrunch reports that 2024 has been a landmark year for data breaches, with hackers stealing billions of personal records. Chances are that your data might be among those compromised. Here’s a look at the most notable attacks this year and steps you can take to protect your information.

  1. National Public Data (2 billion-Plus Records)
    • What happened: In December 2023, hackers infiltrated National Public Data, a background-check company. By April, 2.7 billion records containing sensitive information for 170 million individuals were leaked on the dark web.
    • Who is exposed: Individuals in the US, Canada, and the UK.
    • Compromised data: Full names, current and past addresses, Social Security numbers, dates of birth, and phone numbers.
  2. Change Healthcare (38 million Records)
    • What happened: In February, a Russian ransomware gang exploited weak security at UnitedHealth-owned Change Healthcare. The breach caused downtime in US healthcare institutions and compromised personal data. UnitedHealth paid $22 million to mitigate leaks, but some stolen data remains in hackers' hands.
    • Who is exposed: Approximately one-third of the US population, potentially more.
    • Compromised data: Payment information, Social Security numbers, medical test results, diagnoses, and images.
  3. AT&T (Two Breaches)
    • What happened: In March, hackers released data from over 73 million AT&T customers dating back to 2019. Another breach occurred in July when hackers accessed AT&T data through its account with Snowflake. AT&T reportedly paid a ransom, but the data could still be leaked.
    • Who is exposed: Over 110 million past and current customers, and potentially noncustomers.
    • Compromised data: Social Security numbers, phone numbers, and personal details.
  4. Synnovis (300 million Patient Interactions)
    • What happened: In June, Russian ransomware attackers targeted Synnovis, a UK pathology lab. The breach caused disruptions in London’s healthcare services. Synnovis refused to pay the $50 million ransom.
    • Who is exposed: Past and current UK patients.
    • Compromised data: Blood test results for conditions like HIV and cancer, spanning years of patient records.
  5. Snowflake (600 million-Plus Records)
    • What happened: In May, Snowflake disclosed a breach caused by stolen employee credentials. Data stolen included 560 million records from Ticketmaster, 79 million from Advance Auto Parts, and 30 million from TEG.
    • Who is exposed: Customers of Snowflake’s 165 corporate clients, including Ticketmaster, Neiman Marcus, Santander Bank, and others.
    • Compromised data: Customer records.

How to Protect Yourself

While you can’t stop companies from being hacked, you can minimize your risks with these steps:

  • Review health-related communications: Look for unfamiliar services in your statements of benefits. Report suspicious activity to your healthcare provider and insurer immediately.
  • Freeze your credit: This prevents criminals from opening credit accounts in your name.
  • Update your credentials: Change passwords for breached accounts and major accounts like banks. Enable alerts to monitor unusual activity.
  • Be cautious with emails: After breaches, hackers often send fraudulent emails. Verify requests before acting and read messages carefully.