The Worst Hacks of 2024

Every year there are a variety of digital security disasters, ranging from the ridiculous to the sinister, but 2024’s hacking boom stands out, with cybercriminals and state-sponsored espionage groups repeatedly exploiting the same weaknesses or target types to fuel their madness . For attackers, this approach is highly effective, but for compromised institutions and the individuals they serve, malicious attacks have very real consequences for people’s privacy, safety and security.

As political unrest and social unrest increase around the world, 2025 will be a complex and potentially explosive year in cyberspace. But first, WIRED takes a look back at the year’s most serious breaches, leaks, state-sponsored hacking, ransomware attacks and digital extortion cases. Stay alert and stay safe out there.

Espionage is a fact of life, and China’s ruthless activities in cyberspace have been the norm for years. But the China-linked espionage group Salt Typhoon has conducted particularly noteworthy operations this year, infiltrating a range of U.S. telecommunications companies including Verizon and AT&T (among others around the world) over several months. U.S. officials told reporters earlier this month that many of the victim companies were still actively trying to remove the hackers from their networks.

The attackers spied on a small group of people (fewer than 150 are currently counted), but they included individuals already subject to U.S. wiretapping orders, State Department officials and members of the Trump and Harris presidential campaigns. Additionally, text messages and phone calls from others who interacted with Typhoon Salt targets were essentially implicated in the espionage scheme.

Over the summer, attackers have been aggressively attacking high-profile companies and organizations including cloud data storage company Snowflake. This spree barely qualifies as hacking, as the cybercriminals simply used stolen passwords to log into Snowflake accounts that didn’t have two-factor authentication enabled. But the end result was that a large amount of data was stolen from victims such as Ticketmaster, Santander, and Neiman Marcus. Another famous victim is telecommunications giant AT&T, July said “almost all” records related to calls and text messages from its clients Seven months of data from 2022 was stolen in a Snowflake-related breach. Google-owned security company Mandiant June says The riot affected approximately 165 victims.

In July, Snowflake added a feature so account administrators could enforce two-step authentication for all their users. In November, suspect Alexander “Connor” Moucka Arrested by Canadian law enforcement for allegedly leading hacking attack. He was indicted by the U.S. Department of Justice over the Snow Rip incident and faces extradition to the United States. John Erin BinnsArrested in Turkey on charges related to the 2021 telecommunications T-Mobile data breach, he was also indicted on charges related to the Snowflake customer data breach.

In late February, medical billing and insurance processing company Change Healthcare suffered a ransomware attack that disrupted hospitals, doctors’ offices, pharmacies and other healthcare facilities across the United States. The attack was one of the largest medical data breaches ever, affecting more than 100 million people. The company, part of UnitedHealth, is the dominant medical billing processor in the United States. The company said days after the attack began, it believed the notorious Russian-language ransomware gang ALPHV/BlackCat was behind the attack.

Personal data stolen in the attack included patient phone numbers, addresses, banking and other financial information, and health records including diagnosis, prescription and treatment details. company $22 million ransom paid to ALPHV/BlackCat In early March, attempts were made to control the situation. Payment looks like Encouraging attackers to target healthcare targets At a higher speed than usual. As notifications continue to roll out to more than 100 million victims (with more still being discovered), lawsuits and other blowback continue to mount. Take this month as an example, Nebraska sues Change Healthcareclaiming that a “failure to implement basic security protections” made the attack much more severe than it should have been.

Microsoft explain In January, Russian “Midnight Blizzard” hackers breached the system, compromising the email accounts of the company’s top executives. The group has ties to the Kremlin’s SVR foreign intelligence agency and has particular ties to SVR’s APT 29, also known as Cozy Bear. After the initial breach in November 2023, attackers targeted and compromised a historic Microsoft system test account, which then allowed them access to what the company said was “a small set of Microsoft enterprise email accounts, including members of our senior leadership team and staff”. Our cybersecurity, legal and other functions. From there, the group stole “a number of emails and attached files.” Microsoft said the attackers appeared to be seeking information about what the company knew about them. In other words, Midnight Blizzard was conducting reconnaissance on Microsoft’s research on the group. Hewlett Packard Enterprise (HPE) also said in January that it suffered a corporate email breach caused by a midnight snowstorm.

Background check company National Public Data suffered a breach in December 2023, and data from the incident began being sold on cybercrime forums in April 2024. violations in the month. Stolen information included names, Social Security numbers, phone numbers, addresses and dates of birth. Because the leak was not confirmed in state public records until August, speculation about the situation has grown for months, including theories that the data contained tens or even hundreds of millions of Social Security numbers. As serious as this leak is, fortunately, the true number of people affected appears to be much smaller. company report in one document Maine officials were notified that the breach affected 1.3 million people. In October, Jerico Pictures, the parent company of National Public Data Filing Chapter 11 Bankruptcy The reorganization in the Southern District of Florida cited state and federal investigations into the breach and a series of lawsuits the company faced over the incident.

Honorable Mention: North Korea Cryptocurrency Theft

many people Steal large amounts of cryptocurrency every year, including North Korea cyber criminals who has one Grant funding Hermit Kingdom. one Report However, a report released this month by cryptocurrency tracking firm Chainaanalysis highlighted just how aggressive Pyongyang-backed hackers have become. Researchers found that North Korean hackers stole more than $660 million through 20 attacks in 2023. This year, they stole approximately $1.34 billion through 47 incidents. The 2024 figures represent 20% of the total incidents tracked by Chainaanalysis that year and 61% of the total funds stolen from all participants.

The sheer dominance was impressive, but researchers underlined the seriousness of the crime. “U.S. and international officials assess that Pyongyang threatens international security by using its stolen cryptocurrency to fund its weapons of mass destruction and ballistic missile programs,” Chainaanalysis wrote.