With the number of data breaches in the US skyrocketing to a monthly average of nearly 1.3 billion compromised records across 525 incidents (as of May 2024), it’s no surprise companies are scrambling to fortify their defenses. Imagine your company logo plastered across news outlets, not for groundbreaking innovation, but for a devastating data breach.
In early 2024 alone, headlines have exposed the vulnerabilities of major corporations, healthcare providers, and even government institutions. These breaches have compromised billions of Americans’ data and disrupted critical services. This article delves into some of the most notable US hacks so far, offering a sobering look at the changing cyber threat landscape. We’ll dissect the details, analyze the stolen data, and explore the consequences for victims. By understanding these attacks, you’ll gain crucial insights into fortifying your defenses and safeguarding your business before it becomes the next headline.
A ransomware attack on UnitedHealth’s ChangeHealthcare platform, a crucial hub for healthcare transactions across the US, resulted in an $872 million loss, as revealed in their Q1 2024 financial report. The attack led to the platform’s suspension, with the BlackCat/ALPHV group claiming to have stolen 6 TB of data. The breach is believed to have exploited a vulnerable Citrix portal. In a federal hearing in May 2024, UnitedHealth Group’s CEO estimated that one-third of Americans were affected by the attack.
In February 2024, Cencora (formerly AmerisourceBergen) reported a cyberattack to the SEC. Three months later, the company notified individuals that a data breach had occurred compromising their personal and sensitive medical information. The stolen information, linked to a prescription program from the now-defunct Medical Initiatives Inc., included names and prescriptions. Cencora clarified this attack is unrelated to the UnitedHealth Group breach, indicating multiple actors targeting the healthcare sector.
In January 2024, a data leak exposed millions of Trello accounts. Trello owner Atlassian stated the leak “did not result from unauthorized access but was due to poor security practices.” The hacker used a public API to match an existing database of 50 million emails with Trello accounts, exposing emails, usernames, full names, and other account information. The leaked data of over 15 million entries was offered for sale on a hacking forum. This breach followed the November 2023 discovery of a zero-day vulnerability in Atlassian’s Confluence suite. The leak poses a potential phishing threat due to the exposure of private and corporate email addresses used to access Trello.
This loan and mortgage company experienced a cyber incident in early January 2024, compromising the personal data of 16.9 million customers. The attack involved ransomware, with the threat actors encrypting data. While details remain unclear, stolen data may include names, social security numbers, addresses, and financial information, putting customers at risk of identity theft and financial losses. The BlackCat/ALPHV ransomware group claimed responsibility, listing LoanDepot on its leak site and selling the stolen data.
EquiLend Holdings, a New York-based securities lending platform founded by global banking giants and top broker-dealers, confirmed that employee personal data was stolen in a January cyberattack. On January 24, the financial technology company disclosed that it had taken some systems offline on January 22 to contain the breach. The notorious LockBit ransomware gang claimed responsibility, and by February 2, EquiLend disclosed that the breach was indeed a ransomware attack.
On May 5, 2024, a ransomware attack forced the city of Wichita, Kansas, to shut down parts of its network to contain the malware’s spread. This included online payment networks for utilities and transport tickets, causing disruption and inconvenience for residents. The full impact and the extent of data potentially compromised remain under investigation, and the ransomware group responsible has not been identified. Wichita, with a population of nearly 400,000, is the largest city to face such an attack in 2024, following similar incidents in Birmingham, Alabama, and Pensacola, Florida.
Luxury hotel chain Omni Hotels & Resorts was hit by a cyberattack in March 2024. The Daixin Team claimed responsibility, leaking data supposedly containing information from all Omni guests since 2017. While the exact type of information stolen remains unclear, compromised data for some guests may include names, emails, addresses, and loyalty program details, but not financial information according to Omni. The number of impacted guests is unknown, but Daixin claims to have 3.5 million. The attackers reportedly demanded a ransom of $3.5 million, which was lowered to $2 million during negotiations, but it’s unclear if Omni paid.
The relentless evolution of cyber threats and the devastating attacks of 2024 (thus far) paint a sobering picture: no business is immune. Cybercriminals don’t discriminate by size or industry – anyone can be a target. By learning from these breaches and fortifying your defenses, you can become a less attractive one.
Cybercriminals are becoming increasingly sophisticated, and the value of stolen data continues to rise. A successful cyberattack can have devastating impacts on your business, leading to financial losses, reputational damage and legal consequences.
Fortunately, there are essential cybersecurity measures you can take to mitigate these risks, including:
Limited IT resources shouldn’t limit your security. Partnering with a managed security service provider (MSSP) like Omega Systems bridges that gap.
With over 20 years of experience in cybersecurity, Omega offers expert monitoring and a comprehensive suite of solutions that can be tailored to meet the individual needs of your business. Our team of security professionals is dedicated to protecting your data using the recommendations outlined above and more. We constantly evolve our security defenses by partnering with industry leaders to offer a future-proof selection of proven IT solutions.
Don’t become the next headline! Contact us today for a free consultation and let us help you create a robust strategy to protect your data.
Book an IT Discovery CallWhether your needs include IT support, security, or compliance (or all three), our trusted experts are here to help you navigate a path forward. Book a time on my calendar & let’s get started.