AT&T tops the list
Another year, another round of big data breaches.
There have been more than 100millionvictims of data breaches reported in 2024 as of Dec. 16, according to a ConsumerAffairs analysis of the Maine Attorney General's data breach notifications. The yearly number of victims represents conservativeestimates because companies often send in multiple filings regarding the same breach to revise the number of victims, making it difficult to tally annual totals.
Cybersecurity experts say the Maine AG has arguably the most detailed historical government records on data breaches in the U.S., in part because organizations have to disclose the total potentialnumber of people affected and what information, such as Social Security and credit cardnumbers, was stolen.
Still, data breaches that don't involve residents of Maine won't be in the database, meaning some data breaches are missed but the biggest in the country are likely included.
Businesses in health careappeared the most in the top 10 data breaches by number of victims in2024.
Social Security numbers were the most common sensitive information exposed, appearing in the stolen information in nineof the top 10 data breaches of 2024, followed by ID numbersand financial account details, such as credit cards, in fiveof the breaches.
What are the biggest data breaches of 2024?
1. AT&T
- Victims:51,226,382
- What was stolen:Social Security numbers, account numbers, addresses, dates of birth, emails, passwords, phone numbers
- What happened:AT&T suffered one of the biggest data breaches in history. The cellular giantsaid that that a dataset released on the dark web in March had reamsof their customers' information.
2. LoanDepot
- Victims:16,924,071
- What was stolen:Social Security numbers, addresses, dates of birth, emails, financial account numbers, names, phone numbers
- What happened:Mortgagelender LoanDepot saidthat a malicious actor gained access to its systems and sensitive personal information in early January.
3. Evolve Bank and Trust
- Victims:7,640,112
- What was stolen:Social Security numbers, dates of birth, contact details, financial account numbers or credit or debit card numbers with security code, access code, password or PIN
- What happened:After an employee clicked on a malicious link, mortgage lender Evolve Bank said it started noticing that some of its systems weren't working properly in late May, which it first believed was because of hardware issues but later realized was from "unauthorized activity." The breach exposed information for "most of our personal, mortgage, trust and small business banking customers," but didn't gain access to customer funds,Evolve Bank said.
4. InfoSys McCamish Systems
- Victims:6,078,263
- What was stolen: Social Security numbers, biometric data, dates of birth, driver's license numbers or other ID numbers, email addresses, financial account numbers or credit or debit card numbers with security code, access code, password or PIN, medical records, passwords
- What happened:Life insurance software provider InfoSys said it was targeted by a ransomware attack that encrypted some of its data between October and November. The breach exposed life insurance customer information, including at TIAA.
5. HealthEquity
- Victims:4,300,000
- What was stolen:Social Security numbers, addresses, dependent information, employee IDs, health card numbers, medical records, prescriptions, names,payment card without number, phone numbers
- What happened:Health benefits administrator HealthEquity saidit received an alert in late March of a "systems anomaly" and later determined in late June that "some members personal information was involved." The same data wasn't stolenfor every person.
6. Financial Business and Consumer Solutions (FBCS)
- Victims:4,253,394
- What was stolen:Social Security numbers, addresses, dates of birth, driver's license numbers or other ID numbers,health insurance information, names
- What happened:Debt collector FBCSsaidit discovered an "unauthorized actor" accessed information in February that stole different information from person to person. In a series of filings, FBCS continued to revise the number of potential victims higher. Comcast said recordson nearly238,000 of its customers was exposed in the breach because it used to work with FBCS to collect debts.
7. Harvard Piligrim Health Care
- Victims:2,967,396
- What was stolen:Social Security numbers, addresses, financial account numbers or credit or debit card numbers with security code, access code, password or PIN, medical records, phone numbers, taxpayer IDs
- What happened:Massachusetts-based health care provider Harvard Pilgrim saida ransomware attack exposed its patients' sensitive information from March to April.
8. Prudential Insurance
- Victims:2,556,210
- What was stolen:Social Security numbers, dates of birth, driver's license numbers or other ID numbers, financial account numbers or credit or debit card numbers with security code, access code, password or PIN, medical records, phone numbers
- What happened:Prudential Insurance saidan "unauthorized third party" gained access to its network in February and removed a "small percentage of personal information." But the insurer first said in March that only36,545 people were affected and later revised the number to more than 2.5million.
9. AdvanceStores (AdvanceAuto Parts)
- Victims:2,316,591
- What was stolen:Social Security numbers, addresses, dates of birth, driver's license numbers or other ID numbers, names, utility bills
- What happened:Advance Auto Parts, which has more than 4,700 stores nationwide, saidan "unathorized third party" gained access to Snowflake, a company which handles its cloud storage. It said it is among various companies hit by the breach.
10. Slim CD
- Victims:1,693,000
- What was stolen:Addresses, financial account numbers or credit or debit card numbers with security code, access code, password or PIN, names
- What happened:Payments company Slim CD, which processes electronic payments for U.S. and Canadian merchants,saidit became aware of suspicious activity on its computers in June and later learned criminals had accessed its network between August and June and could have view or obtain credit card details.
Below is a table on the top 10 data breaches in 2024.
What to do after a data breach
- Follow the letter:Companies should send out a letter if you are a victim of a data breach. Read it carefully to get more details about what data was exposed and the steps the company recommends you take.
- Freeze your credit:Contact each of the three credit bureaus, Experian, Equifax and TransUnion, and get your credit frozen so a criminal cant open cards or other lines in your name.
- Credit monitoring:Companies often will offer free credit monitoring or other services after a data breach.
- Reset passwords:Change your passwords and use different ones for services.
- Use a password manager:LastPass and services built into web browsers such as Google Chrome and Microsoft Edge can create and store strong passwords for you.
- Opt out of data collection:If you have the right in your state, you can email services you use to request they dont collect your data for use by third parties.
- Delete data:For services you dont use, ask to have your data deleted. California and other states have written this into law.
Photo Credit: Consumer Affairs News Department Images
Posted: 2024-12-18 05:55:05