Every time you endlessly scroll down your social media feed, two cyberattacks will happen somewhere in the world, occurring at a rate of one attack every 39 seconds.
Experts predict that data breaches will cost the global economy $9.5 trillion in 2024.
Given that most of us will use the same email address for multiple online accounts, it’s unsurprising that a single email can be compromised in numerous data breaches. Collectively, these attacks contribute to an alarming total of 16.7 billion compromised accounts.
There are further compelling reasons why cybersecurity and protection measures, such as effective malware removal solutions, antivirus software, and the best server antiviruses, should be a primary concern and a priority for all businesses.
We have already witnessed the “Mother of All Breaches” (MOAB) at the beginning of 2024.
Here, we compiled a list of the biggest data breaches and cyber hacks that you need to be aware of.
10 Biggest Data Breaches And Top Cyber Attacks of the Last 12 Months
Name of the Breach | What Happened? | When? |
Russian Web Hosting Data Leak | Over 54 million user profiles were exposed, compromising sensitive data such as email addresses and phone numbers. | February 22, 2024 |
Microsoft Azure Data Breach | Accounts of hundreds of senior executives were compromised. The attack used phishing and cloud account takeovers. | February 12, 2024 |
Bank of America Data Breach | The data breach was traced to a cyberattack targeting Infosys McCamish Systems, compromising names, SSNs, and account details. | February 6, 2024 |
Cyber Attack on the Russian Center for Space Hydrometeorology (Planeta) | 2 petabytes of data were deleted, impacting over 50 state entities, including the Ministry of Defense of the Russian Federation and Roscosmos. | January 26, 2024 |
Mother of All Breaches (MOAB) | This massive data leak of over 26 billion records from various platforms emphasized the importance of cybersecurity globally. | January 22, 2024 |
Trello Data Breach | This security breach affected over 15 million users and involved the collection of email addresses and usernames. | January 16, 2024 |
Indian Telecom Data Breach | Data of 750 million users was compromised and sold on the dark web, highlighting significant security risks. | January 14, 2024 |
Indian Council of Medical Research Data Breach | Identification and passport details of 81.5 million citizens were exposed, underscoring challenges in data security. | October 2023 |
23andMe Data Leak | Unauthorized access affected 6.9 million user accounts, highlighting the dangers of sharing genetic information online. | October 2023 |
MOVEit Data Breach | The attack targeted over 62 million individuals and 2,000 organizations globally, costing an estimated $10 billion. | May 2023 |
All Recent Cyber Security Breaches And Biggest Data Leaks in 2024
Over 54 Million Users Affected by Russian Web Hosting Data Leak
Uid.me, a website builder platform owned by the prominent Russian hosting provider uCoz, inadvertently exposed over 54 million user profiles due to a misconfiguration in its MongoDB database.
This breach compromised a wide array of sensitive data, including email addresses, phone numbers, dates of birth, and password hashes, posing serious risks of identity theft, phishing, and other cybercrimes, as highlighted by cybersecurity expert Bob Diachenko.
The Data Breach Impacting Microsoft Azure and Executive Accounts
Microsoft Azure has also become a victim of a significant data breach. The cyber attack exposed the accounts of hundreds of senior executives to unauthorized access.
This breach has been linked to a sophisticated campaign that utilized phishing and cloud account takeovers to infiltrate Microsoft 365 and Office Home applications.
Notably, this attack was facilitated by malicious links within documents, deceptively labeled “View Document,” which redirected users to phishing sites designed to harvest credentials.
A critical vulnerability was also identified in up to 97,000 Microsoft Exchange servers, potentially allowing privilege escalation through a zero-day exploit.
Proofpoint researchers alerted The cybersecurity community to this ongoing threat and have meticulously tracked the campaign’s impact on Azure environments.
Third-Party Threats: The Bank of America Data Breach
It has only recently come to light that Bank of America had exposed customer information after a third-party breach.
The recent security breach has been traced to a cyberattack last year targeting Infosys McCamish Systems (IMS), an Infosys subsidiary.
The breach underscores the intricate web of vulnerabilities that financial institutions navigate, spotlighting the cascading risks that stem from interconnected service ecosystems.
On November 3, 2023, Infosys announced a breach that compromised critical systems and applications within IMS, which, following a thorough investigation, had implications for Bank of America customer data.
This breach, officially characterized as an external system breach (hacking), compromised sensitive information, including names, social security numbers, and account details of 57,028 individuals.
In response, Bank of America initiated a communication campaign on February 6, 2024, alerting affected customers via letters about the breach and offering guidance on protective measures to secure their personal information.
Data Breach Battles: The Role of Cyber Attacks in National Security Strategies
Pro-Ukrainian hackers, identified as the “BO Team,” targeted the Russian Center for Space Hydrometeorology, also known as “Planeta,” deleting 2 petabytes of critical data.
This center, crucial for its space satellite data analysis and ground-based observations, supports various sectors, including military, civil aviation, and agriculture, under Roscosmos, Russia’s space agency.
The attack, which affected Planeta’s Far Eastern branch, destroyed 280 servers. This wiped out 2 petabytes (equivalent to 2000 terabytes) of data and significantly disrupted the center’s operations, impacting over 50 state entities, including the Ministry of Defense of the Russian Federation and several other state agencies.
The Main Intelligence Directorate of Ukraine’s Ministry of Defense highlighted this operation as a devastating blow to the Russian research capabilities, emphasizing the escalating cyberwarfare between the nations.
As Sweden geared up to join NATO, its sole digital service provider for government services also fell victim to a ransomware attack by Russian hackers, disrupting operations across 120 government offices with expected continued disruptions for several weeks.
These instances highlight an emerging trend around the strategic use of data breaches in global cyberwarfare.
The Mother of All Breaches (MOAB): 26 Billion Reasons to Rethink Security
2024 began with an unprecedented cybersecurity event called the “Mother of All Breaches” (MOAB). This massive data leak, encompassing 12 terabytes of information, included over 26 billion records organized across over 3,800 folders. Each folder signifies a distinct breach, painting a grim picture of cybersecurity’s current state.
MOAB wasn’t a result of a singular incident but rather a compilation of numerous data breaches, including data from major platforms like LinkedIn, Twitter, Weibo, Tencent, and Dropbox.
This aggregation likely includes data collected over time by data enrichment companies, which merge various data sources to create more comprehensive profiles.
While the presence of duplicates within this dataset is acknowledged, the leaked data’s breadth and sensitivity make it a goldmine for malicious actors.
Originating from a mix of past breaches and potentially containing new, unrevealed data, MOAB highlights the critical importance of robust cybersecurity measures, including immediate password changes and adopting two-factor authentication to mitigate the risk of identity theft and fraud.
‼️@CyberNews research team, together with #cybersecurity researcher @MayhemDayOne, have discovered billions upon billions of exposed records on an open instance whose owner is unlikely ever to be identified.⤵️#MOAB #databreach #dataleak #infosecurityhttps://t.co/3ofLNd31Fz
— CyberNews (@CyberNews) January 22, 2024
Trello’s Turmoil: The Data Breach Impacting 15 Million Users
In January, Trello, a known project management site, made headlines for experiencing a major security breach affecting over 15 million users.
This breach involved collecting data such as email addresses, names, and usernames using a method that took advantage of an accessible API. The stolen data was later sold on a hacking forum, sparking concerns about the privacy and security of Trello’s user community.
Under Atlassian’s umbrella, Trello is a tool in the business world for organizing tasks and overseeing projects using boards, cards, and lists.
While Trello assured users that there was no entry into their systems, this incident sheds light on protecting user information from evolving cyber threats. It serves as a reminder of the importance of bolstering security protocols. It also raises awareness about the dangers of storing vast amounts of personal and professional data online.
750 Million Indian Telecom Users’ Data Sold Online
Cybersecurity firm CloudSEK revealed a massive breach compromised the data of 750 million telecom users in India, peddling the information on the dark web for $3,000.
The breach involves a database of 1.8 terabytes and includes sensitive details such as names, mobile numbers, addresses, and Aadhaar numbers.
This security lapse was identified by CloudSEK’s XVigil, a contextual AI digital risk platform, highlighting the activities of threat actors CyboDevil and UNIT8200, affiliates of CYBO CREW.
Detected initially through a post by CyboDevil on an underground forum on January 23, 2024, and previously by UNIT8200 on Telegram on January 14, 2024, this incident marks a significant risk to individual and organizational security in India, underscoring the escalating challenges in cybersecurity.
The Top 3 Biggest Data Breaches in 2023
In 2023, our newsfeeds quickly filled with breaking news about massive data breaches.
T-Mobile faced multiple attacks throughout the year, affecting millions of customers through various vulnerabilities and system glitches.
MGM Resorts suffered a ransomware attack in September, leading to considerable customer disruptions and financial losses despite not yielding to ransom demands.
But here are the top 3 biggest cyber attacks and most significant data breaches of 2023.
Exposing 81.5 Million Citizens in India’s Largest Data Breach
Amid the wave of data breaches in 2023, the Indian Council of Medical Research (ICMR) experienced a monumental cybersecurity failure, with a threat actor compromising the identification and passport details (including names, addresses, and phone numbers) of 81.5 million citizens of India.
In addition to this vast exposure, personal and COVID-19 test details of 5 million individuals were also revealed, marking this event as a historic breach.
This incident, characterized by selling 90GB of sensitive data for $80,000, underscores the critical challenges in safeguarding personal information.
It highlights the urgency for comprehensive data security measures to address and mitigate the escalating threat landscape underscored by data breaches in 2023.
The 23andMe Data Leak Exposing 6.9 Million Accounts
In one of 2023’s most famous leaks, genetics testing giant 23andMe disclosed unauthorized access affecting 6.9 million user accounts and pointed the finger of blame at its users, which predictably shocked nearly half of its customer base impacted by the data leaks.
It is one of the most high-profile recent data breaches due to stealing genetic information.
23AndMe finished 2023 as one of the top cybersecurity attacks and got people talking about the dangers of sharing your DNA online.
It also underscores the growing threat of credential-stuffing attacks against users’ genetic ancestry and history.
Experts warned users to adopt robust cybersecurity measures such as two-step verification and multifactor authentication to safeguard sensitive personal information.
The MOVEit Data Breach’s Toll on 62 Million Users and 2,000 Organizations
One of the world’s biggest data breaches in terms of global impact was the MOVEit breach.
The attack was orchestrated by the ransomware group CL0P (TA505) via a zero-day exploit and has had staggering repercussions, impacting over 62 million individuals and more than 2,000 organizations worldwide, culminating in an estimated total cost of $10 billion.
Approximately 84% of these organizations are based in the U.S., and around 30% come from the financial sector.
The MOVEit breach highlights not only the vulnerabilities in managed file transfer software but also its far-reaching effects, affecting a wide range of sectors, including government, finance, healthcare, and major corporations like Sony Interactive Entertainment and the BBC, underscoring the pervasive threat of cyberattacks in today’s interconnected digital ecosystem.
The Bottom Line
The last twelve months have been marked by unprecedented cyber threats, with the global economy facing a potential loss of $9.5 trillion due to cyberattacks.
The alarming frequency of one attack every 39 seconds highlights the critical importance of cybersecurity in today’s interconnected world.
From the “Mother of All Breaches” (MOAB) affecting billions of records to significant leaks at major organizations like 23andMe, Microsoft Azure, and the Indian Council of Medical Research, the year has underscored the vast vulnerabilities in digital data security.
These breaches, affecting over 16.7 billion accounts, demonstrate the urgent need for robust cybersecurity measures, including two-step verification and multifactor authentication, to protect sensitive information against the growing threat of cybercrime.
FAQs
What is the biggest data breach in 2024 so far?
What was the biggest cybersecurity breach in 2023?
What is the most breached sector?
References
- Top Cybersecurity Statistics for 2024 (Cobalt)
- 2023 Official Cybercrime Report (Esentire)
- Global data breach statistics (Surfshark)
- Russian Web hosting provider exposes data of more than 54M users (Cybernews)
- Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments(Proofpoint)
- Bank of America warns customers of data breach after vendor hack (Bleepingcomputer)
- Infosys McCamish Systems data breach notification (Documentcloud)
- Data Breach Notifications (Apps.web.maine)
- Build a custom email digest by following topics, people, and firms published on JD Supra. (Jdsupra)
- Ukraine: Hack wiped 2 petabytes of data from Russian research center (Bleepingcomputer)
- Russian Hackers Suspected of Sweden Cyber Attack (Themoscowtimes)
- Trello API abused to link email addresses to 15 million accounts (Bleepingcomputer)
- Data of 750 million telecom users in India being sold on dark web, cyber experts claim (Indiatoday)
- The Biggest Hack of 2023 Keeps Getting Bigger (Wired.co)