The worst hacks of 2024

Every year brings its own mix of digital security disasters, ranging from the ridiculous to the sinister, but 2024 was particularly marked by hacking sprees in which cybercriminals and state-backed espionage groups repeatedly exploited the same weakness or type of target to fuel their frenzy. For attackers, this approach is highly effective, but for vulnerable organizations — and the individuals they serve — malicious attacks have very real consequences for people’s privacy, safety, and security.

As political turmoil and social unrest intensify around the world, 2025 will be a complex – and perhaps explosive – year in cyberspace. But first, here’s WIRED’s look at the worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks, and digital extortion cases of the year. Stay alert, and stay safe out there.

Espionage operations are a fact of life, and persistent Chinese campaigns have been a constant in cyberspace for years now. But the China-linked Salt Typhoon spy group carried out a particularly noteworthy operation this year, infiltrating a large number of US telecom companies including Verizon and AT&T (as well as others around the world) for several months. US officials told reporters earlier this month that many of the victim companies were still actively trying to remove the hackers from their networks.

The attackers surveilled a small group of people — fewer than 150 people by current count — but included individuals who were already subject to U.S. wiretap orders as well as State Department officials and members of the Trump and Harris presidential campaigns. Additionally, text messages and calls from other people who interacted with Salt Typhoon’s targets were also inherently caught up in the espionage scheme.

Throughout the summer, attackers have been on a rampage, compromising high-profile companies and organizations that were all customers of cloud data storage company Snowflake. This operation could hardly be classified as hacking, since the cybercriminals were simply using stolen passwords to log into Snowflake accounts that did not have two-factor authentication turned on. However, the end result was an extraordinary amount of data stolen from victims including Ticketmaster, Santander Bank, and Neiman Marcus. Another notable victim, telecom giant AT&T, The company said in July that “almost all of the records” related to its customers’ calls and text messages From a seven-month period in 2022 it was stolen in a Snowflake-related break-in. Mandiant, a security company owned by Google he said in June The rampage affected approximately 165 victims.

In July, Snowflake added a feature so account administrators can make two-factor authentication mandatory for all their users. In November, the suspect was Alexander “Connor” Moka He was arrested by Canadian law enforcement on charges of leading the hacking operation. He has been charged with snowflake tearing by the US Department of Justice and faces extradition to the United States. John Erin Baineswho was arrested in Türkiye on charges related to the T-Mobile communications breach in 2021, has also been indicted on charges related to Snowflake’s customer abuses.

At the end of February, medical insurance and billing processing company Change Healthcare was hit by a ransomware attack that crippled hospitals, doctors’ offices, pharmacies, and other healthcare facilities across the United States. The attack is one of the largest medical data breaches ever, affecting more than 100 million people. The company, owned by UnitedHealth, is a dominant processor of medical bills in the United States. Days after the attack began, it said it believed ALPHV/BlackCat, a notorious Russian-speaking ransomware gang, was behind the attack.

Personal data stolen in the attack included patients’ phone numbers, addresses, banking and other financial information, and health records including diagnoses, prescriptions and treatment details. Company A ransom of $22 million was paid to ALPHV/BlackCat The beginning of March in an attempt to contain the situation. Payment apparently It encouraged attackers to strike healthcare targets At a greater rate than usual. As more than 100 million victims continue to be notified — with more being discovered — lawsuits and other backlash have mounted. This month, for example, a case Nebraska sues to change health careThey claim that the “failure to implement basic security protections” made the attack much worse than it should have been.

Microsoft He said Last January, it was hacked by Russian Midnight Blizzard hackers in an incident that compromised the email accounts of company executives. The group is linked to the Kremlin’s foreign intelligence agency SVR and is particularly linked to SVR’s APT 29, also known as Cozy Bear. After the initial intrusion in November 2023, attackers targeted and compromised historical Microsoft system test accounts which then allowed them to access what the company said was “a very small percentage of Microsoft email accounts, including members of our senior leadership team and employees in our related functions.” From there, the group leaked “some emails and attached documents,” Microsoft said. The attackers were apparently looking for information about what the company knew about them, in other words, “Midnight.” Blizzard surveyed Microsoft Research about the group and Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.

Background checking company National Public Data suffered a breach in December 2023, and data resulting from the incident began appearing for sale on cybercrime forums in April 2024. Various configurations of the data appeared repeatedly over the summer, culminating in public confirmation of the breach committed by the company in August . The stolen data included names, Social Security numbers, phone numbers, addresses, and dates of birth. Because National Public Data did not confirm the hack until August, speculation about the situation grew for months and included theories that the data included tens or even hundreds of millions of Social Security numbers. Although the breach was significant, the true number of individuals affected appears to be much lower. Company mentioned in the filing Officials in Maine said the breach affected 1.3 million people. In October, National Public Data’s parent company, Jericho Pictures, Filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing state and federal investigations into the violation as well as a number of lawsuits the company faces over the incident.

Honorable mention: Cryptocurrency theft in North Korea

Lots of people A lot of cryptocurrencies were stolen Every year, including North Korea Cyber ​​criminals who have Authorization to assist in the Fund Hermit Kingdom. A a report However, a release from cryptocurrency tracking firm Chainasis this month highlights just how aggressive Pyongyang-backed hackers are. The researchers found that in 2023, North Korea-linked hackers stole more than $660 million across 20 attacks. This year, they stole nearly $1.34 billion across 47 incidents. The 2024 numbers represent 20% of the total incidents tracked by Chainalogy for the year and 61% of the total funds stolen by all actors.

The absolute control is impressive, but researchers underscore the seriousness of the crimes. “US and international officials have assessed that Pyongyang is using the cryptocurrencies it steals to fund its weapons of mass destruction and ballistic missile programs, putting international security at risk,” Chainalysis wrote.