The Worst Hacks of 2024

Every year has its own mix of digital security debacles, from the absurd to the sinister, but 2024 was particularly marked by hacks in which cybercriminals and state-sponsored espionage groups repeatedly exploited the same weakness or type of target to fuel his frenzy. For attackers, the approach is ruthlessly efficient, but for compromised institutions—and the individuals they serve—the malicious rampages have had very real consequences for people’s privacy, security, and safety.

As political unrest and social unrest intensify around the world, 2025 will be a complicated – and potentially explosive – year in cyberspace. But first, here’s WIRED’s look at this year’s worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks and digital extortion cases. Be careful, and stay safe out there.

Espionage operations are a fact of life, and relentless Chinese campaigns have been a constant in cyberspace for years. But China-linked espionage group Salt Typhoon carried out a particularly noteworthy operation this year, infiltrating a host of US telecoms including Verizon and AT&T (plus others around the world) for months. And U.S. officials told reporters earlier this month that many victimized companies are still actively trying to remove the hackers from their networks.

The attackers surveilled a small group of people — fewer than 150 by current count — but included individuals who were already subject to US wiretapping orders, as well as State Department officials and members of the Trump and Trump presidential campaigns. Harris. In addition, the texts and calls of other people interacting with the targets of the Salt Typhoon were inherently also caught in the espionage scheme.

Throughout the summer, attackers were on a tear, breaching prominent companies and organizations that were all customers of cloud data storage company Snowflake. The spree hardly qualifies as a hack, as the cybercriminals only used stolen passwords to access Snowflake accounts that didn’t have two-factor authentication enabled. The end result, however, was an extraordinary amount of data stolen from victims including Ticketmaster, Santander Bank and Neiman Marcus. Another prominent victim, telecommunications giant AT&T, said in July that “almost all” of the records related to its customers’ calls and texts from a stretch of seven months in 2022 they were stolen in a break-in related to Snowflake. The security company Mandiant, which is owned by Google, he said in June that the rage impacted about 165 victims.

In July, Snowflake added a feature so account administrators could make two-factor authentication mandatory for all their users. In November, the suspect Alexander “Connor” Moucka was arrested by Canadian law enforcement for leading piracy. He was indicted by the US Department of Justice for Snowflake’s tear and faces extradition to the United States. John Erin Binnswho was arrested in Turkey on charges related to a 2021 breach of T-Mobile telecom, was also indicted on charges related to the breach of Snowflake customers.

In late February, medical billing and insurance processing company Change Healthcare was hit by a ransomware attack that caused disruptions in hospitals, doctor’s offices, pharmacies and other healthcare facilities around the United States. The attack is one of the largest medical data breaches of all time, impacting more than 100 million people. The company, which is owned by UnitedHealth, is a leading medical billing processor in the United States. He said days after the attack began that he believed ALPHV/BlackCat, a popular Russian-language ransomware gang, was behind the assault.

Personal data stolen in the attack included patients’ phone numbers, addresses, banking and other financial information, and health records including diagnoses, prescriptions and treatment details. The company paid a $22 million ransom to ALPHV/BlackCat in early March in an attempt to contain the situation. The payment apparently encourage attackers to hit healthcare targets at an even greater rate than usual. With ongoing notifications, rolling to more than 100 million victims – with more still being discovered – the causes and other blows have grown. This month, for example, the state of Nebraska sued Change Healthcareclaiming that “failures to implement basic security protections” made the attack much worse than it should have been.

Microsoft he said in January that it was breached by Russia’s “Midnight Blizzard” hackers in an incident that compromised the email accounts of company executives. The group is linked to the Kremlin’s SVR foreign intelligence agency and is specifically linked to SVR’s APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, attackers targeted and compromised historical Microsoft system test accounts that then allowed them to access what the company said was “a very small percentage of the accounts of e- Microsoft corporate emails, including members of our senior leadership team and employees in our cybersecurity, legal and other functions.” From there, the group exfiltrated “some emails and attached documents.” Microsoft said that the attackers seemed to be looking for information about what the company knew about them, in other words, Midnight Blizzard was doing research on Microsoft’s research in the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.

The background control company National Public Data suffered a breach in December 2023, and the data from the incident began to be sold on cybercriminal forums in April 2024. Different configurations of the data are presented again and more in the summer, culminating in the public confirmation of the breach by the company in August. The stolen data included names, Social Security numbers, phone numbers, addresses and dates of birth. Since the National Public Data Service did not confirm the breach until August, speculation about the situation has grown for months and includes theories that the data included tens or even hundreds of millions of Social Security numbers. Although the breach was significant, the true number of people affected appears to be, mercifully, much lower. The company reported in an archive to officials in Maine that the breach affected 1.3 million people. In October, National Public Data’s parent company, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing state and federal investigations into the breach, as well as a number of lawsuits the company is facing over the incident.

Honorable Mention: North Korean Cryptocurrency Theft

A lot of people steal a lot of cryptocurrency every year, including North Korea cybercriminals that have a sent to help finance it the hermit kingdom. A report by cryptocurrency tracking company Chainalysis released this month, however, underscores just how aggressive Pyongyang’s hackers have become. The researchers found that in 2023, North Korean hackers stole more than $660 million in 20 attacks. This year, they stole about $1.34 billion in 47 incidents. The 2024 figures represent 20 percent of the total Chainalysis incidents tracked for the year and a whopping 61 percent of the total funds stolen by all actors.

The sheer dominance is impressive, but researchers emphasize the seriousness of the crimes. “U.S. and international officials have assessed that Pyongyang is using the crypto it steals to finance its weapons of mass destruction and ballistic missile programs, which endangers international security,” Chainalysis wrote.