2024 was another banner year for cybercriminals—and not in a good way for the rest of us. From massive credential leaks to supply chain compromises, the sheer scope and creativity of this year’s data breaches were enough to keep even the most seasoned security teams awake at night.
What’s striking isn’t just the volume of incidents but how breaches are evolving, targeting overlooked vulnerabilities and exploiting new attack surfaces like AI-generated phishing scams or cloud misconfigurations. From government records to telecommunications giants, no sector was safe from the growing sophistication of cybercriminals.
As technical leaders, you know the stakes: reputational damage, regulatory fallout, and the ever-looming threat of customer attrition. If 2024 taught us anything, it’s that our approaches to security need to be just as dynamic and resourceful as the adversaries we’re up against.
Proactive steps to help keep data secure include implementing strong password policies, using multi-factor authentication, encrypting sensitive data, regularly updating software, and regularly conducting security audits. Employee education and training are also essential as human error is a common cause of data breaches.
Vlad Cristescu, Head of Cybersecurity at ZeroBounce, says his company lives and breathes cybersecurity. He shared how they're tackling challenges and keeping systems secure:
- Zero Trust philosophy: Nobody, inside or outside the company, gets a free pass. Every user and device must prove they belong.
- Constant monitoring: We use smart tools to watch for anything suspicious 24/7.
- Educate the team: Cybersecurity isn’t just IT’s job; it’s everyone’s job. We train our team to spot phishing emails and other threats.
- Prepare for the worst: We don’t just have an incident response plan; we practice it so we’re ready if something happens.
- Pick partners wisely: We hold our vendors to high standards because we know their security affects ours.
"Every breach reminds us that cybersecurity isn’t something you can set and forget. It’s an ongoing priority, and we’re all responsible. If we learn from what happened in 2024 and stay vigilant, we’ll all be better prepared for whatever comes next," emphasized Cristescu.
In this roundup, I’ll examine five of 2024's biggest data breaches: National Public Data, Ticketmaster, Dell, AT&T, and Change Healthcare, and offer firsthand insights from industry experts.
Each of these breaches highlights different vulnerabilities and offers lessons on how to better protect data in an increasingly digital world.
Ticketmaster Data Breach
In June 2024, the hacking group Shiny Hunters claimed to have stolen customer details from Ticketmaster and Live Nation, a global leader in ticket sales and event management, affecting approximately 560 million individuals.
“ShinyHunters is a threat actor group known for successfully breaching companies and selling the customer data they access on the black market," notes John Paul Cunnigham, CISO at Silverfort."In this case, the attack came via a managed service provider used by Ticketmaster.”
The stolen data included names, addresses, contact details, credit card information, and ticket orders, posing risks of financial fraud and identity theft. The breach exposed the vulnerabilities in Ticketmaster's customer data management practices and underscored the risks of storing large volumes of personal and financial information.
The consequences of the Ticketmaster breach were far-reaching. Many customers faced increased risks of financial fraud and identity theft, prompting Ticketmaster to issue warnings and advise affected individuals to monitor their financial accounts closely. The breach also led to reputational damage for Ticketmaster, as customers and partners expressed concerns over the company's ability to protect their personal information.
A holistic human-centered security approach, coupled with good block and tackling security implemented by a professional security team, will go a long way to preventing most cyber attacks.
According to Cunnigham,"Greater attention needs to be given to both human and machine identities used in the performance of services and integrations with third-parties and service providers. Organizations attempt to stop bad actors with a patchwork network of identity controls and tools, and often rely overly on third-party attestations such as SOC2 reports."
"These point solutions operate in silos, securing only what they know. Many enterprises rely on a patchwork mix of one or more cloud identity providers (IdPs) and other point solutions to secure the accelerating number of identities. Attackers know this and take advantage of the gap in security to hop from one part of an organization to the next to steal data. Identity is extremely distributed, but its security doesn’t have to be. Without a unified security layer, identity and security teams will continue struggling to protect the accelerating number of identities, sacrificing security and productivity.”
What did the Ticketmaster breach teach us? Cristescu believes,"We’re only as strong as our weakest vendor. If a third party you rely on isn’t secure, your data is at risk."
So, what can organizations do?"Take a closer look at your partners. Audit them regularly, ask tough questions about their security practices, and don’t be afraid to walk away if they can’t meet your standards," continues Cristescu.
AT&T Data Breach
AT&T, one of the largest telecommunications companies in the United States, experienced a data breach in July 2024 that impacted approximately 70 million customers. The breach was caused by a sophisticated cyberattack that targeted AT&T's customer database, leading to the exposure of sensitive information such as customer names, phone numbers, email addresses, and billing information.
Stolen data has a long tail of impact, not just on the companies, but also on the trust customers place in them. Data breaches of increasing impact and size are happening more often, making it critical that organizations rethink their approach to data security and protection. Rather than protecting around the data with traditional security measures, they need to adopt data de-identification methods to protect the actual data while retaining its value internally and rendering it useless to attackers even when stolen.
The AT&T breach highlighted the growing threats faced by telecommunications companies, which are prime targets for cybercriminals due to the vast amount of personal data they manage. The breach also raised concerns about the security of telecommunications infrastructure and the need for stronger defenses against increasingly advanced cyber threats.
Clyde Williamson, Senior Product Security Architect at Protegrity, says,“Records of calls and texts from nearly all of [AT&T] wireless customers being exfiltrated is not only a violation of trust on the customer’s end, but it showcases how thoroughly out-of-date current cybersecurity strategies are. The inferences that can be made from different types of data matter just as much as stolen PII.”
AT&T collaborated with federal authorities and cybersecurity firms to investigate the incident and secure its systems in response to the breach. Affected customers were notified through emails and text messages, providing guidance on protecting their accounts and monitoring for suspicious activity.
AT&T implemented additional security measures, including enhanced encryption for customer data, multi-factor authentication for account access, and stricter access controls for sensitive information.
Cristescu says the AT&T breach teaches us to"double down on access controls. Not having them is like leaving the front door to your house wide open."
What else can you do?"If you’re not already using Multi-Factor Authentication (MFA), start today. Combine it with role-based access controls to ensure only authorized people see sensitive data," says Cristescu.
Dell Data Breach
In March 2024, Dell suffered a significant data breach that exposed the personal information of over 180 million customers. The breach resulted from a vulnerability in Dell's customer support systems, which hackers exploited to gain unauthorized access to customer names, addresses, email addresses, and phone numbers.
The breach underscored the importance of securing customer support systems, often targeted by cybercriminals seeking to exploit weak points in a company's infrastructure. Dell's breach also highlighted the risks associated with third-party vendors, as the vulnerability was linked to a third-party software component used in their support systems.
In response to the breach, Dell took immediate action to contain the incident and secure affected systems. It worked with cybersecurity experts to identify the source of the vulnerability and implement patches to prevent further exploitation. Dell strengthened internal cybersecurity policies, conducted regular security audits, and enhanced employee training to recognize and prevent potential security threats.
The Dell breach taught us that "a 'trust but verify' approach with vendors just doesn't cut it anymore," according to Cristescu. Instead,"Embrace Zero Trust. This means limiting access for everyone and everything – even systems and people you usually trust," especially when relying on third-party software components.
Dell and AT&T likely highlight vulnerabilities in large, interconnected systems. Mitigating these requires enhanced endpoint security and visibility across sprawling IT landscapes. Subscribe to global threat intelligence feeds and participate in cross-industry threat-sharing communities to stay ahead of emerging attack vectors. For instance, using platforms like FS-ISAC in financial services enables organizations to prepare for known exploits.
National Public Data Breach
National Public Data (NPD), a major government database, experienced one of the largest data breaches this past April, affecting approximately 2.9 billion Social Security records. The breach exposed sensitive personal information, including SSNs, dates of birth, and addresses, impacting nearly every American citizen. The incident led to multiple class-action lawsuits and raised serious concerns about data security practices.
The attackers exploited a vulnerability in the system’s access controls, gaining unauthorized entry and extracting massive amounts of data over a prolonged period.
"While they have not confirmed it, the common consensus is that National Public Data's publicly exposed source code was archived on one of NPD’s subsidiaries, RecordCheck's main website," says Gaëtan Ferry, security researcher at GitGuardian."Exposing an archive containing an application’s source code on the application’s site is a long-known mistake predating the invention of version control software. It is believed the archive contained a default password that was still used by multiple user accounts and used as an initial access vector.”
The consequences of the breach were profound, with significant risks of identity theft and fraud affecting millions of individuals. Many victims faced the potential of unauthorized financial activity, and the incident led to a surge in calls for improved data protection and oversight of government databases.
Affected individuals were notified through official channels and offered free credit monitoring services to mitigate potential identity theft risks.
"Notably, this breach wasn’t announced for a week; it only came to light and led to a lawsuit earlier because the company didn't disclose it," shares Clyde Williamson."Further, it’s still unclear whether they intentionally avoided sharing details of this breach or just discovered it themselves."
Williamson thinks this underscores the insufficiency of U.S. laws in protecting citizens' personal data, which are outdated and ill-suited for the challenges of the 21st century."Data brokers like the NPD aren’t held to the same regulatory standards as institutions like the Payment Card Industry (PCI), which mandates annual audits and stringent controls for credit card data. As things stand now, the US has no such obligations."
It's also possible, Williamson believes, that a significant portion of the stolen data belongs to one of the most vulnerable groups: senior citizens and their families. "A popular scam has a threat actor pretending to be a lawyer with bad news for the senior - their family member is in trouble and needs money. And why wouldn’t a grandparent believe them if they had valid PII to validate their credibility? These scammers don’t have to open credit in someone’s name to ruin lives. They just need to know how to use the information stolen to empty a caring family member’s bank account."
Williamson suggests that relying on class action lawsuits to address negligence is insufficient."Organizations must prioritize transparency and enhance their efforts to de-identify sensitive data to protect consumer information. They must move beyond traditional defense mechanisms and adopt regulator-recommended data protection strategies like encryption and tokenization. These methods render data useless to attackers, making it impossible to steal and use maliciously."
Businesses can reduce the value of stolen data and significantly mitigate the long-term impact of ransomware attacks and fraud.
Further emphasizing the importance of vendor oversight, Matthew DeChant, CEO of Security Counsel, says, "CTOs and leadership teams must maintain strong oversight of third-party vendors’ security practices, especially when dealing with highly regulated, private data. Contracts should include the right to assess and audit vendors’ security programs. Don’t take security claims at face value—if a vendor touts a SOC 2 Type II attestation, request and review the report to ensure their scope covers your needs."
10 Top Cybersecurity Software!
Here's my pick of the 10 best software from the 10 tools reviewed.
The National Public Data breach served as a stark reminder of the challenges governments face in safeguarding citizens' data in an era of escalating cyber threats. As Cristescu puts it,"Holding on to too much data is like stockpiling fireworks in your garage; sooner or later, it will blow up."
In this case, ask yourself, "Do we really need to keep this data?” If the answer’s no, delete it. Also, consider encrypting the data you must keep so it’s useless if stolen," urges Cristescu.
Change Healthcare Data Breach
In August 2024, Change Healthcare, a leading healthcare technology company, suffered a major data breach that compromised the personal and medical information of over 4 million patients. The breach was attributed to a sophisticated phishing attack that targeted internal systems, allowing unauthorized access to sensitive records, including patient names, addresses, dates of birth, and medical history.
Hackers exploited gaps in Change Healthcare's security infrastructure, particularly in employee awareness and email security protocols.
This breach underscores the need for a comprehensive and layered approach to cybersecurity. "Implementing security isn't about a single solution, but building multiple layers of defense," says Shrav Mehta, CEO of Secureframe. "From secure coding practices to automated testing and continuous monitoring, we need a holistic approach that anticipates and mitigates potential threats before they emerge."
One significant consequence of the Change Healthcare breach was the disruption to healthcare services. Several hospitals and medical facilities that relied on Change Healthcare's systems experienced delays in critical patient care. This incident highlights the high stakes of cybersecurity in the healthcare sector, where vulnerabilities can jeopardize data integrity and service continuity.
Beyond the immediate technical failure, the Change Healthcare breach’s aftermath – with healthcare providers unable to process payments or pay staff – shows why healthcare CTOs must treat payment infrastructure with the same criticality as patient care systems. For healthcare tech leaders, the key takeaway is ruthlessly simple: gaps in basic security hygiene, even in a single service, can bring down an entire healthcare ecosystem.
This breach also underscored the need for stronger regulations and expanded accountability within the healthcare industry.
Kiran Chinnagangannagari, Chief Product and Technology Officer at Securin stresses the critical role of medical device manufacturers in mitigating these vulnerabilities:"Personally, I would like to see new regulations extend beyond just healthcare providers to include medical device manufacturers as the vulnerability risks associated with them are a growing concern as well.
Securin research showed a 59% year-over-year increase in vulnerabilities across healthcare products, with 43 vulnerabilities enabling remote control execution—a critical threat to patient safety. Medical devices, such as infusion pumps and monitoring systems, are essential for patient care, and without proper cybersecurity measures, these vulnerabilities could lead to dangerous disruptions, possibly even life-threatening. We must prioritize both securing these medical providers and devices and providing the financial means to do so."
Chinnagangannagari also stresses the importance of third-party risk management."Organizations must actively verify that every entity within their supply chain is capable of preventing devastating breaches. Stricter regulations and enhanced enforcement are now necessary, and security teams, as well as developers, must implement CISA's Secure by Design principles in their systems and products. Companies should be made responsible not only for their own cybersecurity measures but also for those of all organizations they engage with. The stakes are too high—we cannot allow this type of negligence to continue."
Dr. Sean Kelly, MD, Chief Medical Officer and VP of Customer Strategy at Imprivata, adds,"Building a comprehensive cybersecurity strategy is almost like building a house, and most healthcare organizations have only laid the foundation. Their approach is often reactive, with a focus on cleaning up the bad guy’s mess rather than keeping them out from the start."
Change Healthcare pledged to adopt more stringent data protection practices and to work closely with regulatory bodies to prevent future incidents. This incident teaches us that,"Legacy systems are a hacker’s playground," says Cristescu."Keeping outdated tech around is a risk we can’t afford."
Cristescu recommends that organizations "upgrade to modern, cloud-based systems that include advanced threat detection" and "don’t skimp on backup strategies. Ransomware can’t hold you hostage if you’ve got secure, isolated backups ready to go."
Across all these breaches, we see the common element of the attacker finding and using hardcoded credentials. For human identities, the lack of phishing-resistant multifactor authentication seems to be a theme, and for non-human identities, the plaintext secrets involved were long-lived, long enough to be helpful to an adversary. This really should call attention to the fact that large organizations need to get a handle on secrets observability, where they can manage and automate rotating credentials at scale to make any leaked secrets useless by the time they are found.
What’s Next
As we look ahead to 2025, the cybersecurity landscape will likely be shaped by the increasing sophistication of both threats and defenses. Cybercriminals are expected to lean more heavily into AI-powered attacks, using machine learning to bypass traditional security systems and create more convincing phishing attempts.
Larry Zorio, CISO at Mark43, thinks, "Organizations should brace themselves for a surge in AI-driven attacks—sophisticated threats that adapt their signatures to evade detection. Exploited by bad actors looking for payouts, these attacks target sectors with weak defenses and inadequate resources. Hackers use tools like ChatGPT to create malware and craft phishing emails nearly indistinguishable from legitimate communications.
Are these fears justified? Absolutely. However, we can take measures to protect ourselves and our companies, including staff training to prevent phishing, ongoing monitoring with behavioral analytics to detect anomalies, and partnering with trusted vendors to address security gaps. Proactive investments now will strengthen defenses and save costs in the long run."
This rise in offensive AI will demand that organizations adopt equally advanced defensive tools, such as AI-driven threat detection and response systems capable of analyzing vast data sets in real time to identify anomalies and mitigate risks. Additionally, supply chain attacks will remain a significant concern, with attackers exploiting third-party vendors to gain access to sensitive systems.
On the defensive front, expect to see more widespread adoption of Zero Trust Architecture, in which no user or device is trusted by default and access is continuously verified.
Cloud security will take center stage as organizations grapple with the complexities of securing multi-cloud environments, emphasizing the need for real-time visibility and threat management across these infrastructures.
To reduce the number of cloud-based attacks, organizations should consider bringing a real-time cloud perspective to security operations centers (SOCs) to ensure consistent threat detection and response across your entire infrastructure. This will reduce costs, mean-time to respond (MTTR), and significantly lower the risk of material breaches.
Regulatory changes, particularly around data privacy and security standards, will likely tighten globally, prompting organizations to align their practices with stricter compliance requirements.
Expect a regulatory tsunami. In the EU, ecommerce-focused regulations have rippled through social media and online marketplaces. The US will see fragmented approaches, with state-level consumer privacy laws creating complexity for businesses operating across jurisdictions.
Morey Haber, Chief Security Advisor at BeyondTrust, says, "What we have learned from these attacks is that no one's personal information is safe, regardless of the company or its size." If companies want to protect themselves against threats, Haber proposes the following:
- Don't use cell phone numbers for accounts or personal information. A phone number is often a unique identifier, easily tied to an individual across multiple platforms. In the event of a breach, attackers can link it to other compromised data to build a detailed profile, making it as risky as a Social Security number. Avoid using phone numbers for logins or authentication whenever possible to reduce exposure and safeguard your identity.
- Avoid using the same email address for all accounts. Instead, create separate addresses for correspondence, banking, and other sensitive activities. This way, if one email is compromised, it won’t expose your entire digital identity.
- For businesses, it’s often easier for attackers to log in than hack in. Prioritize identity security and privileged access management by regularly reviewing entitlements and permissions to block lateral movement and unauthorized access.
2025 will also see a greater push for collaboration across industries and governments, with threat intelligence sharing becoming a critical component in staying ahead of attackers.
Ultimately, the key to navigating these challenges will be combining cutting-edge technologies with a culture of vigilance and accountability at every organizational level.
Final Thoughts
The data breaches of 2024 are a sobering reminder that even the best defenses aren’t impenetrable. But they’re also a call to action—an opportunity to refine strategies, prioritize proactive monitoring, and build stronger, more adaptable security postures. Transparency and collaboration play a critical role in this process.
"We must embrace radical transparency by openly sharing vulnerability insights, version adoption rates, and lessons learned," says Shrav Mehta."This collaborative approach helps the entire tech ecosystem become more resilient."
If we’re to outpace the ingenuity of bad actors, we need to share knowledge, scrutinize our vulnerabilities, and hold ourselves accountable as stewards of the systems and data we protect.
As we move into 2025, let’s take the hard-earned lessons of this year to heart. Whether adopting zero-trust principles, investing in better threat intelligence, or fostering a culture where security is everyone’s job, the goal is clear: companies must adapt their strategies, invest in emerging security technologies, and foster a culture of awareness and vigilance.
Subscribe to The CTO Club’s newsletter for more cybersecurity tips, tools, and best practices.