Happy New Year! As outlets publish the cybersecurity industry’s 2025 trends and forecasts to help professionals prepare for what’s to come in the new year, we’re continuing our monthly tradition of covering articles on data breaches, cyber attacks, and costly lawsuits that went live the past month.
According to Verified Market Research, the Incident Response Market is projected to quadruple in size by 2030, highlighting the growing cybersecurity risks and threats. Fingers crossed that companies will work to prevent breaches before they happen and that the number of such headlines will decrease during 2025 and customers will not have to shoulder the burden of paying for these data breaches.
Compiled on January 3, the following list is composed of data breach headlines that were published during the month of December. Source articles have been organized by industry (entertainment, finance, healthcare, infrastructure, tech, retail, and miscellaneous) in reverse chronological order.
Security Breaches Reported in December 2024
Entertainment
12/12/2024
Screen Actors Guild Health Plan sued after September data breach exposes healthcare info | The Record
On December 2, the union’s health plan informed members and California regulators that hackers broke into an employee’s email account in September. SAG-AFTRA Health Plan said investigators traced the breach back to a phishing email that compromised the account. Law enforcement has been notified and the investigation is ongoing.
12/11/2024
Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users
The 40+ dating platform Senior Dating has been the victim of a data breach, compromising the personal information of 765,517 users. The breach, linked to an exposed Firebase database, has raised serious concerns about protecting sensitive data in online matchmaking services. The breach, dated 23 November 2024, came to public attention after being added to the Have I Been Pwned (HIBP) database on 9 December the same year.
Finance
12/30/2024
US Treasury reports breach by Chinese hackers in 'major incident' | The National
The US Treasury Department was breached by Chinese state-sponsored hackers, who gained access to unclassified documents, in what the organisation called a “major cyber security incident”, according to a letter sent to the Congress on Monday. The Treasury said a third-party software provider, BeyondTrust, had notified it of the breach. The hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users”, the letter seen by Bloomberg and Reuters, said.
12/27/2024
Over 4,600 RBFCU customers' data may be leaked in data breach, Texas AG's office says | KSAT 12
Randolph Brooks Federal Credit Union (RBFCU) potentially exposed the banking information of 4,607 customers, according to the Texas Attorney General’s Office. The credit union told KSAT that someone physically breached one of its ATMs. The breach was reported on the Data Breach Security Reports Website on Monday.
12/19/2024
Attorney General James Secures $500,000 from Auto Insurance Company Over Data Breach
New York Attorney General Letitia James today secured $500,000 from auto insurance company, Noblr, for failing to protect the personal information of more than 80,000 New Yorkers as part of a data breach. The scammers then used some of the stolen driver’s license information to file fraudulent unemployment claims at the height of the COVID-19 pandemic. In addition to Noblr, Attorney General James also held GEICO and Travelers accountable for failing to protect New Yorkers’ personal information, bringing the total amount secured from auto insurance companies for cybersecurity failures to $5.6 million.
12/19/2024
Massive data breach at federal credit union exposes 240,000 members | Fox News
SRP Federal Credit Union, a South Carolina-based financial institution, had a major data breach impacting more than 240,000 people. The company said it discovered suspicious activity on its network and notified law enforcement. An investigation determined that hackers accessed the credit union’s systems between Sept. 5 and Nov. 4, potentially acquiring sensitive files. The ransomware group Nitrogen claimed responsibility last week, alleging it had stolen 650 GB of customer
12/12/2024
Bitcoin ATM giant Byte Federal says 58000 users' personal data compromised in breach
Bitcoin ATM giant Byte Federal says 58K users’ personal data compromised in breach. The company said the breach occurred on September 30 and was discovered by Byte Federal on November 18. It said an unnamed attacker gained access to the company’s network by exploiting a vulnerability in third-party software. The company said in a blog post in November that the bug was in the popular developer platform GitLab.
12/5/2024
Compromised Email Account Leads to LA Financial Federal Credit Union Data Breach | JD Supra
On November 27, 2024, LA Financial Federal Credit Union (“LA Financial”) filed a notice of data breach with the Attorney General of California after discovering that an employee’s email account was subject to unauthorized access. In this notice, LA Financial explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information.
12/2/2024
Crypto Exchange DMM Bitcoin Collapses After $320 Million Security Breach | Analytics Insight
Japan's crypto exchange, DMM Bitcoin, announced liquidation, citing recovery issues following a hack of $320 million Bitcoins in May 2024. The DMM Bitcoin hack led to a leak of over 4,500 BTC without permission, with the price being $96,264 per coin. In a bid to safeguard users' funds and maintain operations, DMM Bitcoin has agreed to an asset transfer deal with SBI VC Trade, a subsidiary of the SBI Group. All customer assets, including crypto and fiat currency deposits, are expected to be transferred by March 2025.
Healthcare
12/24/2024
American Addiction Centers Data Breach Impacts 422,000 People | SecurityWeek
American Addiction Centers is notifying more than 422,000 people that their personal information was stolen in a recent data breach. The incident was identified on September 26, but the attackers had access to the organization’s servers for at least several days prior and stole certain data during that time. The organization has not shared specific details on the type of cyberattack it fell victim to, but the Rhysida ransomware gang claimed responsibility for the incident in mid-November, when it added American Addiction Centers to its Tor-based leak site.
12/20/2024
US hospital operator Ascension says 5.6 million affected in medical data breach in May
Hospital operator Ascension told Maine's state attorney general on Friday that nearly 5.6 million people were affected in a ransomware attack that hit it earlier this year. In a letter to the attorney general, Ascension's lawyer said the incident happened on May 7 and 8 and blamed it on a "cybercriminal", whom the company did not identify. Ascension did not immediately return a message seeking further comment.
12/20/2024
Two HIPAA settlements, $1.6 million in penalties | Data Protection Report
On December 4, 2024, HHS announced an agreement with Gulf Coast Pain Consultants calling for payment of $1.1 million in civil penalties due to alleged lack of compliance with HIPAA’s security requirements. Two days later, HHS announced an agreement with Children’s Hospital Colorado for payment of $548,265 for some HIPAA security issues that arose from multifactor authentication missteps that led to unauthorized access.
12/20/2024
Change Healthcare Faces Lawsuit For Failing To Protect Customer Data | Forbes
Nebraska Attorney General Michael T. Hilgers has filed a lawsuit against Change Healthcare, its parent company UnitedHealth Group and its operating entity Optum, following a data breach that exposed the personal and medical information of an estimated 575,000 Nebraskans. According to the lawsuit, the breach began on February 11, 2024, when login credentials for a low-level employee were posted in a Telegram group known for selling stolen information. Hackers reportedly used these credentials to infiltrate Change Healthcare's systems, creating administrator accounts and installing malware. The attackers' presence went undetected until February 21, when the ransomware group BlackCat encrypted Change Healthcare's systems, forcing the company to take its operations offline.
12/18/2024
Data breach at chain of clinics impacts 450K patients | HealthExec
The largest physician-led vein center in the U.S. announced it has suffered a data breach, which resulted in hackers stealing personal data on 446,094 patients. The Center for Vein Restoration (CVR) announced the breach last week, though the incident was first noticed on Oct. 6. Details on the nature of the attack, scope of the breach and how cybercriminals gained access to protected systems are still unknown.
12/16/2024
900,000 People Impacted by ConnectOnCall Data Breach | SecurityWeek
According to ConnectOnCall, an unknown threat actor gained access to its service and to the data within the application on February 16, 2024, and lingered in the system until May 12, 2024. ConnectOnCall told the US Department of Health and Human Services that 914,138 individuals were affected by the data breach.
12/16/2024
Hackers Claim to Have Stolen 17 Million Patient Records from PIH Health
The hacking group behind the ransomware attack on the Californian healthcare provider PIH Health on December 1, 2024, claims to have exfiltrated a huge amount of sensitive data before encrypting files. If the hackers are to be believed, they exfiltrated 17 million patient records, data for more than 8.1 million “medical episodes” that include patients’ home addresses, cancer patients’ treatment records, private emails including test results and treatments, confidentiality agreements with employees, and around 100 active nondisclosure agreements between PIH Health and other medical organizations.
12/11/2024
446,000 Impacted by Center for Vein Restoration Data Breach | SecurityWeek
Vein care provider Center for Vein Restoration is notifying over 446,000 individuals that their personal, medical, and financial information was compromised in a recent cyberattack. The incident, the organization says in an incident notice, was identified on October 6, and involved unauthorized access to files containing the information of employees and of individuals who were treated by Center for Vein Restoration.
12/9/2024
US medical device giant Artivion says hackers stole files during cybersecurity incident | Tech Crunch
US medical device giant Artivion says hackers stole files during cybersecurity incident. In an 8-K filing with the SEC on Monday, Georgia-based Artivion, formerly CryoLife, said it became aware of a “cybersecurity incident” that involved the “acquisition and encryption” of data on November 21. This suggests the company was hit by ransomware, but Artivion has yet to confirm the nature of the incident and did not immediately respond to TechCrunch’s questions. No major ransomware group has claimed responsibility for the attack yet.
12/7/2024
Anna Jaques Hospital ransomware breach exposed data of 300K patients
Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 310,000 patients. The healthcare organization launched an investigation on January 24, 2024, a few days after the 'Money Message' ransomware group began publicly extorting the hospital on January 19.
12/6/2024
Atrium Health Data Breach Impacts 585,000 People | SecurityWeek
Healthcare company Atrium Health has notified the US Department of Health and Human Services (HHS) that a recently discovered data breach impacts more than 585,000 individuals. The HHS website does not provide any information regarding the incident, but the notification is likely related to an issue involving online tracking technologies that were present on an Atrium Health patient portal between 2015 and 2019. The company said an initial review of the tracking technologies, conducted in 2022, did not uncover any issues, but a more recent analysis of online technologies on the patient portal did reveal the possible exposure of information.
12/6/2024
Insider Breach, Email Attacks Net $1.7M in HIPAA Fines | BankInfoSecurity
An insider breach at a Florida pain management firm and an email breach at a Colorado pediatric hospital have resulted in more than $1.7 million in fines for HIPAA violations found by federal investigators. The two incidents affected fewer than 50,000 people. The pain management practice investigation centered on a former independent business consultant who was under contract. The contractor was accused of accessing the practice's electronic health records containing patients' protected health information to commit alleged Medicare claims fraud.
12/3/2024
OnePoint Patient Care Data Breach Investigation | Migliaccio & Rathod LLP
On November 26, 2024, OnePoint Patient Care announced that an unknown party gained access to its database, leading to a breach that impacted 1,741,152 individuals and their personal information. Subsequently, the company conducted an investigation into the data security incident and uncovered that between August 6, 2024, and August 8, 2024, a cybercriminal accessed its IT systems containing the personally identifiable information of patients.
Infrastructure
12/26/2024
Defense Giant General Dynamics Says Employees Targeted in Phishing Attack
The unauthorized activity was discovered on October 10, after the attackers had accessed and made changes to the employee benefits accounts through a login portal hosted by a third party. According to the company, the attackers ran a fraudulent advertising campaign that directed General Dynamics employees to a phishing site where they were deceived into entering their usernames and passwords. The malicious actor was then able to access the accounts of the employees who provided this information to the false third party login site.
12/23/2024
Duke Energy Data Breach Exposes Customer Information | Daily Security Review
Duke Energy confirms a data breach exposing customer account numbers, birthdates, addresses, and partial Social Security numbers. The breach, which originated in May 2024, involved a third-party unauthorized access to customer information through Duke Energy’s public website.
12/13/2024
RI computer network cyberattack forces shutdown of public benefits system | The Providence Journal
Rhode Island's public benefits computer system was shut down Friday after it was breached by hackers, potentially exposing the personal information of hundreds of thousands of Rhode Islanders, Gov. Dan McKee said. Deloitte, the information technology vendor that built and runs the computer system known as RIBridges and UHIP, first alerted the state and police about a potential attack on Dec. 5. On Tuesday, the attackers sent the vendor screenshots showing personal data files. Although malicious code had been detected, Tardiff said it was not a ransomware attack, where the hackers threaten to shut down a computer system if their demands are not met. Instead, the threat was to release private information. "This is more of an extortion-type activity by this cybercriminal group," he said.
12/5/2024
Chemonics International Data Breach Impacts 260,000 Individuals | SecurityWeek
Chemonics International is notifying over 260,000 individuals that their personal information was compromised in a year-old data breach. The incident was discovered on December 15, 2023, but the attackers lingered in its environment between May 2023 and January 2024, Chemonics says. “On December 15, 2023, Chemonics became aware of suspicious activity related to certain user accounts. Upon discovery, we enacted our response protocols, including conducting password resets and disabling impacted accounts,” the company announced this week.
12/4/2024
BT unit took servers offline after Black Basta ransomware breach | Bleeping Computer
Multinational telecommunications giant BT Group (formerly British Telecom) has confirmed that its BT Conferencing business division shut down some of its servers following a Black Basta ransomware breach. "We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated," BleepingComputer was told.
12/4/2024
ENGlobal faces cybersecurity breach, leads to 'limited' access to essential business operations
ENGlobal Corporation, an engineering and automation services provider that works with the U.S. energy sector and federal government, reported in a filing with the U.S. Securities and Exchange Commission (SEC) that on Nov. 25, 2024, it became aware of a cybersecurity incident. An initial investigation indicated that a threat actor had unlawfully accessed the company’s information technology (IT) system and encrypted certain data files.
12/2/2024
Law Enforcement Communications Breach Exposed Data, Suit Says | Bloomberg Law
Communications provider Datamaxx Applied Technologies Inc. was negligent in failing to protect the personally identifiable data of law enforcement officers from cybercriminals, according to a proposed class action. Datamaxx provides solutions for communication, data access, information sharing, enterprise intelligence, and access control. Their services are designed for the law enforcement, criminal justice, public safety, and security sectors.
Tech
12/30/2024
Cisco Confirms Authenticity of Data After Second Leak | SecurityWeek
A hacker has leaked more data stolen from a Cisco DevHub instance and the tech giant has confirmed its authenticity and that it originated from a recently disclosed security incident. Cisco’s investigation showed that its systems had not been breached and that the data was actually taken from a public-facing DevHub environment that served as a resource center providing source code, scripts and other content to customers. While much of the data from this DevHub instance is already public, some of the files obtained by the hackers were not supposed to be public, Cisco admitted.
12/17/2024
Meta fined $263M over 2018 security breach that affected ~3M EU users | TechCrunch
Meta has been fined €251 million (around $263 million) in the European Union for a Facebook security breach that affected millions of users, which the company disclosed back in September 2018. The breach dates back to July 2017, when Facebook rolled out a video upload function that included a “View as” feature, which let the user see their own Facebook page as it would be seen by another user. Between September 14 and September 28, 2018, the watchdog said unauthorized people used scripts to exploit this vulnerability to log in to approximately 29 million Facebook accounts globally, around 3 million of which were based in the EU/European Economic Area.
12/10/2024
AWS customers face massive breach amid alleged ShinyHunters regroup | CSO Online
Terabytes of data belonging to thousands of AWS customers, including customer details, AWS credentials, and proprietary source code, were compromised in a large-scale cyber operation linked to the now-defunct ShinyHunters hacking group. “We have identified a significant operation that scanned millions of websites, exploiting vulnerabilities in improperly configured public sites,” said researchers. Researchers highlighted that the misconfigurations enabling this attack fall under customers’ responsibilities within the shared responsibility model and could happen with any Cloud Service Provider (CSP).
12/6/2024
Ultralytics AI model hijacked to infect thousands with cryptominer | Bleeping Computer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI). Ultralytics tools are open-source and are used by numerous projects spanning a wide range of industries and applications. "We confirm that Ultralytics versions 8.3.41 and 8.3.42 were compromised by a malicious code injection targeting cryptocurrency mining. Both versions have been immediately removed from PyPI," Jocher posted to GitHub.
Retail
12/27/2024
Volkswagen Data Breach: 800,000 Electric Car Owners’ Data Leaked | Cybersecurity News
Volkswagen has inadvertently exposed the personal information of 800,000 electric vehicle owners, including their location data and contact details. The breach, which occurred due to a misconfiguration in the systems of Cariad, VW’s software subsidiary, left sensitive data stored on Amazon Cloud publicly accessible for months. The breach was discovered by the Chaos Computer Club (CCC), a German hacker group known for its ethical hacking practices. The CCC promptly informed Volkswagen of the vulnerability, allowing the company to address the issue before it could be exploited maliciously.
12/23/2024
McDonalds delivery customers put at risk by possible data breach | TechRadar
A delivery system for McDonalds in India was flawed in a way that exposed sensitive customer information, and allowed people to make fraudulent orders, experts hae claimed. The delivery system, which is apparently owned by a company called Hardcastle Restaurants, had a vulnerability which exposed delivery customer names, email addresses, and phone numbers. For the drivers, it exposed vehicle numbers, profile pictures, and tracked real-time location of their deliveries. Zveare found the vulnerabilities in June 2024, and McDonalds fixed it in September. Allegedly, no threat actors stumbled upon this bug, and no customers were actually exposed.
12/12/2024
ParkMobile data breach leads to $32 million settlement. Are you owed a payout? | Centre Daily Times
The agreement follows a 2021 data security breach that some users argued the parking solutions company was liable for, citing a lack of protections for customers’ sensitive information. In a statement posted on its website in November, the company said it “immediately launched an investigation, quickly eliminated a third-party vulnerability, and continue to maintain our security and monitor our systems.”
12/11/2024
Krispy Kreme cyberattack impacts online orders and operations | Bleeping Computer
US doughnut chain Krispy Kreme suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. In an SEC filing submitted today, Krispy Kreme says it detected unauthorized activity on November 29, 2024, which has caused disruptions to its online ordering system in the United States.
Miscellaneous
12/25/2024
Postman Data Leak | 30000 Publicly Accessible Workspaces Could Lead Massive Hack
The investigation reveals that improper management of Postman workspaces has resulted in over 30,000 publicly accessible collections exposing sensitive data, potentially paving the way for massive data breaches and unauthorized misuse. The TRIAD Team’s year-long analysis highlighted critical cases in which sensitive data such as API keys, access tokens, refresh tokens, and even proprietary user data were inadvertently leaked via public Postman collections. Acknowledging the severity of these findings, Postman has enhanced its security measures by implementing a secret-protection policy.
12/24/2024
Clop ransomware is now extorting 66 Cleo data-theft victims | Bleeping Computer
The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. In the notification on their leak site, Clop lists 66 partial names of companies that did not engage the hackers for negotiations. If these companies continue to ignore, Clop threatens to disclose their full name in 48 hours. The zero-day flaw exploited this time is now tracked as CVE-2024-50623 and it allows a remote attacker to perform unrestricted file uploads and downloads, leading to remote code execution.
12/20/2024
Thousands of GPS tracking customers have info leaked following data breach | TechRadar
Hapn, a company that sells GPS tracking hardware and software, is reportedly spilling sensitive user information online. In late November 2024, a security researcher reached out to TechCrunch, saying they observed a bug in Hapn’s website, which allows malicious actors to view the exposed data using the developer tools in the web browser. Hapn CEO and co-founder, Joseph Besdin, said that the exposure was limited to historical data from April 2024, and that it only affected three customer accounts.
12/7/2024
Deloitte Data Breach | Company Denied Saying, "Only Single Client System Affected" | CyberSecurityNews
Deloitte UK has strongly refuted claims of a major cybersecurity breach made by the ransomware group Brain Cipher. While the group alleges it has stolen over 1 terabyte of sensitive data from the professional services giant, Deloitte has maintained that its systems remain unaffected. While Deloitte has denied the breach, it remains to be seen whether Brain Cipher will publish further details to support their claims. For now, Deloitte faces the dual challenge of protecting its reputation and addressing concerns raised by the allegations.
Access Control Matters
2024’s relentless wave of data breaches has emphasized that the reactive approach to security is no longer enough to handle the rising number of more sophisticated attacks. With attackers continuously evolving their methods thanks to rapid technological advancements, companies must shift their focus toward proactive prevention, ie: adopting robust access control measures and embracing zero-trust principles to limit lateral movement and mitigate damage before it happens. The best defense is a secure system that deters attackers and prevents breaches, not one that addresses vulnerabilities after they are exploited.
Built upon the principle of continuous verification, Pomerium is a zero-trust reverse proxy that empowers organizations to modernize their security posture. With the ability to authenticate, authorize, monitor, and secure user access to any application without a VPN, Pomerium helps companies stay ahead of threats and protect their critical resources. Choosing prevention over reaction is no longer optional—it's essential.
