October 2024 Data Breaches [LIST]

November 1, 2024

October was full of data breaches, cyber attacks, and costly lawsuits. Innumerable data breaches continued to make headlines, spotlighting the need for higher cybersecurity defenses. 

Compiled on November 1, the following lists are composed of data breach headlines that were primarily published during the month of October—but also includes September headlines published since our last list went live (September 2024 Data Breaches [LIST]). Source articles have been organized by industry in reverse chronological order.

Biggest Security Breaches Covered in October 2024

We'll start with the top five biggest breaches for October:

Tip: For a point of reference, the American population is approximately 347 million according to the United States Population Clock at the date of this post.

5. 100 Million Individuals (28.8% of Americans) Affected

10/24/2024

UnitedHealth says Change Healthcare data breach affects over 100 million people in America | TechCrunch

More than 100 million individuals had their private health information stolen during the ransomware attack on Change Healthcare, a cyberattack that caused months of unprecedented outages and widespread disruption across the U.S. healthcare sector. This is the first time that UnitedHealth Group (UHG), the U.S. health insurance provider that owns the health tech company, has put a number of affected individuals to the data breach.

4. 270 Million Users Affected in the U.S., U.K., and Canada.

10/14/2024

National Public Data, the hacked data broker that lost millions of Social Security numbers and more, files for bankruptcy | TechCrunch

A Florida data broker that lost hundreds of millions of Social Security numbers and other personally identifiable information in a data breach earlier this year has filed for Chapter 11 bankruptcy protection as the company faces a wave of litigation.

3. More than 300 Million Customers Affected Worldwide

10/9/2024

Marriott agrees to pay $52 million, beef up data security to resolve probes over data breaches | AP News

Marriott International has agreed to pay $52 million and make changes to bolster its data security to resolve state and federal claims related to major data breaches that affected more than 300 million of its customers worldwide. The FTC and the states ran parallel investigations into three data breaches, which took place between 2014 and 2020.

2. Up to 560 Million Customers Affected Worldwide

10/14/2024

Ticketmaster Sued Over Massive Data Breach | Rolling Stone 

Ticketmaster is facing a class action lawsuit over the massive data breach the company suffered from the hacker group ShinyHunters earlier this year. ShinyHunters claimed that it had obtained personal data of 560 million Ticketmaster accounts through third-party cloud data company Snowflake, ransoming the data for $500,000. 

1. $101.5 Million Fine for 600 Million Passwords

09/27/2024

Meta fined $102 million for storing passwords in plain text | Engadget

The Irish Data Protection Commission (DPC) has slapped Meta with a $101.5 million (€91 million) fine after wrapping up an investigation into a security breach in 2019, wherein the company mistakenly stored users' passwords in plain text. While Meta didn't say how many accounts were affected, a senior employee told Krebs on Security back then that the incident involved up to 600 million passwords. 

Security Breaches Reported in October 2024

Entertainment

10/14/2024

Internet Archive Breached Again–Third Cyber Attack In October 2024 | Forbes 

The Internet Archive has confirmed a third security breach on Oct. 20 in what has become a series of escalating cyberattacks. Despite previous warnings and multiple breaches earlier this month, the organization had not adequately secured the system, leaving the tokens vulnerable to continued exploitation. This breach follows two major attacks earlier in October, which have compounded the damage to the organization’s infrastructure.

10/14/2024

Pokemon dev Game Freak confirms breach after stolen data leaks online | Bleeping Computer

Co-owner and the primary developing studio of the Pokémon series video game, Japanese video game developer Game Freak has confirmed it suffered a cyberattack in August after source code and game designs for unpublished games were leaked online.

10/9/2024

The Internet Archive is under attack, with a breach revealing info for 31 million accounts | The Verge 

A pop-up message on the Internet Archive said the online archive has suffered ‘a catastrophic security breach,’ as its operators say the site has been DDoS’d for days. Internet Archive founder Brewster Kahle confirmed the breach and said the website had been defaced with the notification via a JavaScript library.

10/7/2024

Personal Information Compromised in Universal Music Data Breach | SecurityWeek 

680 individuals are impacted in a recent data breach where unauthorized activity was discovered in an internal application in early July. The company says that while it has no evidence that the information has been misused, it has decided to offer impacted individuals 24 months of free credit monitoring and identity theft protection services. 

Finance

10/30/2024

Interbank confirms data breach following failed extortion, data leak - Bleeping Computer 

​Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online. While customers have been reporting that the bank's mobile app and online platforms stopped working throughout the day and during a separate outage reported two weeks ago, Interbank says that most of its operations are now back online and that its clients' deposits are secure.

10/21/2024

Crypto payment services firm says more than 92,000 affected by data breach | The Record
A recent data breach at the crypto payment processor Transak exposed the information of more than 92,000 people after an employee's laptop was accessed. The company said on Sunday that “no financially sensitive or critical information was compromised” but admitted that names, birthdays, passports, driver’s license information and user selfies were leaked in the breach.

10/10/2024

Fidelity says data breach exposed personal data of 77,000 customers | TechCrunch
Fidelity Investments, one of the world’s largest asset managers, has confirmed that over 77,000 customers had personal information compromised during an August data breach. An unnamed third party accessed information from its systems between August 17 and August 19 “using two customer accounts that they had recently established.” 

10/6/2024

Comcast and Truist Bank customers caught up in FBCS data breach | Bleeping Computer 

Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS. The data breach is believed to have impacted 4.2 million individuals. 273k Comcast customers and an unspecified number of Truist customers have been impacted. 

10/1/2024

More Than a Million People Affected by Patelco Credit Union's Data Breach | Credit Union Times

In an amended public filing, the $9.5 billion Patelco Credit Union reported the personal information of more than one million current and former members and employees had been accessed during a June ransomware attack. 

09/30/2024

TIAA Retail Customer Data Exposed in Vendor Breach | ThinkAdvisor

Personal information for almost 9,000 retail TIAA and TIAA-CREF Life Insurance customers was exposed in a hack that appears related to a breach that caught other financial services firms. A TIAA support services vendor, Infosys McCamish Systems, was breached between Oct. 29 and Nov. 2, when IMS discovered the hack, according to a letter from TIAA to affected customers.

09/30/2024

Wells Fargo Announces Data Breach Involving Unauthorized Access by Former Employee | JD Supra

Wells Fargo filed a notice of data breach with the Attorney General of Vermont after discovering that a former employee accessed customer information without authorization for fraudulent purposes. The incident resulted in an unauthorized party being able to access consumers’ sensitive information. 

Healthcare

10/31/2024

Mystic Valley Elder Services Data Breach Impacts 87,000 People - SecurityWeek 

Mystic Valley Elder Services, a Massachusetts-based non-profit that provides health and other services to the elderly and people with disabilities, has suffered a data breach impacting many individuals. The investigation revealed a few months later that the attacker may have stolen files containing personal information

10/18/2024

Boston Children's Health Physicians confirms September data breach | The Record from Recorded Future News

Boston Children’s Health Physicians warned patients that a breach in September exposed troves of sensitive information. The organization was notified of unusual activity on its systems, and further investigation revealed that the hackers took files off of their network that contained patient information.

10/18/2024

Omni Family Health Data Breach Impacts 470,000 Individuals | SecurityWeek

California network of health centers Omni Family Health is notifying close to 470,000 individuals that their personal information was stolen in a cyberattack earlier this year. The leaked information pertains to current and former patients and employees.

10/14/2024

Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches | SecurityWeek

Gryphon Healthcare and Tri-City Medical Center last week disclosed separate data breaches, a third-party data breach and a cyberattack respectively, in which the personal information of more than 500,000 individuals was stolen. 

10/3/2024

Weiser Memorial Hospital investigates potential data breach | TechTarget 

Idaho-based Weiser Memorial Hospital is investigating a potential data breach after cyberthreat actors claimed to be in possession of the hospital's data. A cyberthreat actor group has claimed responsibility for this incident, and the hospital is in the process of researching these claims.

Infrastructure

10/24/2024

Free, France's second largest ISP, confirms data breach after leak | Bleeping Computer 

The data stolen in the attack is now being auctioned on BreachForums to the highest bidder, with the threat actor—known as "drussellx"—claiming that the breach impacts almost a third of France's population. The company, which says it had over 22.9 million mobile and fixed subscribers at the end of June, is the second-largest telecommunications company in France and a subsidiary of the Iliad Group, Europe's sixth-largest mobile operator by number of subscribers. 

10/8/2024

Water supplier American Water Works says systems hacked | CBS News 

American Water Works—a supplier of drinking water and wastewater services to more than 14 million people—said hackers had breached its computer networks and systems, prompting it to pause billing to customers. The company does not believe its facilities or operations were impacted by the cybersecurity incident, but is "currently unable to predict the full impact," it stated. 

10/7/2024

China's Salt Typhoon Hacked AT&T, Verizon: Report | SecurityWeek  

The China-linked threat group known as Salt Typhoon has hacked into the networks of several major broadband providers such as Verizon, AT&T and Lumen in the United States, potentially compromising wiretap systems. The incident has raised concerns of national security risks because these systems enable investigations into criminal and national security matters.

10/4/2024

Comcast confirms 237K affected in feisty breach notification | The Register 

Comcast says data on 237,703 of its customers was stolen in a cyberattack on debt collections agency, Financial Business and Consumer Solutions aka FBCS. The agency was compromised in February, and the firm informed the US cable giant about the unauthorized access in March.

09/30/2024

Media giant AFP hit by cyberattack impacting news delivery services | Bleeping Computer 

Global news agency AFP (Agence France-Presse) is warning that it suffered a cyberattack on Friday, which impacted IT systems and content delivery services for its partners. As for the type of the attack and the perpetrators, no details were provided.

09/30/2024

T-Mobile pays $31.5 million FCC settlement over 4 data breaches | Bleeping Computer 

The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers and impacted T-Mobile's customers in 2021, 2022, and 2023.

Tech

10/18/2024

Tech giant Nidec confirms data breach following ransomware attack | Bleeping Computer 

The Japanese tech giant Nidec Corporation has revealed that hackers behind a ransomware attack have stolen data and leaked it on the dark web. The attack did not encrypt files and the incident is considered fully remediated at this time. 

10/15/2024

Alleged Cisco data breach could affect Microsoft, Barclays, and SAP developer data | CSO Online

A BreachForum post made by IntelBroker claims source code was taken from Cisco customers in the breach. The breach allegedly affected a huge amount of developer data for customers including such as Microsoft, Barclays, SAP, T-Mobile, AT&T, and Verizon. Cisco is reportedly investigating the breach claims.

10/2/2024

Zero-Day Breach at Rackspace Sparks Vendor Blame Game | SecurityWeek 

Enterprise cloud host Rackspace has been hacked via a zero-day flaw in ScienceLogic’s monitoring app. ScienceLogic shifted the blame to an undocumented vulnerability in a different bundled third-party utility. This incident follows a previous ransomware attack on Rackspace‘s hosted Microsoft Exchange service in December 2022, which resulted in millions of dollars in expenses and multiple class action lawsuits.

09/27/2024

Amgen Announces Third-party Data Breach Stemming from Incident at Sirva Relocation | JD Supra

Amgen, Inc. filed a notice of data breach with the Attorney General of Massachusetts after discovering that confidential information that was provided to the company was subject to unauthorized access after an incident at Sirva Relocation, LLC. Amgen explains that the incident resulted in an unauthorized party being able to access sensitive information belonging to certain individuals.

Retail

10/16/2024
Varsity Brands Data Breach Impacts 65,000 People | SecurityWeek

Apparel giant Varsity Brands this week disclosed a data breach impacting a significant number of individuals. Varsity had detected “unusual activity” on its systems where the intruder obtained “a small subset of company files” that stored personal information. 

10/15/2024

Volkswagen Says IT Infrastructure Not Affected After Ransomware Gang Claims Data Theft | SecurityWeek

Volkswagen has issued a brief statement that the IT infrastructure of the Volkswagen Group is not affected after the 8Base ransomware group claimed to have stolen valuable data from the company’s systems. The company has not shared any other information on the cyberattack. 

10/14/2024

Casio Confirms Data Breach as Ransomware Group Leaks Files | SecurityWeek 

Japanese electronics giant Casio has revealed that the recent cyberattack was carried out by a ransomware group and confirmed that the incident has resulted in a data breach. Casio detected unauthorized access to its network on October 5. The incident resulted in a system failure and some service disruptions.

10/1/2024

Data of 300k digiDirect customers leaked in alleged attack | CSO Online 

One of Australia’s leading retailers of consumer electronics, digiDirect, is allegedly facing theft of data belonging to over 300k customers from a cybersecurity breach. A threat actor using the alias “Tanaka” posted on the dark web and added a sample of the stolen data in the post for confirmation.

Miscellaneous

10/24/2024

Insurance admin Landmark says data breach impacts 800,000 people | Bleeping Computer 

Landmark says it detected suspicious activity on May 13th, 2024, causing the company to shut down IT systems and remote access to its network to prevent the spread of the attack. Landmark says it found evidence that the threat actor accessed some files during the attack that contained the personal information of 806,519 people.

10/14/2024

Insurance Firm Johnson & Johnson Discloses Data Breach | SecurityWeek 

Insurance company Johnson & Johnson has disclosed a data breach impacting the personal information of thousands of people. The firm has told the Maine AG that more than 3,200 individuals are impacted by the data breach.

10/8/2024

Security provider ADT discloses second cybersecurity incident in two months | Cyberscoop

An unauthorized party stole encrypted internal data related to employee user accounts from home and small business security provider ADT. The incident is the second cyberattack disclosed by the company in two months. That incident did not include credit card data or banking information, nor was there any reason to believe that home security systems were compromised as a result of the incident.

Access Control Matters

Companies are updating their access control measures to deter and prevent these costly data breaches before they happen. Regulating who or what is allowed to access particular information can prevent lateral movement even if the system is breached to effectively minimize the fallout. The best time to secure systems is before the breach or attack happens.

Built upon the idea of continuous verification, Pomerium is a zero-trust reverse proxy that helps enterprises manage secure application access. Authenticate, authorize, monitor, and secure user access to any application without a VPN. 

Companies are replacing VPNs with Pomerium to secure internal resources within the zero trust architecture framework.

Share:

Stay Connected

Stay up to date with Pomerium news and announcements.

More Blog Posts

See All Blog Posts
Blog
Taking Back Zero Trust: Bank Policy Institute (BPI) provides a fairly reasoned take on Zero Trust
Blog
November 2024 Data Breaches [LIST]
Blog
12 Zero Trust Architecture Examples With Actionable Guide

Revolutionize
Your Security

Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.

Pomerium logo
© 2024 Pomerium. All rights reserved