As we start Q1 of 2025, we need to look back at last year, which broke all existing records in terms of data breaches. Here’s sort of a trick question: will we have more or fewer data breaches this year? Duh…

Let’s take a page from Spanish philosopher George Santayana who famously wrote “Those who cannot remember the past are condemned to repeat it.”

As the sharks of the cyber world, cyber criminals never sleep, and there is never a point where they get enough of your money. The battle against cyber threats is a never-ending war. According to Anonyme Labs, 2024 goes down in history as the biggest year for the number of data breaches, but for the largest and most destructive breaches. Data compromises have surged to an all-time high in the U.S.

So, let’s take a look at the worst of the worst for 2024, with the most disastrous first:

What is the mother of all data breaches in 2024?

Tencent, et. al.
The military has the MOAB, the ‘Mother of All Bombs’ and in cybersecurity, we now have our own MOAB, the ‘Mother of All Breaches’ – and it came early: in January 2024, exposing over 26 BILLION records.

The data came from users of Chinese messaging giant Tencent; social media platform Weibo; platforms and services such as Twitter, Dropbox, LinkedIn, Adobe, Canva and Telegram; and various U.S. and other government organizations. In the hands of threat actors, the data could be used for a vast variety of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.

Additional Massive Data Breaches:

National Public Data
In in August 2024, the NPD (National Public Data) data breach, exposed 2.9 billion records (full names, social security numbers, mailing addresses, email addresses, and phone numbers) of up to 170 million people in the U.S., Canada and the UK.

This breach was enabled by the NPD itself, when its website had inadvertently published a zip file with the back-end passwords for the database. The stolen data included American social security numbers, and experts say it’s pretty likely that all social security numbers have been compromised.

Change Healthcare
While the Change Healthcare breach was not the biggest ever, it is considered “the largest healthcare data exposure in U.S. history”. It was carried out by the ALPHV/BlackCat ransomware group in February 2024 and exposed the personal, medical and billing information of 100 million customers.

AT&T (X2)
After a data breach of 73 million AT&T customer records in March, the telecom giant was breached again in July, when cybercriminals stole the phone numbers and call records of “nearly all” of its customers, or around 110 million people. While TechCrunch said the records don’t contain contents of texts and phone calls, the “metadata” still revealed who called who and when, and in some cases the data can be used to infer approximate locations.

Ticketmaster
The giant purveyor of tickets for live events was caught up in the much larger series of data thefts from cloud data giant Snowflake’s corporate customers, losing an alleged 560 million records. WIRED published the hackers’ account of how they breached Ticketmaster.

These massive breaches illustrate the relentless efforts of cybercriminals to find and exploit vulnerabilities to access sensitive information. Let’s look at the main drivers of this increase and the urgent need for enhanced cybersecurity measures.

1) Surge Size

Data breaches are increasing exponentially over the past few years – to a staggering degree. Anyone who remains unconcerned with the scale and frequency of these incidents is like an ostrich with its head buried in the sand. These breach numbers emphasize the evolving sophistication of cyber threats and highlight the challenges organizations face in safeguarding their digital assets.

2) Target: The Healthcare Sector

One of the most disturbing trends is the escalating number of breaches in healthcare. Healthcare organizations hold a lot of highly sensitive patient information. As a result, they’ve become prime targets for cybercriminals. The breaches jeopardize patient privacy and pose serious risks to the integrity of medical records. This creates a ripple effect that can have long-lasting consequences.

3) Ransomware is Still #1

It’s #1 with a bullet in the threat landscape, and it’s not just your data they are after. They are wielding the threat of encrypting valuable information, crippling your business until a cryptocurrency ransom is paid. The sophistication of these ransomware attacks has also increased. Threat actors are employing advanced tactics to infiltrate networks and encrypt data, using many different methods to extort organizations for financial gain.

In Malwarebytes' 2024 State of Malware report, they stated that in 2023 the number of known ransomware attacks increased by 68% from the previous year, with the United States accounting for almost half of the world’s attacks. The 2025 report, which will probably be published this quarter, should show a continuation of this dangerous trend.

4) Exposed Supply Chain Vulnerabilities

Attacking supply chains has become a handy ‘back-door’ approach for cyberattacks, since modern business depends on an increasingly interconnected nature. The compromise of a single entity within the supply chain can have cascading effects, disrupting other connected operations. Cybercriminals use vulnerabilities to gain unauthorized access to the networks of interconnected businesses.

5) The Surge in Insider Threats

The primary concern still focuses on external threats, but the rise of insider threats is adding a new layer of complexity to the already complex cybersecurity landscape. Insiders inadvertently contribute to data breaches through lack of security training, unwitting negligence, or malicious intent. Organizations are now grappling with the challenge of distinguishing between legitimate user activities and potential insider threats.

6) Entry Point: The Internet of Things

The proliferation of Internet of Things (IoT) devices has expanded the attack surface, these are devices that are not network peripherals, like printers and scanners, but are still connected, like HVAC or an automatic coffee machine. Security is often overlooked on IoT devices, and hackers know it. There’s been an uptick in data breaches originating from compromised IoT devices. These connected endpoints provide cyber criminals with entry points to exploit vulnerabilities within networks.

7) Critical Infrastructure is a Major Target

A shift in the choice targets for cyber attackers has focused on critical infrastructure, which includes energy grids, water supplies, and transportation systems. Think of the Colonial Pipeline ransomware attack a few years ago. The potential consequences of a successful breach in these sectors are often financial, but they can also extend to public safety and national security. As cyber threats evolve, safeguarding critical infrastructure has become an urgent imperative.

8) Nation-State Bad Actors

Sophisticated cyber campaigns are increasingly coming from nation-state actors like Russia, China Iran and North Korea. They use advanced techniques to compromise sensitive data and disrupt operations. This is to advance their strategic interests in the global cyber landscape.

9) A Cybersecurity Paradigm Shift is Needed

The dire need to rethink defensive strategies is a direct result of the surge in data breaches. Yesterday’s defenses are old, and crooks know how to get around them. It's no longer a question of IF an organization will be targeted but WHEN. Proactive measures include:

Robust cybersecurity frameworks

Continuous monitoring

A culture of cyber awareness

These are essential for mitigating the risks posed by evolving cyber threats.

10) The Risks of Information Sharing and Collaboration

Collaboration among organizations and information sharing within the cybersecurity community is more critical than ever as cyber threats become more sophisticated. Threat intelligence sharing enables a collective defense against common adversaries, allowing organizations to proactively fortify their protections. They do this based on insights gained from the broader cybersecurity landscape.

Frequently Asked Questions

What is the biggest cyber threat to the US?

The most serious in terms of the threats the U.S. faces are nation-state hackers. Russia commits the most sophisticated types of cyber threats, with China coming in at a close second.

What country commits the most cyber attacks?

At the very top of the list is China. The rest of the Top 10 can be found HERE.

How is ransomware sent?

Phishing emails which try to lure you into clicking on a malicious link or attachment are consistently the most common way that ransomware is delivered. Ransomware is also sent through ‘drive-by’ downloads, exploit kits and RDP exploits.

What devices are IoT?

New IoT devices are introduced every day. Basically anything that can connect to the internet is IoT: A VoIP phone system, wireless sensors, appliances, wearable health monitoring devices, security systems, factory equipment, the chip in your German Shepherd, your ‘smart commode’ (yes, they are out there), and even your home sprinkler system. The pacemaker Grandpa had implanted is one of these things. So are sensors in your automobile. If you have a smart litterbox (yes, they are out there too), then Captain Whiskers is also (sort of) connected.

Anything internet connected with an ability to accept commands is IoT.

How secure is your network?

As a longstanding, reputable member of the Charlotte IT Support community, ITFIRM.COM offers a FREE, no-risk network and security assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever use our Managed IT Services.

 

The two best defenses are next-generation network security to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.

We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

Planning an Office Move?

Contact ITFIRM.COM today! We have the experience to ensure a seamless transition. After the office move, your employees will arrive at the new location to find their IT infrastructure ready and open for business!

For more information on office moves, or to receive your FREE no-risk network and security assessment, just fill out the form on this page or call us at: 
704-565-9705