Data breaches during the first half of 2024 have seemed to be relentless. Large-scale data leaks have affected many countries in the world. In just the first six months of 2024, the situation has already been out of control, impacting millions of individuals and organisations across various sectors. In this blog, we’ll look at the severity of data breaches and how they are taking a toll on the victims around the world.
In this blog, we’ll cover:
Since January this year, we’ve witnessed countless significant data breaches that adversely affected millions of individuals and organisations. leading to disrupted operations, financial losses, and serious concerns over data security and privacy.
Data breaches are happening almost every month in all seven continents in the world and they are affecting every industry as well. Let's take notice of the most notable incidents and learn how to prevent data breaches from happening to yourself.
By now in 2024, the United States experienced several significant data breaches, with the most notable being the "Microsoft Azure Data Breach". For the first time in the history of Microsoft, a cyberattack has left hundreds of executive accounts compromised and caused a major user data leak.
The attack was reported in February this year. The attack primarily targeted mid-level and senior executives, including CEOs, finance directors, and operations vice presidents. The breach was part of a broader campaign that involved sophisticated phishing techniques and cloud account takeovers, exploiting vulnerabilities to access Microsoft 365 applications and internal systems.
In March this year, France Travail experienced its largest data breach ever, affecting approximately 43 million individuals. France Travail is a French government agency that provides employment services and support to job seekers and employers.
The breach exposed sensitive personal information, including names, dates of birth, social security numbers, France Travail identifiers, email addresses, postal addresses, and phone numbers. The attack is believed to be caused by social engineering and technical exploits.
France Travail published a statement after the data breach to warn its clients that their personal information might be disclosed and used illegally.
Fujitsu, a major Japanese IT services provider, disclosed a potential data breach in March 2024. The incident involved unauthorized access to their systems, potentially compromising sensitive information.
Fujitsu reported that the breach might have affected customer data, although specific details about the extent and nature of the compromised information were not immediately available.
In April 2024, Cyberport (Hong Kong) disclosed a significant data breach. The breach exposed the personal information of over 13,000 individuals, including names, ID card and passport numbers, bank details, medical reports, birth dates, and social media accounts. The data also included sensitive employment information, with some records dating back to 2016.
The hackers gained access using "brute force" password guessing, and it was discovered that Cyberport had inadequate security measures in place, such as infrequent security audits and a lack of multi-factor authentication.
The image below illustrates the listing posted by the hacker group Trigona on its website (content containing personal data has been redacted):
Source: Investigation Report of Cyberport Data Breach
In Australia, the electronic prescription service, MediSecure, suffered from a huge data breach in April this year. This breach, attributed to a ransomware attack, affected nearly half of the Australian population. Approximately 12.9 million records were compromised.
Sensitive personal data such as names, dates of birth, addresses, healthcare identifier numbers, health details, and prescription information have been leaked and later on, found on sale in a hacking forum for $50,000.
So far in 2024, Spain's largest data breach is a cyberattack targeting the Dirección General de Tráfico (DGT), the country's traffic authority. In May this year, a hacker managed to access and potentially compromise data related to approximately 27 million drivers registered in Spain.
The stolen information included license plate numbers and associated vehicle details. The hacker reportedly used a custom programme to query the DGT's database, aggregating a vast amount of sensitive data over several years.
Also in May this year, the UK Ministry of Defence (MoD) confirmed a significant data breach, affecting the personal information of approximately 270,000 military personnel.
The breach occurred through a third-party payroll system managed by Shared Services Connected Ltd (SSCL), leading to unauthorized access to strictly confidential data including the names, bank details, and, in some cases, addresses of active personnel, reservists, and some veterans.
Again in May this year, Kamo Jou Trading, a well-known trading company in South Africa, fell victim to a cybercrime attack by the ransomware group RansomHub. The attack involved ransomware, resulting in the exfiltration of 2 GB of data, the type of which remains undisclosed.
On the same day in June 2024, three well-known Italian companies were hit by significant cyberattacks carried out by the ransomware groups RansomHub and RansomHouse. Within a span of 24 hours, the three companies - Cloud Europe, Mangimi Fusco and Francesco Mangiola, lost 70.64 terabytes of sensitive data in total.
The threat actor RansomHub claimed to have encrypted the servers of Cloud Europe, exfiltrating more than 70 terabytes of its data.
Source: Cyberexpress
The attacker claimed to have stolen 490 gigabytes of private and confidential data from Mangimi Fusco, including client documents, budget, payroll, accounting, contracts, taxes, IDs, finance information, etc.
Source: Cyberexpress
A ransomware group claimed that it stole 150 gigabytes of Francesco Parisi ’s data. Francesco Parisi has then put up a disclaimer on its website to admit that they were subjected to a hacker attack.
Source: Cyberexpress
In the first six months of 2024, Russia has suffered from a profound negative impact caused by data breaches. The Russian mainstream news site Izvestia cited a report produced by Russia’s Data Leak Intelligence and Darknet Monitoring Service (DLBI), between January and June this year alone, almost 150 separate data leaks resulted in 140 million Russian mobile numbers along with 46 million email addresses, being compromised.
BLBI warned that fraudsters could use this information to deceive individuals, companies, and organisations. This data leak, reported in the first half of 2024, is believed to have compromised information from almost every Russian citizen.
Midamea, a renowned architectural firm in South Korea, was targeted in June by a ransomware attack executed by the RansomHub group. The attackers have exfiltrated 370 gigabytes of data and plan to auction the stolen information over 7 days. If the data remains unsold, they intend to publish it.
RansomHub advertised the data they stole from Midamea'on the dark web:
In June this year, Brazil's largest credit union system, Sicoob, suffered from a huge data breach. This breach, orchestrated by the ransomware group Ransomhub, compromised one terabyte of sensitive data.
The attack targeted Sicoob's network, leading to the unauthorized access of data belonging to its members, which included personal data of customers and employees, financial data, company resource access information, departmental developments, IT product source codes, databases, and confidential financial information.
The Kusum Group of Companies, a famous pharmaceutical group in India, reported that they fell prey to a ransomware attack orchestrated by the RA World ransomware group in July 2024.
The attack specifically targeted the Ukrainian branch of the company, resulting in the exfiltration of a substantial 257 gigabytes of sensitive data. The compromised information includes financial records, departmental data, drug formulations, sales data, and export details.
In July, Volker Stienemann, a well-known auditing and tax consulting firm in Germany, reportedly fell victim to a ransomware attack orchestrated by the cybercriminal group known as SpaceBears.
The attack targeted the firm's website and resulted in the potential exposure of sensitive financial information. The exact size of the data leak remains unknown, but the incident highlights the persistent threat posed by ransomware groups to businesses handling critical financial data.
In August, a notorious ransomware group -- RA World, has claimed responsibility for a cyberattack in August against Ascent Group, a fast-growing fund administration company.
The attackers alleged they have exfiltrated 80 gigabytes of sensitive data, including legal and financial documents, customer information, employee records, and business contracts. The group has threatened to leak or permanently encrypt the data unless a ransom is paid.
The frequency and scale of data breaches have reach a new level in recent years. Cybersecurity professionals are increasingly worried about the impact that data breaches may bring to organisations worldwide.
In fact, the Identity Theft Resource Center (ITRC) has reported a significant increase in data breach victims for the second quarter (Q2) of 2024, tracking a total of 1,041,312,601 victims, up 1,170% from Q2 2023’s 81,958,874 victims – this is despite an actual decrease in the number of comprises (12%), suggesting the scale of the compromises that occured were of magnitutudes larger than those seen in Q1.
(Source: ITRC)
The same point of view echoes with KPMG’s findings in their study. KPMG's study about e-crimes in Germany revealed the prevalence of cybercrime in the country.
Over one-third (35%) of German companies experienced cyber attacks in the past two years, indicating a significant increase in cybercrime incidents. The financial impact on these companies has also grown, with 57% reporting higher total losses compared to previous years.
Other key kindings included:
- Total losses increased for more than half of the companies
- The majority of companies rate their own risk as high or very high
- Phishing, attacks on cloud services and attacks via data leaks are the most common offences
-- KPMG study "e-Crime in the German economy 2024"
Cyber incidents in Brazil have also shown a troubling trend of data leaks, often with sensitive information appearing on dark web marketplaces. According to CTIR Gov, only from January to May 2024, they have already recorded 3701 data leak incidents, significantly more than other types of incidents.
This situation has led to increased demand for cybersecurity measures and cyber insurance as organisations seek to protect themselves against the growing threat of data breaches.
Criminals increasingly target PII due to its high value on the dark web. All organisations should be mindful of this trend, as we all handle some types of PII of clients or employees.
Stolen PII can be sold to other criminals or used to make unauthorized financial transactions. They can also be used to create fake identities. Criminals can use these identities to carry out illegal activities, such as money laundering, or to avoid detection by law enforcement. This aspect of identity theft can be especially harmful to victims, as they may need to face legal and financial repercussions.
Breaches exposing PII could have severe consequences for both individuals and businesses. Learn more about popular types of attacks enabled by data breaches in this blog.
Finding leaked data about your organisation on the internet can be disturbing, but unfortunately, it is not entirely surprising nowadays because data breaches are increasingly common.
Early detection of data breaches can significantly reduce the potential impact on your organisation. Dark web monitoring is an essential tool for detecting data breaches. It scans hidden websites, forums, and marketplaces on the dark web for you to help you find your compromised data. This proactive approach enables you to timely respond to and mitigate potential negative impacts.
Organisations can subscribe to specialised dark web monitoring services that continuously scan dark web forums, marketplaces, and other sources for mentions of their data. These services use advanced algorithms and human intelligence to identify stolen data that might belong to your organisation or customers. You can deploy dark web monitoring to track the following important information:
Dark web monitoring can help detect if your employee or customer login credentials have been compromised. When credentials are leaked, attackers often sell or trade stolen credentials on the dark web. By monitoring the activities on the dark web, you take proactive measures such as forced password resets and multi-factor authentication (MFA) enforcement when you receive alerts about your leaked credentials.
You can monitor for specific data types like social security numbers, credit card details, and personal identification numbers. If such information is found on the dark web, it can indicate a data breach. Dark web monitoring allows you to get a quick notification so that you can alert affected employees to take steps to mitigate the impact, such as cancelling compromised credit cards or implementing credit freezes.
Cybercriminals may use the dark web to sell counterfeit products, share vulnerabilities, or discuss planned attacks against a specific organisation. By monitoring these discussions, you can gather intelligence on potential threats and prepare defences accordingly.
While unsettling, finding leaked data of your organisation on the dark web is not unexpected given the increasing number of data breaches. To protect your organisation, it's essential to consider using dark web monitoring services. We offer powerful dark web monitoring solutions designed to help businesses of all sizes to protect their data. Get in touch with us to learn more or book a live demo to enjoy a 14-day free trial to experience the full range of our cybersecurity solutions.