The worst hacks of 2024

Yearly has its personal mixture of digital safety debates, from the absurd to the sinister, however 2024 was significantly marked by hacks wherein cybercriminals and state-sponsored espionage teams repeatedly exploited the identical vulnerability or kind goal to gasoline their fury. For the attackers, the method is extraordinarily environment friendly, however for the compromised establishments—and the people they serve—the malicious rampages had very actual penalties for folks’s privateness, safety, and security.

As political unrest and social unrest intensify all over the world, 2025 can be a sophisticated — and probably explosive — yr in our on-line world. However first, here is WIRED’s take a look at this yr’s worst breaches, leaks, state-sponsored hacking campaigns, ransomware assaults and digital extortion circumstances. Keep alert and keep protected on the market.

Espionage operations are a reality of life, and relentless Chinese language campaigns have been a relentless in our on-line world for years. However the China-linked spy group Salt Storm performed a very vital operation this yr, hacking into a bunch of US telecoms together with Verizon and AT&T (plus others all over the world) for months. And US officers informed reporters earlier this month that many sufferer corporations are nonetheless actively making an attempt to take away the hackers from their networks.

The attackers spied on a small group of individuals — fewer than 150 by present depend — however they embody people who had been already topic to US wiretapping orders, in addition to State Division officers and members of the Trump and Harris presidential campaigns. Moreover, messages and calls from different individuals who interacted with Salt Storm targets had been additionally basically intercepted within the spying scheme.

All through the summer season, attackers had been on a tear, breaching outstanding corporations and organizations that had been all clients of cloud knowledge storage firm Snowflake. The prank barely qualifies as hacking, as cybercriminals merely used stolen passwords to log into Snowflake accounts that did not have two-factor authentication enabled. The top outcome, nonetheless, was an unimaginable quantity of information stolen from victims, together with Ticketmaster, Santander Financial institution and Neiman Marcus. One other high-profile sufferer, telecommunications big AT&T, mentioned in July that “nearly all” of its clients’ telephone and textual content knowledge from a seven-month interval in 2022 was stolen in a Snowflake-related breach. Safety agency Mandiant, which is owned by Google, mentioned in June that the rampage affected roughly 165 victims.

In July, Snowflake added a function so account directors might make two-factor authentication obligatory for all their customers. In November, suspect Alexander “Connor” Moucka was arrested by Canadian regulation enforcement for allegedly main the hacking spree. He was indicted by the US Division of Justice over the snowdrop and faces extradition to the US. John Erin Binns, who was arrested in Turkey on an indictment associated to a 2021 T-Cell breach, was additionally indicted on expenses associated to Snowflake’s buyer breaches.

In late February, medical billing and insurance coverage processing firm Change Healthcare was hit by a ransomware assault that prompted outages at hospitals, docs’ places of work, pharmacies and different healthcare amenities throughout the US. The assault is among the largest medical knowledge breaches of all time, affecting greater than 100 million folks. The corporate, which is owned by UnitedHealth, is a dominant medical billing processor within the US. He mentioned days after the assault started that he believed ALPHV/BlackCat, a infamous Russian-speaking ransomware gang, was behind the assault.

Private knowledge stolen within the assault included affected person telephone numbers, addresses, banking and different monetary info, and well being data together with diagnoses, prescriptions and remedy particulars. The corporate paid a $22 million bounty to ALPHV/BlackCat in early March in an try to regulate the scenario. The fee apparently inspired attackers to hit healthcare targets at a good larger fee than common. With ongoing, ongoing bulletins of greater than 100 million victims — with extra nonetheless being found — lawsuits and different backlash are on the rise. This month, for instance, the state of Nebraska sued Change Healthcare, alleging that its “failure to implement primary safety protections” made the assault far worse than it ought to have been.

Microsoft mentioned in January that it had been breached by Russian “Midnight Blizzard” hackers in an incident that compromised the e-mail accounts of firm executives. The group is linked to the Kremlin’s SVR international intelligence company and is particularly linked to SVR’s APT 29, also called Cozy Bear. After an preliminary intrusion in November 2023, attackers focused and compromised Microsoft’s historic system take a look at accounts that then allowed them to entry what the corporate mentioned had been “a really small share of Microsoft’s company e mail accounts, together with members of our senior management crew and staff in our cybersecurity, authorized and different features.” From there, the group pulled “a number of emails and connected paperwork.” Microsoft mentioned the attackers gave the impression to be in search of details about what the corporate knew about them — in different phrases, Midnight Blizzard was snooping on Microsoft’s analysis on group Hewlett-Packard Enterprise (HPE) additionally mentioned in January that it had suffered a company e mail breach attributed to Midnight Blizzard.

The Nationwide Public Information background examine firm suffered a breach in December 2023, and knowledge from the incident started showing on the market on cybercrime boards in April 2024. Numerous configurations of the info surfaced time and again over the summer season, culminating within the firm’s public affirmation of the breach in August. The stolen knowledge included names, social safety numbers, telephone numbers, addresses and dates of start. Since public nationwide data didn’t verify the breach till August, hypothesis concerning the scenario grew for months and included theories that the info concerned tens and even a whole bunch of hundreds of thousands of Social Safety numbers. Though the breach was vital, the precise variety of affected people seems to be, mercifully, a lot decrease. The corporate reported in a submitting to Maine officers that the breach affected 1.3 million folks. In October, Nationwide Public Information’s mother or father firm, Jerico Photos, filed for Chapter 11 chapter reorganization within the Southern District of Florida, citing state and federal investigations into the violation, in addition to numerous lawsuits the corporate is dealing with over the incident.

Honorable Point out: North Korea’s Cryptocurrency Theft

Many individuals steal quite a lot of cryptocurrency yearly, together with North Korean cybercriminals who’ve a mandate to assist finance the hermit kingdom. Nevertheless, a report from cryptocurrency monitoring agency Chainalysis launched this month underscores simply how aggressive Pyongyang-backed hackers have change into. Researchers discovered that in 2023, hackers linked to North Korea stole greater than $660 million in 20 assaults. This yr, they stole roughly $1.34 billion in 47 incidents. The 2024 figures signify 20 p.c of the overall Chainalysis incidents tracked for the yr and a 61 p.c of the overall funds stolen by all actors.

The sheer dominance is spectacular, however researchers emphasize the seriousness of the crimes. “U.S. and worldwide officers have assessed that Pyongyang makes use of the crypto it steals to fund its weapons of mass destruction and ballistic missile packages, endangering worldwide safety,” Chainalysis wrote.