2024 goes down in history as the year with the largest and most destructive data breaches.
The non-profit Identity Theft Resource Centre says in the first half of 2024, the number of data breach victims surpassed 1 billion—a 490 per cent increase from the same time last year.
In 2024, masses of personal information from tens of millions of people—and sensitive medical data from roughly one-third of all Americans—was stolen and posted online. Other countries had similar large-scale breaches, such as the UK military data breach and Australia’s MediSecure data breach which affected around 12.9 million people or roughly half of the country’s population.
Here’s a recap of the largest data breaches in the U.S. in 2024:
“Mother of all data breaches”
The year kicked off early as a record-breaking year for data breaches, with the “mother of all data breaches”—a 12-terabyte database containing 26 billion leaked data records—discovered in January.
The data came from users of Chinese messaging giant Tencent; social media platform Weibo; platforms and services such as Twitter, Dropbox, LinkedIn, Adobe, Canva and Telegram; and various U.S. and other government organizations. In the hands of threat actors, the data could be used for a vast variety of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.
Authorities say some of the data isn’t new and is probably more likely compiled records from thousands of previous breaches and data leaks, but combinations of passwords and usernames in the data still present significant risk for credential stuffing attacks.
National Public Data data breach
More shocking because it is newly breached data is the National Public Data data breach in August 2024, which exposed 2.9 billion records (full names, social security numbers, mailing addresses, email addresses, and phone numbers) of up to 170 million people in the U.S., Canada and the UK.
The breach occurred because the NPD, an online background check and fraud prevention service (data broker), website had inadvertently published a zip file with the back-end passwords for the database. The stolen data included American social security numbers, and experts say it’s pretty likely that all social security numbers have been compromised.
If you haven’t already done so, follow the advice to freeze your credit file at each of the major consumer reporting bureaus, and closely monitor your accounts for suspicious activity.
In October, National Public Data filed for bankruptcy.
Change Healthcare
Considered “the largest healthcare data exposure in U.S. history”, the Change Healthcare data breach exposed the personal, medical and billing information of 100 million customers, or roughly one-third of all Americans¾a number that is likely to rise.
In February 2024 the ALPHV/BlackCat ransomware group breached UnitedHealth’s Change Healthcare platform, a widely used payment processing system in the healthcare industry, stealing the data, disrupting billing and payment processing, and delaying patient care. And since the payment processing system is integral to healthcare infrastructure in the US, the impact went well beyond UnitedHealth to also impact innumerable hospitals, clinics, and medical practices.
For more, see this support page.
AT&T (two data breaches)
In July the telecomms giant announcedcybercriminals had stolen the phone numbers and call records of “nearly all” of its customers, or around 110 million people. TechCrunch says while the records don’t contain contents of texts and phone calls, the “metadata” still reveals who called who and when, and in some cases the data can be used to infer approximate locations.
This breach followed a data breach of 73 million AT&T customer records in March.
Ticketmaster (Snowflake)
Ticketmaster was caught up in the much larger series of data thefts from cloud data giant Snowflake’s corporate customers this year, losing an alleged 560 million records. Read the hackers’ account of how they breached Ticketmaster, as told to WIRED.
How to stay safe in 2025
The year 2024 was clearly a bad year for data breaches, but experts say there’s no end in sight.
As a consumer, there’s never been a better time to proactively protect your personal information. If you discover your personal information was exposed in a data breach, quickly change your passwords, add a fraud alert to your credit reports, and place a freeze on your credit reports. More helpful advice is available at the non-profit Identity Theft Resource Centre.
You can also move quickly today to download MySudo all-in-one privacy app and RECLAIM personal data removal service, powered by MySudo.
MySudo protects your personal information by giving you secure alternative phone numbers, email addresses, and payment cards.
MySudo is the original all-in-one privacy app that lets you protect your information, secure your chat, and organize your life:
- PROTECT YOUR INFORMATIONwith secure digital identities called Sudos, each with its own phone, email, handle, private browser, and virtual card*. Anywhere you’d normally use your personal phone number, email or credit card, use your Sudo ones instead. Sign up for deals and discounts, book rental cars and hotel rooms, pay for concerts or a coffee—all without giving away your personal information.
- SECURE YOUR CHAT with end-to-end encrypted calls, texts and emails between MySudo users via your Sudo handle—or communicate standard outside the app with everyone else. Your Sudo phone and email work just like your personal ones AND they protect you from spam and scams.
- ORGANIZE YOUR LIFE with multiple Sudo digital identities, each with a different purpose. Depending on your plan, you can have up to 9 Sudos, so you can shop with a Sudo, date with a Sudo, order food with a Sudo, sell secondhand stuff with a Sudo, live with a Sudo. What happens in a Sudo stays in the Sudo, so your information is safe and organized.
What’s in a Sudo?
- 1 email address – for end-to-end encrypted emails between app users, and standard email with everyone else
- 1 handle – for end-to-end encrypted messages and video, voice and group calls between app users
- 1 private browser – for searching the internet without ads and tracking
- 1 phone number (optional)* – for end-to-end encrypted messaging and video, voice and group calls between app users, and standard connections with everyone else; customizable and mutable
- 1 virtual card (optional)* – for protecting your personal info and your money, like a proxy for your credit or debit card or bank account
*Phone numbers and virtual cards only available on a paid plan. Phone numbers available for US, CA and UK only. Virtual cards for US only.
RECLAIM tells you where your information has been caught in a data breach and helps you manage your next move.
RECLAIM, powered by MySudo, is a new personal data removal service that helps you reclaim control of your personal information from the companies that store and might sell it.
RECLAIM tells you which companies hold your personal information and—better yet—where your information might have been caught in a data breach. It then gives you step-by-step instructions for protecting your information going forward, either by using Sudos in MySudo or asking the company to delete your personal information altogether.
Last thoughts
Data breaches aren’t going away. They’re getting more sophisticated and the increase in ransomware attacks means even criminals with little computer skill can pull them off. If you consider that the number of data breaches in the U.S. was 447 in 2012 and more than 3,200 in 2023, and that the cost of cybercrime is increasing 15 per cent year over year, the future for data privacy will likely be bleaker not better—unless you take steps to protect yourself.
Download MySudo.
Download RECLAIM.
Discover other MySudo apps.
Also from our blog:What is a Data Breach?
What Should I Do if I’ve Been Caught in a Data Breach?
