Data breaches of 2024: what happened, how it affects you, and steps to improve security
Cyberattacks in 2024 reached unprecedented levels, with massive breaches exposing billions of sensitive records. From the MOAB breach to the NHS ransomware attack, this year has been a stark reminder of the growing threat landscape. Learn about the top 5 breaches of 2024, the vulnerabilities exploited, and how organisations can strengthen their security posture to prevent future attacks.
Key points
- The top five breaches of 2024 exposed billions of sensitive personal and corporate records.
- Most breaches were caused by weak system configurations, third-party vulnerabilities, or stolen credentials.
- These incidents severely impacted industries like healthcare, finance, and cloud services.
- Organisations are improving authentication, monitoring, and compliance to reduce future risks.
Data breaches have been hitting harder and more frequently in 2024. One of the year’s biggest breaches exposed over 26 billion records, showing just how much is at stake.
Cybercriminals are using increasingly clever tactics, and organisations are struggling to keep up, leaving sensitive data — and trust — on the line.
Breaches cause massive disruptions, and they’re costing businesses dearly. With the average data breach now carrying a $4.88 million price tag, the financial and reputational damage is impossible to ignore.
Companies are doing their best to fight back, but it’s no easy task. In this article, we’re going to look at five of the biggest breaches from 2024, unpack what went wrong, and look at how businesses are starting to tackle the growing threat of cyberattacks.
1. MOAB (Mother Of All Breaches)
When and where did it happen?
The MOAB breach came to light in early 2024, affecting platforms worldwide. It became one of the largest breaches of the year, compromising vast amounts of data from different industries.
Records affected:
The breach exposed a massive 26 billion records, which included usernames, passwords, and email addresses, all of which are prime targets for cybercriminals.
What caused it?
A misconfigured firewall was the culprit. This simple error allowed sensitive data to be exposed, leaving it vulnerable to attackers. It’s a stark reminder that even minor lapses in security can lead to massive breaches.
Steps taken:
Since the breach, companies involved have been tightening their firewall configurations, implementing stronger vulnerability assessments, and reviewing their security practices to prevent similar incidents in the future.
Impact on organisations:
For many businesses, especially those relying on cloud services, this breach has been a wake-up call. It highlights how vulnerable cloud storage can be without proper safeguards. As more businesses shift to the cloud, it's clear that strong security measures are no longer optional.
For more on this breach, check out the full story here.
2. National Public Data (NPD) breach
When and where did it happen?
The National Public Data breach surfaced in August 2024, though the breach itself occurred earlier, in December 2023. It primarily impacted the US, but the data had global ramifications, as it was made available for free download on underground forums.
Records affected:
This breach exposed an eye-watering 2.9 billion records, including sensitive personal information such as Social Security numbers, full names, addresses, phone numbers, and dates of birth.
What caused it?
The breach resulted from centralised data storage with inadequate safeguards. These failed to properly secure its vast databases, allowing sensitive information to be accessed and eventually sold online.
Steps taken:
Following the NPD breach, cybersecurity experts have called for stronger regulations for data repositories and enhanced third-party risk management. They’ve also highlighted the need for mandatory vulnerability reporting and stricter authentication protocols to close security gaps.
Impact on users:
The sheer scale of this breach makes it particularly alarming, with cybercriminals able to use the exposed details for new account fraud, phishing attacks, and even synthetic identity creation. The breach has highlighted the importance of implementing strong, layered security measures to protect sensitive personal data.
To find out more about this breach, you can read about it here.
3. Disney/Slack breach
When and where did it happen?
In July 2024, a breach affected Disney’s use of Slack, exposing sensitive data through the platform. The incident took place within Disney’s corporate systems, primarily targeting Slack workspaces used for internal communication.
Records affected:
The attackers published a massive 1.1TB of data from across 10,000 internal channels, exposing sensitive information like unreleased projects, code, images, and login credentials.
What caused it?
The attackers, (a hacker group known as Nullbulge) exploited weak access controls within Slack’s integration with Disney’s corporate systems. They gained access using stolen credentials, bypassing security measures like MFA and breaching internal Slack channels. This allowed them to access and exfiltrate sensitive corporate data.
Steps taken:
Upon detecting the breach, Disney acted quickly to secure their systems, focusing on tightening their MFA protocols and reviewing all third-party integrations like Slack. Disney also notified affected employees and is collaborating with external cybersecurity experts to fully assess the breach's impact. In September 2024, Disney decided to part ways with Slack as their internal communication platform.
Impact on corporate security:
The breach disrupted Disney’s internal communication, with sensitive project details and employee information being exposed. It raised concerns about the security of third-party integrations and the risks of inadequate access controls. Disney’s swift action helped prevent further damage, but the breach highlighted the importance of securing all communication platforms.
For more details on the breach, read more here.
4. Snowflake Attack Leads to Multiple Data Breaches
Where and when did it happen?
In June 2024, a breach affecting multiple organisations using the Snowflake multi-cloud data warehousing platform came to light. The attack, which started in April 2024, saw significant exposure of customer and employee data from various companies.
Records affected:
The breach compromised data from several organisations, including major players like Ticketmaster, Santander, and AT&T.
What caused it?
The attackers, identified as UNC5537, gained unauthorised access to Snowflake's customer instances by using stolen credentials. Once inside, they accessed a wealth of sensitive data, which was then shared across cybercrime forums. The stolen data was also used to try to extort victims.
Steps taken:
Upon discovery of the breach, Snowflake took swift action, collaborating with affected organisations to mitigate the damage. In total, 165 companies were notified that their data might have been exposed.
Impact on organisations:
This breach had widespread repercussions, particularly for Ticketmaster’s parent company, Live Nation, where up to 560 million customer records were compromised. Santander and AT&T also saw significant exposure of sensitive data, illustrating the vulnerabilities of cloud-based systems when proper security protocols are not in place.
You can read more about this breach here.
5. NHS England ransomware attack
Where and when did it happen?
In June 2024, a ransomware attack targeted Synnovis, a key provider of pathology services to NHS hospitals in the UK. The incident began on June 3 and affected critical healthcare services, particularly at King’s College Hospital and Guy’s and St Thomas’ NHS Foundation Trust.
Records affected
The breach compromised sensitive patient data, including names, NHS numbers, and descriptions of blood tests.
What caused it?
The attack was claimed by the Qilin ransomware group. The hackers infiltrated Synnovis' systems, resulting in the theft of 400GB of data, which they later published on cybercrime forums. Patient details and medical information were among the stolen data, which could lead to further exploitation.
Steps taken
By October 2024, NHS systems had been fully restored, and no further disruptions to pathology and blood testing services were reported. The NHS continues to investigate the breach’s full impact on patient and employee data.
Impact on public services
This attack caused severe disruption in healthcare services, leading to the cancellation of thousands of appointments and operations over several months. The breach exposed the vulnerabilities of critical healthcare infrastructure, particularly around the handling and security of sensitive patient data.
You can read more about this breach here.
The common themes in 2024’s biggest data breaches
These recent breaches—MOAB, Microsoft, Snowflake, and others—have exposed security gaps that organisations just can’t afford to ignore anymore.
Here’s what stood out:
1. Vulnerabilities left wide open
Many of these breaches happened because of weak spots like exposed firewalls or old accounts without MFA in place. These gaps allowed attackers easy access to sensitive systems and data.
2. Cloud and third-party risks are real
The MOAB and Snowflake breaches show how relying on cloud services or third-party providers without proper security can leave you vulnerable. The NHS breach is another example—if a supplier gets compromised, it can take you down with them.
3. The ripple effect across industries
These weren’t isolated incidents. Snowflake’s breach impacted companies like Ticketmaster, Santander, and AT&T. It’s a stark reminder that one weak link in today’s interconnected business world can have massive consequences.
4. Authentication methods need an upgrade
The Microsoft email breach proves that old, unprotected legacy accounts are a major liability. It’s time to move beyond outdated systems and adopt stronger measures like MFA.
5. Cybercrime as a business
Many breaches weren’t just about causing chaos. Data was either held for ransom or sold on the dark web. Cybercrime is big business now, with financial gain driving many attacks.
6. The rise of MFA
Here’s some good news: breaches are pushing companies to act. Around one in four businesses have added MFA after a cybersecurity incident. It’s a simple but essential step to build stronger defences.
These incidents aren’t just news headlines—they’re wake-up calls. The gaps are clear, and so are the solutions. By taking steps like enforcing MFA, tightening cloud security, and holding third-party providers to higher standards, organisations can turn these lessons into action. The bottom line? The sooner you address these issues, the safer your business will be.
Conclusion
The breaches we've seen in 2024 highlight just how clever and frequent cyber threats are becoming. It’s clear that organisations can’t afford to sit back and wait for trouble—they need to be proactive in their security efforts.
Relying on outdated systems or weak security puts both companies and customers at risk. The incidents at Disney, Snowflake, and the NHS show just how vulnerable even the biggest players are without strong defences.
As we head into 2025, a solid, multi-layered approach to cybersecurity is a must. This means:
- Regular monitoring of critical systems
- Implementing strong authentication like multi-factor authentication (MFA)
- Training staff to stay on top of new threats
We at Metomic provide the tools and expertise to help businesses safeguard their sensitive data, streamline security practices, and ensure compliance.
Contact us today to learn how we can help you stay ahead of emerging threats.
