We continue our lookback at the biggest cyber attacks of 2024… so far. Read Part one HERE

Ascension Health System Ransomware Attack Exposes Patient Data – May 2024

In May, Ascension—a nonprofit health system with 140 hospitals operating across 19 states and Washington, D.C.—announced that its clinical operations were disrupted due to a ransomware attack. On 8 May, the organisation detected unusual activity on select technology network systems, signalling a security breach. The attack began when an employee inadvertently downloaded malware, which subsequently forced Ascension to divert emergency care from some of its hospitals, impacting patient services.

Later investigations confirmed that sensitive data, including patients' health information, was likely stolen during the attack. Ascension stated, "We now have evidence that indicates that the attackers were able to take files from a small number of file servers used by our associates primarily for daily and routine tasks." This incident underscores the critical importance of robust cybersecurity measures in healthcare settings, where breaches can have severe consequences for patient care and data privacy. The attack on Ascension highlights the vulnerabilities that can arise from human error and the need for continuous staff training in cybersecurity protocols.

UK military in major data breach- May 2024

Hackers infiltrated the UK Ministry of Defence's payroll system, exposing sensitive personal information of 270,000 current and former military personnel. The breach included names, bank details, and other private data.

The UK's Ministry of Defence experienced a data breach affecting UK military personnel through a third-party payroll system, compromising names, bank details, and some addresses. The Ministry immediately took the contractor network offline and informed those impacted. Prime Minister at the time, Rishi Sunak stated that a "malign actor" had targeted the payment network. Media reports, linked China to the hack, though neither Sunak nor the Ministry confirmed this. UK Defence Minister at the time, Grant Shapps told parliament they didn’t believe data was stolen but couldn't rule out foreign involvement. China denied the allegations, opposing all cyberattacks. The incident further highlighted the threats posed by nation state threat actors.

Dell Data Breach exposed information on 49 million customers in major Cyber Attack

In May, Dell warned customers about a significant data breach after a threat actor claimed to have stolen information on approximately 49 million individuals. Dell began sending out notifications, confirming that a portal containing customer data related to purchases had been compromised.

Dell’s statement at the time revealed that the exposed data included customer names, physical addresses, order service tags, item descriptions, order dates, and warranty information. Fortunately, no financial or payment information, email addresses, or phone numbers were involved, which Dell believed helped reduce the potential risk to customers.

The cybercriminal, identified as Menelik, had attempted to sell the stolen data on the Breach Forums hacking site, claiming it included records of purchases made between 2017 and 2024. Dell immediately launched an investigation and notified affected customers. The company reassured users that no highly sensitive information had been compromised.

Ticketmaster Breach- June 2024

In June 2024, Ticketmaster faced major scrutiny when its parent company, Live Nation, confirmed a massive data breach. Hackers known as ShinyHunters claimed they had stolen the personal information of 560 million customers and demanded a $500,000 ransom to prevent the sale of this data on the dark web. The stolen information included names, addresses, email addresses, usernames, and partial credit card details, leaving many customers vulnerable.

This incident wasn’t Ticketmaster's first security issue. In 2020, Ticketmaster admitted to hacking a competitor, resulting in a $10 million fine. More recently, in November 2023, an alleged cyber attack disrupted ticket sales for Taylor Swift's Era's tour. The incident underscores ongoing cyber security challenges within the entertainment industry.

Snowflake Data Breach: Hundreds of organisations impacted by stolen credentials – June 2024

In a significant incident that affected hundreds of companies, the Snowflake data breach highlighted ongoing vulnerabilities related to credential security. The cloud storage provider Snowflake faced a spate of cyberattacks that targeted customer accounts, exploiting stolen login credentials to access sensitive data. Notably, high-profile clients such as Ticketmaster and Santander were impacted, with attackers accessing data and demanding a hefty ransom.

The breach did not involve a direct compromise of Snowflake’s infrastructure. Instead, attackers obtained customer credentials through infostealer malware, enabling them to bypass standard security measures such as multi-factor authentication in some cases. Snowflake has consistently denied any inherent flaws in its own systems, attributing the breach to widespread credential-stuffing attacks on customer accounts. The company has responded by enhancing security protocols and sharing guidance to help customers strengthen their defences​

This incident underscores the need for robust identity and access management practices, particularly for organisations relying on third-party cloud services​.

CDK Global Ransomware Costs Dealerships Over $1 Billion – June 2024

In June 2024, CDK Global, a leading US-based software provider for the automotive industry, suffered a significant ransomware attack. First reported on 18 June, the incident began when an employee inadvertently downloaded malware, leading to the encryption of critical files and systems. The BlackSuit ransomware gang, linked to Eastern Europe and Russia, claimed responsibility, demanding a ransom that escalated from $10 million to over $50 million.

The attack forced CDK Global to shut down its IT systems, affecting nearly 15,000 car dealer locations across North America. This disruption cost dealerships more than $1 billion collectively and impacted automakers like BMW, Nissan, and Honda. Customers faced delays in purchasing vehicles and scheduling services as dealerships resorted to manual processes. The incident underscores the importance of robust cybersecurity measures and contingency planning. Organisations are encouraged to develop comprehensive incident response plans, prioritise data protection, enhance ransomware defences, and improve communication strategies to mitigate the impact of such attacks.

Transport for London cyber attack exposes customer data in major breach – September 2024

A cyber-attack on Transport for London (TfL), saw attackers breach systems and access sensitive customer data. The compromised information included Oyster refund data, bank account numbers, sort codes, and personal contact details for around 5,000 customers. TfL responded by suspending certain services, such as applications for Oyster photocards and Zip cards, to prevent further nauthorized access. The National Crime Agency arrested a 17-year-old suspect in connection with the attack. This incident underscores the escalating threats facing public infrastructure and the importance of robust cyber security measures.

If you are worried about any of the threats outlined in this blog or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please get in touch.