Top 10 Cyber Attacks of 2024 & 25 Must-Know Security Breaches You Can’t Afford to Miss!
Every month of 2024 seemed to bring a new, alarming cybersecurity incident, underscoring the critical need for robust IT security measures. From ransomware crippling healthcare systems to data breaches exposing sensitive personal and corporate information, the year was marked by cyberattacks that disrupted services, impacted millions, and left lingering consequences well into 2025.
This blog highlights the 10 biggest cyberattacks, data breaches, and ransomware incidents of 2024, chosen for their scale, operational disruption, and financial impact. Additionally, a table of 25 other noteworthy cyber incidents is included at the end for further insights.
Why 2024 Was a Pivotal Year for Cybersecurity
The 2024 SonicWall Cyber Threat Report recorded a staggering 107% increase in IoT malware attacks, reflecting the vulnerabilities of connected devices. The State of Ransomware 2024 Report by Sophos revealed that ransomware affected 59% of respondents, while phishing attacks surged by 4,151% following ChatGPT’s public release. Netscout also reported 8 million DDoS attacks in just the first half of the year. Furthermore, IBM’s Cost of a Data Breach Report pegged the average financial loss per breach at $4.88 million.
These statistics highlight the urgent need for businesses and governments to enhance cybersecurity measures in 2025.
The Top 10 Cyber Incidents of 2024
Change Healthcare Ransomware Attack
BlackCat (ALPHV) attackers disrupted healthcare operations nationwide, resulting in $2.87 billion in response costs and $22 million in ransom payments.
Snowflake Data Breach
Scattered Spider hackers exfiltrated sensitive data from over 100 Snowflake customers, including AT&T and Santander Bank, demanding ransoms up to $5 million.
UK Ministry of Defence Data Breach
A contractor-operated payroll system was compromised, exposing sensitive details of 270,000 personnel, with suspicions of foreign state involvement.
Ascension Ransomware Attack
A ransomware attack on the U.S. healthcare provider disrupted emergency services and forced critical surgeries to be postponed, showcasing the sector’s vulnerabilities.
MediSecure Australia Breach
A ransomware attack leaked data of 12.9 million Australians, including prescription details, marking it as the country’s largest-ever breach.
Synnovis-NHS Ransomware Attack
This attack delayed critical medical procedures in the UK, with the Qilin ransomware gang demanding $50 million in ransom.
CrowdStrike-Microsoft Outage
A faulty software update caused the “Blue Screen of Death” for millions of systems worldwide, disrupting aviation, banking, and manufacturing sectors.
Transport for London Cyber Attack
TfL services were disrupted by a sophisticated attack, which compromised personal data and caused £30 million in losses.
Ivanti Zero-Day Exploits
Mass exploitation of Ivanti vulnerabilities affected 1,700 appliances globally, with attackers deploying web shells and harvesting credentials.
Salt Typhoon Telecom Attacks
Alleged Chinese-backed hackers targeted U.S. telecom giants, gaining access to sensitive call metadata, geolocation, and even audio recordings.
The Importance of Cyber Resilience
2024’s incidents highlight the growing sophistication of cyber threats and the dire consequences of inadequate security measures. Proactive defenses, such as implementing multi-factor authentication (MFA), rigorous employee training, and supply chain risk management, are no longer optional—they are critical for survival.
Explore our complete list of the 25 other major cyberattacks of 2024 at the end of this blog to gain deeper insights into how the cybersecurity landscape evolved last year.
25 Other Major Cyber Attacks, Data Breaches and Ransomware Attacks in 2024
| Date of the Event | Victim | Incident | Threat Actor | Impact |
| January 2, 2024 | Blockchain platform Orbit Chain | Orbit Chain loses $86 million in fintech hack | Sophisticated state-sponsored attackers believed to be based out of North Korea | Orbit Chain experienced a security breach that resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin as Orbit Chain’s balance went from $115M to $29M instantly, meaning that the losses were estimated to be about $86,000,000. Source: Bleeping Computer |
| January 4, 2024 | KyivStar Telecommunication | Russian hackers wipe thousands of systems in KyivStar attack | Solntsepek group (believed to be linked to the Sandworm Russian military hacking group) | The Russian hackers behind a December breach of Kyivstar, Ukraine’s largest telecommunications service provider, wiped all systems on the telecom operator’s core network as Kyivstar’s mobile and data services went down, leaving most of its 25 million mobile and home internet subscribers without an internet connection. Source: Bleeping Computer |
| January 8, 2024 | loanDepot | US mortgage lender loanDepot confirms ransomware attack | Unknown | Mortgage lender loanDepot said that approximately 16.6 million people had their personal information stolen in a ransomware attack. The attack caused the company to take its IT systems offline, preventing online payments against loans. Source: Bleeping Computer |
| January 21, 2024 | Majorca city Calvià | Majorca city Calvià hit by ransomware attack | Unknown | The Calvià City Council in Majorca announced it was targeted by a ransomware attack, which impacted municipal services. A source learned that the ransom set by the cybercriminals was allegedly €10,000,000, approximately $11M. Source: Bleeping Computer |
| January 29, 2024 | Energy company Schneider | Energy giant Schneider Electric hit by Cactus ransomware attack. Cactus ransomware claim to steal 1.5 TB of data | Cactus ransomware | Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data. The attack hit the company’s Sustainability Business division, and disrupted some of Schneider Electric’s Resource Advisor cloud platform. The ransomware gang reportedly stole terabytes of corporate data and threatened to leak the stolen data if the ransom demand was not paid. Source: Bleeping Computer |
| February 1, 2024 | Lurie Children’s Hospital | Rhysida ransomware demands $3.6 million for children’s stolen data | Rhysida Ransomware | The cyber attack forced Lurie Children’s Hospital to take its IT systems offline as the attack disrupted normal operations and delayed medical care in some instances. The healthcare provider said that the incident impacted the hospital’s internet, email, phone services, and ability to access the MyChat platform. Source: Bleeping Computer |
| February 22, 202430/03/2024 | AT & T | Cell Phone outage hits AT&T customers nationwide; Verizon and T-Mobile users also affectedAT&T confirms data of 73 million customers leaked on hacker forum | ShinyHunters | AT&T finally confirmed it was impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them. It said in a statement: “Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders”. Source: Bleeping Computer |
| March 05, 2024 | Duvel Moortgat Brewery | Duvel says it has “more than enough” beer after ransomware attack | Stormous Ransomware group | Duvel Moortgat Brewery was hit by a ransomware attack, bringing to a halt the beer production in the company’s bottling facilities. The company said the production was immediately stopped as some Beer enthusiasts on Reddit responded to the incident with humour, calling the situation a “national emergency” and asking for the actual number of “strategic reserves.” The threat actors who claimed the attack said they hold 88 GB data stolen from the brewery’s systems, threatening to leak it if a ransom isn’t paid until March 25, 2024. Source: Bleeping Computer |
| March 12, and 22, 2024 | Boat Dealer MarineMax | Boat Dealer MarineMax hit by cyber attack | Rhysida Ransomware | The ransomware group posted numerous samples of the alleged stolen data including MarineMax earnings reports, balance sheets, bank account wire transfers, customer databases etc. The gang priced the luxury yacht dealer’s “exclusive, unique, and impressive data” at a “bargain” price of 15 BTC equivalent to $774,415.65. Source: Bleeping Computer |
| March 15, 2024 | NHS Dumfries and Galloway | Ransomware group allegedly leaks stolen data from the Scottish health service | INC Ransom | NHS Dumfries and Galloway, part of the Scottish healthcare system, announced that it was the target of a focused and ongoing cyber attack. Subsequently, cyber extortionists published sensitive patient data stolen allegedly from NHS Dumfries and Galloway to their darkweb blog, in a bid to demand money from the local health board. Source: The Record |
| April 04 and 11, 2024 | Hoya Corporation | Hoya’s optics production and orders disrupted by ransomware attack with a demand of $10 million | Hunters International ransomware | Hoya said in a statement: “We learned that the Group’s headquarters and several of its business divisions have experienced an IT system incident” as hackers demanded a $10 million ransom for a file decryptor and to not release files stolen during the attack. Source: Bleeping Computer |
| May 08, 2024 | Dell | Dell warns of data breach, 49 million customers allegedly affected | A BreachForum user named Menelik | Dell warned customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers as the computer maker began emailing data breach notifications to customers, stating that a Dell portal containing customer information related to purchases was breached. Source: Bleeping Computer |
| June 03, 2024 | American Radio Relay League (ARRL) | ARRL says it was hacked by an “international cyber group” | An unnamed malicious international cyber group. | The cyber attack on the American Radio Relay League (ARRL) took its Logbook of the World offline and caused some members to become frustrated over the lack of information. ARRL confirmed paying the ransom of $1 million to access a decryptor to restore encrypted systems. Source: Bleeping Computer |
| June 24, 2024 | Neiman Marcus | Neiman Marcus confirms data breach after Snowflake account hack | Sp1d3r | Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company’s database stolen in recent Snowflake data theft attacks. Source: Bleeping Computer |
| July 15, 2024 | Rite Aid Pharmacy | Rite Aid says June data breach impacted 2.2 million people | RansomHub | Rite Aid said that 2.2 million customers’ personal information was stolen in what it described as a “data security incident.” “While having access to the Riteaid network we obtained over 10 GB of customer information equating to around 45 million lines of people’s personal information. This information includes name, address, rewards number etc.,” RansomHub said on their dark web leak site. Source: The Record |
| July 18, 2024 | Indian crypto platform WazirX | Indian crypto platform WazirX confirms $230 million stolen during cyber attack | Suspected North Korean Hackers (Lazarus) | At least $230 million worth of cryptocurrency was stolen from an India-based cryptocurrency platform named WazirX. Blockchain security companies including Elliptic, Arkham and BlockSec said there was clear evidence of millions worth of cryptocurrency being syphoned out of WazirX. Elliptic pegged the losses at $235 million and broke down the currencies stolen, which include ETH, some U.S. dollar-pegged stablecoins and more. Source: The Record |
| August 04, 2024 | Keytronic | Keytronic reports losses of over $17 million after ransomware attack | Black Basta Ransomware | Electronic manufacturing services provider Keytronic revealed that it suffered losses of over $17 million due to a May ransomware attack. In a filing with the U.S. Securities and Exchange Commission (SEC), Keytronic said it detected the incident on May 6 after disruptions at its Mexico and U.S. sites impacted business applications supporting both operations and corporate functions. Source: Bleeping Computer |
| August 08, 2024 | ADT Alarm | Home alarm company ADT says hackers obtained ‘limited’ customer data | Unknown | The home security systems company ADT Inc. announced that unauthorised hackers unlawfully broke into some databases storing customer order information as attackers made off with “limited” customer information, including email addresses, phone numbers and home addresses. Source: The Record |
| August 23 and 29, 2024 | Halliburton | Halliburton forced to take systems offline to contain cyber attack | RansomHub Gang | Oil field giant Halliburton provided details to regulators about the cyber attack that necessitated the shut-down of certain systems. The company said that it was hit by a cyber attack that affected operations at its headquarters in Houston. Source: Bleeping Computer |
| October 10, 2024 | Casio | Casio confirms customer data stolen in a ransomware attack | Underground Ransomware | Casio confirmed it suffered a ransomware attack, warning that the personal and confidential data of employees, job candidates, and some customers was also stolen. The attack was disclosed on October 07, 2024 when Casio warned that it was facing system disruption and service outages due to unauthorised access to its networks. Source: Bleeping Computer |
| November 1, 2024 | Los Angeles Housing Agency | Los Angeles Housing Agency confirms another cyber attack after 2023 ransomware incident | Cactus Ransomware | The Housing Authority of the City of Los Angeles (HACLA) said it was dealing with a cyber attack following claims of data theft made by a ransomware gang. The statement came after the Cactus ransomware gang claimed it stole 861 GB of data that included personal information, backups, financial documents and more. Source: The Record |
| November 3, 2024 | Schneider Electric | Schneider Electric says hackers accessed internal project execution tracking platform | HellCat Ransomware | Schneider Electric confirmed that it is investigating a cyber attack following reports of a breach as the HellCat ransomware gang took credit for the most recent attack, claiming it accessed Schneider Electric’s Atlassian Jira system, allowing them to allegedly steal about 40GB worth of project data and user information, and the gang threatened to leak the information if it was not paid a $125,000 ransom. Source: The Record |
| November 21, 2024 | Blue Yonder | Retailers struggle after ransomware attack on supply chain tech provider Blue Yonder | Termite Ransomware | A major technology provider for hundreds of large retailers, Blue Yonder struggled to recover from a ransomware attack. The company warned customers that the “Blue Yonder team is working around the clock to respond to this incident and continues to make progress.” Its customers range from supermarket chains like Morrisons to consumer goods companies like Amway, Anheuser-Busch, Dole and Gap. Other customers include Microsoft, Ford, Lenovo, Mitsubishi and Nestle. The Termite group claimed responsibility through its Tor-based website, posting that it has exfiltrated 680 gigabytes of data from Blue Yonder, including sensitive information such as databases, email addresses, and over 200,000 insurance documents. Source: The Record |
| December 3, 2024 | BT | BT unit took servers offline after Black Basta ransomware breach | Black Basta ransomware | UK’s telecommunications giant BT Group confirmed that its BT Conferencing business division shut down some of its servers following a Black Basta ransomware breach. A company spokesperson said that the security incident didn’t impact BT Group’s operations or BT Conferencing services. It was unclear if any systems were encrypted or only data stolen. Black Basta ransomware gang claimed they breached the company’s servers and allegedly stole 500 GB of data, including financial and organisational data, “users data and personal docs,” NDA documents, confidential information, and more. Source: Bleeping Computer |
| December 16, 2024 | Texas Tech University | Texas Tech University System data breach impacts 1.4 million patients | Interlock Ransomware | The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyber attack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. The threat actors leaked 2.1 million files totaling 2.6 TB of data allegedly stolen from HSCs, and the entire package is available for download from their extortion portal on the dark web. Source: Bleeping Computer |
| December 30, 2024 | Cisco | Cisco confirms authenticity of data after second leak | IntelBroker | A hacker leaked more data stolen from a Cisco DevHub instance and the tech giant confirmed its authenticity and that it originated from a recently disclosed security incident. The hacker known as IntelBroker announced on October 14 that he and others had breached Cisco systems and obtained source code, certificates, credentials, confidential documents, encryption keys and other types of information. The hacker initially claimed to have obtained 800 Gb of files, but later said 4.5 Tb of data was taken from the DevHub environment. In mid-December the hacker made available roughly 3 Gb of the data and on Christmas Day another batch of files, totaling more than 4 Gb, were leaked. Source: Security Week |
As we’ve seen in 2024, cyber threats continue to evolve at an alarming pace, with attackers constantly adapting their strategies. The attacks highlighted in this post serve as a stark reminder that no organization, big or small, is immune to the growing sophistication of cybercriminals.
To stay ahead of these threats, businesses need robust, proactive cybersecurity strategies that are tailored to their unique needs. At Synergy IT Solutions Group, we specialize in providing cutting-edge cybersecurity solutions to protect your business from both current and emerging threats. With our expertise, you can enhance your defenses with services like Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), and advanced threat intelligence, ensuring your organization is secure and resilient.
If you’re looking to safeguard your business in an increasingly complex digital landscape, Synergy IT Solutions Group is your trusted partner in cybersecurity. Contact us today to learn more about our comprehensive services and how we can help you defend against the cyber threats of tomorrow.
Contact :
Synergy IT solutions Group
439 University Avenue, 5th Floor
Toronto, ON M5G 1Y8
+1(866) 966–8311
+1(905) 502–5955
Email :
info@synergyit.ca
sales@synergyit.ca
Website :
https://www.synergyit.ca/
Comments
Post a Comment