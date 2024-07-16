Major data breaches that have rocked organizations in 2024
This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE, Dropbox, BBC Pension Scheme, TeamViewer, Advance Auto Parts, and AT&T.
Find out what led to the breaches and how they affected the breached organizations. The information in this recap might help your organization strengthen its cybersecurity posture.
Trello
January 2024
In January 2024, Trello encountered an incident in which user information was compromised and listed on an online forum. The database dump ‘contained emails, usernames, full names, and other account info,’ the seller claims in the advertisement. The dump contained 15,115,516 unique lines (i.e., records).
AnyDesk
February 2024
In February 2024, AnyDesk Software GmbH, the German company behind the widely used remote desktop application of the same name, was hacked and their production systems have been compromised.
France Travail
March 2024
French national unemployment agency France Travail (formerly Pôle emploi) and Cap emploi, a government employment service for people with disabilities, have suffered a data breach that might have exposed personal data of 43 million people.
The attackers managed to steal personal data, including:
- Full name
- Date and place of birth
- Social security number (NIR)
- France Travail identifier
- Email address
- Postal address
- Telephone number
Nissan
March 2024
Nissan Oceania confirmed that approximately 100,000 individuals were impacted by the data breach it experienced in December 2023. The breach affected some current and former employees, dealers and customers, including Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM branded finance businesses.
MITRE
April 2024
MITRE was breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure.
Dropbox
May 2024
Attackers breached the Dropbox Sign production environment and accessed customer personal and authentication information. More specifically, attackers accessed:
- Dropbox Sign customer and account information: email addresses, usernames, phone numbers and hashed passwords, and general account settings
- Authentication information: API keys, OAuth tokens, and multi-factor authentication
BBC Pension Scheme
May 2024
Personal information of current and former BBC employees has been exposed in a data breach that affected the broadcaster’s in-house pension scheme. More than 25,000 individuals have been affected.
TeamViewer
July 2024
In the days following the discovery of the intrusion, TeamViewer confirmed that the threat actor leveraged a compromised employee account to copy employee directory data (names, corporate contact information, and encrypted employee passwords) for their internal corporate IT environment.
Advance Auto Parts
July 2024
Personal information of over 2,3 million individuals has been stolen by attackers as part of the massive data grab via compromised Snowflake accounts without MFA protection, Advance Auto Parts has confirmed by filing notices with the attorney general offices in several US states.
AT&T
July 2024
Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts made by “nearly all” of AT&T’s cellular customers from May to October 2022, the company has confirmed.