Major Data Breaches & Hacking News in May 2024

May 25, 2024

Recent data breaches across various industries highlight the ever-present risks in our digital world. Companies such as Marriott, J.P. Morgan, Kaiser Permanente, Dell, Dropbox, and FBCS have all faced significant security incidents that compromised user data and corporate information. Read on to learn about each incident.

Kaiser Permanente

Organization Description: Kaiser Permanente is a leading healthcare provider and nonprofit health plan serving millions of members across the United States.

Breach Size: 13.4 million

Data exposed: Kaiser Permanente announced a data breach that potentially affected 13.4 million customers in mid-April when online technologies previously installed on its website and mobile applications may have transmitted patients’ personal information to third-party vendors Google, Microsoft Bing and X (Twitter) when members and patients accessed its websites or mobile applications.

However, the breach did not expose usernames, passwords, Social Security numbers or payment information. This incident highlights the critical need for stringent security measures in the healthcare sector to protect patient data and comply with HIPAA standards.

Dell

Organization Description: Dell is a multinational computer technology company that develops, sells, and supports computers and related products and services.

Breach Size: 49 million

Data exposed: Dell warned of a data breach that allegedly affected 49 million customers. The exposed data includes name, physical address and order information from past orders. This breach underscores the importance of using strong encryption methods and implementing comprehensive security measures to protect large volumes of customer data.

FBCS

Organization Description: FBCS is a debt collection agency that handles debt recovery for various industries.

Breach Size: 1.9 million

Data exposed: Financial Business and Consumer Solutions (FBCS) reported a data breach affecting 1.9 million individuals in mid-February. The breach exposed personal information such as names, dates of birth, Social Security numbers, driver’s license numbers, and other account information. This incident emphasizes the need for debt collection agencies to adopt stringent security measures to protect sensitive personal and financial data from unauthorized access.

J.P. Morgan

Organization Description: J.P. Morgan Chase is one of the largest financial institutions in the world, offering services in investment banking, financial services, and asset management.

Breach Size: 451,000

Data exposed: J.P. Morgan experienced a data breach that impacted 451,000 retirement plan members. The financial services giant said that three unauthorized system users linked to J.P. Morgan customers or their agents had gained access to plan participant data ranging from August 26, 2021, and February 23, 2024.

The exposed data includes personal information such as names, addresses, Social Security numbers, and details regarding payment and deductions. The flaw has since been corrected. This breach highlights the importance of robust cybersecurity practices in protecting sensitive financial and personal information from unauthorized access.

Dropbox

Organization Description: Dropbox is a file hosting service that offers cloud storage, file synchronization, personal cloud, and client software.

Breach Size: Unknown

Data exposed: Dropbox experienced a data breach in April that compromised information related to all Dropbox Sign users, including account settings, names and emails. For some users, phone numbers, hashed passwords and authentication information were also exposed. The incident highlights the need for cloud service providers to implement robust security protocols and educate users on best practices for securing their accounts.

Marriott

Organization Description: Marriott is a global hospitality company with a portfolio of hotels and lodging facilities.

Breach Size: Unknown

Data exposed: Marriott has admitted to falsely claiming for five years that it was using encryption during a 2018 breach. The revelation means that sensitive customer data, including credit card information, passport numbers, and other personal details, was exposed without the protection of encryption, potentially affecting millions of guests worldwide. This incident underscores the critical need for transparency and stringent security measures in handling customer data.

Hacking & Phishing News

AI-Powered Cyber Attacks

The use of artificial intelligence (AI) in cyber attacks is on the rise, allowing hackers to execute more sophisticated and targeted attacks. AI can be used to automate phishing attacks, identify vulnerabilities faster, and evade traditional security measures. Organizations must invest in AI-driven cybersecurity solutions to counteract these advanced threats and ensure their defenses are up to date.

Internet of Things (IoT) Vulnerabilities

With the increasing adoption of IoT devices in both consumer and industrial applications, vulnerabilities in these devices have become a major concern. Poorly secured IoT devices can serve as entry points for attackers to infiltrate larger networks. It is crucial for manufacturers to implement strong security protocols in IoT devices and for users to keep their devices updated with the latest security patches.

These breaches and emerging threats serve as critical reminders of the diverse and complex nature of data security challenges facing today's organizations. Each incident offers unique lessons on the importance of comprehensive security strategies, including robust technical defenses, rigorous third-party assessments, and continual employee education on security best practices. For companies, the pathway to trust and safety lies through stringent, proactive measures against evolving cybersecurity threats.