This year of 2024 has brought a seemingly endless series of cybersecurity incidents targeting some of the biggest brand names and the products in the most widespread use. The techniques and the amount and types of information compromised have varied, but it all adds up to one large and disturbing picture. Let’s take a look:
First, the most recent and most disruptive event, the CrowdStrike outage, was not a hacking incident but a software update gone horribly wrong. That’s small comfort to the tens of thousands of people who were stranded in airports or who had no access to banking or healthcare services. Early estimates put the cost of the event at $5 billion, and that considers only the Fortune 500 companies that were affected. But while it was a massive collapse, it was not cybercrime.
(From the “We’re not sure whether to laugh or cry” department, CrowdStrike apparently followed up by offering $10 Uber Eats gift cards to impacted users … and those attempting to redeem them found they were no longer valid.)
Just before that came the CDK Global ransomware incident, and while that might not be a familiar brand name, if you tried to buy a vehicle or have one serviced in late June or early July chances are you felt the impact. We covered this incident in greater detail in a recent blog post, including the fact that CDK apparently paid a $25 million ransom to hackers using ransomware called BlackSuit.
At around the same time, AT&T joined the parade, announcing that hackers had stolen data from “nearly all” of its wireless customers. A subsequent report said that AT&T had paid a hacker $370,000 (which seems low considering the scope of the event) to delete the compromised data. We wouldn’t bet the farm on that outcome, but AT&T says it was the only “complete copy” of the data.
Ransomware purveyors next went after pharmacy giant RiteAid, impersonating an employee to gain access to sensitive systems. Some 2.2 million users were affected, and while RiteAid says no patient information or Social Security numbers were compromised, personal info including driver’s license numbers were.
For sheer volume and variety, though, the big winner in this year’s cyber roundup (so far) is Ticketmaster. The company everyone loves to hate was hacked to the tune of a half billion customer records, to include names, phone numbers and email addresses at a minimum. The hackers in this case went right for the jugular, holding the data of 440,000 Taylor Swift ticketholders for ransom, and subsequently leaking print-at-home tickets for 154 different events.
With the near-daily headlines about one or another giant company being compromised, it’s a pretty safe bet that your own personal information is at risk in one form or another. We recommend monitoring your credit regularly or using a service to do so. An even stronger measure is to lock your credit so that no new accounts can be opened in your name. And we would recommend against checking those handy boxes that say, “Save my credit card information for future use.”
Finally, be vigilant. Note that the RiteAid hack didn’t happen as a result of technical wizardry, but from someone impersonating an employee. Be suspicious of every link and attachment, especially in business emails.