Major data breaches that have rocked organizations in 2024

This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE, Dropbox, BBC Pension Scheme, TeamViewer, Advance Auto Parts, and AT&T.

Find out what led to the breaches and how they affected the breached organizations. The information in this recap might help your organization strengthen its cybersecurity posture.

Trello

January 2024

In January 2024, Trello encountered an incident in which user information was compromised and listed on an online forum. The database dump ‘contained emails, usernames, full names, and other account info,’ the seller claims in the advertisement. The dump contained 15,115,516 unique lines (i.e., records).

AnyDesk

February 2024

In February 2024, AnyDesk Software GmbH, the German company behind the widely used remote desktop application of the same name, was hacked and their production systems have been compromised.

France Travail

March 2024

French national unemployment agency France Travail (formerly Pôle emploi) and Cap emploi, a government employment service for people with disabilities, have suffered a data breach that might have exposed personal data of 43 million people.

The attackers managed to steal personal data, including:

• Full name
• Date and place of birth
• Social security number (NIR)
• France Travail identifier
• Email address
• Postal address
• Telephone number

Nissan

March 2024

Nissan Oceania confirmed that approximately 100,000 individuals were impacted by the data breach it experienced in December 2023. The breach affected some current and former employees, dealers and customers, including Mitsubishi, Renault, Skyline, Infiniti, LDV and RAM branded finance businesses.

MITRE

April 2024

MITRE was breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure.

Dropbox

May 2024

Attackers breached the Dropbox Sign production environment and accessed customer personal and authentication information. More specifically, attackers accessed:

• Dropbox Sign customer and account information: email addresses, usernames, phone numbers and hashed passwords, and general account settings
• Authentication information: API keys, OAuth tokens, and multi-factor authentication

BBC Pension Scheme

May 2024

Personal information of current and former BBC employees has been exposed in a data breach that affected the broadcaster’s in-house pension scheme. More than 25,000 individuals have been affected.

TeamViewer

July 2024

In the days following the discovery of the intrusion, TeamViewer confirmed that the threat actor leveraged a compromised employee account to copy employee directory data (names, corporate contact information, and encrypted employee passwords) for their internal corporate IT environment.

Advance Auto Parts

July 2024

Personal information of over 2,3 million individuals has been stolen by attackers as part of the massive data grab via compromised Snowflake accounts without MFA protection, Advance Auto Parts has confirmed by filing notices with the attorney general offices in several US states.

AT&T

July 2024

Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts made by “nearly all” of AT&T’s cellular customers from May to October 2022, the company has confirmed.