2024’s Data Breaches, Incidents, and How to Avoid Them in 2025

“Those who cannot remember the past are condemned to repeat it.” - George Santayana

In 2024, data breaches continued to reach staggering heights as threat actors took advantage of security vulnerabilities and social engineering tactics to compromise the personal data of hundreds of millions of customers across hundreds of organizations. While the industries affected and underlying causes varied widely, many incidents shared similar contributing factors.

If your company's New Year’s resolution is to avoid a data breach in 2025, read on while we recap a significant incident and breach from “the year that was” and see how you can protect your organization.

State of Data Security in 2024

A common thread across 2024 concerned AI use as an attack vector, with threats ranging from AI-generated deepfakes to fully automated malware creation (source). While the latter threat has not yet occurred, threat actors were able to leverage generative AI models to accomplish the former. This is expected to continue in 2025 as attackers use AI just as legitimate businesses use them - to assist in their day-to-day work and uncover new and novel patterns.

2024 also saw a rise in cloud vulnerabilities and attacks, with data breaches and vulnerabilities impacting SaaS such as Snowflake (source) and all major cloud providers.  AWS (source) and Google (source) both ran afoul of a Remote Code Execution (RCE) vulnerability, while an MFA flaw allowing a bypass was discovered on Azure (source). While the cloud providers partnered with cybersecurity researchers to successfully patch their vulnerabilities, Snowflake was not so lucky, with a reported 30 million customers affected.

Data protection regulations and fines were both in the news in 2024 as well, with consumer data privacy laws taking effect in Florida, Montana, Oregon, and Texas. This brings the total count of US states with such laws to 20 (source), despite the lack of a comprehensive data privacy law at the federal level. These state laws have led to fines, with Meta agreeing to a $1.4 billion settlement with the Texas Attorney General for unlawfully collecting biometric data (source, source).

Outside of the US, several companies were fined for GDPR violations:

• LinkedIn was fined $336 million by the Irish Data Protection Commission (DPC) for advertising practices that violated the GDPR‍
• Uber received a $324 million fine for violating the GDPR by storing driver data in the US

These data breaches and vulnerabilities emphasize how businesses can and must adapt their security posture to meet existing and emerging challenges. Let’s explore an incident and breach in-depth to uncover the root cause and what could have been done to avoid these breaches.

Major Data Breaches and Incidents of 2024

CrowdStrike Outage

The CrowdStrike outage was perhaps the biggest security incident of the year. In July, CrowdStrike released a content update for Windows that caused Windows systems running the CrowdStrike Falcon agent (sensor) to bluescreen.

This update, a channel file, is loaded into the Falcon sensor which leverages kernel drivers. CrowdStrike’s kernel driver “is loaded from an early phase of system boot to allow the sensor to observe and defend against malware that launches [before] user mode processes starting." (source)

Oddly, this defective channel update file was not caused by an attacker or compromise of the software supply chain; it resulted from human error and a gap in testing during the release cycle. Per Forbes:

“The issue traces back to February when CrowdStrike introduced a new template type… to detect novel attack techniques leveraging Windows' interprocess communication mechanisms. This template and content validator defined 21 input parameter fields, yet the content interpreter—a critical component—was only equipped to handle 20 fields.”

This incorrectly sized input data array caused an out-of-bounds memory read beyond the end of the array, resulting in the system crash (bluescreen) due to the Falcon sensor operating at the kernel level.

The outage had a broad impact across industries, including airlines, health services, and financial organizations. In turn, CrowdStrike faced a lawsuit by its shareholders and a separate lawsuit filed by Delta Airlines.

The outage highlighted the need for stringent testing and software quality assurance to prevent inadvertent issues at the development level (source, source). If robust testing is not available a misnumbered input parameter can be just as impactful as a hijack of a software supply chain.

Snowflake Breach

In June 2024, Snowflake became part of the larger 2024 data breaches landscape when it suffered a major incident. The coordinated attack by the UNC5537 threat group compromised the data of 30 million customers and at least 165 organizations, with the explicit goal of extorting them for exfiltrated information.

UNC5537 used a straightforward approach to the attack by purchasing or finding exposed credentials without multifactor authentication (MFA). These credentials allowed them to log in to Snowflake accounts directly. Once the threat group established access, they could conduct reconnaissance and extract data from the compromised Snowflake database using common SQL commands (source).

AT&T was one of the companies affected by the Snowflake breach; in July, the wireless carrier announced that hackers stole phone records of almost all current and former customers from May 1, 2022, to October 31, 2022. These records, including call and text records, customer phone numbers, and cell tower data, had been stored by AT&T within Snowflake and left poorly secured (source). 

While the contents of calls and text messages were not included in the hack, phone numbers can be associated with customer names using online tools, and cell tower information could be used to get location information about the area where AT&T customers live.

Snowflake has faced several lawsuits (source), with 15 complaints being filed in Montana, Florida, Texas, North Carolina, and California. The company is also facing a class action lawsuit and was under a Congressional investigation.

This breach illustrates the need for mandatory MFA on all accounts. Additionally, organizations may want to conduct scans for compromised accounts on the dark web.

Common Themes & Trends in 2024 Data Breaches

Despite concerns about AI, from the incident and breach above, we can determine that existing, recurring weaknesses are often a larger concern:

• The CrowdStrike incident could have been avoided had additional validation been performed during compilation
• The Snowflake data breaches could have been avoided with mandatory MFA so that despite the credentials being compromised, access to the account would be blocked without an additional authentication factor
• While data encryption at rest should be used to protect data, it would not have prevented the Snowflake breach, as access to the accounts allowed the attackers to decrypt the data (source)

Sadly, both the CrowdStrike incident and the breach had a broad impact across all industries as both CrowdStrike and Snowflake were heavily utilized throughout organizations across all sectors.‍

How to Prevent Your Company From Becoming a Data Breach Statistic

Cybrary offers courses and labs on topics germane to this post, such as:

• Memory Forensics
• Secure Data Storage and Transmission
• Configure Multi-factor Authentication
• US Information Privacy
• Comprehensive Guide to General Data Protection Regulation (GDPR)

However, the best way to prevent your company from being the next data breach victim is to ensure you have followed these four steps. Linked are some Cybrary courses and labs to help you on your journey:

1. Address Security Fundamentals
   • Access Controls: Least-privilege policies, MFA, routine privilege reviews.
   • Patching & Updates: Automated patch management for all critical systems.‍
   • Regular Audits: Security assessments, penetration tests, vulnerability scans.
2. Invest in Employee Awareness & Training
   • Phishing Simulations: Ongoing exercises to sharpen recognition skills.
   • Security Culture: Everyone from execs to interns takes responsibility for data security.
3. Incident Response & Recovery
   • ‍Formal IR Plan: Clearly documented steps for detection, containment, and remediation.‍
   • Resilient Backups: Segmented, offline backups to limit ransomware damage.
4. Third-Party & Supply Chain Management
   • Vendor Security Assessments: Evaluate suppliers and enforce contractual security requirements.
   • Zero Trust Integrations: Limit vendor access and segment networks to contain breaches.