December 2024 wrapped up the year with a chilling reminder of how vulnerable we all are to data breaches. From personal information to corporate secrets, it seemed like no one was safe. With over 2,000 breaches reported this year alone, the stakes have never been higher. In this blog, we’ll walk you through the biggest breaches of December, what they mean for businesses and individuals, and the crucial steps you can take to protect your organization moving forward.
1. SRP Federal Credit Union Breach
On December 19, SRP Federal Credit Union disclosed a breach that impacted over 240,000 members. The incident occurred between September 5 and November 4, exposing sensitive data including Social Security numbers, driver’s license numbers, dates of birth, and financial account information. A ransomware group named Nitrogen claimed responsibility, alleging the theft of 650 GB of customer data. SRP’s response included offering identity theft protection services to the affected members, underscoring the necessity of proactive measures in protecting financial institutions.
2. Ascension Health Data Breach
On December 20, Ascension, one of the largest U.S. hospital operators, reported a ransomware attack from May 2024 that had compromised the data of nearly 5.6 million individuals. The breach included patient records, lab test results, and insurance information. The incident highlights the critical need for robust cybersecurity measures in the healthcare sector, as attackers increasingly target sensitive medical data. Ascension’s operations were significantly disrupted, reflecting the far-reaching consequences of such attacks.
3. Rhode Island Government Data Breach
On December 15, Rhode Island officials revealed a breach affecting hundreds of thousands of residents. The compromised data included Social Security numbers and financial details. Hackers demanded a ransom, targeting users of government assistance programs like SNAP and HealthSource RI. The breach forced the state to shut down its RIBridges system temporarily, demonstrating the cascading effects a cyberattack can have on public services.
4. Krispy Kreme Cyberattack
On December 11, Krispy Kreme Inc. reported a breach discovered on November 29, significantly impacting its online ordering systems. While physical stores remained operational, the incident affected the company’s revenue and financial condition. This breach serves as a reminder that no industry, not even retail, is immune to cyber threats.
5. Automation Personnel Services Settlement
In a notable development, Automation Personnel Services reached a $1.375 million settlement on December 24 following a class-action lawsuit stemming from a 2020 breach. While the incident occurred years ago, the financial and reputational repercussions continued into 2024. The settlement underscores the long-lasting impact of data breaches on organizations.
6. LoanDepot Breach
LoanDepot, a leading mortgage lender based in Irvine, California, experienced a data breach affecting approximately 16.9 million customers. The attack, attributed to the Alphv (Blackcat) ransomware group, compromised personal information including names, addresses, financial account numbers, phone numbers, and dates of birth. The breach caused operational disruptions lasting nearly two weeks.
Final Words
The data breaches of December 2024 highlight that cyber threats are everywhere, from finance and healthcare to government and retail. At Strobes, we specialize in Continuous Threat Exposure Management, identifying vulnerabilities across your organization and protecting your data from real-time cyber attacks. Don’t let security gaps compromise your business or erode client trust. Reach out to Strobes today and take proactive steps to secure what matters most.
