Arctic Wolf Presents
The Biggest Breaches of 2024
Our annual recap of the most noteworthy, high-profile, and damaging cybercrimes of the year.
Top Data Breaches of 2024
Explore the nine most noteworthy data breaches of the year, enhanced by novel insights from our elite team of security researchers, data scientists, and security development engineers.
Ransomware Attack Impacts At Least One-Third of the U.S. Population
Data Breach At A Glance
Threat Actor:BlackCat/Alphv Affiliate
Industry Impacted:Healthcare
Impacted Org:Change Healthcare
Region:North America
Ransomware Attack Impacts At Least One-Third of the U.S. Population
A massive attack on a major healthcare organisation could have been prevented by the implementation of multi-factor authentication.
Data Breach at a Glance
Threat Actor:
BlackCat/Alphv Affiliate
Industry Impacted:
Healthcare
Impacted Org:
Change Healthcare
Region:
North America
Attack Details:
An affiliate of Alphv/BlackCat, one of the cybersecurity world’s most notorious ransomware gangs, struck Change Healthcare — a provider of revenue and payment cycle management that connects payers, providers, and patients within the US healthcare system — in February.
According to reports, initial access was obtained through the compromised credentials of a customer support employee obtained from a Telegram group that traffics in stolen credentials. These credentials were then used to access the Change Healthcare network via a remote access service that did not have multi-factor authentication (MFA) enabled.
After gaining access, the affiliate remained in the network for nine days, conducting lateral movement and exfiltrating data before finally encrypting systems, making off with the personal, health, and financial information of an estimated 100 million people.
Fallout:
A $22 million (USD) ransom was paid to secure the data, however Alphv/Blackcat pulled an “exit scam,” posting a message claiming they had been shut down by law enforcement, while most likely pocketing the funds, stiffing their partners, and resuming activity under a new name. Meanwhile, the recovery, remediation, and reputational cost of the ransomware attack has reached nearly $2.5 billion (USD), according to quarterly earnings reports.
Arctic Wolf Insight:
The Arctic Wolf Labs 2024 Threat Report found that 46.3% of non-business email compromise (BEC) attacks were driven by compromised credentials, with 7.3% of them being instances where historically compromised credentials were used to gain direct access to a victim’s environment. It’s imperative organisations not just implement modern MFA but enforce its use — particularly the passwordless approaches based on the FIDO2 set of specifications.
Sources
- TechCrunch: https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/
- CRN: https://www.crn.com/news/security/2024/10-major-cyberattacks-and-data-breaches-in-2024-so-far?page=5
- HIPAAJournal: https://www.hipaajournal.com/change-healthcare-responding-to-cyberattack/
- Reuters: https://www.reuters.com/technology/cybersecurity/blackcat-ransomware-site-claims-it-was-seized-uk-law-enforcement-denies-being-2024-03-05/#:~:text=In%20an%20exit%20scam%2C%20hackers,over%20under%20a%20new%20name.
Third-Party Cloud Data Breach Impacts Over 160 Organisations
Data Breach At A Glance
Threat Actor:Two primary, likely more
Industry Impacted:Information Technology
Impacted Org:Approx. 165 organisations, via Snowflake instances
Region:Global
Third-Party Cloud Data Breach Impacts Over 160 Organisations
Compromised credentials allow threat actors to launch infostealer malware against a global cloud services provider, granting access to the data of over 160 organisations.
Data Breach at a Glance
Threat Actor:
Two primary, likely more
Industry Impacted:
Information Technology
Impacted Org:
Approx. 165 organisations, via Snowflake instances
Region:
Global
Attack Details:
One of the largest data breaches of the year didn’t require advanced tactics, techniques, and procedures (TTPs), or an escalating chain of successful attacks. It simply required purchasing credentials on the dark web and using them to log in and steal data, once again highlighting the vital need for MFA and proper password hygiene.
Threat actors were able to access at least 165 organisations through their Snowflake instances, using compromised credentials harvested from infected devices using infostealer malware. Snowflake, an American cloud-based data storage company, was not found to have been breached. Rather, the threat actors used the compromised credentials to log into organisations’ Snowflake instances individually, allowing them to view and exfiltrate data for a treasure trove of global organisations, alleged to include AT&T, Santander Bank, and Live/Nation Ticketmaster.
Fallout:
In November, the U.S. government arrested two hackers, Connor Moucka and John Binns, for their role in the breach, charging them with the theft of the call and text records for approximately 50 billion customers of a major telecom company which multiple reports have identified as AT&T. However, the company has not confirmed the claims, only stating that “AT&T customer data was illegally downloaded from our workspace on a third-party cloud platform,” without directly linking itself to the Snowflake breach.
However, Moucka and Binns are likely far from the only cybercriminals involved. In late May, notorious threat group ShinyHunters claimed to be selling 560 million records from Ticketmaster and 30 million from Santander, with the Ticketmaster data reportedly containing personal and credit card data. Several firms have filed class action suits against Ticketmaster in recent months since the data breach first came to light.
Arctic Wolf Insight:
According to the Arctic Wolf Labs 2024 Threat Report, 47.3% of non-BEC incidents Arctic Wolf® Incident Response investigated involved an attacker using credentials to log into an exposed application. That means nearly half of all incidents could have been stopped with proper password hygiene and better identity security. These measures include implementing strong MFA, proactively hardening Active Directory using tools like PingCastle to provide visibility into configuration weak spots, delivering comprehensive security awareness training, and using 24×7 real-time monitoring, like the kind offered by a managed detection and response solution.
Sources
- AT&T: https://www.att.com/support/article/my-account/000102979?source=EPcc000000000000U
- Wired: https://www.wired.com/story/snowflake-breach-advanced-auto-parts-lendingtree/
- DarkReading: https://www.darkreading.com/cyberattacks-data-breaches/leak-site-breachforums-springs-back-to-life-weeks-after-fbi-takedown
- TechCrunch: https://techcrunch.com/2024/11/12/snowflake-hackers-identified-and-charged-with-stealing-50-billion-att-records/
- SCWorld: https://www.scworld.com/brief/us-indicts-alleged-snowflake-hackers
- Google Cloud Blog: https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion
Blacksuit Ransomware Gang Causes Over $600 Million (USD) Worth of Damage
Data Breach At A Glance
Threat Actor:Blacksuit, formerly Royal
Industry Impacted:Automotive
Impacted Org:CDK Global
Region:North America
Blacksuit Ransomware Gang Causes Over $600 Million (USD) Worth of Damage
The rebranded group behind Royal ransomware struck a cloud-based data storage and software provider for the automotive industry, causing major disruptions and financial damage.
Data Breach at a Glance
Threat Actor:
Blacksuit, formerly Royal
Industry Impacted:
Automotive
Impacted Org:
CDK Glboal
Region:
North America
Attack Details:
As ransomware continues to evolve, threat actors have started setting their sights on attacks that can breach a single organisation and impact thousands of its users. Such was the case in June, when CDK Global, a cloud-based data storage and software provider for nearly 15,000 U.S. car dealerships, was struck by Blacksuit, a ransomware gang formerly known as Royal.
CDK Global has declined to reveal details of how exactly they were breached, however Blacksuit (formerly Royal or RoyalLocker, and before that, Conti) has a history of double extortion, not only encrypting systems but exfiltrating data in order to ensure and/or enlarge their payday.
Fallout:
Multiple reports claim that analysis of the Bitcoin blockchain reveals CDK Global paid Blacksuit a $25 million (USD) ransom to restore access and operations. Still, the disruption to dealerships across the country — which saw some resorting to pen and paper to conduct business — is reported to have cost these dealerships more than $1 billion (USD) collectively.
Arctic Wolf Insight:
Our own data shows that ransomware is 15x more likely than business email compromise to lead to an incident response (IR) engagement. While the exact cause of the breach remains unclear, what is clear is that robust, rapid incident response can often make a difference in terms of the cost of a successful breach. Depending on the IR provider, organisations can see as much as a 15% faster response to an incident, reducing downtime and its associated costs.
Sources
- CISA: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a
- Anderson Economic Group: https://www.andersoneconomicgroup.com/dealer-losses-due-to-cdk-cyberattack-reach-1-02-billion/?highlight=cdk+global
- CNN: https://www.cnn.com/2024/07/11/business/cdk-hack-ransom-tweny-five-million-dollars/index.html
- Bloomberg: https://www.bloomberg.com/news/articles/2024-06-21/cdk-hackers-want-millions-in-ransom-to-end-car-dealership-outage
- TechTarget: https://www.techtarget.com/whatis/feature/The-CDK-Global-outage-Explaining-how-it-happened
- Reuters: https://www.reuters.com/technology/cybersecurity/blacksuit-hacker-behind-cdk-global-attack-hitting-us-car-dealers-2024-06-27/#:~:text=SAN%20FRANCISCO%2C%20June%2027%20(Reuters,%2Dthe%2Dscenes%20software%20suppliers.
An Accidental Insider Leads to the Largest Breach of 2024
Data Breach At A Glance
Threat Actor:Accidental Insider
Industry Impacted:Information Services
Impacted Org:National Public Data (NPD)
Region:North America
An Accidental Insider Leads to the Largest Breach of 2024
A major consumer data broker accidentally made the passwords to its back-end database public, leading to the theft of 2.9 billion rows of records.
Data Breach at a Glance
Threat Actor:
An accidental insider
Industry Impacted:
Information Services
Impacted Org:
National Public Data (NPD)
Region:
North America
Attack Details:
In April, notorious threat actor USDoD began selling data stolen from National Public Data, a consumer data brokerage. Subsequent investigations revealed that up to 2.9 billion rows of records, consisting of the names, addresses, emails, phone numbers and even Social Security numbers of an undisclosed number of people, though reports range from 170 million to well over 1 billion, including 85% of U.S. Representatives and Senators. USDoD has denied being the threat actor behind the actual attack, and insists they merely obtained the data and were attempting to sell it for profit.
An investigation by cybersecurity journalists revealed that, “another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage.”
Fallout:
NPD users filed a class action lawsuit in August against parent company Jerico Pictures, alleging the breach was foreseeable and avoidable. Three months later, and before the case could proceed Jerico Pictures filed for bankruptcy. While the threat actor USDoD has been arrested, the actual data thieves remain at large.
Arctic Wolf Insight:
Employees within an organisation have far easier access to sensitive materials than outside attackers do. A careless or under-trained employee can put an organisation at serious risk by leaving digital gateways open, falling for phishing scams, or any number of other lapses in basic cybersecurity. A strong security awareness program — one focused on human behaviour, organisational culture, and the employment of both content and data that actively reduces the risk of an accidental insider — can help users make decisions that will protect their assets, prevent their credentials from ending up for sale on the dark web, and help them spot social engineering tactics that could lead to them giving away the keys to the kingdom.
Sources
- Microsoft: https://support.microsoft.com/en-us/topic/national-public-data-breach-what-you-need-to-know-843686f7-06e2-4e91-8a3f-ae30b7213535
- Bloomberg: https://www.bloomberglaw.com/public/desktop/document/HofmannvJericoPicturesIncDocketNo024cv61383SDFlaAug012024CourtDoc?doc_id=X6S27DVM6H69DSQO6MTRAQRIVBS
- US House of Representatives: https://ritchietorres.house.gov/posts/congressman-ritchie-torres-releases-investigative-report-on-last-months-national-public-data-breach
- KrebsonSecurity: https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/
Alphv/BlackCat Strike the Mortgage Industry
Data Breach At A Glance
Threat Actor:Alphv/BlackCat
Industry Impacted:Financial Services
Impacted Org:loanDepot
Region:North America
Alphv/BlackCat Strike the Mortgage Industry
A ransomware attack on one of the country’s leading mortgage lenders exposes the personal identifying information (PII) of nearly 17 million people and causes $27 million (USD) in damages.
Data Breach at a Glance
Threat Actor:
Alphv/BlackCat
Industry Impacted:
Financial Services
Impacted Org:
loanDepot
Region:
North America
Attack Details:
Notorious ransomware group Alphv/BlackCat kicked off the new year with a January attack on California-based mortgage and lending giant loanDepot. In a statement, they revealed that, as a result of the attack, they had “taken certain systems offline” and were “working diligently to restore normal business operations as quickly as possible.”
The attack prevented customers from accessing accounts and making payments, and the attack also disrupted the company’s loan origination and loan servicing systems. Threat actors were able to encrypt and exfiltrate the data of nearly 17 million of loanDepot’s customers, including names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, and financial account numbers.
Fallout:
The company has disclosed in financial reports to the SEC that they incurred $41.6 million (USD) in expenses related to the incident during the first half of the year, “which includes an accrual of $25.0 million in connection with class action litigation related to the Cybersecurity Incident.” Customers had filed 20 class action lawsuits for everything from negligence to violations of state consumer laws.
Arctic Wolf Insight:
While the financial services industry is one of the most highly regulated in the world, many organisations lack the resources to implement and enforce them, leading to check-the-box thinking, where the bare minimum is considered good enough. However, compliance guidelines are created to protect data from unauthorised access and reduce an organisation’s cyber risk and prevent incidents. By thoroughly implementing the guidelines found in something like those prescribed in the Federal Financial Institutions Examination Council (FFIEC) Information Security Booklet, organisations can improve their operational and overall security architecture, improving visibility, reducing alert fatigue, enhancing security software, and solidifying governance procedures to reduce the burden on staff while making sure that staff is set up for success if an incident occurs.
Sources
- SEC: https://d18rn0p25nwr6d.cloudfront.net/CIK-0001831631/651e8322-c8a4-4270-9c84-51ae068a6902.pdf
- SecurityWeek: https://www.securityweek.com/ransomware-attack-cost-loandepot-27-million/
- CybersecurityDive: https://www.cybersecuritydive.com/news/loandepot-net-loss-cyber-settlement-q2/723838/
- TechCrunch: https://techcrunch.com/2024/02/26/loandepot-millions-sensitive-personal-data-ransomware/
Rhysida Ransomware Ruins Thousands of Travellers’ Plans
Data Breach At A Glance
Threat Actor:Rhysida
Industry Impacted:Transportation
Impacted Org:Port of Seattle
Region:North America
Rhysida Ransomware Ruins Thousands of Travellers’ Plans
A ransomware organisation struck a major U.S. port in the Pacific Northwest, as well as the international airport it oversees, disrupting operations and travel for thousands.
Data Breach at a Glance
Threat Actor:
Rhysida
Industry Impacted:
Transportation
Impacted Org:
Port of Seattle
Region:
North America
Attack Details:
The fifth-largest U.S. port and Seattle-Tacoma (Sea-Tac) airport, the Pacific Northwest’s principal international airport, were struck by the Rhysida ransomware organisation in August, just in time for the end of summer holiday travel rush.
The attack caused widespread, sustained outages to internet and web systems, affecting port and airport services including baggage and passenger check-in, ticketing services, terminal display boards, the port’s website, the airport’s mobile app, and more. While an unknown amount of data was exfiltrated, the true damage was, as is the case in most attacks on critical infrastructure, to daily operations. An estimated 1,400 daily passengers utilise the Sea-Tac airport, many of whom experienced delays that damaged their travel plans.
Fallout:
Threat actors demanded $6 million (USD) in bitcoin for the return of the stolen data Rhysida was able to exfiltrate during the attack, however, the Port of Seattle has refused to pay. “Paying the criminal organisation would not reflect port values or our pledge to be a good steward of taxpayer dollars,” said Steve Metruck, the Port of Seattle’s executive director. This means that the stolen data, whatever it may be, could find its way onto the dark web for use in future breaches or identity theft efforts.
Arctic Wolf Insight:
Threat actors often target critical infrastructure, utilities, and manufacturing organisations because they have a low tolerance for downtime meaning, in theory, these organisations are more likely to pay a ransom or comply with threat actor demands. The FBI strongly urges any organisation hit with ransomware to refuse payment, but this can extend downtime and increase both financial and reputational costs as customers experience delays or outright outages to services they need. These organisations need to seriously consider a security operations solution, one that provides 24×7 monitoring, risk-based vulnerability management, security awareness training, and incident response to both reduce their cyber risk, and the potential damage from a successful breach.
Sources
- SecurityWeek: https://www.securityweek.com/hackers-demand-6-million-for-files-stolen-from-seattle-airport-operator-in-cyberattack/
- CybersecurityDive: https://www.cybersecuritydive.com/news/seattle-port-ransomware-attack/727098/
- Port Technology International: https://www.porttechnology.org/news/port-of-seattle-shares-details-of-a-cyberattack/
- Pacific Maritime Magazine: https://pacmar.com/port-of-seattle-website-finally-back-online-following-major-cyber-attack/
- CISA: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a
Ransomware Gangs Continue Their Assault on the NHS
Data Breach At A Glance
Threat Actor:Qilin
Industry Impacted:Healthcare
Impacted Org:Synnovis
Region:United Kingdom
Ransomware Gangs Continue Their Assault on the NHS
A Russian cybercrime group made off with 400 GB of confidential patient data for a major provider of pathology services for the U.K.
Data Breach at a Glance
Threat Actor:
Qilin
Industry Impacted:
Healthcare
Impacted Org:
Synnovis
Region:
United Kingdom
Attack Details:
In June, Russian ransomware and extortion group Qilin struck Synnovis — a pathology services provider formed from a partnership between two London-based hospital Trusts and SYNLAB, Europe’s leading provider of laboratory diagnostic services — with a ransomware attack via malware injection. The threat actors encrypted and exfiltrated data from over 300 million patient interactions with the National Health Service (NHS), consisting of personally identifying information (PII) and blood test results, including highly sensitive test results for HIV, sexually transmitted diseases, and cancer.
Several NHS trusts in London were impacted by the cyber attack, including two of the busiest in the country, King’s College Hospital Foundation Trust and Guy’s and St Thomas’ Foundation Trust. The attack caused disruption at seven hospitals overseen by these trusts alone, amounting to the cancelling of over 1,100 surgeries and nearly 2,200 outpatient appointments in the first two weeks following the attack. Reports state that the cancellation included more than 100 cancer treatments and 18 organ transplants. Blood test and transfusion services in London were dramatically impacted as well, reducing operations by 90% until systems were restored.
Fallout:
Shortly after the attack, Qilin demanded a $50 million (USD) crypto payment to delete the data and decrypt impacted systems. Synnovis refused to pay, causing Qilin to upload 400 GB of data was uploaded to Qilin’s data leak site on the dark web. According to the HIPAA Journal, “the affected patients may now be subjected to extortion attempts due to the sensitivity of some of the stolen data. For instance, cybercriminals could threaten patients who tested positive for HIV by making that information public if they do not pay to have their data deleted.”
Arctic Wolf Insight:
Malware injection attacks most often leverage unremediated vulnerabilities, highlighting the need for a robust vulnerability management program. However, achieving strong vulnerability management alone is no easy task. Whether it’s through a shortage of skills, personnel, or time, too many organisations are stuck in a cycle of reacting to immediate threats, unable to take proactive measures to harden their environment. A partnership with a security operations solutions provider helps solve this issue while providing support, expertise, and hands-on-keyboards.
Sources
- TechCrunch: https://techcrunch.com/2024/12/04/ransomware-hackers-target-nhs-hospitals-with-new-cyberattacks/
- HIPAA Journal: https://www.hipaajournal.com/care-disrupted-at-london-hospitals-due-to-ransomware-attack-on-pathology-vendor/
- Synnovis: https://www.synnovis.co.uk/cyberattack-information-centre
- NHS England: https://www.england.nhs.uk/synnovis-cyber-incident/
An Unpatched Vulnerability Leads To Massive Data Exfil
Data Breach At A Glance
Threat Actor:Unknown, possibly Russian nation-state attacker
Industry Impacted:Education
Impacted Org:City of Helsinki
Region:EMEA
An Unpatched Vulnerability Leads To Massive Data Exfil
In what may be a Russian nation-state attack related to rising European tensions, tens of millions of pieces of data were stolen from Finland’s capital.
Data Breach at a Glance
Threat Actor:
Unknown, possibly Russian nation-state attackers
Industry Impacted:
Education
Impacted Org:
City of Helsinki
Region:
EMEA
Attack Details:
The City of Helsinki Education Division, which oversees the “early childhood education, pre-primary education, basic education, general upper secondary education, and vocational education and training” for Finland’s capital, was hit by a cyber attack in early May, which resulted in the theft of data for up to 80,000 students and their guardians, as well as all of the Education Division’s personnel and files stored on the Division’s servers.
According to the City of Helsinki it all began with an unremediated vulnerability. “The data breach and theft were facilitated by a lack of several security controls related to remote server settings, network segregation and data security monitoring.” Chief Digital Officer Hannu Heikkinen went further, revealing “a hotfix patch has been available to eliminate this vulnerability, but it is not currently known why this hotfix was not installed on the server. Our security update and device maintenance controls and procedures have been insufficient. After the breach, we have taken measures to ensure that a similar breach is no longer possible.”
Fallout:
As of this writing, no threat actor has claimed responsibility for the attack, and no known ransom has been demanded or paid. However, the subsequent investigation into the breach resulted in the City of Helsinki prioritising drastic cybersecurity improvements to reduce technical debt and cyber risk, as well as improve its information management, data security, and data protection.
Arctic Wolf Insight:
Too many organisations only prioritise security operations in response to an incident. Yet, according to IBM, It took an average of 194 days to identify a data breach globally in 2024. Proactive monitoring, detection, and response can recognise and stop attacks much faster, drastically reducing the financial and reputational damage of a successful breach. Meanwhile, our own data reveals that nearly 60% of the incidents investigated by Arctic Wolf exploited a vulnerability identified in 2022 or earlier, meaning organisations had anywhere from months to years to patch the affected system or remove (or further safeguard) its external access. Staying current on patches for systems and software is an easy way to harden your security posture against attacks like these.
Sources
Ransomware Attack Impacts Over 12 Million Australians
Data Breach At A Glance
Threat Actor:Unknown
Industry Impacted:Healthcare
Impacted Org:Medisecure
Region:ANZ
Ransomware Attack Impacts Over 12 Million Australians
A single cyber attack resulted in the theft of personal and health information of nearly half of the entire Australian population.
Data Breach at a Glance
Threat Actor:
Unknown
Industry Impacted:
Healthcare
Impacted Org:
Medisecure
Region:
ANZ
Attack Details:
In April, an unknown threat actor infiltrated the network of Medisecure, an Australian digital prescription services provider, making off with 6.5 terabytes of data before encrypting systems, at which point the organisation became aware of the attack. Subsequent investigation revealed the unknown threat actor(s) had exfiltrated the personal and health information of 12.9 million Australians.
According to Medisecure, “the types of information impacted may increase the likelihood of Australians being targeted by phishing, identity-related crime and cyber scam activities.” The stolen data included names, birthdates, addresses, phone numbers, email addresses, individual healthcare identifiers, and Pensioner Concession, Commonwealth Seniors, Healthcare Concession, Department of Veterans’ Affairs (DVA) card numbers.
Fallout:
It took more than a month to fully restore systems from backups. Medisecure was unable to notify specific victims due to the complexity of both the encryption and the stolen data set. In June, after federal authorities declined to provide a financial bailout to the company, MediSecure appointed liquidators and went into administration. “This made it not practicable to specifically identify all individuals and their information impacted by the incident without incurring substantial cost that MediSecure was not in a financial position to meet,” administrators said.
Arctic Wolf Insight:
While the exact attack chain is unknown, it’s become increasingly common for ransomware attacks to exploit weaknesses in identity and access management (IAM) controls. Verizon’s 2024 Data Breach Investigations Report (DBIR) indicates that over 80% of breaches involve compromised identity, and we often observe that VPN credentials serve as the root point of compromise in our incident response cases. In 2024 alone, we saw affiliates with Akira and Fog ransomware opportunistically exploiting SSL VPN accounts without MFA enabled. Download the Arctic Wolf Labs 2025 Predictions report to learn five strategies that can help you better protect identities in your environment.
Sources
- Guardian: https://www.theguardian.com/australia-news/article/2024/jul/18/medisecure-reveals-about-129-million-australians-had-personal-data-stolen-by-hackers-in-april
- Australian Government Department of Home Affairs: https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/cyber-coordinator/medisecure-cyber-security-incident
- Medisecure: https://medisecurenotification.wordpress.com/
- SecurityWeek: https://www.securityweek.com/medisecure-data-breach-impacts-12-9-million-individuals/
- Security Magazine: https://www.securitymagazine.com/articles/100875-129-million-individuals-affected-by-medisecure-cyber-breach
- Australian Broadcasting Corporation: https://www.abc.net.au/news/2024-07-18/medisecure-data-cyber-hack-12-million/104112736
On-Demand Webinar
