Every year has its own mix of digital security debacles, from the silly to the sinister, but 2024 has been particularly marked by hacking sprees in which cybercriminals and state-sponsored spy groups repeatedly exploiting the same weakness or target type to unleash their rampage. For attackers, the approach is ruthlessly efficient, but for compromised institutions—and the individuals they serve—malicious attacks have real consequences for privacy, safety, and security. of people.

As political unrest and social unrest intensify around the world, 2025 will be a complex—and potentially explosive—year in cyberspace. But first, here’s WIRED’s look at the worst breaches, leaks, state-sponsored hacking campaigns, ransomware attacks, and digital extortion cases. Stay alert, and stay safe out there.

Espionage operations are a fact of life, and China’s relentless campaigns have become a constant in cyberspace for years now. But the Chinese-linked spy group Salt Typhoon conducted an even more significant operation this year, infiltrating several US telecoms including Verizon and AT&T (plus others around the world) for months. . And US officials told reporters earlier this month that many victim companies are still actively trying to remove hackers from their networks.

The attackers targeted a small group of people—less than 150 at the current count—but they included individuals already subject to US wiretap orders as well as state department officials and member of the Trump and Harris presidential campaigns. In addition, texts and calls from other people interacting with Salt Typhoon’s targets were also intercepted by the spying scheme.

Throughout the summer, attackers have been on the prowl, breaching prominent companies and organizations that are all customers of cloud data storage company Snowflake. Fun hardly qualifies as hacking, because cybercriminals simply use stolen passwords to log into Snowflake accounts without two-factor authentication turned on. The end result, however, was an incredible amount of data stolen from victims including Ticketmaster, Santander Bank, and Neiman Marcus. Another prominent victim, telecom giant AT&T, said in July that “almost all” records related to its customers’ calls and texts from the seven-month arrival in 2022 stolen by a Snowflake-related intrusion. Security firm Mandiant, which is owned by Google, said in June that the rampage affected almost 165 victims.

In July, Snowflake added a feature to allow account administrators to make two-factor authentication mandatory for all their users. In November, suspect Alexander “Connor” Moucka was arrested by Canadian law enforcement for allegedly leading a hacking spree. He was indicted by the US Department of Justice for the Snowflake tear and faces extradition to the US. John Erin Binnswho was arrested in Turkey for an accusation related to a breach in 2021 of the telecom T-Mobile, is also accused of charges related to violations of Snowflake customers.

At the end of February, medical billing and insurance processing company Change Healthcare was hit by a ransomware attack that caused the destruction of hospitals, doctor’s offices, pharmacies, and other healthcare facilities. US health. The attack was one of the largest breaches of medical data, affecting more than 100 million people. The company, owned by UnitedHealth, is a dominant medical billing processor in the US. It said days after the attack began that it believed ALPHV/BlackCat, a notorious Russian-speaking ransomware gang, was behind the attack.

Personal data stolen in the attack included patient phone numbers, addresses, banking and other financial information, and health records including diagnoses, prescriptions, and treatment details. The company paid a $22 million ransom to ALPHV/BlackCat at the beginning of March to try to control the situation. The payment seems to be encouraging attackers to hit healthcare targets at an even greater rate than usual. In the meantime, rolling notifications to more than 100 million victims—with more still to be discovered—charges and other blowback are mounting. This month, for example, the state of Nebraska Sues Change Healthcaresaying that “failures to implement basic security protections” made the attack much worse than it needed to be.

Microsoft SAYS in January it was breached by Russia’s “Midnight Blizzard” hacker in an incident that compromised the email accounts of company executives. The group is tied to SVR the Kremlin’s foreign intelligence agency and is specifically linked to SVR’s APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, attackers targeted and compromised historic Microsoft system test accounts allowing them to access what the company said was a “very small percentage of accounts of Microsoft corporate email, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there, the group exfiltrated “several emails and attached documents.” Microsoft said the attackers appeared to be looking for information about what the company knew about them—in other words, the Midnight Blizzard doing reconnaissance of Microsoft’s research into the group.Hewlett-Packard Enterprise (HPE) also said in January that it suffered a breach of corporate email attributed to Midnight Blizzard.

Background check company National Public Data suffered a breach in December 2023, and data from the incident began being sold on cybercriminal forums in April 2024. Various configurations of the data returned – back in the summer, which ended with the public confirmation of the company’s breach in August. The stolen data included names, Social Security numbers, phone numbers, addresses, and dates of birth. Because National Public Data did not confirm the breach until August, speculation about the situation grew for months and included theories that the data included tens or even hundreds of millions of Social Security numbers. Although the breach is significant, the actual number of affected individuals seems to be, mercifully, lower. The company reported in a filing Maine officials said the breach affected 1.3 million people. In October, National Public Data’s parent company, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing state and federal investigations into the breach as well as multiple lawsuits the company faces over the incident.

Honorable Mention: North Korean Cryptocurrency Theft

Many people steal a lot of cryptocurrency every year, including North Korean cybercriminals who has a mandate to help fund the hermit kingdom. A report from cryptocurrency tracing firm Chainalysis released this month, however, highlights just how aggressive Pyongyang-backed hackers are. Researchers found that in 2023, hackers affiliated with North Korea stole more than $660 million in 20 attacks. This year, they stole nearly $1.34 billion in 47 incidents. The 2024 numbers represent 20 percent of the total incidents tracked by Chainalysis for the year and a whopping 61 percent of the total funds stolen by all actors.

The sheer dominance is astonishing, but researchers emphasize the seriousness of the crimes. “U.S. and international officials are investigating that Pyongyang is using the crypto it stole to fund its weapons of mass destruction and ballistic missiles programs, endangering international security,” Chainalysis wrote.