{"id":91382,"date":"2024-07-12T10:55:39","date_gmt":"2024-07-12T02:55:39","guid":{"rendered":"https:\/\/x-phy.com\/?p=91382"},"modified":"2025-10-15T09:35:23","modified_gmt":"2025-10-15T09:35:23","slug":"2024s-data-breach-tsunami","status":"publish","type":"post","link":"https:\/\/x-phy.com\/2024s-data-breach-tsunami\/","title":{"rendered":"2024&#8217;s Data Breach Tsunami <span class=\"title_part\">Lessons from Snowflake, Telekom Malaysia, and Others<\/span>"},"content":{"rendered":"<p>Did you know that in 2023, the average cost of a data breach reached a staggering USD 4.45 million globally? What is more alarming is that this is projected to surpass USD 5 million by the end of 2024 . As we stand halfway through 2024, cybersecurity resembles a battlefield, with organizations worldwide falling victim to increasingly sophisticated attacks. Imagine waking up to find your most sensitive information\u2014from your bank details to your medical history\u2014exposed on the dark web. This nightmare became a reality for millions of individuals and countless businesses in the first half of 2024. In fact, recent reports suggest that a cyberattack occurs every 39 seconds , with an estimated 30,000 websites hacked daily . These are not just numbers; they are real people, businesses, and consequences.<\/p>\n<p>No entity is immune to the relentless onslaught of cyber threats, from tech giants to government institutions. Let&#8217;s examine some recent incidents and the critical lessons they offer.<\/p>\n<h3><strong>Snowflake&#8217;s Chilling Revelation<\/strong><\/h3>\n<p>In June 2024, cloud data warehousing giant Snowflake disclosed a significant breach affecting 165 of its customers. The attack, attributed to a group called UNC5537, exploited stolen customer credentials to compromise Snowflake instances systematically. The hackers then tried to extort victims and sell their data on the dark web and shady forums. This breach proves the importance of solid credential management. Many of the credentials were obtained through information-stealing malware on contractor systems used for work and personal activities. This shows the dangers of mixing personal and professional device usage, especially when it involves downloading pirated software\u2014a common vector for <a href=\"https:\/\/x-phy.com\/glossary\/attack-vectors\/\">malware distribution<\/a>.<\/p>\n<h3><strong>Telekom Malaysia&#8217;s Customer Data Exposed<\/strong><\/h3>\n<p>In another concerning development, a hacker claimed in January 2024 to have stolen Telekom Malaysia&#8217;s entire customer database . The alleged breach reportedly contains nearly 20 million user records, including highly sensitive personal information such as MyKad (national ID) numbers, addresses, and even details about religious beliefs and marital status. While the full extent of this breach is still under investigation, it is a stark reminder of the vast amounts of personal data that telecom companies hold. This incident proves the need for robust data encryption and continuous monitoring of database activities to detect and prevent unauthorized access or exfiltration attempts.<\/p>\n<h3><strong>UK Ministry of Defense Personnel Data Compromised<\/strong><\/h3>\n<p>In May 2024, the UK Ministry of Defense (MoD) was affected by a significant <a href=\"https:\/\/x-phy.com\/what-we-can-learn-from-the-massive-dell-data-breach-that-exposed-49-million-records\/\">data breach<\/a> affecting an unknown number of current and former military personnel. The hack targeted an externally managed payroll system, potentially exposing names, bank details, and, in some cases, personal addresses of service members. This breach highlights the vulnerabilities that can arise when sensitive data is entrusted to third-party contractors.<\/p>\n<h3><strong>Twilio&#8217;s Authy App: A Breach of Trust<\/strong><\/h3>\n<p>In July 2024, Twilio, a cloud communications platform, reported a significant data breach affecting its Authy two-factor authentication app . The incident exposed millions of phone numbers associated with Authy user accounts. While Twilio assured that no 2FA tokens were compromised, the breach raised severe concerns about the security of authentication services. This breach is particularly ironic, given Authy&#8217;s role in providing additional security. It shows that even security-focused applications can become targets and highlights the need for continuous security assessments and improvements, even in tools designed to enhance protection.<\/p>\n<h3><strong>The Wake-Up Call<\/strong><\/h3>\n<p>These incidents reveal several common factors that organizations must address:<\/p>\n<ol>\n<li><strong>Human Error Remains a Major Vulnerability:<\/strong> From falling for phishing attacks to mishandling sensitive data, human error continues to be a significant factor in many breaches. Regular training and awareness programs are essential.<\/li>\n<li><strong>Zero Day Threats Evade Traditional Defenses:<\/strong> Sophisticated attackers often use previously unknown <a href=\"https:\/\/x-phy.com\/solutions\/zero-trust\/\">vulnerabilities<\/a>. Relying solely on signature-based security solutions has never been effective.<\/li>\n<li><strong>Comprehensive, Real-Time Monitoring is a Must:<\/strong> Many breaches go undetected for extended periods. Implementing continuous, AI-driven monitoring can help identify and respond to threats more quickly.<\/li>\n<li><strong>Third-Party Risk Management is Essential:<\/strong> As the MoD breach demonstrates, organizations must extend their security practices to encompass their entire supply chain and partner ecosystem.<\/li>\n<li><strong>Even Security Tools Can Be Compromised:<\/strong> The Twilio incident reminds us that no tool or service is inherently immune to attacks. A layered security approach is necessary.<\/li>\n<\/ol>\n<h3><strong>Fortifying Your Defenses with X-PHY<\/strong><\/h3>\n<p>In light of these persistent and evolving threats, organizations need innovative solutions that address the root causes of data breaches. Our suite of AI-embedded cybersecurity solutions offers a powerful approach to tackling these challenges head-on. Our <a href=\"https:\/\/x-phy.com\/products\/endpoint-security\/secure-ssd\/\">hardware-based security<\/a> technology provides real-time threat detection and prevention even against zero-day attacks,\u00a0closing the gaps left by traditional software-based approaches.<\/p>\n<p>X-PHY&#8217;s solutions are designed to:<\/p>\n<ol>\n<li>Mitigate human error through automated threat response<\/li>\n<li>Proactively detect and prevent <a href=\"https:\/\/x-phy.com\/zero-day-exploit-automotive-industry\/\">zero-day attacks<\/a> using AI-driven anomaly detection<\/li>\n<li>Provide continuous, real-time monitoring without impacting system performance<\/li>\n<li>Offer an essential layer of security from the physical infrastructure to complement existing cybersecurity stacks<\/li>\n<\/ol>\n<h3><strong>Request a Demo<\/strong><\/h3>\n<p style=\"text-align: justify; text-justify: inter-ideograph; line-height: 150%; margin: 12.0pt 0in 12.0pt 0in;\"><span style=\"font-family: 'Arial','sans-serif'; color: black;\">Don&#8217;t wait for you or your organization to become the next victim. Reach out to our team today to learn about how our solutions can secure your operations around-the-clock without straining your security teams.<\/span><\/p>\n<h3><strong>About the Author<\/strong><\/h3>\n<p>Irene Yeo is Flexxon\u2019s Sales Director, responsible for developing and leading Flexxon\u2019s global sales strategy, targets and activities. Her role involves leading and motivating the sales team, building strong relationships with customers, and identifying new business opportunities. Within the team, Irene is affectionately known as \u201cAuntie Irene\u201d, a fun-loving, caring and humorous people person who brightens up every conversation \u2013 whether you\u2019re in a meeting or waiting for the lift.<\/p>\n<p><span class=\"small_reference\"><br \/>\nCost of a Data Breach Report 2023<br \/>\n<a href=\"https:\/\/www.ibm.com\/reports\/data-breach\" target=\"_blank\" rel=\"noopener\">https:\/\/www.ibm.com\/reports\/data-breach<\/a><br \/>\nStudy: Hackers Attack Every 39 Seconds<br \/>\n<a href=\"https:\/\/eng.umd.edu\/news\/story\/study-hackers-attack-every-39-seconds\" target=\"_blank\" rel=\"noopener\">https:\/\/eng.umd.edu\/news\/story\/study-hackers-attack-every-39-seconds<\/a><br \/>\nHow Many Cyber Attacks Happen Per Day in 2024?<\/span><\/p>\n<p><span class=\"small_reference\"><a href=\"https:\/\/techjury.net\/blog\/how-many-cyber-attacks-per-day\/\" target=\"_blank\" rel=\"noopener\">https:\/\/techjury.net\/blog\/how-many-cyber-attacks-per-day\/<\/a><br \/>\nSnowflake Breach Exposes 165 Customers&#8217; Data in Ongoing Extortion Campaign<br \/>\n<a href=\"https:\/\/thehackernews.com\/2024\/06\/snowflake-breach-exposes-165-customers.html\" target=\"_blank\" rel=\"noopener\">https:\/\/thehackernews.com\/2024\/06\/snowflake-breach-exposes-165-customers.html<\/a><br \/>\nHacker alleges to have stolen Telekom Malaysia\u2019s customer database with \u2018nearly 20 million effective user data\u2019 (Updated with TM\u2019s statement)<br \/>\n<a href=\"https:\/\/www.thestar.com.my\/tech\/tech-news\/2024\/01\/26\/hacker-alleges-to-have-stolen-telekom-malaysias-customer-database-with-nearly-20-million-effective-user-data\" target=\"_blank\" rel=\"noopener\">https:\/\/www.thestar.com.my\/tech\/tech-news\/2024\/01\/26\/hacker-alleges-to-have-stolen-telekom-malaysias-customer-database-with-nearly-20-million-effective-user-data<\/a><\/span><\/p>\n<p><span class=\"small_reference\">MoD data breach: UK armed forces&#8217; personal details accessed in hack<br \/>\n<a href=\"https:\/\/www.bbc.com\/news\/uk-68966497\" target=\"_blank\" rel=\"noopener\">https:\/\/www.bbc.com\/news\/uk-68966497<\/a><br \/>\nTwilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers<br \/>\n<a href=\"https:\/\/www.securityweek.com\/twilio-confirms-data-breach-after-hackers-leak-33m-authy-user-phone-numbers\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.securityweek.com\/twilio-confirms-data-breach-after-hackers-leak-33m-authy-user-phone-numbers\/<\/a><br \/>\n<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Did you know that in 2023, the average cost of a data breach reached a staggering USD 4.45 million globally? What is more alarming is that this is projected to [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":91383,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","inline_featured_image":false,"footnotes":""},"categories":[15],"tags":[],"class_list":["post-91382","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trends-and-developments"],"_links":{"self":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/posts\/91382","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/comments?post=91382"}],"version-history":[{"count":3,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/posts\/91382\/revisions"}],"predecessor-version":[{"id":110589,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/posts\/91382\/revisions\/110589"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/media\/91383"}],"wp:attachment":[{"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/media?parent=91382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/categories?post=91382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/x-phy.com\/wp-json\/wp\/v2\/tags?post=91382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}