Top Data Breaches of 2024 Resulting in Lawsuits and Investigations

More than 1 billion Americans were impacted by data breaches in 2024, leading to lawsuits against Change Healthcare, AT&T, Ticketmaster and other companies that exposed customers’ personal information.

Over the past year, there have been a number of massive data breaches, where corporate security failings allowed hackers to gain access to individuals’ sensitive information, including contact information, credit card data, Social Security numbers and banking data, which exposed more than a billion individuals to a risk of identity theft and financial fraud.

The Identity Theft Resource Center (ITRC) has confirmed that more than 1 billion U.S. consumers were impacted by data breach events just between January 2024 and June 2024, including customers of AT&T, Ticketmaster and dozens of other companies, representing a 490% increase over the same period from the previous year. However, this number did not even include the approximately 100 million individuals impacted by a Change Healthcare data breach, which allowed private health information to be compromised.

These kinds of events can have devastating consequences for individuals, exposing those affected to risks of identity theft and financial fraud, as well as fear, stress, anxiety and other damages that can result from the need to freeze credit, employ identity monitoring services, or take other measures to protect personal and financial security.

As information emerged about security failings and steps that could have been taken to prevent hackers from accessing this personal information, there are now a rapidly growing number of data breach lawsuits, class action claims and individual arbitration claims being pursued by a rapidly growing number of Americans.

In this featured post, AboutLawsuits will highlight the most significant data breaches of 2024, offering information about the timeline of events, associated risks and lawsuits that are now being pursued. For those impacted by these data breaches, we will also discuss available resources and steps to consider if you or a loved one believe you have had your personal information compromised.

Change Healthcare Data Breach

One of the first major data breaches of the year was announced in February 2024, when Change Healthcare admitted it suffered a cyberattack, which exposed private information and medical data for an estimated 100 million Americans.

Although most individuals have not heard of the company, Change Healthcare operates as a part of Optum, a subsidiary of UnitedHealth Group, with an estimated one-third of all Americans’ healthcare information passing through its servers.

The company provides a range of services used by many healthcare providers, hospitals, pharmacies and insurers, which include verifying insurance, confirming pre-authorization of procedures, exchanging insurance claim data, and performing other healthcare-related administrative tasks.

On February 21, 2024, a hacker group known as ALPHV/Blackcat claimed responsibility for the Change Healthcare data breach, saying they had deployed ransomware to exploit vulnerabilities in the company’s security systems and gain access to massive amounts of sensitive data, including patients’ personally identifiable information (PII), such as names, Social Security numbers and insurance details, as well as protected health information (PHI) like medical records, diagnoses and treatment information.

After exporting the data, the hackers demanded a ransom from the company, and threatened to leak the stolen information if it was not paid. Court documents from the case of Castell v. Change Healthcare, Inc. show that Change Healthcare paid about $22 million in bitcoin to the group on March 1, 2024.

UnitedHealth CEO Andrew Witty testified before Congress that his company paid this $22 million ransom under the conditions that the stolen data would be returned. However, another group that is active on the dark web, RansomHub, claimed that it carried out the cyberattack along with BlackCat, indicating that BlackCat committed an “exit scam,” which is when a hacker group takes ransom money, only to vanish with the information that it stole.

RansomHub claims that it is also in possession of the data stolen from Change Healthcare’s systems, and has demanded its own ransom. To prove this claim, RansomHub posted samples of the stolen data and threatened to sell the entire file to the highest bidder.

As a result, individuals throughout the U.S. face a continuing risk of identity theft and financial fraud, requiring that they take preventative actions. Many of these Americans are now pursuing lawsuits, alleging that Change Healthcare failed to properly safeguard their personal information and healthcare data.

Change Healthcare Data Breach Lawsuits

The Change Healthcare data breach could have severe long-term impacts, which extend far beyond the two years of credit monitoring that Change Healthcare is currently offering to help assist affected individuals.

There are already more than 60 Change Healthcare data breach lawsuits pending, and it is expected that a number of individual arbitration claims will also be pursued to seek Change Healthcare settlement payouts.

Given common questions of fact and law raised in Change Healthcare class action lawsuits filed throughout the federal court system, the cases have been centralized as part of an MDL, or multidistrict litigation, before U.S. District Court Judge Donovan W. Frank in the District of Minnesota, for coordinated discovery and pretrial proceedings.

Earlier this month, the court ordered the parties to hold a series of in-person ex parte meetings with U.S. Magistrate Judge Dulce J. Foster, to explore the possibility of Change Healthcare settlement talks early in the litigation.

Change Healthcare data breach lawyers are currently providing free consultations and claim evaluations for individuals affected by the data breach who are concerned that they may suffer:

• Identity theft
• Credit fraud
• Medical identity theft
• Phishing and social engineering attacks
• Insurance fraud
• Targeted scams and harassment
• Reputational damage
• Financial loss

AT&T Data Breaches

In addition to the Change Healthcare hack, two major AT&T data breaches were also announced in 2024, which exposed the names, addresses, phone numbers, Social Security numbers, phone records and email addresses for millions of customers.

The telecommunications giant issued a press release regarding the first data breach on March 30, 2024, indicating that a cybersecurity hack in 2021 exposed the names, addresses, phone numbers, Social Security numbers and email addresses of approximately 7.6 million current account holders, as well as approximately 65.4 million former account holders.

AT&T announced another massive data breach in a report to the U.S. Securities and Exchange Commission (SEC) on July 12, 2024, which stated that hackers had also obtained phone numbers and private call records of approximately 110 million customers by accessing a cloud-based server owned by the company Snowflake, Inc.

First AT&T Data Breach

AT&T learned about the first data breach in August 2021, when a hacker group known as ShinyHunters threatened to sell a database for approximately $1 million that it had accessed, which was filled with sensitive customer information. Initially, AT&T disputed ShinyHunters’ claims, claiming that the leaked data samples shared by the hackers did not match company records.

However, in late March 2024, a hacker known as “MajorNelson” released the names, addresses, phone numbers, Social Security numbers and email addresses of more than 70 million accounts contained in the AT&T database for free on the dark web.

At this point, AT&T began sending Notice of Data Breach letters to customers who had their personal information compromised. While AT&T has offered complimentary identity theft and credit monitoring services to their customers, lawsuits seek substantial additional damages as a result of the breach and the company’s failure to provide timely notice to those impacted.

Second AT&T Data Breach

On July 12, AT&T announced a second data breach in 2024, which allowed hackers to gain access to phone numbers and call records of around 100 million customers.

The second AT&T data breach involved security problems at a cloud server provided by Snowflake, Inc., a company that stores data for AT&T and other large organizations. AT&T informed its customers of the cybersecurity event through a press release, indicating the breach had originated several years earlier, but was only recently discovered.

The compromised data allegedly encompassed records of phone calls and text messages for nearly all of AT&T’s cellular customers from May 1, 2022 to October 31, 2022, and on January 2, 2023 as well.

AT&T Data Breach Lawsuits

On June 5, 2024, the U.S. Judicial Panel for Multidistrict Litigation (JPML) consolidated all federal AT&T data breach lawsuits from the first cybersecurity breach as part of an MDL in the U.S. District Court for the Northern District of Texas, under Judge Ada E. Brown for coordinated pretrial proceedings.

Judge Brown then issued a case management order appointing 11 attorneys to leadership roles on September 4. These leadership attorneys in the AT&T data breach MDL will coordinate status updates, handle pretrial motions, conduct discovery and depositions on common issues, and potentially negotiate a settlement framework for the AT&T data breach claims.

For the second AT&T data breach, a panel of federal judges decided to consolidate all federal lawsuits over data breaches involving the cloud-based server company Snowflake as part of a separate MDL. This litigation includes the lawsuits against AT&T over the release of phone records and text messages of all 110 million customers, as well as other companies.

Ticketmaster Data Breach

AT&T was not the only major company affected by the Snowflake data breach. In May, Live Nation, the parent company of global ticketing platform Ticketmaster, reported that the Snowflake hack also compromised approximately 1.3TB of Ticketmaster data, which included names, addresses, phone numbers, credit card numbers and other personal information of more than 560 million current and former customers.

The data stolen from the Ticketmaster data breach was eventually offered for sale for $500,000 on a dark web site known as Breach Forums, which is associated with the hacking group ShinyHunters, who also claimed responsibility for the first AT&T data breach.

As a result, individuals are now pursuing Ticketmaster data breach lawsuits against Ticketmaster, Live Nation and Snowflake, Inc. for failing to take appropriate action to safeguard customers’ data, leaving them at risk of identity theft and financial fraud.

Ticketmaster Data Breach Lawsuits

The Ticketmaster class action lawsuits claim that the companies failed to properly secure customers’ sensitive information. The lawsuits indicate the one year fraud protections being offered by the company are not sufficient, since the private information accessed by the hackers could present financial risks to those affected for the remainder of their lives.

Given the growing number of class action lawsuits over the data breach, a motion was filed with the JPML on July 29, calling for all lawsuits stemming from the Snowflake data breach to be consolidated in the U.S. District Court for the District of Montana for coordinated pretrial proceedings before one judge. The litigation could potentially include up to 560 million Ticketmaster customers, as well as 110 million AT&T customers, among others.

Ticketmaster data breach lawyers are continuing to provide free consultations and claim evaluations for individuals who have had their identities stolen or suffered losses due to the Ticketmaster data breach, and are now afraid that their compromised information could include:

• Names and home addresses
• Emails and phone numbers
• Credit card information
• Ticket purchase details
• Other personal information

Snowflake Data Breach

Snowflake, Inc. is a cloud-based data warehouse platform, which allows other organizations to use its servers to store, process and analyze large amounts of records.

However, when AT&T announced the data breach affecting phone records for nearly all of its 110 million cellular customers, and when Live Nation revealed that a Ticketmaster data breach had affected at least half a billion of its own customers, Snowflake was implicated in both instances.

Snowflake has reportedly denied that either of the data breaches were due to cybersecurity failures on its end, but the company has still been named as a defendant in a growing number of data breach lawsuits with respect to compromised information in both the AT&T and Ticketmaster hacks, as well as others.

Snowflake Data Breach Lawsuits

The JPML established a Snowflake data breach MDL on October 4 before U.S. District Judge Brian Morris in the District of Montana.

The Snowflake MDL will include claims concerning data breaches related to the cloud server company between approximately April 2024 and June 2024, which involve Ticketmaster, AT&T, Advance Auto Parts and other companies, which may impact a combined 500 million consumers. The JPML rejected efforts by AT&T and Advance Auto Parts to separate pretrial proceedings for claims involving their customers.

This MDL is separate from the other AT&T data breach MDL, which was established for the first AT&T data breach announced in February of this year, involving claims stemming from the 2021 security failures that exposed customers’ social security numbers and other personal identifying information, and does not appear to involve Snowflake’s servers.

Snowflake data breach lawyers are providing free consultations and claim evaluations for individuals who are afraid they may have had their identifies stolen or suffered losses due to the Snowflake data breach, which involved:

• Advance Auto Parts
• AT&T
• Ticketmaster

Data Breach at National Public Data

In what was potentially one of the largest data breaches ever recorded, hacker group USDoD obtained 2.9 billion records from background-checking business National Public Data in December 2023, and attempted to sell the personal identifiable information on the dark web in April for $3.5 billion.

According to complaints that were filed in the federal court system, National Public Data mined and scraped the information from non-public sources without individuals’ consent, which they then used to conduct criminal background checks for different companies. Despite assurances that the data would be kept safe, confidential and private, the company held it in unencrypted files, leaving it vulnerable to hackers.

USDoD eventually posted some of the allegedly compromised information on the dark web forum “Breached,” claiming it had access to a database obtained through a cybersecurity attack on National Public Data, which contained 2.9 billion records of individuals’ personal identifying information, including names, Social Security numbers and addresses for virtually all Americans. Open-source malware website VX-Underground eventually researched USDoD’s data and confirmed that at least some of it was valid information.

Lawsuits Over National Public Data Breach

Following at least 14 complaints that have been filed in federal court against the service, National Public Data’s parent company Jerico Pictures filed for bankruptcy in October 2024. However, a Florida judge rejected the filing.

Although the company itself shut down earlier this year, lawsuits are still pending against National Public Data and Jerico Pictures, alleging that the data breach could have been prevented if the companies had conducted better employee training and used more robust cybersecurity measures.

Lawyers are still providing free consultations and claim evaluations for individuals who may have had their identities stolen due to the data breach at National Public Data, which could have potentially compromised:

• First and last names
• Social Security numbers
• Addresses

Data Breach Lawsuit Information and Cybersecurity Lawyers

AboutLawsuits will continue to cover these massive lawsuits and other data breaches in 2025, which may impact you and your family.

To receive information about developments in each of these litigations, as well as other security failures that may expose personal identifying information, sign up to receive our Weekly Digest Email, which provides information about lawsuits, recalls and settlements every Thursday evening.

If you or a loved one may have been impacted by a data breach in 2024, you can also submit information through AboutLawsuits for review by a cybersecurity lawyer, to help determine whether financial compensation may be available through a settlement or lawsuit payout.