Case Studies of Major Supply Chain Breaches
Change Healthcare Ransomware Attack
In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, experienced a ransomware attack by the ALPHV/BlackCat group. This attack disrupted healthcare transactions for 100 million people, affecting billing and insurance processing. The breach highlighted the third-party risks in healthcare supply chains, emphasizing the need for robust cybersecurity measures to secure digital supply chains. The estimated cost of this attack was $872 million, excluding the ransom payment.
Snowflake Data Breach
In mid-2024, Snowflake, a cloud data platform, faced a data breach impacting multiple high-profile companies, including AT&T, Santander Bank, and Ticketmaster. The breach was due to compromised user credentials and lack of multi-factor authentication (MFA). This incident underscored the importance of MFA and the role of cloud service providers in securing supply chains.
National Public Data Breach
In late 2024, a massive data breach exposed 2.9 billion records from various public databases. This breach allegedly exposed up to 2.9 billion records with highly sensitive personal data of up to 170M people in the US, UK, and Canada. The breach affected data brokers and raised concerns about regulatory scrutiny in supply chains. The incident highlighted the need for stringent data protection measures and compliance with regulations to safeguard sensitive information.
Cencora (AmerisourceBergen) Cyberattack
In early 2024, Cencora (formerly AmerisourceBergen) suffered a cyberattack that disrupted its pharmaceutical distribution services. The breach affected the supply chain of pharmaceuticals, emphasizing the critical role of secure supply chains in the pharmaceutical industry. The breach is known to have affected at least 27 pharmaceutical and biotechnology companies and involved the theft of the personal data of hundreds of thousands of individuals. This incident called for enhanced cybersecurity protocols to protect sensitive data and ensure continuous supply chain operations.
Tangerine Telecom Breach
In mid-2024, Tangerine Telecom experienced a breach involving unauthorized access to customer data. The breach compromised customer information, highlighting the importance of securing telecom providers as critical nodes in the digital supply chain. The attacker gained unauthorized access and stole the sensitive information of approximately 232,000 customers. This included names, phone numbers, and email addresses.
VARTA Cyberattack
In late 2024, VARTA, a German battery manufacturer, was targeted by a cyberattack that disrupted its production. The attack impacted the supply chain of batteries, emphasizing the significance of securing manufacturing supply chains in industrial sectors.
Dell Technologies Breaches
Throughout 2024, Dell Technologies experienced multiple breaches exposing employee and customer data. The breach allegedly affects 10,800 employees and partners and exposes sensitive internal data. These breaches highlighted the importance of securing internal company information and employee records. A hacker forum post reported by the Daily Dark Web claimed a threat actor was selling data from an April Dell breach. The listing included 49 million customer records covering systems purchased from 2017 to 2024.
These case studies illustrate the critical importance of securing supply chains across various industries. By implementing robust cybersecurity measures, companies can mitigate risks and protect sensitive information from cyber threats.