🗣️ Ring camera hacked: A Texas family got the scare of a lifetime when a man hacked into their Ring camera and whispered to their 5-year-old son in the middle of the night. Even scarier? The video “deleted” itself 15 minutes later. This is your reminder to keep your devices up to date, never use your router’s default Wi-Fi password, set up 2FA and create strong passwords. Watch the scary 42-second video here.
Biggest data breaches of 2024 (so far)
From big banks to car dealerships, 2024 has been a banner year for data breaches. Yes, I mean that in the worst way possible. I’d be shocked if there’s any American left unexposed at this point.
Let’s take a walk down the data breach memory lane. I’ve got steps for remediation at the end for you and everyone you care about.
🔍 National Public Data: 2.9 billion people
A background-check company, National Public Data (NPD), was allegedly hacked, exposing 2.9 billion people. Hackers accessed Social Security numbers, full names and addresses, selling the database for $3.5 million. NPD is being sued. FWIW, obviously, there aren’t 2.9 billion SSNs on the list.
🏥 Ascension: 140 hospitals
In May, a malware download led to a massive cyberattack on Ascension, which runs 140 hospitals across the U.S. The attack disrupted emergency services and patient care. Hackers compromised seven of Ascension’s 25,000 servers.
🛻 CDK Global: 15,000 car dealerships
In June, CDK Global, a major car dealership software provider, faced two cyberattacks, severely disrupting operations for 15,000 dealerships. Reports suggest tens of millions in ransom was paid out.
🩺 Change Healthcare: $22 million payout
The tech firm owned by UnitedHealth is used by thousands of pharmacies, hospitals and health care facilities to receive payments and process claims. UnitedHealth paid $22 million to prevent data leaks by Russia’s BlackCat hacker group. This one affected about 50% of all Americans.
Another group, RansomHub, also claimed to have stolen data belonging to Change in February. Estimates say as much as one-third of all Americans were impacted. That includes sensitive medical data, like test results, diagnoses and images.
📲 AT&T: 73 million customers
$1,000,000 bounty
For anyone who catches a major Samsung security flaw. Bag a local arbitrary execution to score $300,000. Remote code execution vulnerabilities are worth up to $1 million. If you know what those terms mean, get to work.
Sounds familiar: Scammers are after Google Voice accounts. If they trick you into giving up your multifactor authentication code, they can make calls that look like they’re coming from you. Never share this info. If you already have, go to Protect your verification code and disconnect your number.
⚠️ 2.9 billion records leaked: Background-check company National Public Data may be responsible for one of the biggest data breaches in history. A lawsuit claims their negligence exposed 2.9 billion Social Security numbers, full names, addresses and so much more on the Dark Web. We all need to freeze our credit. Steps here.
64% fewer stolen cars
After Kia and Hyundai’s anti-theft software upgrades. The 2023 free update fixed shoddy security measures that made it way too easy to steal the vehicles. Drive one and not sure if you got the update? Call your dealership.
293% increase
In email attacks, compared to last year. Email scams exploded in the first half of 2024, including increases in ransomware, malware and phishing attempts. AI might not be helping tech companies turn a profit yet, but it’s sure helping cyber crooks.
It’s a scam: On Facebook, posts are popping up asking you to share photos of missing kids or folks in need. The goal is to get a ton of shares, and then the posts are edited to include malicious links. Spot the fakes: If it’s a real story, local news or law enforcement accounts will post about it, too.
$600,000 lost
After a homebuyer’s law firm was hacked. Now he’s suing them. Richard Bates hired the firm to help him buy a house. Hackers broke into their email and stole enough to trick Bates into wiring them his home payment. Bates says it wouldn’t have happened if his lawyers had basic cybersecurity like 2FA. Well, he’s not wrong.
💳 Don’t fall for it: Scammers pretending to be bank employees are phoning and texting with fake account fraud warnings. They’ll tell you to cut up your credit cards, leaving the chip inside intact. They then send someone to pick it up. With just that chip, they duplicate your card. A friend of mine started chanting in Latin the last time a scammer called. The man screamed, “No, don’t put a curse on my family!”
Don’t click on Google ads: Malware wormed its way into search ads for Google Authenticator. They were very hard to spot, with the display URL “https://www.google.com” and the advertiser “verified by Google.” Need to download something? Scroll past the ads and sponsored content, or type in the official address yourself.
😲 Stick to legitimate banks: Thousands of folks who put money into the Juno savings app are screwed. The company that provided Juno’s digital transaction ledgers collapsed, and no one can access their funds. One guy lost $38,000. Keep your savings in an FDIC-backed bank and those account balances under $250,000.
$75 million
Record ransom, paid to ransomware gang Dark Angels. This fairly new gang goes after some of the largest companies in the world. Once they’ve hacked into a database, they send a ransom note threatening to expose the stolen data on their site, Dunghill Leak. They say they’re “making the world more secure.” I’ll tell you one thing they’re definitely making: A boatload of money.
⚕️ Proceed with caution: Epic Systems, the huge health care software company that makes roughly $5 billion annually, says you’ll soon be able to import your medical records to apps of your choice using your Epic credentials. Sounds convenient, but think twice: You can’t control who these apps will sell your data to. Next thing you know, your life insurance premium skyrockets.
When you don’t excel, people spreadsheet: On Tuesday, July 30, Outlook was stalling, the Starbucks app crashed and Office 365 was down for eight hours. We now know a cyberattack took down the cloud computing system Microsoft Azure and a ton of apps and services with it. D’oh! Microsoft’s attempts to stop the attacks actually made the outages worse.
🚨 FBI crypto warning: Cybercriminals are posing as cryptocurrency exchange employees. They try to convince you your account was hacked or at risk and then ask for your login details so they can transfer all your money to their wallets, all as you watch. No one legit will ever, ever ask for your login details or seed phrase.
HDMI cable data grab: Security researchers found a new way hackers can spy: Electromagnetic radiation. By feeding signals into an AI model, they can reconstruct everything on a screen with 70% accuracy — enough to decipher passwords. The good news? It’s incredibly hard to pull off and requires a signal-capturing device inside your home.
6 feet
How closely a stalker can track someone using dating apps Bumble and Hinge. It’s not an exact location but pretty darn close. These apps ask for your location to find potential partners near you, but this is seriously scary.
🚨 Facebook ad alert: A massive ad campaign is hitting Facebook, pushing 600-plus fishy online shops. They bait you with huge discounts on brands like Nike and sweet deals on iPhones. Fake user comments make it all look more legit. There’s an easy way to spot the scam: These dodgy sites only work on mobile; click on them outside of your phone, and you’ll get a 404 error.
Byte-Ban: Starting Aug. 15, U.S. House of Representatives staffers are banned from using all ByteDance apps on government devices. TikTok’s already out, but now the ban includes photo-editing apps CapCut and Hypic, chat app Lark and social media app Lemon8. It all comes down to TikTok’s ties to Communist China. I’m surprised it took them this long.