In 2024 major data breaches made global headlines, exposing more than a billion records and affecting critical industries. Each of these incidents revealed specific vulnerabilities such as weak third-party controls, poor password management, and inadequate access controls that left organizations needlessly open to attacks. 

These breaches serve as a stark reminder that the cybersecurity landscape is constantly evolving and that threat actors are quick to exploit even minor security lapses. By understanding the tactics used by attackers and assessing the impacts of these breaches, businesses can make more informed decisions to safeguard their data. 

Below, we examine the five biggest data breaches of 2024, analyze what went wrong, and identify the practical steps organizations can take to strengthen their defenses in 2025.

4. Change Healthcare breach: 145 million records

In February 2024, Change Healthcare suffered the largest known data breach of protected health information to date, affecting more than 100 million Americans. The breach exposed Social Security numbers, drivers license numbers, medical records, insurance data, and financial and banking records — and caused widespread disruptions in processing payments and prescriptions across the US healthcare system. 

The parent company of Change Healthcare has faced significant financial repercussions, with direct response costs totaling $1.5 billion and overall cyberattack impacts reaching $2.4 billion, including a $22 million ransomware payment made in exchange for a promise to destroy the stolen healthcare data.

The breach was caused when attackers either stole or purchased credentials for a Citrix portal used for remote access to Change Healthcare systems, which did not have multi-factor authentication in place. 

Takeaway: Strengthen access controls

The absence of foundational security measures like MFA in this case illustrates how crucial strong access controls and periodic access reviews are to preventing unauthorized system access.

• Require MFA across all sensitive systems: MFA is essential for protecting systems with sensitive information, especially those accessed remotely. For high-risk roles, consider advanced methods like biometrics or hardware tokens to further strengthen security.
• Implement the Principle of Least Privilege: Limit access rights so that employees and vendors only have access to the data necessary for their role or job function. Reducing unnecessary access minimizes the potential damage if an account is compromised.
• Conduct regular access reviews: Periodically review and adjust user permissions to ensure they reflect current job functions. This step helps prevent excessive or outdated access and reduces the risk of insider threats.
• Monitor for unauthorized access attempts: Use real-time monitoring to detect suspicious login behavior, such as multiple failed attempts or unusual access locations. Quick detection allows organizations to respond before unauthorized access becomes a full-blown breach.

5. Dell breach: 49 million records

Dell Technologies experienced a significant data breach this year in which attackers gained access to customer information, including names, email addresses, and hashed passwords. This breach originated from a brute-force attack launched after a hacker accessed a client portal via one of Dell’s resellers. The attacker then sent over 5,000 login requests per minute for nearly three weeks, totaling almost 50 million attempts, yet Dell’s systems failed to detect this activity. It was only after the hacker sent multiple emails to Dell about the security vulnerability that the company became aware of the breach.

Takeaway: Strengthen vulnerability management

The Dell breach underscores the importance of proactive vulnerability management to detect and address security gaps before attackers can exploit them. Effective vulnerability management ensures that organizations can quickly detect and respond to unusual activity, protecting their systems and data from persistent threats like brute-force attacks.   

• Establish a vulnerability management policy: A vulnerability management policy  defines your organization’s approach to identifying, prioritizing, and remediating vulnerabilities. This policy provides a structured process for implementing a vulnerability management program that’s consistent across your organization, with defined roles, responsibilities, and timelines for each stage of remediation.  
• Use automation to enhance efficiency: Resourcing constraints are a common challenge in effective vulnerability management. Automated tools can streamline the process by continuously scanning for misconfigurations, monitoring the health of IT assets, and providing alerts for newly identified vulnerabilities. Platforms that incorporate AI for cloud remediation can also help mitigate vulnerabilities faster and more efficiently. 
• Conduct regular vulnerability scans and penetration testing: Periodic security assessments and penetration tests simulate real-world attacks to uncover potential vulnerabilities and identify the most likely attack vectors. These proactive assessments can help your organization strengthen its defenses by identifying specific areas for improvement.  

Cybersecurity best practices for a more secure 2025

The major data breaches of 2024 have revealed the consequences of overlooked vulnerabilities, from third-party risk to weak access controls. By adopting the lessons learned from these incidents, organizations can strengthen their defenses and protect sensitive data. 

In addition to the key takeaways outlined above, organizations should take these essential steps to reduce exposure, improve incident response, and enhance their overall resilience.

Reduce exposure with data minimization

Minimize your data exposure by collecting and retaining only the essential personal information necessary for operations. By limiting the data stored and protecting what is retained, organizations can significantly reduce the impact of potential breaches.

Regularly assess the types of data collected and ensure they align with specific business needs. Limit exposure to sensitive data like Social Security numbers unless absolutely necessary. It’s also important to establish specific data retention and disposal policies that define how long different types of data should be retained and methods for secure disposal. 

Stress test your incident response plan 

An effective incident response plan can mean the difference between quick containment and a prolonged crisis. With a well-prepared incident response plan, organizations can manage breaches efficiently, minimizing damage and fostering a culture of resilience. 

Make sure your incident response plan clearly outlines the steps for identifying, containing, and mitigating a breach, with assigned roles and responsibilities and communication protocols. Conducting regular training and simulations can help ensure teams are prepared to act quickly and decisively in the event of an actual incident and that any issues with your incident response procedures can be identified and addressed.  

Build a culture of security and privacy awareness

Incorporating security best practices into daily operations is essential. This includes regular security awareness training that reflects evolving threats and tactics and informs personnel of the key role they play in protecting the organization and its customers. Simulated phishing campaigns, for example, can test employees’ ability to recognize phishing attempts and provide targeted follow-up training for those who fall for simulated attacks. Organizations should customize training based on employees’ specific roles and the types of data they access so employees understand the specific security practices relevant to their responsibilities. 

Building a security-aware culture extends beyond employee training — security should be integrated into every aspect of your operations. This starts with encouraging open communication around security practices, updates on the current threat landscape, and specific security measures. These steps help employees feel confident in recognizing and reporting potential threats without hesitation.

Another essential element is a well-defined incident reporting process that’s easy for employees to access and understand. Organizations should make it clear that reporting suspicious activity or potential breaches is not only supported but actively encouraged. Establishing secure, anonymous channels for incident reporting can further enhance transparency, making employees more likely to report unusual or suspicious activity.

Implement a GRC automation solution

A Governance, Risk, and Compliance (GRC) automation platform is a powerful tool that enables organizations to strengthen their overall security and compliance program. By automating routine tasks and centralizing critical compliance functions, these solutions streamline processes that are traditionally time-consuming and prone to human error. Automation provides continuous visibility into risk levels and control performance, helps organizations proactively identify and address vulnerabilities, and simplifies regulatory and security compliance. 

Secureframe is an ideal GRC automation solution for companies aiming to build a resilient, comprehensive security and compliance program. Continuously monitor your tech stack to identify and remediate vulnerabilities and automate risk assessments to stay ahead of potential threats. With comprehensive  third-party risk management features and automated compliance with 40+ frameworks, Secureframe can set your organization up for a secure and resilient 2025. Schedule a demo today to see how our solution can enhance your cybersecurity and compliance.