In 2024, the software industry faced several significant defects and security breaches that impacted various sectors globally. Here are ten notable incidents from that year:
1. CrowdStrike Falcon Sensor Outage
In July 2024, a routine update to CrowdStrike’s Falcon Sensor caused widespread system failures across approximately 8.5 million Windows devices. This outage disrupted operations in critical sectors, including healthcare, finance, and government services, highlighting the risks associated with automated security updates
2. Volkswagen’s Cariad Software Crisis
Volkswagen’s software division, Cariad, encountered significant challenges in its digital transformation efforts. Delays in software development led to postponed vehicle launches and a financial setback estimated at $5 billion, prompting a strategic partnership with Rivian to address the issues.
3. Birmingham City Council’s Oracle Implementation Failure
The Birmingham City Council’s attempt to implement Oracle’s financial software system resulted in a £38 million failure. The project faced issues such as data migration errors and system incompatibilities, leading to financial mismanagement and public criticism.
4. Change Healthcare Ransomware Attack
In February 2024, Change Healthcare suffered a ransomware attack that compromised the personal health information of approximately 190 million individuals. The breach disrupted healthcare services nationwide and underscored vulnerabilities in critical infrastructure.
5. National Public Data Breach
A massive data breach at National Public Data exposed sensitive information of nearly all Americans, including Social Security numbers and addresses. The breach, attributed to the cybercriminal group USDoD, led to the company’s bankruptcy and raised concerns about data privacy practices.
6. Snowflake Customer Data Breach
Hackers affiliated with the group Scattered Spider exploited weak security practices to breach over 100 customers of Snowflake, Inc. Affected organizations included AT&T, Ticketmaster, and Santander Bank, with stolen data ranging from personal information to financial records.
7. Salt Typhoon Telecommunications Hack
Chinese state-sponsored hackers, known as Salt Typhoon, infiltrated U.S. telecommunications providers, including AT&T and Verizon. The breach allowed access to call metadata and wiretap systems, posing significant national security concerns.
8. Australian Superannuation Funds Cyberattack
Several Australian superannuation funds, including AustralianSuper and Hostplus, were targeted in cyberattacks exploiting the absence of multifactor authentication. The breaches led to unauthorized withdrawals totaling over $500,000 and highlighted the need for improved cybersecurity measures.
9. PyPI Supply Chain Attack
A supply chain attack on the Python Package Index (PyPI) involved the distribution of malicious packages containing the JarkaStealer malware. These packages, disguised as legitimate tools, were used to exfiltrate sensitive information from developers’ systems, emphasizing the importance of scrutinizing open-source dependencies.
10. Ivanti Zero-Day Vulnerabilities Exploitation
Zero-day vulnerabilities in Ivanti’s Connect Secure and Policy Secure products were exploited by Chinese nation-state actors. The breaches affected multiple organizations, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and highlighted the risks associated with unpatched software vulnerabilities.
These incidents underscore the critical importance of robust cybersecurity practices, timely software updates, and vigilant monitoring to protect against evolving threats in the digital landscape.