2024’s Biggest Data Breaches: 23andMe, Change Healthcare, Snowflake & More

Alright, let’s talk about the tech world’s favorite annual tradition—getting hacked.

Every year, we see a parade of companies that apparently didn’t learn anything from the last 10 years of cybersecurity disasters. It’s like they’re running the same terrible playbook, hoping this time it works out. Spoiler: It doesn’t.

This is Filip, and you’re watching Patch Notes, where we dissect tech screw-ups one bad decision at a time. Among other things.

Let’s get into it.

Pstt, you can watch our video on this topic if you don't feel like reading!

23andMe: Your DNA, Now Public Property

23andMe kicked things off by losing the genetic data of 7 million people. Seven. Million. That’s not just a breach; that’s a sci-fi plotline. But here’s the best part—they had the audacity to blame us, the users. Like, “Hey, maybe you should’ve secured your account better.”

Oh, sure, because when I signed up to find out if I’ve got Irish ancestors, I definitely anticipated needing military-grade or an air-gapped computer encryption. And of course, after the damage was done, they rolled out multi-factor authentication. Yeah, great timing. That’s like putting on a helmet after you’ve already crashed your bike.

And to top it all off? They laid off 40% of their staff. Nothing says “we’re taking your security seriously” like cutting the team responsible for keeping your genetic data safe.

Change Healthcare: A Masterclass in Bad Decisions

Next up, Change Healthcare. These folks managed to grind a big chunk of the U.S. healthcare system to a halt. People couldn’t get their prescriptions, surgeries were delayed—it was a full-on mess. Why? Because someone hacked a single user account that didn’t have multi-factor authentication.

So what did they do? They paid the hackers $22 million in ransom. But wait, there’s more—they had to pay another ransom to a second group of hackers. At that point, just cancel the credit card, right?

It took them seven months to tell everyone that over 100 million people had their private health information stolen. Seven months. That’s longer than most people keep their New Year’s resolutions.

Snowflake: A Cloud That Couldn’t Keep a Secret

Ah, Snowflake—the cloud computing giant that apparently thought “single-factor authentication” was good enough. Hackers used stolen login details to access customer data from companies like AT&T and Santander Bank. If your entire business is based on storing sensitive data, maybe don’t treat your security like it’s a free Wi-Fi password at Starbucks.

They’ve since made multi-factor authentication mandatory. Bold move. Nothing like a major data breach to make you rethink the basics.

Columbus, Ohio: Don’t Blame Us, Blame the Guy Who Helped

Columbus, Ohio takes the cake for pettiness. When they got hit by a ransomware attack, a security researcher found evidence that hackers had stolen residents’ data—Social Security numbers, driver’s licenses, the works. Did they thank him? No. They sued him.

That’s right. Instead of fixing the problem, they went after the guy pointing it out. It’s like getting mad at your mechanic for telling you your brakes are shot.

Hot Topic: Pretend It Didn’t Happen

And then there’s Hot Topic. They lost the data of 57 million customers and… just didn’t tell anyone. No statement, no warnings—nothing. It’s like they thought if they ignored it long enough, it’d go away. Meanwhile, customers are finding out their data’s been leaked from random breach notification sites.

If there’s one thing we learned from this, it’s that denial isn’t a breach strategy.

The Bigger Picture

Here’s the thing—almost every one of these breaches could’ve been avoided. Multi-factor authentication? It’s not a new invention. Transparency? Shouldn’t be this hard. Yet every year, companies seem to think they can wing it, and every year, we get to sit through this same ridiculous cycle.

So what’s the takeaway? For companies: Do better. For the rest of us: Assume your data’s already out there and change your passwords regularly.

What do you think? Are companies ever going to learn, or should we just brace for next year’s train wreck? Drop a comment below.

That’s it for this episode of Patch Notes. Like, subscribe, and tune in next time—because tech never stops finding new ways to mess up. See you soon.