I’ve spent the better part of two decades watching companies learn hard lessons about security. But nothing prepared me for what I saw unfold in 2024.

It started in May. Dell disclosed that attackers had exploited a partner portal API — one they probably thought was “internal” enough not to worry about — to siphon off 49 million customer records. Names, addresses, purchase histories. All of it.