A decade of cyber attacks: the biggest hacks of 2011-2021
With more than half the world population now online and roughly a million more joining the internet each day, it is no wonder that cyber crime is also rapidly on the increase. The digital nature of virtual technologies used by people on a daily basis makes them vulnerable to cyber attacks that can take a multitude of forms - from data breaches and ransomware to the large-scale overtaking of systems with potentially devastating consequences.
Here is a list with the most significant recent cyber attacks, starting from the latest.
The world’s largest meat-processing company JBS was targeted by a ransomware cyber attack, which threatened to disrupt food supply chains and further inflate prices. The company was forced to pay the equivalent of $11 million in ransom.
Cyber attack on Colonial Pipeline, the largest fuel pipeline in the United States. The attack disrupted fuel delivery to the Southeast US for several days. The company paid the hackers nearly $5 million to regain access, of which the Justice Department was able to recover $2.3 million.
A hacker breaches a Florida city’s water system and increases sodium hydroxide to deadly levels. The intrusion was quickly noticed and addressed before the contaminated water reached the community.
CNA Financial, one of the biggest cyber insurance firms in the US, suffered a ransomware attack which forced it to shut down temporarily.
Computer giant Acer was attacked and asked to pay a ransom of $50 million to free up their database, a record-breaking demand to date. As the company refused to oblige, the hackers leaked the stolen data on the dark web.
The London-based Harris Federation was forced to temporarily disable the devices and email systems of all of the 50 primary and secondary academic institutions it manages after suffering a ransomware attack. This left over 37,000 students unable to access their coursework and correspondence.
Microsoft Exchange email servers operating globally were infiltrated and as a result, the cyber threat actors were able to access data of many government and private companies.
Australia-based logistics company Toll Group was hit by ransomware twice within 3 months, which has impacted their customer-facing applications.
Popular hotel chain Marriott suffered a data breach for the second time in two years. The information of approximately 5.2 million guests was accessed.
Magellan, the healthcare insurance giant, suffered a ransomware attack, during which threat actors had exfiltrated logins, personal information and tax information of 365,000 patients.
Twitter was breached by three individuals who gained access to the company’s internal systems, hacked dozens of high profile accounts and then used them to tweet out bitcoin scams that earned them more than $100,000. The three suspects were arraigned by the Department of Justice two weeks later.
The German software giant AG was the victim of a double extortion hack, which resulted in a forced shutdown of their internal systems and ultimately to a major data leak, since Software AG refused to pay the $20 million ransom.
Vastaamo Psychotherapy Centre in Finland was the victim of a data breach. The threat actors stole confidential patient records but instead of making their demands known to the organization, they blackmailed patients directly instead.
500,000 Zoom passwords were stolen and were then made available for sale in dark web crime forums.
MGM Resorts suffered a massive data breach resulting in the leak of personal details of 142 million hotel guests.
In two separate instances, approximately 540 million Facebook user records were compromised and published on Amazon’s cloud computing service.
In one of the biggest financial institution hacks in history, the banking and credit card giant Capital One had to admit that the Social Security numbers, banking transactions, credit scores and addresses of approximately 106 million people in the USA and Canada were compromised by a hacker.
First American, the largest real estate title insurance company in the US suffered a massive data leak of nearly 900 million compromised records.
DoorDash, a food delivery system, reported a cyber attack that affected its customers, drivers and merchants. Approximately 4.9 million consumers’ data was compromised.
Australian online design tool, Canva, had its data breached accessed by hackers. 139 million users were affected by the attack.
Approximately 380,000 British Airways travelers who had used their website or mobile app to purchase tickets were robbed of their personal data, including their full credit card information.
The health-tracking app MyFitnessPal was targeted by hackers who managed to gain access to over 150 million usernames, email addresses and passwords.
Ticketfly was hit hard when hackers breached the addresses, phone numbers and emails of over 26 million customers, forcing the ticket merchant to temporarily shut down their website.
In one of the largest breaches of the year, hackers stole over 92 million sensitive records from the DNA ancestry company MyHeritage.
Facebook was the target of hackers who gained access to over 30 million users’ personal data, such as names, relationship status, birthdate, religion, employers etc.
Quora user data was compromised due to unauthorized access to their systems by a malicious third party. An estimated 100 million accounts were compromised.
New-York based video messaging service Dubsmash had 162 million personal user data stolen and then put up on sale on the dark web market.
Malicious software called WannaCry infected more than 230,000 computers in over 150 countries and disabling parts of the UK’s National Health Service, as well as Spain’s Telefonica and FedEx.
1.5 terabytes of data were stolen from HBO and held ransom for $6 million worth of Bitcoin. HBO refused to pay, which led to the hacker releasing some yet-unreleased episodes and scripts of popular shows.
Companies throughout the U.S. and Europe were hit by NotPetya, ransomware that affected among others shipping giant Maersk, FedEx and even Mondelez International.
Equifax, one of the U.S.’ biggest credit agencies, announced a data security breach that may have affected as many as 143 million consumers.
Hackers stole the data of 57 million Uber customers and the company paid them $100,000 to cover it up. The breach was not revealed until 2020 and Uber is facing legal trouble because of the cover up.
Search engine and email provider Yahoo was hit by one of the biggest data breaches in history, leading to the personal information of more than 1 billion users being stolen.
A cybercriminal going by the name of ‘Peace’ managed to gain access to the data of millions of LinkedIn, Tumblr and MySpace users, which he then put up for sale on his dark web store.
Approximately 40,000 Tesco Bank accounts were compromised and in a rare twist in the cybercrime age, customers lost physical money from their accounts.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) was targeted by attackers who compromised and manipulated organizations into sending fraudulent money transfer requests.
Malware caused power outages in Ukraine after a coordinated cyberattack gained access to the power grid.
Hackers breached the systems of the health insurer Anthem Inc., exposing nearly 80 million personal records.
Adultery website Ashley Madison’s database was stolen by a group called Impact Team and following their failed blackmail, they released all the personal information of the site’s 37 million users.
An unknown group successfully infiltrated hundreds of banks in at least 30 countries, managing to swipe almost $1 billion.
Roughly 15 million T-Mobile customers had their personal information stolen after hackers got into the database of Experian, a credit-checking agency that checks on potential T-Mobile customers.
A breach of the children’s toy manufacturer VTech resulted in the release of records on millions of both parents and kids.
eBay massive hack left 233 million users’ data exposed to cybercriminals.
Hackers accessed 56 million credit card numbers and 53 million email addresses when they hacked The Home Depot.
The Sony Pictures Studio was hacked by cybercriminals who stole critical data from the company’s business affairs division, including unreleased films, executive salaries and information about Sony’s employees. The hackers attempted to blackmail Sony into not releasing its upcoming film The Interview but they did not comply.
Hacking group Rex Mundi held Domino’s Pizza to a $40,000 ransom over 600,000 Belgian and French customer records. Domino’s refused to comply and reassured customers that financial and banking information was not stolen.
The JP Morgan Chase cyberattack exposed more than 75 million customers and 83 million accounts to cybercrime. An important corporate data file reported to include applications and programs on the bank’s standard computers was also lifted by the hackers.
Target stores in the US were attacked by hackers, who stole data from 40 million credit and debit shoppers who purchased items at the stores between Nov.27 and Dec.15.
The Syrian Electronic Army hacked the Twitter account of the Associated Press, sending out a tweet announcing the injury of the then-president Barack Obama. Though the AP was swift to announce it had been hacked, the Dow Jones tumbled 140 points before recovering. The same hackers also redirected the New York Times domain to their servers for two hours.
A large-scale cyber attack held on the Columbian Independence Day against 30 Colombian government websites left the sites either defaced or completely shut down.
A cyberattack on Adobe compromised about 38 million accounts of its active users and stole part of the source code to Photoshop, its popular photo-editing program.
A malware called ‘Wiper’ performed a series of cyber attacks that destroyed computer systems on several oil platforms in the Middle East.
LinkedIn was hacked by unknown assailants and the passwords of more than 6.4 million people leaked onto the Internet.
Dropbox was similarly hacked and had user account details leaked.
More than 700,000 Macs were infected by the Mac OS X Trojan Flashback/Flashfake.
Highly destructive malware was used against Saudi Aramco, one of the largest oil conglomerates in the world. More than 30,000 computers were completely destroyed by the malware.
Email marketing firm Epsilon was hacked to obtain its email lists for ‘spear Phishing’ campaigns.
The computer security vendor RSA had its network hacked, the hackers targeting the SecurID keys the company made for several intelligence agencies, defense contractors and Fortune 100 companies.
Sony Playstation’s network was compromised, giving hackers access to 70 million user accounts.
Google announced that the email accounts of certain members of the U.S. government had been compromised by Chinese hackers.
TripAdvisor had email addresses belonging to some of its 20 million user base stolen.
With these only being some of the most significant attacks of the last decade, it is becoming imperative that governments, as well as the public and private sector should become proactive in investing in cyber security. With cyber threats becoming more and more sophisticated, everyone should be prepared to not only protect their business at present, but also be able to effectively adapt so as to confidently face any new challenges.
This is precisely what cyber risk insurance does - prepares you to deal with the recovery from such an attack and any legal liability in its aftermath. For further information, do not hesitate to contact us.
12th July 2021, Limassol