Skip to content
Home » 22 Biggest Cyber Attacks in History That Made Global Headlines

22 Biggest Cyber Attacks in History That Made Global Headlines


Not all history is written by humans. Some is logged by malware.

In 2024, cybercrime costs were estimated to cross $9.5 trillion — a number so massive that it would make up the third-largest economy in the world after the U.S. and China. And that figure’s only climbing.

From hospitals locked out of their own systems to entire oil pipelines brought to a standstill, the biggest cyberattacks in history didn’t just disrupt; they exposed how vulnerable modern infrastructure is. These incidents weren’t one-off glitches. They were carefully executed, highly scalable, and often state-sponsored operations that left a trail of stolen data, halted operations, and shattered trust.

The repercussions extend beyond immediate financial losses. Organizations face an average data breach cost of $4.88 million, which encompasses lost productivity, legal fees, and reputational damage. This is especially true when data security software isn’t equipped to prevent internal leaks or block attackers once they’re in.

This article explores the biggest cyber attacks in recent history, including who was hit, how it happened, and the numbers that show just how high the stakes are.

11 biggest cyber attacks in history: At a glance

Year Entity affected Attack summary Method Estimated impact
2022 Uber A hacker gained internal access via MFA fatigue Social engineering Disrupted internal tools and Slack
2022 Medibank Medical and personal data of 9.7M stolen Data breach Major privacy breach; $35M+ impact
2022 LastPass Encrypted vaults and backups exfiltrated Credential compromise Trust loss among millions of users
2023 MOVEit Zero-day in file transfer tool exploited Supply chain / zero-day 2,500+ orgs affected; global fallout
2023 23andMe Genetic profiles accessed via reused logins Credential stuffing Lawsuits, racial profiling concerns
2023 T-Mobile API exposed the personal data of 37M users Data breach Reputational hit, regulatory scrutiny
2023 Capita (UK) Ransomware attack hit UK government services Ransomware £20M+ cleanup and recovery costs
2023 Western Digital Hackers stole internal data, held it for ransom Extortion Production outage, data exfiltration
2024 Change Healthcare Ransomware halted U.S. prescription systems Ransomware (BlackCat) $22M ransom paid; national disruption
2024 Microsoft Russian group breached exec email accounts Espionage Ongoing security review; reputational risk
2024 Cencora Data breach impacted the pharmaceutical supply chain Data breach Disclosure ongoing; regulatory action expected

Biggest cyber attacks in history by impact

These incidents triggered government inquiries, halted national operations, and redefined how we think about risk, resilience, and responsibility in the digital age.

1. Uber (2022): Hacker tricks MFA, hijacks internal systems 

  • Method: Social engineering via MFA fatigue
  • Impact: Internal Slack, codebase, and admin tools accessed

In September 2022, Uber was breached by a teenager allegedly linked to the Lapsus$ group. The attacker used a multi-factor authentication (MFA) fatigue tactic, repeatedly sending login requests until an employee finally approved one. Once inside, the hacker exploited hardcoded credentials to access internal systems, including Slack, financial dashboards, and source code repositories.

Screenshots of the breach were posted publicly, embarrassing Uber and highlighting how easily MFA protections can be bypassed without rate limits or contextual checks. While no user data was compromised, the incident exposed the fragility of enterprise identity security in the absence of user behavior monitoring and zero-trust policies.

2. Medibank (2022): 9.7M health records stolen and leaked

  • Method: Unauthorized access and extortion
  • Impact: Medical data of 9.7 million people exposed; no ransom paid

Australia’s largest health insurer, Medibank, refused to pay a ransom demand after hackers stole and later published sensitive data, including treatment information, mental health notes, and personal identifiers. The attackers initially gained access using stolen credentials and spent time inside the network before exfiltrating the data.

The breach affected nearly 40% of Australia’s population and led to intense public backlash. Medical ethics groups raised alarms about the long-term implications of exposing such private health information. The company’s stock price dropped, and the Australian government announced a national cybersecurity overhaul shortly after.

3. LastPass (2022): Encrypted vaults exfiltrated via dev account

  • Method: Developer credential compromise and cloud backup theft
  • Impact: Encrypted password vaults and customer metadata accessed

Initially disclosed in August 2022, the LastPass breach was more serious than first admitted. Hackers compromised a developer’s home machine and leveraged their access to pull customer vault backup files from a third-party cloud provider. Although vaults were encrypted, attackers stole metadata such as URL tags and customer email addresses.

The real damage wasn’t immediate; it was reputational. LastPass faced a wave of user distrust, and security experts urged customers to rotate credentials manually. The breach became a case study of why encryption alone isn’t enough when keys, cloud backups, and identity protections fail in tandem.

4. MOVEit (2023): Zero-day breach hits 2,500+ organizations

  • Method: Zero-day exploit in file transfer software
  • Impact: Over 2,500 organizations breached globally

The MOVEit breach was one of the most widespread zero-day exploit events in recent memory. The Clop ransomware group exploited a previously unknown flaw in Progress Software’s MOVEit Transfer, commonly used for secure file transfers. They automated the attack, scanning the internet for exposed instances and stealing data from thousands of targets.

Victims ranged from government contractors to universities and banking institutions. The scale and speed of the attack shocked the industry and reignited conversations about secure software development lifecycles and vulnerability disclosure programs.

5. 23andMe (2023): Genetic data exposed through reused logins

  • Method: Credential stuffing using previously leaked passwords
  • Impact: Genetic data for ethnic groups leaked; lawsuits followed

Although 23andMe wasn’t technically hacked, attackers used credential stuffing, logging in with reused usernames and passwords from past breaches. They accessed about 14,000 accounts, but due to the company’s relative-matching features, they could scrape genetic data tied to over 6.9 million individuals.

The data was eventually leaked in racially sorted batches online, leading to an international backlash. Critics warned that genetic data and public or social metadata could be used for targeted discrimination or surveillance. The breach prompted legal action and caused customers to question the platform’s data-sharing model.

6. T-Mobile (2023): API leak exposes 37M customer profiles

  • Method: API misconfiguration
  • Impact: Personal data of 37 million users exposed

In early 2023, T-Mobile revealed that a bad actor had exploited an unauthenticated API, siphoning off customer information such as full names, billing addresses, emails, phone numbers, and birthdates. The exposed data did not include financial or password credentials, but it added to the telecom giant’s long list of breaches — eight in total since 2018.

This breach reinforced concerns about insecure APIs in mobile ecosystems, especially when tied to consumer identity data. It triggered internal security audits and heightened pressure from the FCC, with critics questioning whether T-Mobile had meaningfully improved security practices after its previous lapses.

7. Capita (2023): Ransomware stalls UK government services

  • Method: Ransomware (Black Basta group)
  • Impact: Disruption to government services, estimated £20M in damages

In March 2023, the Black Basta ransomware group targeted Capita, one of the UK’s largest outsourcing firms for public services. The breach impacted critical operations such as military recruitment systems, national pension services, and housing benefit management.

Attackers gained access to systems two weeks before detection, highlighting detection and dwell-time gaps in outsourced IT infrastructures. Sensitive data, including internal emails and insurance records, was later leaked on the dark web. As a supplier to dozens of government agencies, the attack prompted a broader review of how public sector contracts handle cybersecurity oversight.

8. Western Digital (2023): 10TB stolen, MyCloud forced offline

  • Method: Data exfiltration and extortion
  • Impact: Cloud service outages and stolen corporate data

In March 2023, Western Digital reported a cyberattack that led to the theft of company data and an extended shutdown of MyCloud and other services. The attackers allegedly stole 10 terabytes of internal documents and demanded ransom, threatening to publish the data if payment was not made.

Customers could not access their personal files stored in the cloud for over 10 days, creating chaos for small businesses, photographers, and remote professionals. The attack highlighted the growing trend of ransomware groups targeting hardware and data infrastructure providers, not just corporate endpoints.

9. Change Healthcare (2024): Ransomware freezes prescription systems

  • Method: Ransomware (BlackCat/ALPHV group)
  • Impact: $22 million ransom paid; prescription systems paralyzed

In one of the most disruptive attacks on U.S. healthcare infrastructure, Change Healthcare, a central processor for insurance claims and prescription benefits, was crippled by ransomware in February 2024. The attackers, believed to be the BlackCat/ALPHV group, encrypted systems and demanded payment. Change Healthcare paid $22 million in Bitcoin, but delays and manual processing disrupted hospitals and pharmacies nationwide.

Doctors couldn’t submit claims, patients couldn’t get medications, and hospital revenue cycles were frozen for weeks. The attack prompted hearings in the U.S. Senate and renewed calls for critical infrastructure cyber standards.

10. Microsoft (2024): Russian hackers breach exec email accounts

  • Method: State-sponsored espionage (Midnight Blizzard/APT29)
  • Impact: Breach of executive mailboxes and U.S. agency correspondence

In early 2024, Microsoft disclosed that a Russia-linked group, Midnight Blizzard (also called APT29 or Cozy Bear), had accessed a “small number” of corporate email accounts, including senior executives and cybersecurity staff. The breach began with a password spray attack, followed by abuse of OAuth permissions to escalate access.

This was not a ransomware case. It was a targeted, low-noise espionage operation that bypassed detection for months. APT29 has previously been linked to the SolarWinds attack and other high-level intrusions. The breach prompted U.S. federal reviews, and Microsoft promised a complete revamp of how authentication and permissions are managed internally.

11. Cencora (2024): Pharma data breach disrupts supply chain

  • Method: Data breach (details under investigation)
  • Impact: Potential disruption to pharmaceutical logistics and compliance

In February 2024, Cencora (formerly AmerisourceBergen) disclosed that it had experienced a cybersecurity incident involving unauthorized access to company data. While full details have not been released, the company is a central distributor in the U.S. pharmaceutical supply chain, meaning the stakes are exceptionally high.

Investigations are underway to determine whether clinical trial data, drug distribution records, or patient-level data were compromised. Analysts warn that such a breach could slow down medication access, expose proprietary formulations, and create compliance fallout under HIPAA and FDA guidelines.

Dig deeper into the numbers driving ransomware, trojans, spyware, and more in our full breakdown of the latest malware statistics.

Other cyber attacks in history by year

A decade of cyber attacks tells a larger story: one of growing sophistication, shifting motives, and digital vulnerabilities that threaten everything from personal identities to global diplomacy.

Here’s a year-by-year breakdown of how cyber attacks went from back-page news to front-page chaos:

  • 2011: Sony’s PlayStation Network breach exposed 77M accounts, foreshadowing future data breaches in consumer tech.
  • 2012: Saudi Aramco’s Shamoon malware wiped out 30,000 workstations, showcasing how cyberwarfare could target oil economies.
  • 2013: Target lost 110M customer records via an HVAC vendor, making third-party security a boardroom topic overnight.
  • 2014: Yahoo suffered the largest known breach, impacting 500M accounts.
  • 2015: The U.S. Office of Personnel Management was hit by Chinese actors, compromising 21.5M federal employee files, including fingerprints and security clearances.
  • 2016: Dyn’s DDoS attack via Mirai botnet took down much of the internet, powered by hacked smart devices.
  • 2017: WannaCry ransomware, using leaked NSA tools, paralyzed 300K systems across 150 countries.
  • 2018: Marriott’s long-brewing breach exposed the personal info of 500 million guests, including passport numbers.
  • 2019: Capital One lost 100M records due to an AWS misconfiguration, underscoring risks in cloud adoption.
  • 2020: SolarWinds’ backdoor gave suspected Russian operatives access to U.S. agencies, a software supply chain breach on an unprecedented scale.
  • 2021: Colonial Pipeline was hit by DarkSide ransomware, leading to fuel shortages across the U.S. East Coast, proving ransomware could cripple real-world logistics.

Cyber attack readiness checklist

Even one weak link is enough. Start with identity. Layer defenses. Practice your response.

  • Enable adaptive MFA on all accounts
  • Limit and audit admin access
  • Block reused passwords and monitor login abuse
  • Patch fast — especially zero-days
  • Secure APIs and cloud configs
  • Back up data and test restores
  • Run quarterly phishing tests
  • Train staff on social engineering
  • Create and rehearse an incident response plan
  • Use EDR or SIEM for real-time threat detection
  • Set alerts for suspicious logins and access spikes
  • Evaluate vendor security measures consistently
  • Build a ransomware playbook
  • Assign breach response roles
  • Run tabletop drills twice a year

Every breach tells a story

Each cyber attack on this list isn’t just a headline. It’s a moment when technology, people, and pressure collide. Some exposed gaps in security, while others revealed the human cost of digital oversight. A few changes have occurred in how industries think about risk.

From the inside job to the nation-state exploit, these breaches show us that no system is too sophisticated, and no sector is too safe. But they also tell stories of adaptation: of companies rebuilding trust, regulators rethinking policy, and cybersecurity teams leveling up under pressure.

There’s no single villain, no one-size-fits-all defense, just a growing archive of hard-earned lessons. The challenge now is turning those lessons into a strategy.

The story of cyber risk is still being written. What happens next depends on how well we listen.

Knowing what happened is just step one. Understanding the trends is what prepares you. Discover how today’s cybercrime statistics are shaping tomorrow’s security decisions.