13 Biggest Cyber Attacks

Key Takeaways

The scale of cyber attacks is growing at an alarming rate. In this year alone, cybercrime is projected to cost the world $9.5 trillion annually, up from $3 trillion in 2015. And this is not to mention the profusion of different crypto scams currently rife in the blockchain ecosystem.

This surge in cyber attacks affects everyone, from large corporations to individual users, threatening personal data security, enabling identity theft, and leading to significant financial losses. Understanding the most significant cyber attacks so far can help individuals and organizations improve their digital defenses, protect their identity, prevent fraud and bank account hacks. In this article, we’ll give a rundown of the biggest cyber security attacks, providing valuable insights into the state of digital security.

Let’s take a closer look at the biggest cyber attacks, breaches, and data leaks of the year to date. 

The Biggest Cyber Attacks

1. Internet Archive Hack – SN_Blackmeta

• October 2024
• Data damage: 31 million user credentials leaked
• Cause: DDOS deployed by SN_Blackmeta (Twitter handle)

Launched in 1996, the Internet Archive is a digital library that stores more than 866 billion legacy web pages, making it a centralized backup for internet content. You could say it’s the collective digital memory of humanity.

In October 2024, the Internet Archive fell victim to a “catastrophic cyberattack” in the form of a DDOS. The hack began by releasing credentials of more than 31 million people, including passwords, usernames and password change timestamps. It then disabled large portions of the Internet Archive, with the site returning a pop-up stating “Internet Archive services are temporarily offline” and instructing users to monitor the situation via the archive’s Twitter account.

A hacktivist Twitter account called SN_Blackmeta has come forward to claim responsibility, suggesting further attacks may be in the works. However, the motivation behind the hack remains unclear, with Jason Scott – one of the site’s archivists – confirming the attacker had made no demands or contact attempts.

According to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.
QJason ScottInternet Archivist Curator

While the Internet archive is expected to be back up and running within days of the DDOS, the hack underscored the challenge for users and archivists of holding such vast quantities of important data in one place.

2. BlackCat ALPHV – Change Healthcare

• February 2024
• Data leaked: patient health records, personal identification information, payment records
• Value: Over $900 million
• Cause: vulnerability in the company’s cloud storage system

We continue our review with a hack in the US healthcare industry. Change Healthcare, a subsidiary of UnitedHealth Group, is a company responsible for managing sensitive patient information and processing claims to third parties. 

On 21 February 2024, Change Healthcare announced that it had suffered a cyber attack that extracted 4 terabytes of patient data, including personal details, payment records, and insurance information. The attack was so significant it forced Change Healthcare to take some of its operations offline.

The perpetrators were none other than the famous Russia-based ALPHV/BlackCat group,  who directly claimed responsibility for the attack. The hackers exploited a vulnerability in the company’s cloud storage system, which allowed them to 

ALPHV/BlackCat requested a ransom and Change Healthcare complied by making a payment of $22 million. But the ransom was just the start, as the ripples of the attack put the entire system in shambles. According to United Health Group, the attack on Change Healthcare cost them $872 million in the first quarter of 2024. 

The CEO of the American Hospital Association classified it as “the most significant and consequential incident of its kind against the U.S. healthcare system in history.”

3. Midnight Blizzard – Microsoft

• January 2024
• Data leaked: source code, internal emails, customer data
• Cause: phishing attack targeting employee credentials

With a user base of more than 1 billion people and a staggering market cap of $3.3 trillion, Microsoft is the world’s largest company, and a trusted name. But even this tech behemoth isn’t completely immune to assaults. 

On 12 January 2024, Microsoft detected a cyber attack. The hackers used a sophisticated phishing campaign to gain access to employee credentials, allowing them to infiltrate Microsoft’s vast network. Sensitive data, including source code, internal emails, and customer data, was compromised. The party responsible for the attack was Midnight Blizzard, a party or group tied to the Russia-sponsored hacker group known as NOBELIUM.

Midnight Blizzard isn’t some small-time criminal gang. They are a highly professional, Russian-backed outfit that fully understands the value of the data they’ve exposed and how to best use it to inflict maximum harm.Amit YoranCEO of cybersecurity firm Tenable

Midnight Blizzard breach highlighted vulnerabilities in even the most secure organizations and underscored the importance of robust cybersecurity measures. As one of the biggest companies on the market, the recent Microsoft breach has alerted regulators to how the corporation protects user data. 

While no official data on damage has been provided, the real hit was to Microsoft’s reputation. In an official post about the Midnight Blizzard attack, Microsoft announced its commitment to set in place additional security, detections, and monitoring practices.

4. MOAB (Mother of All Breaches) Leak – Twitter, LinkedIn and more

• January 2024
• Data leaked: Vast amounts of personal and corporate data
• Cause: firewall misconfiguration

In January 2024, cybersecurity researcher Bob Diachenko and the Cybernews team discovered an open instance on the internet with 26 billion records. Dubbed the Mother of all Breaches, MOAB, the instance contains various types of data from different platforms such as Tencent, Weibo, Twitter, Deezer, LinkedIn, Adobe, Telegram and many others.

According to experts, the data found in MOAB isn’t necessarily new and is most likely a compilation of previous breaches we’ve seen in the past. Despite that, within the billions of records, one could find some sensitive data such as private information.

What makes the MOAB dataset highly dangerous is that hackers can exploit the aggregated data for various malicious activities. These activities can include identity theft, phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts. If a user has the same password for multiple accounts they can easily fall victim to an attack.

5. RockYou2024 

• July 2024
• Data leaked: usernames, passwords, email addresses
• Cause: database misconfiguration and exploitation

On 4 July 2024, a user by the name of ObamaCare posted a text file named “rockyou2024.txt” on a hacking forum. The file contained a compilation of nearly 10 billion (9,948,575,739  to be exact) credentials gathered from previous breaches.

The file itself, rockyou2024.txt, was named after the infamous RockYou2009 breach, which exposed 32 million user accounts back in 2009. RockYou was a real company known for creating widgets for MySpace and developing applications for various social networks, including Facebook.

When combined with other leaked databases found on hacker forums and marketplaces, RockYou2024 can lead to a cascade of data breaches, financial frauds and identity theft. This isn’t the first time something similar has happened as attackers posted a RockYou2021 list three years ago. Back then the number of passwords was 8.4 billion. To this day, it’s not clear whether the poster of the list (ObamaCare) was the actual perpetrator as the real hackers are still at large.

6. Quilin – Synovis

• June 2024
• Data leaked: medical records, patient data
• Cause: single point of failure in the Synovis LIMS

In early June 2024, pathology lab services provider Synnovis – a conglomerate of SYNLAB and various NHS trusts – became the target of a ransomware attack.

The Synnovis database handled sensitive information required to facilitate blood testing for a number of UK organizations. As a result of the hack, the services in seven UK hospitals were delayed, with blood transfusions suffering the most.

To better understand the way the attack was carried out we must mention that Synnovis created a Laboratory Information Management System (LIMS) back in October 2023. This system unified several IT systems into one, providing results to the Guy’s and St Thomas’ and King’s College Hospital NHS Foundation Trusts. The LIMS system made things more efficient but it also introduced a vulnerability with a single point of failure.

The attackers were identified as the Russian group named Qilin, which requested a ransom of £40 million. The NHS refused to pay the ransom and the stolen data (patient names, dates of birth, NHS numbers, descriptions of blood tests) was published on the dark web.

7. AT&T Cyber Attack (attacker unknown)

• March 2024
• Data leaked: Customer personal information, billing records
• Cause: unknown

AT&T  is a multinational telecommunications holding company that provides data coverage in more than 190 countries. In March 2024, AT&T experienced a significant cyberattack that exposed the sensitive data of approximately 73 million customers. This breach included information such as full names, addresses, dates of birth, phone numbers, social security numbers, and AT&T account details. 

The stolen data was leaked online, prompting AT&T to reset account passcodes and offer identity theft protection and credit monitoring services to affected customers. A man from Ohio filed a class action lawsuit against the company, accusing AT&T of negligence and breach of contract. According to AT&T, the stolen data was from 2019 and it didn’t include any financial information. No ransom was ever requested by the hackers and the attackers remain a mystery, however, the AT&T data was published on the dark web.

The company is conducting a thorough investigation of the attack, but assured customers it had no material impact in a statement following the AT&T hack.

8. ShinyHunters – Ticketmaster

• May 2024
• Data leaked: Payment information, personal details of customers
• Cause: cloud account hijacking

Ticketmaster is an American ticket sales and distribution company with operations spanning numerous countries. Between April 2 and May 18, Ticketmaster experienced a cyber attack that compromised the payment information and personal details of nearly 560 million customers.

Ticketmaster’s parent company, Live Nation, identified suspicious activity in late May. Roughly a week later, on May 28, 2024, the hacking group Shinyhunters claimed responsibility for the attack and requested a ransom of $500, 000 on the online forum BreachForums. Shinyhunters are a well-known black-hat criminal hacking group that appeared on the scene in 2020. So far the group has been involved in numerous data breaches and their country of birth remains unknown. The name of the group “Shinyhunters” seems to originate from the video game Pokémon where Shiny Pokémon are an extremely rare occurrence.

But things didn’t end there as the extortion continued as a hacker under the name Sp1d3rHunters leaked print-at-home tickets for 150 upcoming events. Sp1d3rHunters also leaked 166,000 Taylor Swift ticket barcodes and demanded a $2 million ransom. The hacker threatened to release mail and e-ticket barcodes for all events if their demands were not met. Ticketmaster dismissed both leaks and didn’t engage the hackers in ransom negotiations. The attacker unleashed the exploit by hijacking a cloud account, using stolen credentials to access the data.

9. Halliburton Cyber Attack

• August 2024
• Data leaked: Company information
• Cause: Unknown

On 21 August 2024, Halliburton, one of the largest oilfield companies globally, discovered unauthorized access to its systems. Hackers accessеd company systems and managed to remove some of the data. The incident caused disruptions to a portion of the company’s business applications. Although the exact nature of the cyberattack remains unknown, the company responded by taking some of its systems offline to prevent further damage.

Halliburton launched an internal investigation, while also working with external advisors and law enforcement. This is not the first major incident in the oil sector. Back in 2021, a ransomware attack on the Colonial Pipeline resulted in a multi-day shutdown, cutting off a major fuel supply line to the Eastern United States and leading to fuel shortages. It was later revealed that Colonial Pipeline paid hackers approximately $4.4 million.

While Halliburton’s breach did not immediately impact energy services, the full details of the hack, including the systems compromised or the identity of the perpetrators, remain unknown. It’s also not clear whether the company had any contact with the hackers or if it paid a ransom. The complete extent of the damage is yet to be revealed but it’s certain that the company has experienced financial losses. Halliburton stocks dropped by approximately 8% two weeks after the incident.

10. VGTRK Russian Media Hack

• October 2024
• Data leaked: Unknown
• Cause: Unknown

On 7 October, 2024, Ukrainian-linked hackers carried out a large-scale cyberattack on the Russian state broadcaster VGTRK. The attack led to a shutdown of VGTRK’s online broadcasting and internal services. Russian state news Gazeta reported that the Ukrainian hacker group known as “sudo rm -RF” was responsible for the attack. They targeted critical infrastructure including prominent TV and radio channels like Russia-1 and Russia-24. 

Although the Russian government stated that the attack did not cause significant damage, sources from Ukraine otherwise. An Ukrainian law enforcement official claimed that the attack was a surprise for Putin’s birthday. It destroyed all server data, including backup copies, causing a total disruption of online broadcasting, internet, and communication services. 

Kremlin spokesperson Dmitry Peskov confirmed that specialists were working to identify those responsible for the attack.

11. Hot Topic Hack

• October 2024
• Data leaked: Personal information of 350 million users
• Cause: Third-party hack

In late October 2024, the cybersecurity company Hudson Rock discovered a major data breach affecting fashion retailer Hot Topic, exposing the personal data of millions of customers. The company issued a warning after a hacker known as “Satanic” began selling access to a database containing sensitive information from Hot Topic, BoxLunch, and Torrid. Reportedly, the data includes names, email addresses, addresses, and dates of birth of 350 million users. The information was gathered through Hot Topic’s loyalty program. The hacker offered the database for $20,000 (later reduced to $10,000) and demanded a $100,000 ransom from Hot Topic to prevent its sale.

Hudson Rock confirmed the breach’s credibility after finding malware on an employee’s computer at third-party analytics firm Robling. Using its cyber intelligence platform, Hudson Rock traced the infection back to September 12, 2024. The Robling employee accessed Hot Topic data on platforms like Snowflake, Microsoft Azure, and Google’s Looker, which were allegedly left unprotected by multi-factor authentication (MFA).

Satanic initially claimed the breach impacted 1 billion users, later revising it to 350 million, including 680 GB of data and 116GB of customer information. Hudson Rock warns that the stolen data could enable fraud, phishing, and identity theft. Neither Hot Topic nor Robling has commented on the breach.

12. Salt Typhoon Hack

• October 2024
• Data leaked: Personal information of millions, US officials’ correspondence,  foreign-intelligence surveillance systems
• Cause: Exploiting existing vulnerabilities

In October 2024, Salt Typhoon, a Chinese hacking group, carried out an extensive cyber-espionage operation targeting U.S. telecommunications providers. Targets included T-Mobile, Verizon, AT&T, Lumen Technologies, and others. Active for over a year, the attackers breached critical telecom systems to access sensitive communication data, such as law enforcement requests, wiretapping platforms, and government officials’ private communications. 

U.S. federal agencies revealed that the group also exfiltrated substantial internet traffic and metadata from millions of users. Salt Typhoon exploited vulnerabilities in telecom infrastructure, leveraging unpatched devices and exposed services. Their motivations were primarily espionage, aiming to gather intelligence on U.S. surveillance activities and other high-value targets.  The breach highlighted systemic cybersecurity weaknesses, prompting the FBI, CISA, and NSA to release urgent recommendations for bolstering telecom network defenses.

Chinese officials dismissed the allegations, denying any involvement with the hackers. The event has spurred legislative efforts and discussions about securing critical infrastructure, though experts warn that fully eliminating Salt Typhoon’s presence from U.S. networks could take months, if not longer.

13. X DDoS Attack

• March 2025
• Data leaked: N/A
• Cause: Denial-of-service attack

The social media platform X (formerly Twitter) experienced significant disruptions on 10 March, 2025 as a result of a DDoS cyberattack. Tens of thousands of users had trouble connecting to the platform. The Dark Storm Team hacking group, which has been active since 2023, claimed responsibility for the attack and stated that it was a demonstration of their capabilities. Elon Musk, owner of X, expressed his skepticism towards this confession and stated that the IPs of the attackers were traced back to parts of Ukraine.

Musk described the incident as a “massive cyberattack” that required substantial resources. This raised the possibility of a potentially large coordinated group or nation-state. In addition, the attack on X came at a time of political tension within the United States, with President Donald Trump imposing tariffs on trade and Elon Musk playing a direct role in cutting excess government spending through the newly-created Department of Government Efficiency.

Honorable Mention: The Biggest (Failed) DDOS Attack

In its 20th DDOS report, Cloudflare revealed that it prevented a massive DDOS attack in the fourth quarter of 2024. The attack occurred on October 29 and reached the record-breaking peak of 5.6 terabits per second. It targeted an internet service provider in Eastern Asia and was orchestrated by a sophisticated Mirai-variant botnet. This botnet leveraged over 13,000 compromised Internet of Things devices to generate overwhelming traffic in an attempt to cripple the ISP’s network.

Despite the scale and complexity of the assault, Cloudflare’s autonomous DDoS protection systems rapidly detected and neutralized the attack within seconds, ensuring uninterrupted service for the ISP and its users. In total, the attack lasted approximately 80 seconds but demonstrated the growing capabilities of malicious actors leveraging IoT vulnerabilities and advanced botnet techniques.

What causes data breaches?

As seen from the examples above, data breaches are quite common. But what are the main causes of data breaches? Data breaches can occur due to various reasons, often exploiting weaknesses in security measures. In reality, almost all of the examples we’ve looked at above could’ve been avoided. Some of the most common reasons for data breaches include:

1. Weak passwords 

Weak passwords and poor credential management are common causes of data breaches. Hackers can easily guess or crack weak passwords, gaining access to sensitive information. The more sophisticated your password, the lower the chances of it getting cracked by hackers.

2. Phishing attacks

Phishing attacks involve tricking individuals into providing sensitive information, such as login credentials. Hackers can achieve this through deceptive emails containing a malicious link or fake websites. These attacks are a frequent method used to breach security systems as they rely on the human element.

3. Software vulnerabilities

Unpatched software vulnerabilities can allow hackers to gain unauthorized access to different systems. Regular updates and patch management are crucial in preventing such breaches.

4. Social engineering

Social engineering involves manipulating individuals into sharing confidential information. This can include pretexting, baiting, or other deceptive tactics to trick people into breaking security protocols.

How to stay safe from data leaks

Staying safe from data leaks involves implementing several key security practices that work for both regular users and companies:

• Passwords and Credential Management
• Two-Factor Authentication
• Regular Software Updates
• Exercise Caution
• Proper Education

Use strong passwords and manage credentials

Using strong, unique passwords and a credential management system can significantly reduce the risk of unauthorized access. If possible, avoid saving your password in the digital space to prevent any data theft.

Enable two-factor authentication

Two-factor authentication (2FA) is an easy way to add an extra layer of security. Once activated, 2FA will require a second form of verification in addition to your password. This means that even if a malicious party has your account details, they won’t be able to do anything.

Update software regularly

Programs can have vulnerability points. Developers will often find these and deploy a patch to make the program more secure. At the same time, keeping your software up to date and applying patches regularly can prevent the exploitation of known vulnerabilities.

Beware of phishing attempts

Being cautious of suspicious emails and links can help prevent phishing attacks. Always verify the source before clicking a link or providing any sensitive information. Double-check the website you’re visiting to avoid falling into a scam as hackers can create a duplicate of the original with the only difference being the domain name.

Educate and train employees

If you’re running a business, the chances of falling victim to a cyber attack are much higher. Companies must fully educate employees on the dangers of cyber attacks. Regular training and awareness programs for employees can help them recognize and respond to potential security threats.

Closing thoughts

In 2024 cyber attacks are becoming more sophisticated and hackers are using a variety of methods to steal sensitive data. The biggest cyber attacks highlight the common causes of data breaches and the importance of robust cybersecurity measures. Finally, by staying informed and proactive, users and organizations can enhance their security practices to better protect their digital assets and personal information from cyber threats.

Frequently asked questions

How many cyber attacks in 2024?

Up until May 2024, there were a total of 9,478 publicly disclosed cyber attacks with the majority of them being in the Healthcare and IT sectors. A total of 35,900,145,035 records were breached with the biggest one containing over 26 billion.

What was the largest-ever cyber attack?

Mother Of All Breaches, also known as MOAB, was the biggest-ever cyber attack. Cyber security researcher Bob Diachenko and the Cybernews team discovered the breach. MOAB is an open instance on the internet containing nearly 26 billion records of data from different platforms such as Tencent, Weibo, Twitter, LinkedIn, Adobe, Telegram, and many others.

About the author

Tasho Tashev

Tasho is a passionate enthusiast of all things blockchain, Web3 and cryptocurrency. With a keen interest in the cutting-edge intersection of technology and entertainment, he loves sharing stories that inform and inspire.

Read more