Want More?
Looking for more?
Watch our on-demand 2021 Data Breaches in Review webinar recap or schedule time to learn how Arctic Wolf can help keep your company off the list.
- Filters Clear filters
- How much would you like to know?
- Origin of Attack
- Industry
- Type of Attack
2021’s Biggest Cyber Attacks
Last year was another record-breaking one for data breaches, with reports of massive hacks and huge ransomware demands dominating headlines. It’s a trend that does not seem to be slowing any time soon, either. Currently, there are thousands of vendors in the market, with over $130 billion spent annually on defense and yet, the number of breaches continues to rise.
Join us as we dive into the top 20 cyberattacks around the world from 2021.
- Origin of Attack
- Industry
- Type of Attack
#1
KaseyaJuly 2021
Coming in at number one on our list is the Fourth of July-weekend attack on Florida-based software provider Kaseya. The infamous REvil collective hit them with a ransomware attack, demanding $70 million in bitcoin.
This attack takes the top spot due to its impact on businesses across five continents—including shutting down public schools in New Zealand, closing a major grocery chain in Sweden, and disrupting operations for hundreds of businesses across the U.S.
Although Kaseya has said the attack impacted only 1% of its client base, those clients are largely managed service providers (MSPs), which means their clients were impacted in turn. That made for a vicious ripple effect, as up to 1,500 small- to mid-sized businesses found their operations offline in the middle of a holiday weekend, taxing tech support teams to their limit.
The attack’s timing may have magnified the problem considerably, since the threat actors targeted a management tool called a VSA Server. Kaseya contacted clients promptly and advised them to shut off their VSAs, but with many IT support staffers difficult to reach on a day off, the problem spread more widely than it otherwise might have. Kaseya has since patched the vulnerability that led to the breach.
#2
Microsoft ExchangeMarch 2021
Hackers accessed emails of more than 30,000 organisations across the United States. Apparently launched by an elite Chinese hacking collective known as “Hafnium,” this attack compromised email communications for small businesses and municipalities across the U.S. and around the world. Worse yet, infected devices were seeded with password-protected tools that allow the hackers complete remote access to those systems.
The ultimate fallout of the Hafnium attack is uncertain, but a hack of this breadth and scale is likely to be felt for years to come. The backdoors installed by the attackers could be used to steal valuable data or install ransomware, and many affected organisations likely don’t even know they have been hacked.
#3
SolarWindsDecember 2020, January 2021
Russian cyberattacks on U.S. governmental institutions have been on the rise and one of the most catastrophic data breaches during all of 2020, foreign intelligence operatives took advantage of a compromised SolarWinds program and invaded an estimated 18,000 private and government-affiliated networks. These data breaches granted attackers access to an abundance of identifiable information, including financial information, source code, passwords, and usernames.
Federal workers in the Cybersecurity Infrastructure and Security Agency (CISA) department had to work endlessly to restore security and defeat this “grave risk.” Officials warned that if they could not get the matter under control —in part, by updating their systems with Orion’s 2020.2.1HF2 —by the year’s end, they may be forced to take the systems offline entirely. Additional vulnerabilities and supporting patches were released in February 2021.
#4
Log4jDecember 2021
On Thursday, December 9, security researchers published a proof-of-concept critical exploit for a remote code execution vulnerability in Log4j, a Java logging library used in a significant number of internet applications.
Download Log4Shell Deep Scan
In the weeks following, businesses worldwide worked frantically to identify and mitigate the impact of the exploit, while security pros and experts released patches and scanning tools, and guided organisations on how to best protect themselves from attack.
While security researchers and experts continue to unpack the total impact of this threat, attackers are rapidly crafting new obfuscation tactics, making it difficult to nail down indicators and signatures as these new attack tactics are created just as quickly.
#5
JBSMay 2021
May was an intense month for cybersecurity attacks. And while much of the spotlight was on the Colonial Pipeline attack (see #6), the late May attack on JBS was arguably even bigger.
Reportedly engineered by Russia’s REvil hacker collective, the ransomware attack on JBS servers halted meatpacking operations at multiple plants for upwards of five days. This disrupted meat production and distribution across the country and deprived many non-union employees of several days’ wages.
#6
Colonial PipelineMay 2021
The hack that made “ransomware” a household word. In early May, a suspected Russian hacking group took Colonial Pipeline offline for more than three days.
As Colonial provides 45% of the East Coast’s supply of gasoline, diesel fuel, and jet fuel, this was a major blow. Gas prices spiked across the country, some gas stations ran out of fuel, over-the-road deliveries were delayed, and there were even reports of gasoline hoarding.
Many of the details are still under wraps, but it appears that it was facilitated via a malicious email or a third-party application. Russia’s DarkSide collective was quick to take credit for the attack and reportedly received around $5 million in ransom (part of which was later recovered), although there was some initial dispute about the amount—or whether Colonial paid at all.
In the wake of the attack, Congress moved quickly to pass new cybersecurity standards for pipelines, but the damage has already been done.
#8
T-MobileAugust 2021
#9
RobinhoodNovember 2021
Robinhood, the online investment platform where regular people can more easily navigate the stock market, had a rough year. From the Gamestop fiasco to a lackluster market debut, they closed out 2021 with a data breach facilitated by a bad actor posing as a customer service rep who conned their way into accessing the company’s customer support system.
Known as a vishing (phone or voice message) attack, this gave the hacker access to a database of email addresses, names, and phone numbers for millions of Robinhood customers.
#10
Town of Peterborough, New HampshireAugust 2021
In August, the small town of Peterborough, New Hampshire suffered an unexpected and devastating financial downturn as it was exploited in an email scam.
By the time the spoofing was exposed, $2.3 million of taxpayer money was in the pockets of cybercriminals.
#11
GoDaddyNovember 2021
The trouble with being the biggest in your industry is that you’re also the biggest target. That’s a lesson GoDaddy—the leading domain registrar in the world—has had to learn several times over.
In the fifth major attack against GoDaddy in the past three years, hackers used a stolen password to access the emails and customer data of more than 1.2 million users, as well as file transfer credentials and SSL keys used for website authentication.
Even more concerning, further exploration showed that GoDaddy’s Managed WordPress branch was also affected, endangering customers using third-party website management tools.
GoDaddy was quick to address the breach, resetting passwords and private keys, and issuing new SSL certificates to affected customers. Meanwhile, more than a million website owners found themselves at greater risk of phishing attacks and other varieties of cybercrime. It’s a frustrating situation all around—both for a company who keeps having to deal with these kinds of attacks, and the customers who keep paying the consequences.
#12
ParkMobileApril 2021
American cities experienced a whole new level of street parking misery in April, as a breach of third-party software company ParkMobile exposed personal information stored on more than a dozen cities’ parking apps to unknown hackers.
While the cities have assured residents that their credit card and payment information remain secure, the attack is thought to have exposed data including phone numbers, email addresses, and license plate numbers.
What’s more, after the cyber thieves failed to find a buyer for that data, they apparently posted it online for free, exposing all impacted records to any other bad actor who wants them.
Although the damage is not as severe as it could have been if financial data had been compromised, parking app users in New York City, Houston, Philadelphia, Minneapolis, Milwaukee, and a number of other urban centers were advised to change their passwords as a security precaution.
#13
20/20 Eye CareJune 2021
Even more troubling than the size of the breach was its apparent maliciousness. Not only did the unknown hackers access confidential patient information—including names, Social Security numbers, and insurance data—they also deleted much of that material from 20/20 Network’s AWS S3 cloud buckets.
The company is being sued by at least one former patient who maintains that the company took insufficient measures to protect their personally identifiable information. The complaint also contends that company officials were aware of the breach in mid-February but did not inform affected patients until May 28.
#14
Insight GlobalApril 2021
In a late April incident, a third-party vendor put the personal information of thousands of Pennsylvania residents at risk while attempting to improve public safety.
The Pennsylvania Department of Health tapped Insight Global, a Georgia-based IT services contractor, to assist with COVID-19 contact tracing efforts, a standard arrangement for state health departments that lack resources to handle all COVID activities unassisted.
The trouble began when a group of Insight Global employees took it upon themselves to expedite their work by setting up Google accounts to more quickly share their findings internally. That action went against all protocols for both Insight Global and the Pennsylvania Department of Health, as the Google accounts were not secure and thus easily vulnerable to attacks.
While it appears that Insight’s administrators were able to shut down the exchange before any data was stolen, a health department spokesperson acknowledged that the error put at risk the private information of around 72,000 Pennsylvanians, including “phone numbers, emails, genders, ages, sexual orientations, and COVID-19 diagnoses and exposure status.”
#15
KrogerJanuary 2021
A late January attack on the national grocery chain Kroger saw hackers make off with potentially sensitive data from pharmacy and clinic customers, as well as that of current and former employees.
The attack, which was made public in early February, exploited an Accellion File Transfer Appliance (FTA) that was nearing its end of lifespan. In late 2020, Accellion advised users to upgrade to a newer technology, but Kroger had yet to do so.
The stolen data included personally identifiable information such as social security numbers, medical histories, and insurance information, as well as some Kroger personnel files. The silver lining is the hack may have only impacted customers using the chain’s Health and Money Services program, which is less than one percent of Kroger’s total customer base. Even so, for a chain with 2,200 pharmacies operating nationwide, that is a significant number of customers.
This is just the latest fallout from a large-scale December exploit of Accellion’s outdated FTA tool, which has also impacted the Washington State auditor’s office, the prestigious Jones Day law firm, the Reserve Bank of New Zealand, Australia’s financial regulation office, and the University of Colorado.
#16
Electronic ArtsJune 2021
Electronic Arts—one of the biggest names in video games—suffered a major breach that left the company scrambling to safeguard its intellectual property.
The stolen data included source code for the company’s Frostbite engine, which powers flagship franchises such as Battlefield and Star Wars; source code for the 2021 installment of the hugely popular FIFA series; API keys for FIFA 22 and several other keys and debug tools.
#17
Sinclair Broadcast GroupOctober 2021
In October, media giant Sinclair Broadcast Group found themselves the victim of a ransomware attack that bore the fingerprints of a well-known Russian cybercrime collective.
Sinclair, which owns or operates 185 local TV stations across 86 U.S. markets, reported that internal functions like email, phone systems, and data networks had to be shut down following the breach.
The full impact was even more severe: it took much of the company’s programming offline, including broadcasts of some of its 21 regional sports networks.
The use of Macaw ransomware used in the attack points to the infamous Russian collective known as Evil Corp. That gang and its WastedLocker malware earned a sanction from the U.S. State Department in 2019, and some security experts believe that the Sinclair breach is Evil Corp’s attempt at getting around the sanctions by effectively re-branding—Macaw appears to be a new variant of WastedLocker, and made its public debut with the Sinclair attack.
#18
TwitchOctober 2021
Amazon’s massively popular Twitch streaming platform suffered a major data breach in early October, as a threat actor took advantage of information exposed during a server configuration change.
While Twitch was quick to reassure users that no personally identifiable information was had been compromised, the 125GB of stolen data included elements of Twitch’s source code and, more embarrassingly, data on the incomes of the streaming platform’s leading game streamers.
Those materials quickly turned up on the notorious 4chan forum, where streamers’ earnings—some in the seven-figure range—quickly became a hot topic among posters.
The unidentified hacker was reportedly motivated not by money, but by a mission to create “disruption” and expose the Twitch community as what they deemed “a disgusting toxic cesspool.” Regardless of the actual information exposed, the fallout for Twitch was swift and damaging.
Reports emerged that the company had ignored several past security threats in the interest of profits while online debates erupted about perceived disparities in the platform’s payment structure.
In the end, Twitch reset all its stream keys as a precaution despite repeated assurances that users’ personal data had not been compromised.
#19
Howard UniversitySeptember 2021
U.S. holidays have emerged in recent years as prime time for cyber attacks (see our pick for #1). This year’s Labor Day weekend was yet another case in point, when Howard University in Washington, D.C.—the nation’s oldest Historically Black University—fell victim to a ransomware attack.
The disruption shut down both in-person and online classes for several days while Howard struggled to restore access to its Wi-Fi network.
When the school eventually reopened, it did so only gradually, with the school issuing detailed instructions to students on how to access email and wi-fi while also protecting personal and encrypted data.
There were rumors that the breach originated with the school’s email system. However, the perpetrator of the attack, the terms of the ransom, and whether Howard University paid the ransom remain unclear.
#20
MediaMarktNovember 2021
Europe’s largest consumer electronics retailer, MediaMarkt, boasts over 1,000 stores in 13 countries. In November, the Hive group struck with a ransomware attack that encrypted MediaMarkt’s servers.
The attack caused their IT systems to shut down and store operations to be disrupted in both the Netherlands and Germany.
#7
SocialArksJanuary 2021
In early January, hackers breached the defenses of SocialArks—a Chinese data-management startup with shockingly lax security policies—and exposed the personal information of around 214 million social media users, many of whom had no idea the company even existed.
SocialArks initially scraped the contact information from leading social sites such as Facebook, LinkedIn, and Instagram, and did little to protect it.