It feels like barely a week went by in 2016 without news of another high profile cyber-attack or data breach, affecting millions or even billions of people. We've become almost desensitised to the numbers, as attacks happen so often, but the cost to individuals and businesses is huge, with a new report by Grant Thornton putting it at around $280 billion globally in 2016.
It's a tough job identifying the worst of the lot, as there are so many to choose from. But here's our pick of some of the biggest and most serious cyber-attacks to hit the headlines over the last 12 months.
Democratic National Committee (April)
Cyber was centre-stage in probably the most extraordinary US election ever, with both sides victims of attacks during the campaign. However, it was the Democrats who took the brunt of it, having their entire computer system hacked, first in 2015 then again in April 2016, with many believing Russia was responsible. The hackers were able to spy on email communications, steal opposition research and access data held on the computer network used by Hilary Clinton herself, with much of it later published on WikiLeaks. The breach was so great that President Obama has just ordered a US intelligence review, to get the bottom of what happened and the extent of Russian involvement.
Yahoo! (September and December)
It's not been a great year for Yahoo. First, it discovered a data breach of around 500m user details from late 2014, then more recently a further breach of one billion user account details from way back in 2013. Yahoo claims both attacks were 'state-sponsored' and the information stolen includes names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers. While no bank or payment card details were stolen, it's still a serious concern to customers, and it means more firefighting for the beleaguered Yahoo, whose takeover deal with Verizon is reported to be under threat as a result.
The World Anti-Doping Agency (September and November)
The medical records of elite athletes including Simone Biles, the Williams sisters and Bradley Wiggins, were leaked in September, as part of this attack on WADA. A group called Fancy Bears, believed to have links with Russia, leaked the confidential information, attempting to out those using banned substances; Simone Biles has been approved to use an ADHD medication, for example. The Fancy Bears struck again in November, hacking into the confidential emails of senior anti-doping officials, leaking personal details and sensitive conversations about high-profile athletes.
Dyn DDoS attack (October)
Notable for its sheer scale and reach, this incident brought down some of the biggest websites in the world including Twitter, The Guardian, Netflix, Reddit, Airbnb and CNN. The cause was a huge denial of service attack (DDoS) targeted at Dyn, one of the major companies that run the internet's domain name system (DNS). DDoS attacks are caused by a network of infected computers (or botnet), which bombards internet servers with so much traffic that they collapse. This attack was particularly destructive, as the main culprit was a Mirai botnet, made up on Internet of Things devices such as digital cameras and video recorders.
Tesco Bank (November)
Around £2.5m was stolen from around 9,000 customers in this hack, the largest on a UK bank to have resulted in a loss of money. While the cause of the attack was originally unclear, recent reports claim that Tesco Bank made the simple mistake by issuing sequential debit card numbers, making it easy for fraudsters to work out or guess the details they needed. In fact, a study carried out by Newcastle University concluded it could have taken as little as six seconds for them to do so.
Three Mobile (November)
One of the UK's biggest mobile companies, Three Mobile recently suffered a massive data breach, when cyber criminals gained access to its 'upgrade database', which lists all those customers eligible for a new phone. By tricking the system, the hackers were able to order thousands of pounds' worth of new, high-end phones, to be delivered to addresses where they could "unlawfully intercept" them. Three men have since been arrested for their involvement in the scam.
This is just a small snapshot of the damage that has been inflicted by cyber criminals in 2016, and the range of threats that exist out there today. And while it's the large, high profile companies that hit the headlines, there are plenty more similar attacks happening all the time on smaller, unsuspecting businesses, as well as individuals. To find out more about protecting your business, check out our blog on Where to start with cyber security, and find out about the importance of cyber liability insurance.
We made buying insurance simple. Get started.
- 29 March 20201 minute read
For IWD 2020, we’re focusing on 7 startups with market-leading gender equality policies and diversity initiatives, from workforce split and flexible working to heavy improvements on gender pay gap.
- 26 March 20201 minute read
As the situation unfolds, we will be sharing a series of articles featuring businesses that are doing it right and implementing strategies to help the wider community.