In Review
The Biggest Cybersecurity Attacks of 2018: Interactive Map
The Biggest Cybersecurity Attacks of 2018
In the first half alone of 2018, there were nearly 1,000 reported data breaches, totalling 4.5 billion records.
Without algorithmic assistance, it would not be impossible to collate them all. Needless to say, there are also many that remain unreported or undetected, meaning the real picture is much more disconcerting.
To give a sense of the threat posed by cyberattacks, we’ve brought together a selection of signficant cybersecurity attacks and data breaches that have unfolded in 2018.
They are notable for a variety of reasons. This includes the scope of losses – both financial and reputational – as well as the size of the company, the type and amount of data and the cases that generated wider public interest.
Despite Western media tending to focus on companies within its geographical remit, we’ve tried to reflect the global threat of cyberattacks by showing threats around the world.
And due to many breaches taking a while to discover – in some cases years – we have shown breaches in order that they were reported to the media.
January
Aadhaar database breach
India’s database containing the identity numbers, demographic and biometrics of 1.1 billion citizens is one of the largest databases on the planet.
This year it has been plagued by vulnerabilities.
An investigation by The Tribune found in January that Rs500 (around £5) gets you access to the details of anyone on the Aadhaar database.
- Reported: 3 January
- Occurred: 3 January
- Damage: Difficult to put number on accessed data, but multiple security flaws found throughout rest of year have eroded trust in the system
- Method: Anonymous sellers offered access to personal details of 1.1bn people over WhatsApp
- Culprit: Vulnerability exploit
- Location: India
Coincheck crypto heist
In the biggest crypto theft in history – and one of the largest heists in history – hackers made off with around $500m in cryptocurrency.
- Reported: 31 January
- Occurred: 26 January
- Damage: $500m in digital tokens stolen
- Method: Hackers stole the private key for hot wallet where NEM coins were stored
- Culprit: Unknown hackers
- Location: Japan
Norwegian health authority hack
Almost half of Norway’s population had their healthcare data stolen after hackers breached the systems of Health South-East Regional Health Authority.
- Reported: 18 January
- Occurred: 15 January
- Damage: Nearly 3 million patients’ data compromised, including those in government and secret services
- Method: Unknown but highly advanced
- Culprit: “Advanced and professional” hackers, possibly foreign state
- Location: Norway
February
Sacremento Bee ransomware attack
The local California newspaper fell victim to a ransomware attack in which more than 19 million voter records were exposed online, including names, addresses, email and phone numbers. The Bee opted not to pay the ransom and deleted the databases to eliminate future risk.
- Reported: 7 February
- Occurred: Late January 2018
- Damage: 19.5 million California voter records compromised
- Method: Firewall lowered during maintenance was not restored, resulting in ransomware attack. The Bee deleted its database and didn’t pay ransom
- Culprit: Unknown
- Location: California, US
Colorado Department of Transportation ransomware
Colorado’s Department of Transport suffered a crippling attack from the notorious SamSam ransomware that targets city infrastructure. While critical systems were unaffected, the fallout was far-reaching – and expensive.
- Reported: 23 February
- Occurred: 21 February
- Damage: More than 2,000 agency computers shut down, but not critical systems. Colorado spent $1m - $1.5m recovering from the attack
- Method: SamSam ransomware demanding Bitcoin payment
- Culprit: Unknown
- Location: Colorado, US
March
Under Armour MyFitnessPal data breach
The fitness and nutrition website suffered a breach that may not have exposed particularly sensitive details, but the scope was huge – more than 150 million MyFitnessPal accounts were compromised.
- Reported: 29 March
- Occurred: 25 March
- Damage: 150 million MyFitnessPal accounts, including usernames, email addresses and hashed passwords. Under Armour shares dropped 4.6%
- Method: Suspected identity access
- Culprit: Unknown
- Location: San Francisco, US
City of Atlanta held hostage by infrastructure attack
A crippling attack on the city of Atlanta turned into the largest successful breach for a major US city after ransomware put government computers down for five days.
- Reported: 22 March
- Occurred: 22 March
- Damage: Many legal documents and video files permanently deleted. $2.7m in fees to cybersecurity contractors to repair damage. Unknown if the city paid the $51,000 demanded by hackers. Residents were temporarily forced to pay their bills and submit forms by paper
- Method: SamSam ransomware
- Culprit: Unknown, but believed to be same group as Colorado attack.
- Location: Atlanta, US
April
Sears and Delta Air Lines data breach
Online chat provider [24]7.ai, who provides its services to Delta and Sears, reported a data breach six months after it occurred. The breach exposed the customer payment details of hundreds of thousands of customers.
- Reported: 4 April
- Occurred: 26 – 12 October 2017
- Damage: Customer payment information exposed. Other users of [24]7.ai such as Sears and Best Buy affected
- Method: Malware attack on [24]7.ai
- Culprit: Unknown
- Location: Atlanta, US
Leominster school pays $10k in Bitcoin to unlock system
Hackers hit a school in Leominster with a ransomware attack that left its systems out of action for two weeks. While no sensitive staff or student information was accessed, the attack cost the school $10,000 in ransom to regain control.
- Reported: 26 April
- Occurred: 16 – 20 April
- Damage: Systems down for two weeks. City paid $10k in Bitcoin to regain access to its files
- Method: Ransomware
- Culprit: Unknown. “Highly sophisticated”
- Location: Leominster, Massachusetts, US
May
Meituan Dianping data breach
The Tencent-backed ecommerce giant suffered a leak that left tens of thousands customer details exposed and sold online.
- Reported: 03 May
- Occurred: April 2018
- Damage: Tens of thousands of names, addresses, phone numbers of its delivery customers sold online for 2 cents per item
- Method: Leak
- Culprit: Unknown
- Location: China
Coca-Cola employee data stolen
Not all data thefts take place online, as evidenced by a former employee who was found in possession of a hard drive containing personal information on around 8,000 employees.
Coca-Cola released the details of the incident eight months after it occurred, following a full investigation.
- Reported: 25 May
- Occurred: September 2017
- Damage: Around 8,000 employee personal information, varying between employees. Company share price dropped slightly after news emerged
- Method: Physical theft of hard drive
- Culprit: Former employee
- Location: Atlanta, US
Ticketfly website hacked
Not only did the EventBrite-owned company have its customer database of 27 million people stolen, the culprit decided to go full hacker cliché by turning the homepage into a V for Vendetta picture.
- Reported: 31 May
- Occurred: 31 March
- Damage: 27 million customer names, addresses, emails, phone numbers leaked to public server demanding ransom payment. Website down. Lawsuit brought against Eventbrite by a customer
- Method: Suspected vulnerability exploited in WordPress CMS
- Culprit: Hacker by name of IsHaKdZ
- Location: San Francisco
June
MyHeritage
A security researcher notified the family networking and genealogy website of a file containing over 92 million MyHeritage customer data.
Sensitive data, such as DNA or payment information, was not affected.
- Reported: 4 June
- Occurred: 26 October 2017
- Damage: Email addresses and hashed passwords of 92,283,889, but no evidence the data was used
- Method: Unknown
- Culprit: Unknown
- Location: Or Yehuda, Israel
Slovakia DDoS attacks
Many Slovak websites, including government sites, were hit by a huge distributed denial of service attack.
Slovakia’s National Network and Electronic Services Agency (NASES) fought back by blocking IP addresses from entire countries or continents from which attacking IP addresses originated.
- Reported: 12 June
- Occurred: 11 June
- Damage: A number of Slovak websites, including the Slovak Hydrometeorological Institute website, were knocked out of action
- Method: DDoS
- Culprit: Hackers located from France, China, UK
- Location: Slovakia
Dixons Carphone warehouse
The attack on the company was significantly worse than the 1.2 million users thought to be initially affected: 10 million personal records were stolen in total.
Because the data breach occurred last year, the company cannot be fined under GDPR, but that didn’t stop its shares falling as much as 6%.
- Reported: 12 June
- Occurred: July 2017
- Damage: 5.9 million payment cards and 10 million personal data records accessed. 105,000 cards without chip-and-pin protection leaked. No evidence yet that the information has resulted in fraud
- Method: Unknown
- Culprit: Unknown
- Location: UK
Bithumb crypto heist
The cryptocurrency exchange platform suffered a heist in which cybercriminals made off with more than $30m, once again putting the spotlight on the attractiveness of crypto platforms to hackers.
- Reported: 20 June
- Occurred: “Several days before”
- Damage: $31m in cryptocurrency stolen, with Bithumb refunding its users from its reserves
- Method: Unknown, possibly gained access via phishing emails sent to users
- Culprit: Unknown
- Location: South Korea
Ticketmaster attack
Ticketmaster was alerted to fraudulent card activity by online bank Monzo. It later emerged that the breach was part of a wider credit card skimming operation affecting at least 800 e-commerce sites that targeted third party code suppliers.
- Reported: 27 June
- Occurred: February to 23 June 2018
- Damage: Names, addresses, email addresses, telephone numbers, payment details and logins of less than 40,000 customers
- Method: Malware on Inbenta code running on Ticketmaster websites
- Culprit: Believed to be Magecart
- Location: West Hollywood, California, US
July
Bancor breach
Bancor became the latest cryptocurrency exchange to suffer a theft, in which a total of $23.5m in cryptocurrency was stolen.
While the Swiss exchange managed to freeze some tokens and prevent the thief making off with more, Etherium and other tokens could not be saved.
- Reported: 13 July
- Occurred: 9 July
- Damage: $23.5m stolen in three different cryptocurrencies. Bancor froze tokens
- Method: Hackers breached wallet used to upgrade user contracts
- Culprit: Unknown hackers
- Location: Switzerland
PIR Bank looted
Hackers believed to be part of the infamous MoneyTaker hacking group made off with nearly a million dollars after finding exploiting tunnels in a router that gave direct access to the bank’s local network.
- Reported: 19 July
- Occurred: 3 July
- Damage: $920,000 stolen
- Method: Hackers exploited outdated router to channel funds to 17 accounts at major Russian banks before cashing out
- Culprit: MoneyTaker hacking group
- Location: Russia
August
Huazhu Hotels Group breach
Thought to be the largest data breach in China in half a decade, personal data and booking information from 13 hotels operated by the Huazhu Hotels Group ended up for sale on a Chinese dark web forum for 8 Bitcoins.
- Reported: 28 August
- Occurred: August 2018
- Damage: Phone numbers, email addresses, bank account numbers, booking details of 500 million exposed and put up for sale
- Method: Hotel group’s software developers accidently uploaded the database to Github.
- Culprit: Negligence
- Location: China
Reddit data breach
The social news aggregation site, which is known for providing users with anonymity, suffered a massive blow to its reputation, after Reddit data from 2007 - 2009 was accessed via an exploit in its two factor SMS authentication system.
- Reported: 1 August
- Occurred: 14 - 15 June
- Damage: Reddit data from 2007 - 2009, including usernames, salted/hashed passwords, emails, public posts and private messages
- Method: Exploitation of SMS 2FA
- Culprit: Unknown
- Location: San Francisco, US
T-Mobile API exploit
Roughly 3% of the Deutsche Telekom AG subsidiary’s US customers had their personal details compromised by an “international group” of hackers.
- Reported: 23 August
- Occurred: 20 August
- Damage: Names, postcodes, phone numbers, email addresses, encrypted passwords, account number and account types of roughly million customers accessed
- Method: Hackers accessed a server through an API containing the data
- Culprit: “International group” of hackers
- Location: Bonn, Germany
Aadhaar database breach
India’s database containing the identity numbers, demographic and biometrics of 1.1 billion citizens is one of the largest databases on the planet.
This year it has been plagued by vulnerabilities.
An investigation by The Tribune found in January that Rs500 (around £5) gets you access to the details of anyone on the Aadhaar database.
- Reported: 03/01/18
- Occurred: 03/01/18
- Damage: Difficult to put number on accessed data, but multiple security flaws found throughout rest of year have eroded trust in the system
- Method: Anonymous sellers offered access to personal details of 1.1bn people over WhatsApp
- Culprit: Vulnerability exploit
- Location: India
Atlas Quantum
While no cryptocurrency was stolen in the attack on this crypto exchange, a large amount of data was stolen that ranged from names to account balances.
- Reported: 26 August
- Occurred: 25 August
- Damage: Data leak affecting more than 261,000 customers of crypto trading platform. Names, phone numbers, email addresses and account balances were affected
- Method: Unknown
- Culprit: Unknown
- Location: Brazil
September
British Airways hack
Magecart struck again in a particularly damaging attack, making off with payment details of nearly 400,000 customers. Around 250,000 of these customer details popped up for sale on the dark web for a total of £9.4m.
- Reported: 7 September
- Occurred: Affected transactions between 21 August and 5 September
- Damage: Payment data of 380,000 customers. 250,000 customer details for sale on dark web
- Method: Malicious script injected in company’s website
- Culprit: Magecart
- Location: Harmondsworth, UK
Midland ransomware attack
The small town of Midland, two hours North of Toronto, made headlines after cybercrooks infected its computer systems and locked out government workers. Vital systems were not affected, but the town of Midland paid an unspecified amount to hackers in Bitcoin to regain access.
- Reported: 4 September
- Occurred: 1 September
- Damage: Temporary loss of systems and unknown Bitcoin payment
- Method: Ransomware locked Midland out of its town systems
- Culprit: Unknown hackers
- Location: Midland, Canada
Facebook data breach
The social media giant, already struggling to convince the world that it can look after people’s data, suffered a huge setback after a vulnerability in its ‘View As’ feature exposed personal details of 50 million users.
- Reported: 28 September
- Damage: Almost 50 million accounts across the world compromised. Name, gender, hometowns. Facebook could yet face a GDPR fine
- Method: Exploited vulnerability in ‘View As’ feature
- Culprit: Unknown, FBI still investigating
- Location: Menlo Park, California, United States
October
Attack on Organisation for Prohibition of Chemical Weapons
The UK and Dutch officials pointed the finger at Russia for launching cyberattacks on the headquarters of the watchdog investigating the Salisbury novichok poisoning, which was foiled by British and Dutch security services.
- Reported: 4 October
- Occurred: April 2018
- Damage: Attack foiled
- Method: Electronic WiFi hacking equipment discovered in suspect’s car
- Culprit: Russia’s GRU
- Location: The Hague, Netherlands
Google+
Google decided to cover up a bug in its social network discovered in March that exposed up to 500,000 user’s personal information, fearing “immediate regulatory interest”.
As a result, Google will wind down the service, with a final closure planned for August 2019.
- Reported: 8 October
- Occurred: March 2018
- Damage: Up to 500,000 names, email address, occupation, gender and age accessed. Google+ shut down
- Method: Bug in system that allowed external developers access to profile data
- Culprit: Bug
- Location: Mountain View, California, US
Centers for Medicare & Medicaid Services breach
Hackers took 75,000 individuals’ data from the government healthcare system, causing the center to shut down the Direct Enrollment system while it implemented new security measures.
- Reported: 19 October
- Occurred: 13 October
- Damage: Personal files of about 75,000 accessed, including partial Social Security numbers, tax information and immigration status
- Method: Hackers breached a government direct enrolment pathway connected to HealthCare.gov website
- Culprit: Unknown
- Location: Baltimore, Maryland, United States