The worst cyber attacks ever

Share on Social

At the end of last year, it was revealed that UK small businesses are targeted with 65,000 attempted cyber attacks per day.

According to Hiscox, a business insurance expert, a cyber breach can cost the average small business at least £25,700 in basic ‘clear up’ costs every year.

In the past, high-profile attacks have cost public and private sector organisations much more than this – totals can reach millions of pounds.

Read more about some of the world’s worst cyber attacks below.


Marriott security breach

An internal investigation by the Marriot Group in 2018 found that a cyber attacker had had access to their “Starwood network” since 2014. Starwood brands include W Hotels, Sheraton, Le Méridien and Four Points by Sheraton.

Over 500 million customer details were involved in the data breach. The Marriot Group said it would notify customers whose records were in the database.


Yahoo data breach

The Yahoo data breach in 2013 hit all three billion user accounts, making it one of the biggest hacks of all time.

The company admitted to the cyber attack three years after it happened. Originally it said that only one billion accounts were affected, but then later revealed the extent of the attack.

Yahoo has since stated that:

“The investigation indicates that the user account information that was stolen did not include passwords in clear text, payment card data, or bank account information.”



The WannaCry attack, which took place in 2017, put ransomware attacks into the mainstream.

Hundreds of countries across the world were affected in just a matter of hours. High-profile UK victims included the NHS and other public sector groups, railways networks and many private organisations.

The WannaCry attack cost the NHS alone £92 million as over 19,000 appointments were cancelled.

Both the United States and the United Kingdom have since suggested that North Korea was behind the attack.



The Guardian has called 2017 the year that “ransomware hit the big time” as one month after the WannaCry attack NotPetya arrived.

Although the NotPetya attack didn’t make any money, it still made a global impact, taking out companies in Ukraine and the rest of the world.

NotPetya has been praised for its intelligence. It used the same EternalBlue weakness that WannaCry used to spread within corporate networks. Since the attack the US and the UK have both blamed Russia for the cyber attack.


MyFitnessPal – dark web attack

Early in 2019 it was revealed that MyFitnessPal and other online apps Dubsmash and My Heritage were part of a massive cyber attack; 620 million accounts were hacked and the stolen details were listed on dark web marketplace ‘Dream Market’ alongside several other illicit items including drugs and weapons.

The seller of the details, who goes by the name of ‘gnosticplayers’, posted on the Dream Market:

“Feel free to message me here on Dream Market to tell me what kind of data you’re searching (crypto, gaming, or huge data sets), and I will list it here for sale right after.”


Protecting your business with Cyber Essentials

These attacks may be in the past, but it’s more than likely they will not be the last of their size and scale.  The Head of the UK’s National Cyber Security Centre confirmed this last year as he warned that a major cyber attack on the UK is a matter of “when, not if”,

If your business is serious about cyber security, it’s time to get Cyber Essentials certified. This certification is government accredited and its controls can protect businesses from over 80% of common cyber threats.

If you are interested, learn more about Cyber Essentials and gain certification within days.