- Mastering Azure management: A comparative analysis of leading cloud platforms
- Sweat the small stuff: Data protection in the age of AI
- GAO report says DHS, other agencies need to up their game in AI risk assessment
- This LG Bluetooth speaker impressed me with a design feature I've yet to see on competitors
- Amazon's AI Shopping Guides helps you research less and shop more. Here's how it works
Timeline: Top 15 Notable Cyberattacks and Data Breaches
Cyberattacks, whether accidental or purposeful, have been a threat long before the invention of the World Wide Web. These attacks aim to steal money, data, or resources — and sometimes serve as tools for gaining an edge over rival nations.
Each incident is a stark reminder for businesses to fortify their digital defenses while also underscoring the crucial role of security teams that work tirelessly to identify and neutralize these threats. The following attacks had a significant impact on U.S. businesses, organizations, and individuals.
Although each was eventually resolved, their consequences left lasting effects.
1988: The Morris Worm
What happened?
The Morris Worm’s code fundamentally shifted the nascent computing industry’s understanding of what was possible. In 1988, Cornell University graduate student Robert Tappan Morris unleashed the experimental worm from MIT’s networks, causing widespread disruption throughout about 6,000 of the then 60,000 internet-connected computers. Emails were blocked for days, and military computer systems experienced significant slowdowns.
How was it resolved?
Some facilities hit by the Morris Worm were forced to completely replace their computer systems, while others spent up to a week on resolving slowdowns and shutdowns. Morris apologized for releasing the worm, describing it as a “harmless experiment,” according to an FBI case study. He explained that its widespread release was the result of a programming error.
The Morris Worm transformed internet-borne attacks from theoretical to real. Even the term “internet” gained widespread recognition because of the worm, making its first major appearance in an article by The New York Times about the incident.
1999: The Melissa virus
What happened?
The Melissa virus spread via email, enticing victims with attachments promising adult content. Released by programmer David Lee Smith in March 1999, Melissa became the first widely known example of what would later be recognized as a common type of email scam. The virus replicated rapidly, overwhelming email servers.
How was it resolved?
Melissa was one of the first incidents to make people cautious about opening unsolicited emails. Melissa was one of several cyber incidents that led to the FBI establishing its Cyber Division in 2002, shortly after Smith was sentenced to prison.
1999: The NASA hack
What happened?
Shortly before Y2K dominated computer-related news, 15-year-old Jonathan James breached NASA’s Marshall Space Flight Center by installing a backdoor. He gained access to emails, usernames, and passwords from the Defense Threat Reduction Agency, leaving NASA scrambling for 21 days to assess and contain the situation.
How was it resolved?
The government worked to close the backdoor and patch its systems. At the time, the attack was estimated to have cost $41,000 in labor and lost equipment.
2000: ILOVEYOU worm
What happened?
In 2000, the worm that traveled through emails with subject lines like “ILOVEYOU” damaged tens of millions of computers worldwide. It caused an estimated $10 billion in damages by infiltrating large organizations such as Ford, Merrill Lynch, and the U.S. Army. The virus was an early example of an email worm that propagated itself through inboxes, overwhelming servers and rendering files unusable.
How was it resolved?
The “Love Bug” was relatively easy to trace, as each email copy contained visible source code, allowing security researchers to quickly develop countermeasures. Like the Melissa virus, it served as a wake-up call about the dangers of clicking on mysterious emails. It also raised mainstream awareness of the growing trend in spam emails with attention-grabbing subject lines — a tactic that seems almost quaint today.
2011: PlayStation Network outage
What happened?
An attacker stole the gaming accounts of 77 million people in 2011, forcing a shutdown of the PlayStation network service. The hack was particularly notable for exposing millions of credit cards, as each account was linked to a card. Ultimately, the breach cost Sony $171 million in lost profits, legal fees, support costs, and an identity theft protection program offered to victims.
How was it resolved?
PlayStation Network service was restored after about a week of intensive effort. Sony, along with external experts, conducted a forensic analysis to determine the nature of the hack.
SEE: Today, generative AI serves as both a potential solution for cyberattacks and a potential tool for attackers.
2013: Yahoo attack
What happened?
This breach exposed the email addresses, phone numbers, dates of birth, and hashed passwords of all 3 billion Yahoo users, although the full extent was only revealed in 2017. At the time, it was the largest hacking incident in history. While Yahoo faced several other attacks in the subsequent years, including one attributed to Russian state-sponsored threat actors, the root cause of the 2013 attack remains unknown — although it is widely believed that the attackers exploited a forged cookie vulnerability.
How was it resolved?
Yahoo responded by requiring all users to change their account passwords and invalidated unencrypted security questions and answers. The company paid $117.5 million to settle a class action lawsuit related to the breach.
2014: Sony Pictures Entertainment hack
What happened?
In 2014, a group calling itself Guardians of Peace held for ransom massive amounts of sensitive data from Sony Pictures Entertainment. This included unreleased films, employee data such as performance review notes, and controversial private messages. The attackers also deployed malware to wipe data from corporate computers. Eventually, all the stolen data was made public, fueling what was considered at the time the largest corporate cybersecurity attack in history based on impact and publicity.
How was it resolved?
A U.S. government investigation attributed the attack to North Korean state-sponsored actors, although this conclusion sparked controversy. Some investigators suggested it may have been an inside job or linked to Russian threat actors. Sony experienced another data breach in 2023 that exposed personal information about employees.
2017: The WannaCry ransomware attack
What happened?
The WannaCry ransomware attack impacted 300,000 computers in 150 countries. The attackers — allegedly state-sponsored actors associated with North Korea — exploit a vulnerability in the SMB protocol on Windows servers. Hospitals in the U.K. were hit particularly hard, with service severely disrupted.
How was it resolved?
After the attack, Microsoft and CISA released various mitigation measures for WannaCry, although recovering encrypted files remained challenging. Microsoft had already issued a patch for the exploit WannaCry leveraged, but many organizations had failed to implement it in time.
2017: Petya / NotPetya
What happened?
Petya’s reach wasn’t as widespread as some other malware on this list, but its novel approach and its role in the sociopolitical landscape — specifically with a variant used to target Ukraine — make it particularly notable. Check Point referred to Petya as “the next step in ransomware evolution” because it encrypted hard drives’ Master-File-Table (MFT). This meant it could hold the entire drive hostage rather than just individual files.
In 2017, a variant used in the Ukraine attacks was dubbed “NotPetya” by security firm Kaspersky due to its distinct features. However, the two types of ransomware are often discussed together due to their similar appearance around the same time.
How was it resolved?
Interpol, the U.S. Department of Homeland Security, and other governments investigated the source of the attacks. Meanwhile, Microsoft continued to release patches to address the vulnerabilities that Petya and NotPetya exploited.
2017: Equifax data breach
What happened?
Personal data and credit card information from hundreds of millions of Equifax customers worldwide was exposed in this attack. Similar to previous breaches, the Equifax hack could have been prevented if the proper security update had been applied. For several months, attackers exploited a vulnerability in Equifax’s online dispute portal.
How was it resolved?
Equifax agreed to pay up to $425 million in a settlement related to the breach. In 2020, the FBI charged four members of the Chinese military in connection with the hack.
2018: Marriott hotel data breach
What happened?
Millions of accounts belonging to people who had stayed at Marriott hotels were exposed in this data breach. The attack stemmed from a backdoor an attacker had created in a Starwood Hotels Group system before Marriott acquired Starwood in 2016. The breach went undetected until after the acquisition. The situation highlighted how attacks can occur even when data is protected while at rest.
How was it resolved?
The Marriott case was an early example of GDPR enforcement, with the U.K. fining the hotel chain £18.4 million ($24.1 million) for noncompliance. Because the attack originated in Starwood’s system and Marriott did not use encryption, the incident served as a reminder both to keep company computer systems encrypted and to carefully assess how acquired systems fit into the acquiring company’s cybersecurity strategy and standards.
2019: Baltimore ransomware attack
What happened?
This attack was one of a wave of ransomware incidents targeting cities over several years, with threat actors disrupting public services such as water bill payment portals. The attackers demanded payment in Bitcoin to restore system access, deploying a strain of ransomware known as RobbinHood. This attack highlighted the nature of modern ransomware incidents — organized groups targeting real-world infrastructure and demanding cryptocurrency payments.
How was it resolved?
The city of Baltimore chose not to pay the ransom, following recommended best practices. Instead, the city brought in external cybersecurity experts, deployed new monitoring tools, and rebuilt their gutted systems from the ground up.
2021: Colonial Pipeline attack
What happened?
The ransomware attack on the Colonial Pipeline Company, an oil provider in the southeastern U.S., highlighted the devastating impact ransomware can cause on critical infrastructure. Colonial Pipeline shut down its entire operation to contain the attack and because customers would not be charged accurately without the billing system. The shutdown sparked fears of widespread gas shortages.
How was it resolved?
Colonial Pipeline paid the ransom of approximately $4.4 million in Bitcoin in cooperation with the U.S. government, and, by June 2021, the Department of Justice recovered some of the ransom money.
2023: MoveIT hack
What happened?
MoveIT, a file transfer software, gained notoriety in 2023 when government customers worldwide fell victim to cyberattacks originating from the service. The U.S. Department of Energy, motor vehicle agencies in Louisiana and Oregon, the BBC, British Airways, and others were affected by data theft.
How was it resolved?
MoveIT thoroughly documented the vulnerability and provided steps to mitigate it. The prevailing theory is that the attack was launched by an independent, Russia-based, ransomware group seeking financial gain.
2023: Microsoft Outlook hack
What happened?
Microsoft is still working to restore confidence in its security posture after a hack exposed several U.S. government email addresses. The attack, which Microsoft attributed to a Chinese nation-state threat actor, originated from a forged authentication token used for Outlook Web Access in Exchange Online and Outlook.com. It exposed 60,000 emails from 10 accounts belonging to individuals working for the U.S. State Department in East Asia, the Pacific, and Europe.
How was it resolved?
Microsoft identified and blocked the perpetrator from accessing Outlook accounts. The company emphasized that most customers were not affected. However, the attack shook faith between Microsoft and the U.S. government, a major customer.