We talk about cyber attacks as if they’re abstract, technical events. They’re not. Behind every breach is a hospital that couldn’t treat patients, a family whose Social Security number is now for sale on the dark web, a business that collapsed under the weight of a ransom it couldn’t pay. The numbers are staggering, but it’s the human cost that should really make you stop and think.
Here are the cyber attacks that didn’t just make headlines — they rewrote how we think about digital security.
Yahoo (2013–2016) — 3 Billion Accounts
This is still the largest data breach in history by sheer volume. A team of Russian hackers spent three years quietly looting Yahoo’s systems, stealing names, email addresses, phone numbers, dates of birth, and security questions from every single user account the platform had — all 3 billion of them. The worst part? Yahoo knew about it and said nothing. When Verizon acquired Yahoo in 2017, the full scale of the breach finally came out, resulting in a $35 million fine and 41 class-action lawsuits. It remains the benchmark against which every other breach is measured.
WannaCry (2017) — The Ransomware That Broke the NHS
WannaCry wasn’t targeted at any single organisation. It was a piece of ransomware that spread itself automatically, exploiting a vulnerability in Windows systems that the NSA had quietly discovered and stockpiled — until it was stolen and leaked. In a matter of hours, it infected over 230,000 computers across 150 countries. The UK’s National Health Service was paralysed. Operations were cancelled. Ambulances were diverted. Estimated damages reached $4 billion globally. It was a stark demonstration that nation-state cyberweapons, once they escape into the wild, have no regard for who they hurt.
Colonial Pipeline (2021) — When Hackers Cut the Fuel Supply
On 7 May 2021, the DarkSide ransomware group broke into Colonial Pipeline — the operator responsible for nearly half the fuel supply on the US East Coast — using a single compromised password. The company shut down its pipeline operations as a precaution, triggering fuel shortages, panic buying, and a state of emergency in several US states. Colonial paid a $4.4 million ransom within hours. The US government later recovered $2.3 million of it. The attack proved something deeply uncomfortable: critical infrastructure that millions of people depend on daily can be held hostage by a handful of criminals with a laptop.
MOVEit (2023) — The Supply Chain Attack That Keeps Growing
The MOVEit attack didn’t target one company. It targeted the software that thousands of companies used to transfer files — and in doing so, hit them all at once. The Cl0p ransomware group exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer application, eventually reaching over 94 million individuals and causing an estimated $15 billion in damages. Victims included the US Department of Energy, British Airways, the BBC, and hundreds of universities, banks, and government agencies. It redefined what a “supply chain attack” means in practice.
National Public Data (2024) — 2.9 Billion Records Exposed
In April 2024, a criminal group called USDoD listed a stolen database for sale on the dark web. The asking price was $3.5 million. The contents: nearly 2.9 billion personal records — full names, addresses, dates of birth, Social Security numbers, and phone numbers — affecting an estimated 1.3 billion individuals. The data came from National Public Data, a background-check company that most of its victims had never heard of. The average total cost of a data breach in 2024 reached $4.88 million according to IBM’s annual report — but the NPD breach’s long-term cost in identity theft and fraud will take years to fully calculate. The company itself collapsed under the fallout.
ByBit (February 2025) — $1.5 Billion Stolen in One Attack
This one is recent, and the scale is almost incomprehensible. North Korean hackers stole $1.5 billion in Ethereum from Dubai-based exchange ByBit in February 2025 — making it the largest single cryptocurrency theft in history. The Lazarus Group, a North Korean state-sponsored hacking unit, has now stolen an estimated $6 billion in crypto since 2017, with the proceeds reportedly funding Pyongyang’s weapons programmes. It is cyber crime operating at the scale of geopolitics.
The Bigger Picture
Phishing attacks have skyrocketed by 4,151% since the public release of ChatGPT in late 2022. Ransomware impacted 59% of organisations surveyed in Sophos’s State of Ransomware 2024 report. These aren’t fringe threats. They are now a routine feature of operating any organisation online.
What unites every attack on this list is something surprisingly simple: most of them exploited basic failures — an unpatched vulnerability, a reused password, a contractor with too much access and too little oversight. The sophisticated part was the execution. The entry point was almost always mundane.
The next major breach is already being planned somewhere. The question is whether the organisations it targets will be ready this time.
