Incidents in country:
12 incidents catalogued
A cyberattack on Britain's biggest carmaker forced JLR to shut down its global IT network and halted vehicle production in the UK, China, Slovakia, India, and Brazil for five weeks β now considered the most economically damaging cyber incident in UK history.
Social-engineering of a third-party service desk gave Scattered Spider a domain administrator, which they used to deploy DragonForce ransomware on M&S's VMware ESXi estate at Easter 2025 β knocking out contactless payments, Click & Collect, and online ordering for over six weeks.
Rhysida ransomware operators destroyed servers, demanded ~Β£600,000, and leaked 600 GB of internal data when the British Library refused to pay. The main catalogue did not return online β read-only β until January 2024. Recovery is consuming 40% of the Library's financial reserves.
Cl0p exploited CVE-2023-34362 in Progress Software's MOVEit Transfer to mass-extort over 2,700 organizations, including the BBC, British Airways, and the U.S. Department of Energy.
LockBit affiliates encrypted Royal Mail's international export systems, halting all overseas postal services from the U.K. for six weeks. Royal Mail publicly refused the Β£65.7M ransom demand; LockBit progressively leaked exfiltrated data.
REvil affiliates exploited a SQL injection zero-day in Kaseya's VSA remote-management platform to push ransomware to ~60 MSPs and through them to ~1,500 downstream organisations. The largest supply-chain ransomware attack on record.
REvil/Sodinokibi operators detonated against Travelex on New Year's Eve 2019 after dwelling in the network for six months via an unpatched Pulse Secure VPN. Travelex paid $2.3 million; parent Finablr failed; PwC put Travelex into administration with the loss of over 1,300 jobs.
Magecart operators injected card-skimming JavaScript into British Airways' payment page, stealing card details on 380,000 transactions over 15 days. UK ICO initially proposed a Β£183.4M GDPR fine β later reduced to Β£20M after Covid-impact mitigation arguments.
An unpatched Apache Struts vulnerability let attackers exfiltrate Social Security numbers, dates of birth, addresses, and driver's license numbers for 147 million U.S., U.K., and Canadian consumers.
A destructive wiper disguised as ransomware, propagated via a compromised Ukrainian accounting software update. Estimated $10 billion in global damage β the most economically destructive cyberattack in history.
A North Korean ransomware worm that exploited the EternalBlue SMB vulnerability to spread to ~200,000 systems across 150 countries in 24 hours. Paralysed the U.K.'s NHS and crippled manufacturing globally.
An SQL injection attack β committed primarily by four British teenagers β exposed personal data on roughly 157,000 TalkTalk customers including bank account details. Triggered a record Β£400,000 UK ICO fine.