Incidents from
Ransomware encrypted the All India Institute of Medical Sciences in New Delhi โ India's most prestigious public hospital โ taking patient registration and clinical records offline for two weeks during peak winter patient load.
Russian-speaking attackers exfiltrated full health-claim records on 9.7 million current and former Medibank customers, then released them in tranches on the dark web after the Australian insurer refused to pay.
An unauthenticated API endpoint exposed personal data of 9.8 million current and former Optus customers โ names, dates of birth, passport and driver's licence numbers โ to a single anonymous attacker.
An August 2022 source-code theft from one LastPass developer's laptop chained into a November 2022 compromise of a DevOps engineer's personal computer โ yielding access to backups of customer password vaults. Federal investigators later linked LastPass-stolen vaults to a $150 million crypto heist.
LockBit operators infiltrated parts of German auto-parts giant Continental AG's IT systems in August 2022. Containment was initially declared, but in November the group put 40 terabytes of stolen Continental data on its dark-web leak site, offered for sale or destruction for $50 million.
Iran's Ministry of Intelligence and Security, operating as 'HomeLand Justice', spent 14 months dwelling in Albanian government networks before launching ransomware-style file encryption and disk-wiping malware. Albania suspended online public services and became the first country in history to sever diplomatic ties with another state over a cyberattack.
Conti encrypted 27 Costa Rican government institutions including the Ministry of Finance, paralyzing tax collection and customs for months. President Chaves declared a national emergency โ the first cyber-incident state of emergency in history.
Lazarus operators compromised five of nine Ronin validator nodes and forged withdrawal signatures, draining 173,600 ETH and 25.5 million USDC (~$625M) โ the largest cryptocurrency theft on record at the time.
An attack on Toyota plastics-and-electronics supplier Kojima Industries paralysed one server enough to halt production at all 14 of Toyota's Japanese plants โ about 13,000 vehicles of daily output โ making the case the canonical example of just-in-time manufacturing's cyber-fragility.
One hour before Russia's invasion of Ukraine, Sandworm operators deployed the AcidRain wiper against Viasat KA-SAT satellite modems, bricking ~30,000 European terminals and 5,800 German wind turbines and disabling Ukrainian military command-and-control.