The cyber menace panorama in Europe continues to evolve, with cyber assaults focusing on a number of establishments throughout the EU. The worrying facet is that many breaches additionally go unreported, as European companies typically don’t report an incident for concern of their popularity being tarnished and as an alternative choose to handle the fallout internally.
With the GDPR (Normal Knowledge Safety Regulation) handing out report quantities of fines, it’s as much as European companies to rapidly assess their cybersecurity capabilities and implement insurance policies and protections sufficient sufficient to satisfy worldwide knowledge safety requirements.
It’s essential for companies to study from as many incidents as attainable to collectively enhance their knowledge safety and knowledge privateness practices, in addition to acquire perception on how you can forestall knowledge theft. This text will embrace an inventory of the most important knowledge breaches in Europe thus far, how companies have been affected, and the way they might have prevented the problems.
High 20 Largest Knowledge Breaches in Europe
Here’s a record of the highest knowledge breaches to happen in Europe:
1. British Airways
Date: June 2018 – September 2018
Affect: 380,000 to 500,000 prospects
The ICO (Info Commissioner’s Workplace), an equal of Europe’s DPC and the physique that upholds knowledge privateness legal guidelines within the UK, confirmed the assault after noticing the airways’ web site was diverted to a false hackers’ website.
In accordance with knowledge safety consultants, a provide chain assault on third-party cost companies on the British Airways’ web site was used by way of a malicious JavaScript code injection that siphoned cost knowledge to unknown attackers. This methodology has been confirmed judging by how the compromised knowledge included CVV codes that, in line with PCI-DSS requirements, weren’t saved however processed when funds have been made, which rendered database entry unlikely.
The ICO issued a £183 million advantageous, the most important advantageous levied as of 2018, however in October 2020, British Airways ended up paying a considerably decrease sum of merely £20 million ($26 million) for failing to guard the private data and monetary knowledge of consumers and affected knowledge topics.
2. European Central Financial institution
Date: July 2014
The ECB would later undergo a malware assault in 2018, wherein contact data for 500 subscribers was stolen because the Banks’ Built-in Reporting Dictionary (BIRD) was hacked.
3. PrivatBank
Date: July 2014
Affect: 40 million data
In July 2014, Ukraine’s PrivatBank was hacked by a pro-Russian hacker group, CyberBerkut, that stole and revealed buyer knowledge (together with banking data, passport data, and private knowledge), then posted the stolen content material on the Russian social media platform VKontakte. The safety breach uncovered over 40 million data of the financial institution’s prospects.
The hacker group warned the financial institution’s prospects emigrate their transactions to state-owned banks. Allegedly, the motives of the cyber assault have been state-sponsored, because the assault was prompted after PrivatBank’s co-owner, Igor Kolomoisky, positioned a $10,000 bounty on Russian saboteurs in Ukraine. The hacker group appears to have sought retaliation for the order.
Nonetheless, in the long run, no pro-Russian connections have been discovered. Native cybersecurity consultants declare that the cyber assault methodology was deemed unsophisticated by Russian requirements.
4. Latvian State Income Service
Date: February 2010
Affect: 7.5 million monetary knowledge and tax data of state workers
In February 2010, an unknown hacker leaked confidential data from the Latvian State Income Service. Roughly 7.5 million tax data, monetary data, and salaries of state workers have been leaked periodically to Twitter and a Latvian TV station.
The perpetrator was found to be Ilmars Poikans, aka”‘Neo,” part of the “Fourth Awakening People’s Army” hacker group, who was arrested and sentenced in 2015. The hacker’s motive was to show the excessive salaries of state workers in a one-man whistleblowing operation throughout a interval when Latvia had excessive unemployment and poverty charges.
Moreover cost particulars of financial institution managers and expensive bailouts, no different confidential data was leaked. This propelled the Latvian IT researcher right into a “Robin Hood” cult standing degree of recognition.
In the end, the Latvian Supreme Court docket pardoned Poikans in December 2017, and a while afterward, he was sentenced to 100 hours of group service.
5. Warsaw Inventory Alternate
Date: October 2014
Affect: 30,000 units of investor login credentials
In October 2014, a suspected ISIS hacker group hacked the networks of the Warsaw Inventory Alternate and rendered their web site unavailable for 2 hours.
Furthermore, the group additionally stole server IP addresses and infrastructure maps of WSN (wi-fi sensor networks), which confirms that they efficiently gained unauthorized entry. The trade’s officers, although, claimed that the buying and selling system was not compromised.
First believed to be affiliated with ISIS mercenaries, the hacker group posted a word on the inventory trade’s web site stating that the cyber assault was a retaliation for Poland’s involvement in bombing the Islamic State areas in Iraq and Syria.
Nonetheless, NATO officers claimed that the group was really associated to APT 28, a Russia-backed group of cybersecurity consultants allegedly related to the GRU.
There isn’t any data as to how the hacker group accessed the inventory trade’s networks. The one recognized truth is that they exploited a vulnerability within the trade’s internet portal that served as a prototype for a brand new buying and selling platform. On the identical time, additionally they infiltrated the inventory trade’s public funding simulator.
6. Well being Service Government of Eire
Date: Could 2021
Affect: 520 sufferers and HSE employees, stolen confidential company knowledge, a whole shutdown of HSE native and nationwide networks
On Could 14, 2021, one among Eire’s largest medical techniques, the Well being Service Government (HSE), suffered a serious ransomware assault, the most important recognized safety incident towards an Irish state company system thus far. The assault disrupted the IT techniques of a number of Irish hospitals and encrypted their database, forcing them to return to utilizing paper-based data.
The hacker group that launched this cyber assault was recognized to be the Russian-based “Wizard Spider” hacker group, which demanded €16.5 million to decrypt the information and never expose the information to the general public. In accordance with the Nationwide Cyber Safety Centre, the perpetrators used the penetration testing instrument Cobalt Strike to contaminate the HSE’s techniques and a quick and complicated ransomware sort generally known as Conti to encrypt an unknown quantity of information and medical data.
The Irish authorities warned that the stolen medical data could be offered to different criminals to defraud and blackmail the sufferers. A wide range of knowledge was stolen, together with:
Private dataMedical recordsHSE company and administrative dataCommercial knowledge
Cybersecurity consultants remarked that the HSE’s IT infrastructure was dangerously outdated, with 80,000 of the units related to the HSE’s central servers nonetheless working on Home windows XP. Moreover, a evaluate of the healthcare system discovered that the system was extraordinarily fragmented, with dozens of well being boards, hospital teams, and group organizations working on a number of techniques.
By the top of September, 5 months after the incident was found, a minimum of 95% of the HSE’s techniques have been efficiently decrypted and restored. The Chief Government of the HSE, Paul Reid, estimated that the price of the cyber assault would exceed €600 million.
7. COSMOTE Cell Telecommunications
Date: September 2020
Affect: 4.8 million prospects, 48 GB of information stolen
Greece’s largest cell operator, Cosmote Cell Telecommunications, suffered a social engineering assault in September 2020 wherein prospects’ private knowledge was uncovered.
Upon additional investigations, it was revealed that the agency had been illegally processing buyer knowledge in line with GDPR necessities. The compromised knowledge wasn’t totally encrypted, which enabled hackers to determine prospects from the stolen knowledge. Moreover, COSMOTE did not notify the affected subscribers of the information breach as required by the GDPR.
In whole, the positional knowledge and private particulars of subscribers, together with listing knowledge from nearly 7 million customers from different suppliers that communicated with COSMOTE subscribers, have been uncovered.
In the end, The HDPA (Hellenic Knowledge Safety Authority) fined COSMOTE Cell Telecommunications €6 million for a number of violations. Moreover, the OTE group, COSMOTE’s mother or father firm, was additionally fined €3.25 million for incomplete safety measures and failing to implement the required cybersecurity infrastructure to stop knowledge safety breaches, as reported by Greek media.
8. Bulgarian Nationwide Income Company
Date: July 2019
Affect: 5 million citizen data, 21 GB of information
In August 2019, the Bulgarian NRA (Nationwide Income Company) suffered an information breach involving the delicate data of roughly 5 million residents, Bulgaria’s greatest private knowledge breach thus far. It was suspected that hackers used a SQL injection assault to infiltrate techniques. The information that was leaked included:
Wage and income recordsNational identification numbersTax paymentsSocial safety informationPersonal debt informationHealth and pension paymentsUser data from on-line playing web sites
The Bulgarian DPA (Knowledge Safety Authority), Bulgaria’s major knowledge safety authority, issued the NRA a €2.6 million advantageous (5.1 million Bulgarian leva) for failing to take the required steps and measures to guard private knowledge and failing to conduct a correct threat evaluation of their knowledge processing operations. Moreover, a part of the 11 GB of stolen delicate knowledge was leaked on numerous media platforms in Bulgaria.
The investigation additionally revealed that Bulgarian officers didn’t take the incident significantly and did not take adequate motion to restrict the assault. Moreover, the World Discussion board on Transparency and Alternate of Info for Tax Functions stopped exchanging data with Bulgaria, which included nations like Switzerland, Germany, Singapore, and extra.
9. Dutch authorities
Date: March 2020
Affect: 6.9 million data of registered organ donors
Unknown thieves stole two exhausting drives from the vault storage of the Dutch authorities that contained the private knowledge of roughly 6.9 million registered organ donors, nearly half of the inhabitants of the Netherlands.
In accordance with officers from the Dutch Ministry of Well being, the drives included digital copies of the donors’ ID numbers, names, gender, signatures, and speak to particulars from the Dutch Donor Register between February 1998 and June 2010.
Dutch authorities state that the 2 discs went lacking when employees started to purge outdated paper kinds and take away digital data, which have been final utilized in 2016. The authorities reassure that it’s unlikely that the information might be used for fraud, as there are not any copies of full IDs, and no proof of exploits surfaced on the darkish internet or on-line boards.
10. Kingfisher Insurance coverage
Date: October 2022
UK’s Kingfisher Insurance coverage states that their IT techniques have been penetrated by the notorious ransomware cartel LockBit, with Kingfisher promptly shutting the servers down after figuring out the cyber incident. The cybercriminals said that that they had efficiently obtained 1.4 TB of firm knowledge, together with buyer knowledge and worker particulars.
Afterward, Kingfisher’s IT employees rapidly blocked exterior entry and shut down servers after the cyber assault. A Kingfisher spokesperson additionally made a press release that safety measures had already been put in place and have been in a position to mitigate any vital affect from the incident.
11. Scottish Environmental Safety Company (SEPA)
Date: December 2020
Affect: 1.2 GB of information (over 4000 information)
At precisely 00:01 on Christmas Eve, 2020, SEPA (Scottish Environmental Safety Company) suffered a ransomware assault by the Conti ransomware group, shutting off techniques, impacting inner controls, and demanding a ransom to unlock the techniques.
The information that have been stolen included:
Enterprise data (website permits, authorizations, enforcement notices, company plans)Procurement informationProject informationStaff and worker data
On January 22, the group revealed roughly 4,000 knowledge information on the darkish internet free of charge after the company refused to pay the ransom. Senior management from SEPA acknowledged {that a} full restoration would take vital time, cash, and sources to attain. In response, SEPA rebuilt its IT system structure from the bottom up, accelerating beforehand already-in-place plans to reform its IT techniques.
12. Norfund
Date: March 2020
Affect: $10 million misplaced
Norfund states that the hackers manipulated communications, impersonated licensed employees to make funds, and falsified confidential data, paperwork, and cost particulars between a borrowing establishment and the funding fund.
The hackers cunningly mimicked their use of language with out inflicting suspicion between events and efficiently intercepted the $10 million mortgage deliberate for a Cambodian microfinance establishment. The cash was despatched to a Mexican checking account with the identical identify because the Cambodian establishment.
Norfund teamed with PwC, native authorities, and the Norway Ministry of Overseas affairs to determine the criminals and recuperate the cash. Nonetheless, it’s unclear if the cash was recovered.
13. Loqbox
Date: February 2020
Affect: Unspecified quantity of buyer monetary knowledge
UK credit score rating builder and monetary establishment Loqbox was the sufferer of a “complex and sophisticated” knowledge breach on February 20, 2020. Though the supply and methodology of the breach have been unspecified, Loqbox was criticized for delaying notifications to affected prospects for over per week after discovering the incident.
The compromised knowledge included:
NamesAddressesUser account detailsDates of birthEmailsPhone numbersIncomplete checking account numbersPayment card dates
LoqBox said that the shoppers’ funds are safe and unaffected, however there’s an opportunity that the primary six and final 4 bank card digits might also be compromised and utilized in phishing scams. Though Loqbox acknowledged the assault and offered sources for buyer safety, additionally they stated there can be no compensation offered for misplaced knowledge.
14. Travelex
Date: December 2019
Affect: 5 GB of buyer knowledge, $2.3 million ransom
London-based international trade firm big, Travelex, was a goal of a Sodinokibi ransomware assault, with perpetrators demanding $6 million to revive their techniques again on-line.
In accordance with experiences, the cyber attackers used an unpatched VPN exploit to entry Travelex’s techniques, steal 5 GB of buyer knowledge, and execute a ransomware assault by disrupting operations. The hackers additionally threatened to publish the compromised buyer knowledge if their calls for weren’t met inside two days.
The assault affected the agency’s trade companies that branched between main banks, like Barclays and Lloyds, who used Travelex’s companies. In whole, Travelex techniques have been down for almost two weeks and skilled enterprise disruptions for greater than a month after the incident.
It was reported that Travelex finally caved to calls for and paid the Sodinokibi prison group $2.3 million in Bitcoin to recuperate their knowledge. Nonetheless, simply seven months later, Travelex introduced they needed to lay off 1309 workers because of the assault.
15. Cayman Nationwide Financial institution (Isle of Man)
Date: November 2019
Affect: 2 TB of information
The Cayman Nationwide Company introduced that the information theft was contained throughout the Isle of Man department and didn’t have an effect on the principle Cayman Nationwide Financial institution operations or techniques.
The group Phineas Fisher launched a manifesto shortly after, saying they “robbed a bank to give the money away” and even supplied a $100,000 reward to different hackers to comply with swimsuit and steal high-profile company paperwork. It’s unclear if Cayman Nationwide Financial institution prospects have been affected by the information breach.
16. Binance
Date: October 2022
Affect: $570 million stolen
Binance, the world’s greatest cryptocurrency trade Binance suffered a $570 million token theft in a sequence of assaults focusing on blockchain vulnerabilities. The vulnerability allowed hackers to forge transactions and create 2 million pretend BNB tokens on the community, valued at $570 million.
Nonetheless, Binance was in a position to rapidly comprise the scenario and notified the community validators to droop operations. Nonetheless, roughly $100 million of funds remained unrecovered. Current Binance prospects have been largely unaffected as a result of the tokens have been falsely generated somewhat than stolen from accounts. However, the hack represented rising uncertainty within the security of the cryptocurrency world.
17. Wonga
Date: April 2017
Affect: 245,000 customers
Wonga, a payday mortgage agency based mostly within the UK, suffered an information leak that affected as much as 245,000 prospects. The uncovered person knowledge included names, addresses, checking account numbers, the final 4 digits of cost card numbers, and kind codes. On high of that, a further 25,000 customers from Poland have been additionally affected.
Though Wonga didn’t launch the strategy of assault and the way the breach occurred, they don’t consider accounts have been compromised. Probably affected prospects have been suggested to alter the passwords on their accounts.
18. Evercore
Date: December 2018
Affect: 160,000 knowledge objects
An Evercore consultant said that there was no proof that the information was publicly discovered or misused, claiming that the perpetrator probably sought to realize entry to the administrator’s deal with e book for additional phishing makes an attempt.
19. Tesco
Date: November 2016
Affect: 40,000 financial institution accounts compromised, £2.26 million stolen from 9000 financial institution accounts
In November 2016, UK-based retail financial institution Tesco suffered a card knowledge theft after thieves exploited vulnerabilities of their card issuing process, permitting them to simply guess card numbers. The unknown criminals managed to extract £2.26 million from roughly 9,000 prospects, roughly making up 6% of the financial institution’s buyer base.
In accordance with cybersecurity consultants, the attackers utilized an algorithm to generate attainable mixtures to match Tesco’s starting figuring out numbers, exploiting Tesco’s sequential card quantity deficiency. Moreover, the financial institution was discovered to produce other catastrophic safety flaws, corresponding to its debit card design and defective authorization system.
For failing to satisfy safety requirements and deficiency of their financial institution card coverage, the UK’s Monetary Conduct Authority (FCA) fined Tesco £33 million. As a result of Tesco cooperated with the FCA, the penalty was later diminished to £16.4 million. Tesco additionally reimbursed any affected prospects and compensated them for the inconvenience whereas additionally promising to implement enhanced safety measures.
20. Japanese European banks
Date: December 2018
Affect: Tens of thousands and thousands of {dollars} in stolen funds
A number of Japanese European banks have been the goal of a sequence of surprising cyber assaults that concerned related digital units that have been discovered contained in the banks. Hackers associated to the DarkVishnya financial institution heist focused a minimum of eight banks to steal tens of thousands and thousands of {dollars}.
The hacker group bodily accessed premises to attach USBs, laptops, and different digital units to scan the financial institution’s native community. They then discovered entry to public shared folders and internet servers and logged themselves into the banks’ techniques, finally infecting the system with malware.
Allegedly, the group had disguised themselves as potential workers looking for a place to realize entry to the financial institution’s bodily premises the place techniques are current. As soon as they accessed the financial institution’s infrastructure, the attackers might provoke withdrawals utilizing international ATMs related to the financial institution’s cost processor. In addition they used stolen credentials to quickly bypass threat scores and overdraft limits to concurrently make money withdrawals.
The precise variety of the whole damages, stolen knowledge, and stolen cash are unknown, however the assaults might have transferred funds and triggered estimated damages of as much as tens of thousands and thousands in US {dollars}.
