• 01525 331060
cyberattack

10 Recent Cyber Attacks on SMEs and The Consequences

2nd July 2024
Cyber attacks against SMEs are real, and they’re becoming more common and more damaging due to the advancement of AI technology. Below, we’ve listed 10 recent cyber attacks on SMEs which in some cases such as the Brillies attack in 2021, the devastation the attack caused, meant the business had to close.

1. Brillies (2021)

Uli, the passionate owner of Brillies, a thriving online vintage sunglasses retailer, experienced a business nightmare in June 2021. Brillies had been enjoying remarkable success, with sales hitting six figures monthly and features in major fashion magazines. However, one morning, Uli noticed something strange—there were no sales overnight. This was unusual as she typically woke up to hundreds of orders. Panic set in as hours passed with no change. Uli soon discovered that Brillies was under a Distributed Denial of Service (DDoS) attack. An army of zombie computers, or bots, was flooding her website with traffic, overwhelming the servers and rendering the site inaccessible. Despite having cyber insurance, Uli’s provider informed her that she would have to wait out the attack. Days turned into weeks, and the attacks continued relentlessly. Sales plummeted, and despite attempts to recreate the website under a new URL, the attacks followed. Devastated and unable to sustain the losses, Uli closed Brillies in early 2022, never discovering who was behind the attack or why her small business was targeted (Marketplace, 2023).

2. ICMR (Indian Council of Medical Research) (October 2023)

In October 2023, the Indian Council of Medical Research (ICMR) faced a massive data breach that affected the personal information of 815 million Indian residents. The data, exfiltrated from the ICMR’s Covid-testing database, included names, ages, genders, addresses, passport numbers, and Aadhaar numbers. This sensitive information was then offered for sale on the dark web. The breach not only compromised the privacy of millions but also raised significant concerns about identity theft and the misuse of personal data. The incident highlighted the vulnerabilities in handling and securing large volumes of sensitive health data (IT Governance, 2023).

3. 23andMe (October 2023)

In October 2023, 23andMe, a consumer genetics and research company, fell victim to credential stuffing attacks. Initially, one million data packs of Ashkenazi Jews were leaked on a hacking forum, followed by an additional 4.1 million genetic data profiles of UK and German residents. The attackers claimed to have possession of 20 million data records, suggesting further leaks were likely. This breach exposed sensitive genetic information, raising serious privacy concerns and potential risks for those affected. The incident underscored the importance of robust authentication measures to protect personal data (IT Governance, 2023).

double helix picture

4. Redcliffe Labs (October 2023)

Redcliffe Labs, a medical diagnostic company in India, discovered a significant data breach in October 2023. A security researcher found a non-password-protected database containing 12.3 million medical records. Although the company quickly restricted public access upon notification, the exposure of such a vast amount of sensitive medical data posed severe privacy risks. The breach highlighted the critical need for stringent data protection measures in handling medical records and the potential consequences of inadequate security practices (IT Governance, 2023).

5. MOVEit Transfer Breach (2023)

In 2023, the MOVEit Transfer software, widely used by healthcare organizations, was breached, affecting the personal health information of approximately 3.4 million individuals. The breach primarily impacted those seeking pregnancy care and newborns born in Ontario between January 2010 and May 2023. The incident underscored the vulnerabilities in supply chain security and the far-reaching impact of such breaches on sensitive health information. The consequences included significant data exposure and potential regulatory scrutiny (IT Governance, 2023).

6. Ferrari (2023)

Ferrari, the luxury car manufacturer, reported a data breach in 2023 that compromised the personal details of its customers, including emails, addresses, and phone numbers. This breach exposed sensitive customer information, raising concerns about phishing attacks and privacy violations. For a brand that prides itself on exclusivity and customer trust, the breach was a significant blow to its reputation and highlighted the necessity of robust cybersecurity measures to protect customer data (Packetlabs, 2023).

red car

7. Indigo (2023)

In 2023, Indigo, Canada’s largest book retailer, suffered a ransomware attack that forced the company to shut down its website for nearly a week. The attack resulted in significant financial losses and disrupted online sales. Despite efforts to restore services, the incident underscored the vulnerabilities in the retail sector to ransomware attacks and the importance of having comprehensive recovery plans in place. The attack also highlighted the financial and operational impacts such breaches can have on businesses (Packetlabs, 2023).

8. Minneapolis Public Schools (2023)

Minneapolis Public Schools experienced a ransomware attack in 2023 that led to the leakage of sensitive employee and student data, including payroll information, personal health information, union grievances, and misconduct complaints. The attack not only disrupted the school district’s operations but also exposed the personal information of numerous individuals, leading to potential identity theft and privacy violations. The incident emphasized the critical need for robust cybersecurity measures in educational institutions (Packetlabs, 2023).

9. SHEIN (2022)

In 2022, the globally popular clothing brand SHEIN faced a significant data breach affecting 39 million customers. The breach resulted in a $1.9 million fine and exposed sensitive customer information, including names, home and email addresses, and credit card information. This incident highlighted the risks associated with handling large volumes of customer data and the importance of stringent data protection measures to maintain customer trust and comply with regulatory requirements (Packetlabs, 2023).

coat hangers

10. Optus (2022)

Optus, a major telecommunications company, suffered a data breach in 2022 that impacted 11 million individuals, exposing personal and medical data. The breach raised significant concerns about identity theft and the misuse of sensitive information. The incident underscored the vulnerabilities in the telecommunications sector and the need for robust cybersecurity practices to protect customer data from such breaches (Packetlabs, 2023).

Conclusion

These stories of cyberattacks on businesses highlight the critical need for robust cybersecurity measures. The consequences of such attacks are far-reaching, including financial loss, reputational damage, legal ramifications, and operational disruptions. businesses must prioritize cybersecurity to protect their assets, ensure business continuity, and maintain customer trust in an increasingly digital world.

Cyber Security Services Leighton Buzzard

Looking for a business cyber security specialist in Leighton Buzzard? Then contact JamCrackers, one of Bedfordshire’s leading business IT support companies specialising in providing effective and proactive cyber security solutions.

 

Contact Us
5 IT Innovations Used In Construction