The 10 Costliest Cyberattacks in the History

Cyberattacks aren’t merely a menace that can be absolved or forgotten like a teenager’s prank anymore. These days, cyberattacks occur more often than ever before, with dire real-world consequences for individuals, companies, and even countries as a whole. A recent survey conducted by the Ponemon Institute among 257 benchmarked organizations showed that the average annual cost in damages from cyberattacks amounted to $7.6 million dollars. Significantly, smaller organizations that are affected suffer a much higher per capita cost than larger corporations. These arguably high figures are from 2014.

Significant as they are, they pale in comparison to the costliest cyberattacks in history. In no particular order, the victims of the most costly cyberattacks ever are:

Heartland Payment Systems

  • Year: March 2008
  • The cost: 134 million card details exposed. $140 million in damages.

An international operation masterminded by a Cuban-American Albert Gonzalez and two unnamed Russian accomplices, millions of credit and debit card details were stolen. The company’s computer network was injected with spyware, taking advantage of a vulnerability through SQL injection. Security researchers and analysts had forewarned retailers about the vulnerability for years and retailers and payment processing companies finally paid heed to warnings after the Heartland Payment Systems attack. The cyberattack also cost the company about $140 million in damages, claims and lost vendors.

Gonzalez is now spending 20 years in prison.

TJX

  • Year: 2006
  • Cost: 94 million credit card details exposed. $250 million in damages.

TJX, a Massachusetts-based retailing company fell victim to a cyberattack. The cybercriminal gang found a way to steal 45 million credit and debit card numbers and used a number of the stolen cards to fund an electronic shopping spree at Wal-Mart. While initial estimates of damages came up to around $25 million, later reports added up the total cost of damages to over $250 million, or a quarter of a billion dollars.

Sony

  • Year: 2011
  • Cost: 77 million accounts compromised. Estimates of $1-$2 billion in damages to Sony.

This made headlines everywhere. The single worst gaming community hack of all time had to make the list of the costliest cyberattacks of all time. 77 million PlayStation Network accounts were hacked, with 12 million of those accounts containing credit card numbers which were unencrypted. Names, passwords, purchase history, credit card numbers, emails and home addresses were compromised. The entire PlayStation Network was bought to its knees and taken offline. Experts say this might conceivably be the costliest cyberattack of all time.

To this day, Sony still hasn’t discovered the source of the attack.

Epsilon

  • Year: 2011
  • Cost: Millions of customer’s information compromised. Estimates ranging from $225 million to $4 billion in damages.

Another event to stake a good claim in being the costliest cyberattack of all time, tech experts have deemed this cyberattack to be the potential source of countless identity theft cases and plenty more phishing scams.

The technology firm based in Texas provides email-handling and marketing services to huge corporations with clients including Best Buy and JP Morgan Chase. The cyberattack resulted in the compromise of millions of email addresses.

At the time, Bruce Schneier, chief security officer at BT (British Telecom) and a prolific author on cybersecurity wrote: “Yes, millions of names and e-mail addresses (and) other customer information might have been stolen. Yes, this personal information could be used to create more personalized and better-targeted phishing attacks. So what? These sorts of breaches happen all the time, and even more personal information is stolen.”

However, other experts have claimed that the losses and damages caused due to the cyberattack is likely to be far more than initial estimates. With a client list of over 2,200 global brands handling over 40 billion emails annually, the potential losses and damages are felt to this day and will do for the foreseeable future.

Citigroup

  • Year: 2001
  • The cost: 200,000 bank accounts compromised, millions of dollars in cyber theft.

One of the world’s foremost banking institutions was under a cyberattack which resulted in the complete compromise of customer names, account numbers, credit card information and contact details.

Titan Rain

  • Year: 2004
  • The cost: Impossible to quantify. Billions of dollars, potentially with far wider consequences.

The year was 2004, when Shawn Carpenter, an employee at the Sandia National Laboratories discovered the hacking of several U.S. and military networks including those of NASA, Redstone Arsenal, Sandia National Laboratories, and Lockheed Martin. Code-named “Titan-Rain” by the FBI, this daring cyberattack with fingers pointed at state-sponsored hacker cells in China. With the theft of military intelligence, classified data and weaponry research, this cyberattack while not quantifiable, could potentially lead to disastrous costs and consequences if it has fallen in the wrong hands.

Hannaford Brothers

  • Year: 2007-08
  • Cost: 4.2 million credit and debit cards compromised, $252 million in damages.

Suffering a 4-month long cyberattack from the winter of 2007 to the spring of 2008, grocery retailer Hannaford Bros incurred damages estimated up to $252 million dollars. During the period of the attack and hack, 4.2 million credit and debit card records and information were compromised. A vulnerability was taken advantage of by a malware installed on the store’s servers. Albert Gonzalez, also notorious for his hack of Heartland Payment Systems (making an entry earlier in this list) was a part of the cybercriminal gang which hacked the grocery store chain.

The Logic Bomb. The original

  • Year: 1982
  • Cost: Billions with geo-political consequences.

With the Cold War very much a daily reality back in 1982, the CIA found a way to blow up a Siberian Gas pipeline without the use of a bomb or a missile. Code-named the ‘logic bomb’, a code was inserted into the network and the computer system in control of the gas pipeline. The code was a Trojan horse which was embedded into equipment purchased by the Soviet Union from a company in Canada.

When the code was eventually deployed, the resulting explosion was the ‘most monumental non-nuclear explosion ever’ and the fire could be seen from space. Since the pipeline traveled through a remote area in Siberia, no casualties were reported.

Conclusion

The Logic Bomb was the first real event which made the world aware of the potential power and control that computers and code wield over entire countries.

The effects and costs of cyberattacks are an ever-present these days and show no signs of abating anytime soon.