Top 10 worst cyberattacks of the past decade

Back to Blog

It’s no secret that cybercrime is on the increase, with 55% of UK businesses reporting a cyberattack in 2019, up 15% on the previous year. We can all name a company that has been hit by a cyberattack, yet the majority of security breaches don’t make the headlines.

Therefore, as we approach the end of the 2010s, and to mark National Cyber Security Month, we have collated some of the most notorious cyberattacks of the past 10 years. Let’s take a look.


TalkTalk suffered a severe data breach in 2015 that affected 4% of all TalkTalk customers. 157,000 customers’ personal data was compromised along with the sort codes and account numbers of 15,000 customers.

A Google search showed the personal data of 4500 customers available online, unknown to the affected customers at the time. The attack cost the company £42 million and a further £400,000 fine was issued by the ICO as they failed to have a secure system in place to avoid such a breach.

British Airways

In 2018, British Airways suffered a significant data breach affecting customers using its website and mobile app due to “poor security arrangements.” By being diverted to a false website, 500,000 customer details were harvested by hackers, affecting approximately 380,000 transactions.

Card details were compromised but according to the airline, travel information and passport details were not breached. This resulted in a record fine of £183 million issued by the ICO following the inception of the new GDPR policy.

Three Mobile

Three Mobile, a network responsible for 37% of all the UK’s mobile phone data, revealed it had a major breach in 2016 that put millions of its customers at risk. Hackers accessed Three's customer upgrade database by using an employee login, and then upgraded the customer to a new phone which they planned on intercepting, possibly to sell on.

Three said that the data accessed did not include any financial information but did say that names, phone numbers, addresses and dates of birth of approximately 6 million customers were obtained. As a result, the attack cost Three Mobile £60 million.

Dixons Carphone

Card details and personal information of approximately 10 million customers were stolen in the 2017 breach, including email addresses, names and addresses. 5.9 million customers’ card details had been hacked; however, these were protected by chip and pin.

The company that owns Currys PC World and Carphone Warehouse closed off the unauthorised access, added new security measures and advised all customers of steps to take to protect themselves following the breach.


In 2018, Google found a vulnerability in an API for the company’s social network Google+, which allowed third party app developers to access personal user data for six days. As a result, a decision was made to shut down Google+ for good in April 2019 after the update left 52.5 million users’ personal information vulnerable. Alongside this, the internal audit found that a bug in Google+ had been exposing 500,000 users’ data for around 3 years. Maybe Google+ should have been shut down sooner.


In 2017, the NotPetya ransomware attack caused billions of dollars in damage across Europe, Asia, and the Americas. NotPetya (initially believed to be a form of Petya ransomware, hence its name) was a fast-growing form of computer virus that threatened to delete the target's files unless they paid a Bitcoin ransom.

Businesses with strong trade links with Ukraine, such as Reckitt Benckiser, were affected. The attack is estimated to have cost companies more than £850 million.

Sony PlayStation

Sony suffered a massive blow to its PlayStation Network in 2011 after it was hacked via DDoS attacks affecting 77 million users. Sony couldn’t rule out the possibility that credit card data wasn’t taken, but could confirm that people's names, addresses, email addresses, dates of birth, username, password and security questions were taken.

The network was down for a week and after apologising and reimbursing customers with free games, subscriptions and anti-fraud protection, Sony was left with a loss of £171 million.


The WannaCry ransomware attack in 2017 affected 200,000 computers across 150 countries, demanding ransom payments of Bitcoin cryptocurrency and targeting organisations running the Microsoft Windows operating system including the NHS, Telefonica and FedEx.

The NHS were criticised for using an old version of Windows XP leaving it vulnerable to attack; it is estimated that WannaCry caused $4 billion (£3.2bn) in damages, with the cost to the NHS totalling £92 million as 19,000 appointments had to be cancelled as a result of the I.T. clean up.


As many as half a billion Marriott customers had their personal data compromised as an “unauthorised party had copied the encrypted information,” including gender, dates of birth, addresses, telephone numbers and passport numbers in the breach that spanned 4 years from 2014 to 2018.

Marriott’s statement said that some records included encrypted card information, but Marriott could not rule out the possibility that the encryption keys had been stolen.


It was discovered in 2016, three years later, that in 2013 Yahoo had the largest data breach in history where 1 billion users’ data was stolen. Combine that with the cyberattack in 2014, the attacks on Internet giant Yahoo compromised personal details of over 3 billion users. This didn’t include passwords, payment card or bank account data, but the result of the breach was that the company was sold to Verizon in 2017 for $4.5bn, $3 million less than it had previously been valued.

That is our pick of the top ten worst cyberattacks to affect the UK over the past decade.

The giant companies and organisations affected by these breaches have taken extra steps to ensure a similar incident doesn’t happen again by tightening their security measures. However, these examples prove that breaches can happen to all businesses.

It’s not a question of if, more when, therefore all businesses need to make cybersecurity a priority to avoid costly consequences. With the constantly changing cybersecurity landscape, new developments in technology and I.T., what does the future hold for 2020?

To find out how Claritas can help protect your organisation from cyberattack, please visit our website or email

With cybersecurity constantly changing and evolving, keep up with all the latest updates by connecting with us on social media.