UPDATES

UPDATES

Forum

Forum

Alliances

Alliances

Subscribe
Subscribe
Orange ceramic cup filled with cappuccino on a grey saucer with a silver spoon placed on a wooden table.
Manifesto
Forum
Voices
FAQ
Alliances
Insights
Strategic Inquiry
Reservation
Contact Us
 

INSIGHT DETAIL

Major Cyber Attack & Data Breach Cases That Made Headlines in 2023-2024

In particular, recent trends such as the rise of zero-trust security, AI-powered cyber attacks, social engineering and phishing, and infrastructure security failures clearly demonstrate just how rapidly modern cybersecurity approaches must evolve.

Back to Homepage
Back to Homepage
Thomas Arden

Content Specialist

May 26, 2026

As the digital world expands, risks are quietly growing too. Cyberattacks are no longer merely a technical issue; data breaches, identity theft (digital identity and authentication) and financial losses have become critical factors that directly threaten the sustainability of businesses.

In particular, recent trends such as the rise of zero-trust security, AI-powered cyber attacks, social engineering and phishing, and infrastructure security failures clearly demonstrate just how rapidly modern cybersecurity approaches must evolve.

The large-scale attacks experienced during the 2023–2024 period, however, clearly illustrate one undeniable truth: security is no longer an option, but a strategic imperative that must be at the heart of the system.

(Location and currencies quoted based on original sources. For further details, please refer to the reports published by CISA and ENISA.)

The following incidents are not just isolated cyberattacks. Together, they show how modern attackers combine identity abuse, ransomware, third-party software weaknesses, cloud misconfigurations and social engineering to create large-scale disruption.

Change Healthcare (US healthcare – Feb 2024)

  • Attack: ALPHV/BlackCat ransomware, Citrix Bleed vulnerability + VPN phishing.
  • Impact: Pharmacy and hospital payments halted for days nationwide; UnitedHealth had to pay ≥ $3 Billion in advance to suppliers.

Microsoft Corporate Email Breach (Midnight Blizzard / APT29 – Jan 2024 announced)

  • Attack: Old test tenant compromised with "password spray", obtained a corporate in-email session cookie.
  • Impact: Emails from senior executives, security and legal teams, and some customer emails were leaked; source code access is also in question.

Industrial & Commercial Bank of China – ICBC FS (US bond market – Nov 2023)

  • Attack: LOCKBIT ransomware; open Citrix server.
  • Impact: U.S. Treasury trading halted for hours; 9 TB of data was encrypted and communication with Chinese servers was lost.

MGM Resorts International (Sep 2023)

  • Attack: Scattered Spider social engineering → Okta SSO session cookies compromised → ESXi encryption + ALPHV ransom.
  • Impact: Slot machines, hotel check-in kiosks and reservation system closed for 10 days; a daily blow of $8.4 M to revenue.

Caesars Entertainment (Sep 2023, days before MGM)

  • Attack: Same Scattered Spider group; IT help desk tricked, access via Okta.
  • Impact: ~15 TB of customer PII; It was reported that an amount equivalent to half of $30 M was paid as a ransom.

MOVEit Transfer Mass Violations (impacts extending from May 2023 → 2024)

  • Attack: Progress MOVEit zero-day (SQL inj.) → CLOP mass data extraction, ransom threat.
  • Impact: 2 000+ institutions (BBC, BA, Shell, Ofcom, US federal agencies) and an estimated 70+ M people
  • Lesson: File transfer "niche" software is the new supply chain weak link.

(For detailed analyses, please refer to the IBM X-Force and Mandiant threat intelligence reports.)

3CX DesktopApp Supply-Chain Attack (Mar 2023)

  • Attack: Lazarus (N. Korea) added a trojan to its signature update package.
  • Impact: 230k customers' switchboard systems; The attacker's main goal was to sideways bounce to several crypto exchanges.

Storm-0558 OAUTH/Outlook Token Siege (May – Jun 2023)

  • Attack: Chinese APT generated Outlook Web Access tokens by stealing the Microsoft signing key.
  • Impact: Email leak from 25 organizations, including the U.S. Departments of State and Commerce.

Okta Support System Breach (Oct 2023)

  • Attack: Customer session tokens were copied → malicious .har file uploaded to the support portal.
  • Impact: Customers such as 1Password, Cloudflare, BeyondTrust were subjected to targeted attacks.

Barracuda ESG Zero-Day (May 2023)

  • Attack: Chinese UNC4841 0-day email security gateway; root access + data exfil.
  • Impact: Logs and mailboxes from 11,000 devices; Barracuda told customers to "completely replace the hardware."

T-Mobile (January 2023)

  • Attack: API access error; 37 M rows of customer data.
  • Impact: The company was in the spotlight with $350 M lawsuit settlements in the third major breach after 2021 and 2022.

Latitude Financial (Australia – Mar 2023)

  • Hack: Access to CRM with stolen employee credentials → 14M customer PII, 7.9M driver's license.
  • Impact: A$76 M direct expense + class action repression.

Royal Mail UK (Jan 2023)

  • Attack: LOCKBIT ransom; The despatch printer spread from ICS devices.
  • Impact: International shipments suspended for 3 weeks; 8 M £ direct lost, 100,00

Crypto / DeFi – Multichain Bridge Hack (Jul 2023)

  • Attack: Admin wallet private-key compromised.
  • Impact: $125M tokens withdrawn from bridge networks; The protocol has actually collapsed.

Examples of Large Ransom Waves outside of MOVEit (2023 Q1-Q4)

Dole Foods (food), PharMerica (pharmacy), Norwegian Government (Ivanti VPN 0-day), Clorox (cleaning ur.) → Avg. recovery time 3-4 weeks.

(Based on industry analyses such as the CrowdStrike Global Threat Report and related incident intelligence sources.)

COMMON TRENDS OBSERVED

Common Trends Observed Across Major Cyberattacks

  • Identity has become the new security perimeter.
    Microsoft, Okta, MGM and Caesars cases show that attackers increasingly focus on passwords, session cookies, SSO systems, help desks and authentication flows.
  • Supply chain risk is now a board-level security issue.
    MOVEit, 3CX and Barracuda incidents show how one vulnerable software component or update mechanism can affect thousands of organizations at once.
  • Ransomware has evolved into business disruption.
    Change Healthcare, ICBC, MGM, Royal Mail and Clorox demonstrate that ransomware is no longer only about encrypted files. It can stop payments, logistics, trading operations and customer-facing systems.
  • Social engineering remains one of the most effective attack methods.
    The MGM and Caesars cases show how attackers can bypass technical defenses by manipulating people, support teams or identity recovery processes.
  • Cloud and infrastructure security failures are becoming more visible.
    Open servers, exposed APIs, weak VPN access and misconfigured systems continue to create entry points for attackers.
  • Web3 and DeFi risks create faster financial impact.
    In traditional breaches, stolen data may be monetized later. In DeFi incidents such as the Multichain Bridge hack, compromised keys or protocol weaknesses can lead to immediate and irreversible asset loss.
  • Detection is still too slow.
    Many organizations discover breaches days or weeks after the first compromise. In some supply chain cases, affected institutions may only realize the impact months later.

The Rise of Zero Trust Security and Data Breach Risks in a Hyper-Connected World

The 2023–2024 attack wave shows why traditional perimeter-based security is no longer enough. Attackers are not only trying to break into networks; they are trying to log in with stolen credentials, hijack sessions, abuse trusted software and move through connected systems.

This is where zero-trust security becomes critical. Instead of assuming that users, devices or applications are trustworthy by default, zero trust requires continuous verification, least-privilege access, strong authentication and tighter monitoring across the entire environment.

For organizations, this means strengthening identity security, reducing attack surfaces, improving third-party risk management and testing incident response plans before a real breach occurs.

Disclaimer

This content has been prepared solely for general information and cybersecurity awareness purposes. The examples of attacks, security trends, technical assessments and risk analyses contained herein do not constitute technical, legal, financial or professional advice. Cyber threats, data breaches, zero-trust security approaches, AI-powered cyber attacks, social engineering, phishing, infrastructure security risks and Web3/DeFi security threats may change over time. Therefore, it is recommended that organisations and individuals seek professional expert support for critical systems, digital assets and security processes. No information contained herein provides an absolute guarantee of security and does not relieve users of their responsibility to implement their own security measures.