It is difficult to select which have been the biggest cyberattacks and security breaches of the entire year 2021. One of the most striking data has been caused by an old Facebook security breach, for which more than 500 million personal data of Facebook users were leaked online. Although this was known in April 2021, the vulnerability occurred in 2019. The figure is astronomical, but still far from what is considered the largest in history, for now, the so-called Collection. Only in the "first" of its five deliveries more than 700 million were leaked.
Numbers that make other types of gaps seem “smaller” to us, in different ways. There have been many attacks, failures and security breaches that have come to light in recent months, indicating a worrying upward trend in the number of incidents, which is also supported by the main reports. During some of the periods this year, practically a major security incident per week was known. "There goes one more" was heard.
These facts have a double reading. On the one hand, many of them have ended up filling minutes or pages of general media, which certainly has an impact on the visibility of the need and importance of cybersecurity. On the other hand, as little pleases and much tires, there is also the risk of getting used to it, and downplaying it. Just like a data breach of a few hundred users doesn't seem that relevant, compared to the millions of data leaked in other of them.
Far from this, each new incident has to be a shock that drives us to solve it. And it is that the biggest cyberattack or security breach is yet to be known.
Cyber attacks and data breaches in 2021: ransomware and extortion
As for the type of attacks, as in 2019 and 2020, this year the king continues to be ransomware and its different variants, such as double extortion.
Among the most notorious ransomware cases, in our country SEPE stands out above all because of the repercussions it has had in every way.
According to data provided by the Spanish Data Protection Agency, this year 1,647 security breaches have been reported in Spain.
Comparatively, until December 2020, 1,113 security breaches were reported, 534 fewer than in 2021. In other words, so far in 2021, 48% more information breaches have been reported than the previous year.
According to AEPD reports, a total of 1,460 notifications were received in 2019. In 2020, notifications amounted to 1,370.
This year has also seen some of the consequences of not managing personal data correctly, such as the fine imposed on Vodafone
| Month | Security breach notifications | Notifications due to malware / ransomware |
| January 2021 | 88 | 30 |
| February 2021 | 146 | 82 |
| March 2021 | 177 | 83 |
| April 2021 | 158 | 68 |
| May 2021 | 185 | 94 |
| June 2021 | 143 | 55 |
| July 2021 | 126 | fifty* |
| August 2021 | 70 | 22 |
| September 2021 | 150 | 27 |
| October 2021 | 117 | 36 |
| November 2021 | 135 | 54 |
| December 2021 | 142 | 42 |
*As of July there is a change in the way of displaying the data in the report, in the “Means” section. Until June 2021 it is expressed as “Malware (Ransomware and others)”. As of July, this section is expressed as: "Cyber incident: Encrypted device / kidnapping of information".
what the reports say
The different reports that have been published throughout the year do not fail to support the trend that can be seen with the naked eye. Not only certifying the increase in the number of cyberattacks, but also in the increase in the costs that these have for those who suffer them, starting with the economic ransoms requested by cybercrime.
For example, Check Point warns that 40% more weekly cyberattacks on companies are taking place globally during 2021, compared to 2020 data.
Studies point to ransomware as the main headache for companies and users. According to the Sophos State of Ransomware report, 37% of businesses have been affected by this type of malware in 2021.
For its part, Palo Alto Networks states that the average ransom figure is around 4.7 million euros, which implies an increase of 518% compared to what cybercriminals requested in 2020, which was close to 430 thousand euros . And it is that according to IBM data, bailouts have had the highest average cost in 2021 in the last 17 years.
And not only ransomware lives cybercrime. Although they are not as famous, other types of cyber attacks are increasing vertiginously. Without going any further, Kaspersky warns that the number of attacks on IoT devices (Internet of Things) has doubled in a year, and Spain has become the main recipient of spam.
Biggest cyberattacks and data breaches of 2021
Below is a compilation of the main cyberattacks and data breaches that have occurred throughout 2021, the most notable depending on the number of people affected by a data breach or the severity and impact of the cyberattack.
January
Microsoft Exchange (Global). A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered on Microsoft Exchange servers, giving attackers full access to user emails and passwords on the servers. affected, administrator privileges on the server and access to devices connected to the same network.
TikTok (Global). A TikTok vulnerability exposed users' private information.
February
Washington State Auditor's Office (USA). A security incident compromised the personal information of more than 1.6 million people who filed unemployment claims in 2020.
University of Oxford (UK). One of its laboratories dedicated to Covid-19 research has suffered a cyberattack. The affected systems included machines used to prepare biochemical samples.
Professional offices (Spain). Hundreds of Spanish law firms and advisors affected by a ransomware cyberattack
Palace of Congresses of Valencia (Spain). The Valencian city council is once again the victim of a scam, which is added to the four million perpetrated on the EMT in 2019. On this occasion, 21,020.11 euros have been stolen from the Palacio de Congresos due to identity theft.
Florida Water Supply, USA Fortunately, an attacker who tried to poison a Florida city's water supply by remotely altering the sodium hydroxide levels in the water was unsuccessful.
March
SEPE (Spain). The State Public Employment Service was the victim on March 9, 2021 of a ransomware cyberattack that caused the entity to be paralyzed and delayed for a long period of time. Ryuk has been the ransomware behind the attack.
Steel (Global). Tech company is attacked with ransomware; one of the largest bailouts to date (50 million euros) is demanded.
Municipality of Castellón (Spain). A ransomware cyberattack paralyzed the electronic headquarters, the tax portal and the computer system.
April
Facebook (Global). An old Facebook security breach has left 533 million phone numbers and other personal data exposed.
LinkedIn (Global). It takes over from Facebook, with a data breach that supposedly affected 500 million users, although the social network itself denied it.
Castilla-La Mancha University (Spain) . The University of Castilla-La Mancha (UCLM) suffers a ransomware cyberattack.
Phone House (Global). It has suffered a ransomware attack with more than 3 million data affected. Here you can read the statement published by the company.
Apple (Global). The apple company has been affected by a ransomware cyber attack on one of its suppliers, whose ransom amounts to 50 million euros.
Deloitte (Global). Data from the consultant have been put up for sale in a forum on the net.
INE and Ministries (Spain). A series of cyberattacks have brought down the websites of the Ministry of Justice, Education and Economy, and the National Institute of Statistics.
Real Madrid (Spain). A cybercriminal has accessed the computer system, stealing player data, contracts and budgets
May
Glovo (Global). The delivery company has suffered a cyber attack on the database of its customers and delivery men.
Galician companies (Spain). Several Galician companies have been extorted by a ransomware attack.
Colonial Pipeline (USA). The ransomware attack that hit Colonial Pipeline, the operator of America's main oil pipeline, caused real chaos. It is considered the largest computer attack on critical infrastructure, and the gateway could be in a compromised password.
City Council of Oviedo (Spain) . A ransomware cyberattack disables the council's services.
June
Ministry of Labor (Spain). The Ministry suffers another computer attack, three months after the one that affected SEPE, again by the same Ryuk ransomware.
Florida Hospital (USA) UF Health Central Florida is the victim of a ransomware attack that forces them to go back to pen and paper.
Volkswagen (USA and Canada). Data of 3.3 million Volkswagen and Audi users in North America leaked
July
Kaseya (Global). More than 1,500 companies around the world have been affected by the ransomware cyberattack on Kaseya, an American IT software management company that has been the victim of a supply chain attack.
August
Zurich Insurance (Spain). The insurer has suffered the theft of databases from its clients in Spain. The cybercriminals put the data up for sale on the dark web. More than 26,000 customers were affected. This is the official statement issued by the company.
T-Mobile (Global). A cyberattack on T-Mobile affects the data of more than 50 million users. This statement signed by the company's CEO is published a few days later.
September
ANZ (New Zealand). A cyber attack brings down the websites of financial institutions and other entities in New Zealand.
GSS / Canal de Isabel II (Spain). The entity suffers a ransomware cyberattack that leaves its telephone service blocked through the root of its GSS provider, Grupo Covisian.
UN. The entity confirms a cyber attack on parts of its infrastructure.
October
Twitch (Global). The streaming platform was the victim of a leak of confidential information about the company and the income of streamers. More than 100 GB of data was published.
Melia (Global). The hotel group suffered a ransomware cyberattack that affected several hotels.
Gas stations in Iran (Iran) . They were paralyzed after a computer attack that disabled user cards to access fuel
Autonomous University of Barcelona (Spain). A cyberattack leaves the UAB without service, forcing classes to be canceled and compromising 650,000 files.
November
MediaMark and Saturn (Global). The retail chain has suffered a ransomware cyberattack that has affected its stores.
IKEA (Global). The company is affected by a cyber attack due to a phishing attack in which its employees fell.
December
Log4j vulnerability. The zero-day vulnerability in the Apache Log4j logging package has become the biggest cyber threat in recent years, affecting millions of potential victims, and the consequences are expected to last for a long time.
Health Service of the Principality of Asturias (Spain). A ransomware cyber attack on the computer network of the Principality of Asturias has directly affected the computer system of the Central University Hospital of Asturias.
(First published: December 29, 2021. Update: January 28, 2022)