January
Loan Depot
At the beginning of the year, mortgage and loan giant LoanDepot revealed that it had fallen victim to a cyberattack involving the “encryption of data,” commonly known as ransomware. The breach left customers unable to access their account details or make payments, prompting the Florida-based company to shut down certain systems. In the weeks that followed, Loan Depot disclosed that the personal information of over 16 million individuals had been compromised.
Fulton County, Georgia
Also in January, the infamous LockBit ransomware group took responsibility for a cyberattack on Fulton County, Georgia, home to over a million residents and the state’s largest county. The attack caused widespread disruptions, including outages that affected phone services, court operations, and the tax system. The group released large volumes of data from the county, including "confidential documents," but later removed these files from its dark web site, suggesting that a ransom payment may have been made. While LockBit claimed that Fulton County had paid the ransom, security experts believe the hackers lost most of the stolen data when U.S. and U.K. authorities seized their servers the following month.
Southern Water
At the start of the year, U.K. utility provider Southern Water reported that it was looking into a potential data theft incident. Several weeks later, the company confirmed that ransomware attackers had compromised the personal information of over 470,000 customers. The Black Basta ransomware group, a gang with ties to Russia, claimed responsibility for the attack. This group had previously taken credit for a 2023 hack on U.K. outsourcing giant Capita. Southern Water provides essential water and wastewater services to millions across the southeast of England.
February
Change Healthcare
In February, one of the year's most significant data breaches occurred, marking the largest-ever breach of U.S. health and medical data. Change Healthcare, a health tech company owned by UnitedHealth, fell victim to the ALPHV ransomware group, which claimed to have stolen "millions" of Americans' sensitive health and patient data. Reports indicate that Change Healthcare paid $22 million to ALPHV before the gang disappeared in March. However, the ALPHV contractor responsible for the attack later demanded a second ransom payment from the company.
UnitedHealth conceded in April that the hack led to a data breach affecting a “substantial proportion of people in America.” It wasn’t until October that UnitedHealth confirmed that at least 100 million people were affected by the data breach, which included sensitive data including medical records and health information, though the precise number of affected individuals is expected to be far higher.
March
Omni Hotels
In late March, Omni Hotels & Resorts took its systems offline after discovering hackers on its network, resulting in significant disruptions across its properties, including issues with phones and Wi-Fi. By April, the hotel chain confirmed that cybercriminals had stolen personal data from its customers during the March ransomware attack, which was attributed to the notorious Daixin gang. Reports indicated that the group claimed to have stolen 3.5 million customer records from Omni.
June
Evolve Bank
In June, Evolve Bank, a prominent U.S.-based banking-as-a-service provider, fell victim to a ransomware attack that caused significant disruptions for its banking clients and fintech partners, such as Wise and Mercury. The LockBit group took responsibility for the breach, releasing data they claimed to have stolen from Evolve on their dark web leak site. By July, Evolve confirmed that the hackers had accessed the personal information of at least 7.6 million individuals, including Social Security numbers, bank account details, and contact information.
Synnovis
Also in June, the NHS declared a critical incident following a ransomware attack on Synnovis, a key pathology services provider. The attack caused widespread disruptions, including canceled surgeries, the rerouting of emergency patients, and delays in blood matching, leading the NHS to issue a national appeal for "O" blood-type donors. The Qilin ransomware group took credit for the breach and later released 400 gigabytes of sensitive data, reportedly comprising around 300 million patient interactions spanning several years. This made the attack one of the largest ransomware incidents of the year.
July
Columbus, Ohio
A ransomware attack targeted the City of Columbus, Ohio, compromising the personal information of approximately 500,000 residents. The stolen data included names, dates of birth, addresses, government IDs, Social Security numbers, and bank account details. The cybercrime group Rhysida, known for its previous attack on the British Library, claimed responsibility for the Columbus breach in August, asserting that it had exfiltrated 6.5 terabytes of data from the city.
September
Transport for London
In September, Transport for London, the organization responsible for the city's public transit system, faced several weeks of digital disruptions following a cyberattack on its corporate network. The Clop ransomware group, which has known links to Russia, later took responsibility for the breach. Although the transit network itself remained operational, the attack led to the theft of banking data from around 5,000 customers. Additionally, the incident prompted the transit authority to manually reset the login passwords for all 30,000 of its employees in person.
October
Casio
In October, Japanese electronics giant Casio confirmed to TechCrunch that it had fallen victim to a ransomware attack. The incident, attributed to the Underground ransomware group, disrupted several of Casio’s systems, rendering them "unusable" and causing delays in product shipments for weeks. The attack also led to the theft of personal information from employees, contractors, and business partners, as well as sensitive company data, including invoices and human resources files. Casio reported that the hackers had accessed "information about some customers," though the company did not specify how many were impacted.
November
Blue Yonder
In November, a ransomware attack on Blue Yonder, one of the largest global providers of supply chain software, caused significant disruptions for several major retailers in the U.S. and U.K. Two of the U.K.'s largest supermarket chains, Morrisons and Sainsbury's, confirmed to TechCrunch that they were affected by the attack, while U.S. coffee chain Starbucks also experienced issues, including the need for store managers to manually process payroll. While Blue Yonder has provided limited details about the breach, including whether any data was stolen, both the Clop ransomware group and the newer Termite crew have claimed responsibility, alleging they took 680 gigabytes of data, including documents, reports, insurance files, and email lists.
December
NHS
In December, multiple NHS facilities were targeted by ransomware once again, with the Russia-linked Inc Ransom gang claiming responsibility for compromising Alder Hey Children’s Hospital Trust, one of the largest children's hospitals in Europe. This gang, which had previously breached an NHS trust in Scotland earlier in the year, asserted that it had accessed Alder Hey’s patient records and donor reports, along with data from other nearby hospitals. Additionally, the Wirral University Teaching Hospital, located close to Alder Hey, declared a critical incident after falling victim to a separate ransomware attack.
Artivion
December saw another healthcare-focused attack, this time targeting Artivion, a medical device company that produces implantable tissues for cardiac transplants. The company confirmed a "cybersecurity incident," which involved the "acquisition and encryption" of data, suggesting it was a ransomware attack. In response, Artivion took several systems offline to mitigate the impact of the breach.
