The Biggest Corporate Hacks of 2021
Businesses are a prime target for cybercriminals, regardless of their size, industry, or location.
In this graphic sponsored by Global X ETFs, we’ve visualized the largest corporate hacks of 2021, as measured by ransom size. The full list is also tabulated below.
|Victim||Country||Industry||Amount paid or requested (USD millions)|
|Kia Motors||South Korea||Automotive||$20M*|
|CNA Financial||U.S.||Financial Services||$40M|
*Requested but not paid in full. Source: Microsoft (2021), CRN (2021)
Continue reading below for details on some of these extraordinary hacks.
Energy: Colonial Pipeline Co.
The Colonial Pipeline ransomware attack was the largest ever cyberattack on an American oil infrastructure target.
On May 7, hackers took down the company’s billing system and threatened to release stolen data if a ransom was not paid. During negotiations, the company halted its pipelines, resulting in gas shortages across the Southeastern United States.
It’s been reported that Colonial Pipeline promptly paid a ransom of $4.4 million in bitcoin (based on prices at the time). The FBI managed to retrieve some of these bitcoins, but their exact method was not revealed.
Accenture, one of the world’s largest IT consultants, fell victim to a ransomware attack in August of 2021. While this may seem ironic, it further proves that any business, regardless of industry, can be susceptible to hackers.
“There was no impact on Accenture’s operations, or on our client’s systems. As soon as we detected the presence of this threat, we isolated the affected servers.”
– Accenture spokesperson
The hack was traced back to LockBit, which claims to have stolen several terabytes of data from Accenture’s servers. A $50 million ransom was demanded, though it’s unknown whether the company actually made any payments.
Automotive: Kia Motors
Kia’s American business fell victim to a ransomware attack in February by a group called DoppelPaymer. Hackers threatened to release stolen data within 2 to 3 weeks if a ransom of $20 million (in bitcoin) was not paid.
This hack affected various systems including the Kia Owner Portal, Kia Connect (a mobile app for Kia owners), and internal programs used by dealerships. This also prevented buyers from picking up their new cars.
Kia denied it was hacked, but the timing of the ransom note and Kia’s service outages was suspicious. According to the FBI, DoppelPaymer has been responsible for numerous attacks since 2020. Victims include U.S. police departments, community colleges, and even a hospital in Germany.
JBS, one of the world’s largest meat processing companies, experienced disruptions at its North American facilities in May. Shortly after, the company confirmed it had paid hackers a ransom of $11 million in bitcoin.
“This was a very difficult decision to make for our company and for me personally.”
– Andre Nogueira, CEO, JBS USA
This attack, along with the Colonial Pipeline hack, represents an alarming trend of critical industries being targeted. For context, JBS claims it has an annual IT budget of over $200 million, and employs over 850 IT personnel globally. The group responsible for this attack is known as REvil, a now defunct hacker group based in Russia.
Increased Spending on the Menu
The rising frequency and sophistication of corporate hacks is a major threat to the world. In fact, recent research from PricewaterhouseCoopers has highlighted that 69% of businesses predict a rise in future cybersecurity spending.
The Global X Cybersecurity ETF is a passively managed solution that can be used to gain exposure to the rising adoption of cybersecurity technologies. Click the link to learn more.