Cybercrime is at an all-time high in Europe in 2023. Threat actors are multiplying by the hour, and corporations and even governments are constantly under attack.
This calls for awareness on the topic. Below, I’ll tell you about the 20 most significant cyberattacks in Europe.
All of these targets went through data breaches that had very clear causes and methods behind them.
Cybercriminals keep evolving, and so do their tools. Still, we’ve identified the most common infiltration and attack methods used throughout the years:
The most common denominator of most cyberattacks is social engineering. The human factor is often the weakest link of an organization’s security ecosystem. Human mistakes, inattentiveness or susceptibility to manipulation lie at the epicenter of most data breaches.
Below, I’ll present the 20 most significant cyberattacks in Europe since cybercrime became a thing.
This led to the unauthorized access of payment and personal data to the cybercriminals. Around 380,000 – 500,000 customers were affected in the data breach.
The ICO (British DPA) initially issued a fine of £183 million (€212 million) but British Airways paid only £20 million (€23.2 million) in October 2020 when the claim was settled.
The fine was reduced because British Airways representatives argued that the fine should be “significantly reduced or not imposed at all” due to the financial difficulties the company was going through during the COVID lockdowns.
On July 2014, the European Central Bank suffered a data breach that resulted in cybercriminals gaining access to over 20,000 emails and the contact information of European event registrants.
According to the bank, around 95% of the stolen data was encrypted. The vulnerability in their security systems was fixed as soon as the data breach was noticed. Moreover, the bank notified all affected individuals to reset their passwords.
The hackers used a brute-force attack to crack the bank’s database password and then demanded a ransom from the bank in exchange for the data. The European Central Bank did not pay this ransom.
Four years later, in 2018, the European Central Bank would become the victim of a malware attack. The hackers infiltrated the ECB’s Integrated Reporting Dictionary and stole the contact information of 500 subscribers.
On July 2014, the largest Ukrainian bank, PrivatBank, suffered a data breach when it was attacked by CyberBerkut, a pro-Russian hacker group.
Following the breach, 40 million customer records were stolen and published online on the Russian social media platform VKontakte.
The data contained personal data, passport information, and banking information of the bank’s customers.
The hacker group warned all customers of PrivatBank to switch to a state-owned bank. Though, it’s unclear whether this happened before or after the cyberattack took place.
At the time, it was suspected that the cyberattack was state-sponsored by Russia but no connections were ever found. Moreover, some cybersecurity experts claimed that the method used in the cyberattack was unlike those used by Russian hackers.
In February 2010, a hacker who was ultimate identified as Ilmars Poikans (“Neo”) hacked the databases of the Latvian State Revenue Service. He leaked confidential information totaling 7.5 million tax records and financial data entries of state employees.
He then leaked this data on Twitter and a Latvian TV station. It is suspected that he did this to expose the high salaries of state employees. The hacker was part of the “Fourth Awakening People’s Army”, a group known for its ideological-based cyberattacks.
The only confidential information leaked contained costly bailouts and the payment details of bank managers. After the identity of the hacker was revealed, the Latvian Supreme Court pardoned him.
He was only sentenced to 100 hours of community service.
On October 2014, the official website of the Warsaw Stock Exchange became inaccessible to the public for two hours.
Hackers had infiltrated the organization’s website, locking it down. They had also stolen and made public emails, login credentials, and passwords of stock brokers and employees from the Bank of America, JPMorgan, and other similar firms.
The group also stole infrastructure maps and IP addresses of the wireless sensor networks of the organization. These would show that unauthorized access had indeed taken place.
Eventually, NATO officials discovered that the group was a Russia-backed conglomerate of cybersecurity experts associated with the Russian GRU. The damage to the GPW was not extensive because the trading system had not been compromised.
On May 14 2021, the Health Service Executive, which is among the biggest medical systems in Ireland, was hacked by the Russian-based cybercriminal group known as “Wizard Spider”.
They demanded €16.5 million in ransom to decrypt and return all the data and medical records they’ve stolen. They threatened to disclose the data publicly if their demands were not met.
At the time, it was noted that 80,000 of the devices that were connected to the Health Service Executive’s servers were still running on Windows XP. So, their security systems were hardly up-to-date or effective against ransomware.
It was also discovered that the healthcare system was disorganized and fragmented into multiple community organizations, health boards, and hospital groups that were using the same systems.
In approximately four months after the attack, around 95% of the encrypted systems were decrypted and restored. However, it was estimated that the cyberattack would cost the Health Service Executive around €600 million.
On September 2020, Cosmote Mobile Telecommunications suffered a data breach that resulted in the online theft of personal data of 4.8 million customers. A total of 48GB of data.
The hackers used social engineering to expose the customers’ personal data, which was made easy by the lack of encryption on the processed data. Cosmote did not notify the affected customers as required by the GDPR, which led to a fine of €6 million.
The company was illegally processing the customer data since they had to valid legal reason to do so.
We often see social engineering attacks being the main tool used by hackers to access private data. The human factor is often the most vulnerable link in a company’s security system.
After all, your security system is effective as long as those who enforce it are cautious and aware of the risks involved.
It is not known whether the hackers asked for a ransom or if they sold the data online. Though, going by the usual hacker standards, the data most likely ended up on the Dark Web, sold to the highest bidder.
On July 2019, the Bulgarian National Revenue Agency (NRA) suffered the biggest personal data breach in its entire history. A total of 21GB of citizen records (over 5 million) were stolen. The data included:
The hackers likely used an SQL injection attack to gain access to the NRA’s systems and managed to steal the data without much hassle.
It was discovered that the Bulgarian NRA had not conducted a proper risk assessment before engaging in data processing.
The officials had also not taken the appropriate measures once the data breach had occurred, effectively allowing it to worsen.
This led to a part of the stolen data to be leaked on several social media platforms in Bulgaria. Eventually, the Global Forum on Transparency and Exchange of Information for Tax Purposes stopped working with Bulgaria.
The Bulgarian DPA fined the Bulgarian NRA with €2.6 million in the aftermath of the data breach.
On March 2020, the Dutch government reported that two unidentified individuals had managed to gain access to the vault storage of the government and steal two hard drives.
The hard drives had the personal data records of 6.9 million individuals, which is almost half the population of the entire country.
The personal data included:
Moreover, the stolen data represented the combined organ donor information of 12 years, between February 1998 and June 2010.
The authorities claimed that the two hard drives were reported missing by the staff who had come to purge the outdated paper forms and remove the electronic records.
The good thing is that the data was not published online, not even on the Dark Web, since authorities had been closely monitoring the situation. Since the data was incomplete, it’s unlikely that it was ever used for fraud.
The worst-case scenario is that it was sold online without alerting the authorities.
This case illustrates the ever-present risk of physical access to a company’s data storage. Even though online infiltration is much more common these days, old fashioned data breaches still happen.
On October 2022, the Kingfisher Insurance company systems were attacked by the LockBit ransomware group. The attackers managed to infiltrate the systems, shut down the databases, and steal 1.4TB of company data.
Immediately after the attack, the IT staff of Kingfisher blocked all external access to the servers and shut them down. A spokesperson for the insurance company claimed that the security measures they had taken were enough to minimize the impact of the data breach substantially.
However, they were the same ones who claimed that the hackers couldn’t have possibly stolen 1.4TB of data. Yet, the hackers then leaked several passwords and email addresses of Kingfisher employees as a response to this allegation.
As it turns out, the hackers had indeed stolen 1.4TB worth of company, employee, and customer data. To date, this remains one of the largest thefts of data in modern history.
The LockBit hacker group have been getting a lot of attention recently after a series of attacks on international firms. One such attack happened on the 8th of September, and the victim was the Hanwha Group. Read more about it here.
On December 2020, the Scottish Environmental Protection Agency (SEPA) was attacked by the Conti ransomware group. The hackers managed to shut off the systems, hijack the internal controls, and steal sensitive information.
The stolen files contained:
On month later, on January 22nd, the cybercriminals published the stolen files (4,150 in number) on the dark web for free since SEPA refused to pay the ransom.
The CFO of SEPA at the time, Terry A’Heard, clarified that the company was not prepared to give way to criminal extorsion and give in to the demands.
This is what he had to say – “Sadly, we’re not the first and won’t be the last national organization targeted by likely international crime groups. We’ve said that whilst for the time being we’ve lost access to most of our systems, including things as basic as our email system, what we haven’t lost is our twelve-hundred expert staff.”
The company tackled the security breach exemplary, according to experts, since they were transparent about what they were doing to mitigate the impact of the breach. They also refused to pay the ransom, which is laudable by itself.
As a result, SEPA reformed its IT systems from the group up and increased its security to prevent further attacks from happening ever again.
On March 2020, Norfund, a state-owned investment fund in Norway and the largest sovereign wealth fund in the world, became the victim of a business email compromise scam (BEC).
They lost $10 million as a result of this attack, and as of right now, it’s unclear whether the money was recovered or not.
In short, a BEC attack relies on Social Engineering to convince a company to send you money. More specifically, the hackers pretend to be a legitimate party who makes a legitimate request from the company.
At other times, the hackers will hijack the communication between two companies and ensure the legitimacy of their requests.
With Norfund, the criminals accessed, manipulated and falsified the information exchange between Norfund and a microfinance institution in Cambodia. The latter was going to borrow $10 million from Norfund.
Over the course of several months, the hackers learned how the investment fund operates, how they communicate, and they gathered intel patiently.
They did everything by the book and went through all the phases of a scam, including:
Eventually, the money was sent to the hackers’ recipient account in Mexico on the 16th of March 2020.
DNB, Norway’s largest financial group, had this to say – “Fraud cases of this kind are performed by very sophisticated criminals. With access to e-mail communication between two parties, they can familiarize themselves with how the parties correspond. The payments they initiate therefore deviate very little from ordinary payments performed by the victimized company and become very hard to detect and prevent.”
To date, the Norfund data breach remains the most sophisticated BEC scam in cybersecurity history.
On February 2020, Loqbox, a UK credit score builder and financial institution was hit by a data breach. The affected user data included:
While Loqbox claimed that the stolen data could not be used to access the customers’ bank accounts, the company was severely criticized for miscommunication during the data breach.
Apparently, they delayed notifying the affected customers by over a week after the incident had taken place.
They also said that they would not compensate the affected customers, even though some of the information (last four credit card digits) could be used in phishing scam attempts.
Despite not knowing the specific method of breach, we should safely assume that it was some type of social engineering attack. There’s a minimal chance of a ransomware since there was no mention at all of a ransom demand from the hackers.
Allegedly, Loqbox has taken some steps to improve their security systems and ensure such data breaches never happen again.
But, as we already know, every security system has its vulnerabilities. And cybercriminals always find them, given enough time and patience.
On December 2019, Travelex became the victim of a ransomware attack by the Sodinokibi group. They locked down the systems, encrypted the files, and demanded $6 million to restore functionality to the platform.
The attacked managed to infiltrate the systems via an unpatched VPN exploit which gave them unrestricted access to the databases.
They stole 5GB of customer data and disrupted operations to the entire company through a ransomware attack. They threatened to go public with the data if the company didn’t pay the ransom in two days.
Eventually, the company paid $2.3 million in Bitcoin to the cybercriminals to recover the customer data. Despite this, their systems experienced malfunctions and disruptions for over a month after this incident.
Seven months after paying the ransom, Travelex reported that they were forced to lay off 1,309 employees to deal with the loss.
This is one of the few examples where the victim caved in to the demands of cybercriminals and paid the ransom.
On November 2019, the Cayman National Bank in the Isle of Man suffered a data breach after the black hat hacker group Phineas Fisher attacked them.
A total of 2TB of data was stolen, containing data on the bank’s 1,400 customers. Over 640,000 emails and 3,800 bank accounts were disclosed at this point.
Fortunately, the Cayman National Corporation made an announcement, saying that this data theft was isolated to the Isle of Man branch. It did not impact other operations overseas or other systems of the Cayman National Bank.
After the theft, the Phineas Fisher group released a manifesto. They said that they had “robbed a bank to give the money away”. In support of this, they even released a $100,000 bounty for other hacker groups to follow in their footsteps.
As of right now, it’s unclear how, if any, Cayman National Bank customers were affected by this data breach and whether there were other data breaches as a result.
It’s also unclear how the hackers infiltrated the bank’s systems but it’s safe to say it should have been a social engineering or malware attack.
On October 2022, Binance reported a theft of $570 million on their platform. The hackers had created 2 million face BNB tokens and forged the transactions, selling the tokens for $570 million.
They exploited a bridge’s smart contract, allowing them to create transactions and send the tokens to a separate crypto wallet.
Adrian Hetman, the tech lead of the triaging team at Immunefi, said that “As with many bridge designs, there is one central point that holds most of the funds that are moving through the bridge. Ultimately, the Bridge was tricked into giving funds from that contract.”
Fortunately, Binance mitigated further damage by notifying the network validators and suspending all operations of the BNB network. Still, around $100 million are unrecoverable to this day.
Binance did mention that no customers had been affected since the stolen money came from tokens that were created rather than stolen from customers’ accounts.
The Binance hack is the fourth largest crypto hack in history, behind FTX ($600 million), Poly Network ($611 million), and Ronin Network ($625 million).
On April 2017, the payday loan firm Wonga suffered a data breach. The data of 245,000 users was compromised. This data included the customers’ names, bank account numbers, addresses, sort codes, and the last four digits of the payment card numbers.
Moreover, 25,000 Polish users were also affected, though we don’t know how the data leak impacted them.
Wonga refused to release details about the origins of the data breach or how the hackers managed to infiltrate their systems. However, they did mention that the customers’ accounts likely remained unaffected.
This was a relatively low-level data breach at the time, and due to the limited information at our disposal, there isn’t much more we can say about it.
On December 2018, the global investment banking firm Evercore reported the theft of 160,000 data records following a phishing attack on their servers.
The data included company documents, confidential information, emails, and upcoming M&A deals related to the bank’s junior administrators.
The origin of the phishing attack is unknown, though Evercore mentioned that they hadn’t found any evidence showing that the stolen data was used in any way.
It is likely that the hackers’ goal with this phishing attack was to establish a foothold in the company’s systems for further, more relevant phishing attacks. Fortunately, the institution took notice and mitigated further risks.
In November 2016, a retail bank in UK (Tesco) was attacked by hackers through card data theft. This resulted in the theft of £2.26 million from customers (9,000 customers), which was about 6% of the bank’s total customers.
The identity of the criminals was never found. However, the FCA (Financial Conduct Authority) made a report detailing how the hackers stole the money from the bank.
The attack took 48 hours. The Bank’s fraud analysis and detection system started blaring about suspicious activities to all the account holders involved in the heist. This was the first phase of the attack, which is when the bank became aware of it.
Customers began calling the bank in droves, filling up the fraud prevention line. The bank’s technicians managed to stop around 80% of the unauthorized transactions. This meant that only 8,261 customers were affected from the 131,000 total customers of the bank.
It is believed that the hackers used an algorithm that created virtual cards with authentic Tesco Bank debit card numbers. Using those virtual carts, they made all the unauthorized transactions which resulted in the theft of £2.26 million.
The incident was deemed “largely avoidable” by the FCA. The debit cards were badly designed, there were a lot of security vulnerabilities in their systems, and the use of sequential PAN numbers made it worse.
The FCA eventually fined the bank £33 million for failing to meet the security standards and having security deficiencies in its systems. The bank also reimbursed all the affected customers.
On December 2018, multiple Eastern European banks fell victim to a large-scale cyberattack that resulted in the loss of tens of millions of dollars.
DarkVishnya hackers had targeted eight banks (that we know of) using a very peculiar method.
The hackers connected physical devices to the banks’ networks and managed to infect the entire network with malware. To do this, the individuals used disguises to mingle in with the banks’ employees and sought to gain access to the network.
Once they managed that, it was only a matter of withdrawing the money through foreign ATMs. They also stole credentials from the bank’s employees that they used to bypass overdraft limits and risk ratings.
This was, by far, one of the most elaborate and well-devised heists in recent history. Moreover, the magnitude of the stolen data and stolen money is still unclear but it is estimated that the losses number in the tens of millions of dollars.
Kaspersky Lab cyber-security firm was called to investigate some of these attacks. They discovered various devices connected to the banks’ networks, like cheap laptops, USB thumb drives (Bash Bunnies), and Raspberry Pi boards.
Nikolay Pankov, an employee of the firm, said that “Even in companies where security issues are taken seriously, planting such a device is not impossible. Couriers, job seekers, and representatives of clients and partners are commonly allowed into offices, so malefactors can try to impersonate any of them.”
It’s also unclear whether the banks received any fines from the GDPR, though we should assume that they did.
Privacy Affairs – Cybersecurity Deep Dive: Everything About DDoS Attacks
Privacy Affairs – Have Malware Attacks Become More Common?
Privacy Affairs – The Art of Cyber Deception: Social Engineering in Cybersecurity
Privacy Affairs – Cybersecurity Deep Dive: What Is a Supply-Chain Attack?
UpGuard – Top 20 Biggest Data Breaches in Europe
BBC – British Airways Data-Breach Compensation Claim Settled
Imperva – SQL (Structured Query Language) Injection
Privacy Affairs – GDPR Fines Tracker & Statistics
ZDnet – Dutch Government Loses Hard Drives with Data of 6.9 Million Registered Donors
Privacy Affairs – LockBit Ransomware Group Attacks the Hanwha Group and Steals 800GB of Data
BitDefender – Hackers Release Over 4,000 Files Stolen from Scottish Environment Agency in Ransomware Attack
FBI.Gov – Business Email Compromises
Norfund – Norfund Has Been Exposed to a Serious Case of Fraud
MoneySavingExpert – Credit Score Builder Loqbox Hit by Data Breach
The Wall Street Journal – Travelex Paid Hackers Multimillion-Dollar Ransom Before Hitting New Obstacles
CNBC – $570 Million Worth of Binance’s BNB Token Stolen in Another Major Crypto Hack
Privacy Affairs – Why Is Phishing so Common & How to Protect Against It?
ZDnet – This Is How Cyber Attackers Stole £2.26m from Tesco Bank Customers
Investopedia – Primary Account Number (PAN): What It Is & How It Works on Cards
ZDnet – Eastern European Banks Lose Tens of Millions of Dollars in Hollywood-Style Hacks
Hackinglab – Bash Bunny – Guide