Editing List of security hacking incidents

{{Short description|Data incident security hacking}}
The '''list of security hacking incidents''' covers important or noteworthy events in the history of [[security hacker|security hacking]] and [[Security hacker#cracker|cracking]]. 
{{TOC right}}

==1900==

===1903===

* Magician and inventor [[Nevil Maskelyne (magician)|Nevil Maskelyne]] disrupts [[John Ambrose Fleming]]'s public demonstration of [[Guglielmo Marconi]]'s purportedly secure [[wireless telegraphy]] technology, sending insulting [[Morse code]] messages through the auditorium's projector.<ref>{{cite news |last=Marks |first=Paul |title=Dot-dash-diss: The gentleman hacker's 1903 lulz |url=https://www.newscientist.com/article/mg21228440-700-dot-dash-diss-the-gentleman-hackers-1903-lulz/ |access-date=January 11, 2012 |newspaper=New Scientist |date=December 27, 2011}}</ref>

==1930s==

===1932===
* Polish cryptologists [[Marian Rejewski]], [[Henryk Zygalski]] and Jerzy Różycki broke the [[Cryptanalysis of the Enigma|Enigma machine]] code.

===1939===
* [[Alan Turing]], [[Gordon Welchman]] and [[Harold Keen]] worked together to develop the [[Bombe]] (on the basis of Rejewski's works on [[Bomba (cryptography)|Bomba]]). The [[Enigma machine]]'s use of a reliably small key space makes it vulnerable to brute force.

==1940s==
===1943===
* [[René Carmille]], [[comptroller]] general of the [[Vichy France|Vichy French]] Army, hacked the [[punched card]] system used by the Nazis to locate Jews.<ref name="Davis">{{cite web |last=Davis |first=Amanda |url=http://theinstitute.ieee.org/technology-focus/technology-history/a-history-of-hacking |title=A History of Hacking - IEEE - The Institute |website=[[IEEE]] |access-date=July 1, 2017 |url-status=dead |archive-url=https://web.archive.org/web/20150313222911/http://theinstitute.ieee.org/technology-focus/technology-history/a-history-of-hacking |archive-date=March 13, 2015 }}</ref>

=== 1949 ===

*The theory that underlies computer viruses was first made public in 1949, when computer pioneer [[John von Neumann]] presented a paper titled "Theory and Organization of Complicated Automata". In the paper, von Neumann speculated that computer programs could reproduce themselves.<ref>{{Cite news|url=https://www.scientificamerican.com/article/when-did-the-term-compute/|title=When did the term 'computer virus' arise?|work=Scientific American|access-date=July 27, 2018|language=en}}</ref>

==1950s==
===1955===
* At [[MIT]], "hack" first came to mean playing with machines. The minutes of an April 1955 meeting of the [[Tech Model Railroad Club]] state that "Mr. Eccles requests that anyone working or hacking on the electrical system turn the power off to avoid fuse blowing."<ref>{{cite news|last1=Yagoda|first1=Ben|title=A Short History of "Hack"|url=http://www.newyorker.com/tech/elements/a-short-history-of-hack|access-date=July 22, 2017|date=March 6, 2014}}</ref>

===1957===
* Joe "[[Joybubbles]]" Engressia, a blind seven-year-old boy with perfect pitch, discovered that whistling the fourth E above middle C (a frequency of 2600&nbsp;Hz) would interfere with AT&T's automated telephone systems, thereby inadvertently opening the door for [[phreaking]].

==1960s==
* Various [[phreaking boxes]] are used to interact with automated telephone systems.

===1963===
* The first ever reference to malicious [[security hacker|hacking]] is '[[phreaking|telephone hackers]]' in [[Massachusetts Institute of Technology|MIT]]'s student newspaper, ''The Tech'' of hackers tying up the lines with [[Harvard University|Harvard]], configuring the [[PDP-1]] to make free calls, [[war dialing]] and accumulating large phone bills.<ref>{{cite web|url=https://infostory.com/2011/11/20/hacking-and-blue-boxes/ |title=Hacking and Blue Boxes &#124; The Story of Information |website=Infostory.com |date=November 20, 2011 |access-date=July 1, 2017}}</ref><ref>{{cite web|first=Gustavo |last=Duarte |url=http://duartes.org/gustavo/blog/post/first-recorded-usage-of-hacker/ |title=First Recorded Usage of "Hacker" - Gustavo Duarte |website=Duartes.org |date=August 27, 2008 |access-date=July 1, 2017}}</ref><ref>{{cite web |url=http://tech.mit.edu/V83/PDF/V83-N24.pdf |title=Archived copy |access-date=January 4, 2017 |url-status=dead |archive-url=https://web.archive.org/web/20160314083748/http://tech.mit.edu/V83/PDF/V83-N24.pdf |archive-date=March 14, 2016 }}</ref>

===1965===
* William D. Mathews from [[MIT]] found a vulnerability in a '''[[Compatible Time-Sharing System|CTSS]]''' running on an [[IBM 7094]]. The standard text editor on the system was designed to be used by one user at a time, working in one directory, and so it created a temporary file with a constant name for all instantiations of the editor. The flaw was discovered when two system programmers were editing at the same time and the temporary files for the message of the day and the password file became swapped, causing the contents of the system CTSS password file to display to any user logging into the system.<ref>{{cite web|url=http://larch-www.lcs.mit.edu:8001/~corbato/turing91/ |title=untitled1.html |website=Larch-www.lcs.mit.edu:8001 |date=November 7, 1940 |access-date=July 1, 2017}}</ref><ref>{{cite web |url=http://osvdb.org/show/osvdb/23257 |title=23257: IBM 7094 CTSS System Text Editor Multiple Instance Password File Disclosure |access-date=October 8, 2010 |url-status=dead |archive-url=https://archive.today/20130415141955/http://osvdb.org/show/osvdb/23257 |archive-date=April 15, 2013 }}</ref><ref>{{cite web|url=http://osvdb.org/show/osvdb/23257|title=23257 : IBM 7094 CTSS System Text Editor Multiple Instance Password File Disclosure|website=Archive.fo|access-date=July 1, 2017|url-status=dead|archive-url=https://archive.today/20130415141955/http://osvdb.org/show/osvdb/23257|archive-date=April 15, 2013}}</ref><ref>{{cite magazine|url=https://www.wired.com/2012/01/computer-password/ |title=The World's First Computer Password? It Was Useless Too |magazine=WIRED |date=June 19, 2011 |access-date=July 1, 2017}}</ref>

===1967===

* The first known incidence of network penetration hacking took place when members of a computer club at a suburban Chicago area high school were provided access to IBM's [[APL (programming language)|APL]] network. In the Fall of 1967, IBM (through [[Science Research Associates]]) approached [[Evanston Township High School]] with the offer of four [[IBM 2741|2741 Selectric teletypewriter]]-based terminals with dial-up modem connectivity to an experimental computer system which implemented an early version of the APL programming language. The APL network system was structured into Workspaces which were assigned to various clients using the system. Working independently, the students quickly learned the language and the system. They were free to explore the system, often using existing code available in public Workspaces as models for their own creations. Eventually, curiosity drove the students to explore the system's wider context. This first informal network penetration effort was later acknowledged as helping harden the security of one of the first publicly accessible networks:<ref>{{Cite journal|last=Falkoff|first=A. D.|date=December 1, 1991|title=The Family of APL Systems|journal=IBM Systems Journal|volume=30|issue=4|pages=416–432|doi=10.1147/sj.304.0416|s2cid=19030940}}</ref>{{blockquote|text=Science Research Associates undertook to write a full APL system for the [[IBM 1500]]. They modeled their system after [[APL\360|APL/360]], which had by that time been developed and seen substantial use inside of IBM, using code borrowed from MAT/1500 where possible. In their documentation, they acknowledge their gratitude to "a number of high school students for their compulsion to bomb the system". This was an early example of a kind of sportive, but very effective, debugging that was often repeated in the evolution of APL systems.}}

==1970s==
===1971===
* [[John Draper|John T. Draper]] (later nicknamed Captain Crunch), his friend Joe Engressia (also known as [[Joybubbles]]), and [[blue box]] phone [[phreaking]] hit the news with an ''[[Esquire (magazine)|Esquire]]'' magazine feature story.<ref>{{cite journal|last=Rosenbaum |first=Ron |url=http://www.slate.com/articles/technology/the_spectator/2011/10/the_article_that_inspired_steve_jobs_secrets_of_the_little_blue_.html |title=The article that inspired Steve Jobs: "Secrets of the Little Blue Box" |journal=Slate |date=October 7, 2011 |access-date=July 1, 2017}}</ref>

===1979===
* [[Kevin Mitnick]] breaks into his first major computer system, the Ark, the computer system [[Digital Equipment Corporation]] (DEC) used for developing their [[RSTS/E]] operating system software.<ref>{{cite web |url=http://www.thememoryhole.org/lit/deception-ch1.htm |title=The Memory Hole > The Missing Chapter from The Art of Deception by Kevin Mitnick |access-date=July 1, 2017 |url-status=bot: unknown |archive-url=https://web.archive.org/web/20090317050834/http://www.thememoryhole.org/lit/deception-ch1.htm |archive-date=March 17, 2009 }}</ref>

==1980s==
{{Hacking in the 1980s}}

===1980===
* The [[FBI]] investigates a breach of security at [[National CSS]] (NCSS). ''[[The New York Times]]'', reporting on the incident in 1981, describes hackers as<ref name="mclellan19810726">{{cite news | url=https://www.nytimes.com/1981/07/26/business/case-of-the-purloined-password.html | title=Case of the Purloined Password | work=The New York Times | date=July 26, 1981 | access-date=August 11, 2015 | author=McLellan, Vin}}</ref>

:{{blockquote|technical experts, skilled, often young, computer programmers who almost whimsically probe the defenses of a computer system, searching out the limits and the possibilities of the machine. Despite their seemingly subversive role, hackers are a recognized asset in the computer industry, often highly prized.}}

:The newspaper describes [[white hat (computer security)|white hat]] activities as part of a "mischievous but perversely positive 'hacker' tradition". When a National CSS employee revealed the existence of his [[password cracker]], which he had used on customer accounts, the company chastised him not for writing the software but for not disclosing it sooner. The letter of reprimand stated that "The Company realizes the benefit to NCSS and in fact encourages the efforts of employees to identify security weaknesses to the VP, the directory, and other sensitive software in files".{{r|mclellan19810726}}

===1981===
* [[Chaos Computer Club]] forms in Germany.
* Ian Murphy, aka Captain Zap, was the first cracker to be tried and convicted as a felon. Murphy broke into AT&T's computers in 1981 and changed the internal clocks that metered billing rates. People were getting late-night discount rates when they called at midday. Of course, the bargain-seekers who waited until midnight to call long distance were hit with high bills.<ref>{{cite magazine|url=http://archive.wired.com/science/discoveries/news/2001/02/41630?currentPage=all|title=The Greatest Hacks of All Time|magazine=WIRED|date=February 6, 2001}}</ref>

===1983===
*[[The 414s]] break into 60 computer systems at institutions ranging from the [[Los Alamos National Laboratory]] to Manhattan's [[Memorial Sloan-Kettering Cancer Center]].<ref name="drzmzu">{{Cite news|last=Elmer-DeWitt|first=Philip|title=The 414 Gang Strikes Again|newspaper=[[Time (magazine)|Time]]|page=75|date=August 29, 1983|url=http://www.time.com/time/magazine/article/0,9171,949797,00.html|archive-url=https://web.archive.org/web/20071202043840/http://www.time.com/time/magazine/article/0,9171,949797,00.html|url-status=dead|archive-date=December 2, 2007}}</ref> The incident appeared as the cover story of ''[[Newsweek]]'' with the title "Beware: Hackers at play".<ref name="iophas">{{Cite news|title=Beware: Hackers at play|newspaper=Newsweek|pages=42–46, 48|date=September 5, 1983}}</ref> As a result, the U.S. House of Representatives held hearings on computer security and passed several laws.
* The group [[P.H.I.R.M.|KILOBAUD]] is formed in February, kicking off a series of other hacker groups that formed soon after.
* The movie ''[[WarGames]]'' introduces the wider public to the phenomenon of hacking and creates a degree of mass paranoia about hackers and their supposed abilities to bring the world to a screeching halt by launching nuclear [[ICBM]]s.<ref>{{Cite book|last=Van Creveld|first=M.|date=2013|title=Wargames: from gladiators to gigabytes|url=http://search.ebscohost.com/login.aspx?direct=true&db=cat04202a&AN=ucb.b25151397&site=eds-live|publisher=Cambridge University Press}}</ref>
* The [[U.S. House of Representatives]] begins hearings on computer security hacking.<ref>{{cite news|newspaper=Washington Post|url=https://www.washingtonpost.com/wp-dyn/articles/A50606-2002Jun26.html|year=2002|access-date=April 14, 2006|title=Timeline: The U.S. Government and Cybersecurity}}</ref>
* In his [[Turing Award]] lecture, [[Ken Thompson]] mentions "hacking" and describes a security exploit that he calls a "[[Trojan horse (computing)|Trojan horse]]".<ref>{{cite conference|first=Ken|last=Thompson|title=Reflections on Trusting Trust|book-title=1983 Turing Award Lecture|publisher=[[Association for Computing Machinery|ACM]]|date=October 1983|url=http://www.acm.org/awards/article/a1983-thompson.pdf}}</ref>

===1984===
* Someone calling himself [[Lex Luthor]] founds the [[Legion of Doom (hacking)|Legion of Doom]]. Named after a Saturday morning cartoon, the LOD had the reputation of attracting "the best of the best"—until one of the most talented members called [[Phiber Optik]] feuded with Legion of Doomer [[Erik Bloodaxe (hacker)|Erik Bloodaxe]] and got 'tossed out of the clubhouse'. Phiber's friends formed a rival group, the [[Masters of Deception]].
* The [[Comprehensive Crime Control Act]] gives the Secret Service jurisdiction over [[computer fraud]].
* [[Cult of the Dead Cow]] forms in [[Lubbock, Texas]], and begins publishing its [[underground ezine|ezine]].
* The [[Hacker (computer security)|hacker]] magazine ''2600'' begins regular publication, right when [[Technical Assistance Program|TAP]] was putting out its final issue. The editor of ''2600'', "[[Emmanuel Goldstein]]" (whose real name is [[Eric Corley]]), takes his handle from the leader of the resistance in [[George Orwell]]'s ''[[Nineteen Eighty-Four]]''. The publication provides tips for would-be hackers and phone phreaks, as well as commentary on the hacker issues of the day. Today, copies of ''2600'' are sold at most large retail bookstores.
* The [[Chaos Communication Congress]], the annual European hacker conference organized by the [[Chaos Computer Club]], is held in [[Hamburg]], Germany.
* [[William Gibson]]'s groundbreaking science fiction novel ''[[Neuromancer]]'', about "Case", a futuristic computer hacker, is published. Considered the first major [[cyberpunk]] novel, it brought into hacker jargon such terms as "[[cyberspace]]", "the matrix", "simstim", and "[[Intrusion Countermeasures Electronics|ICE]]".

===1985===
* [[P.H.I.R.M.|KILOBAUD]] is re-organized into The [[P.H.I.R.M.]] and begins [[sysop]]ping hundreds of [[Bulletin board system|BBSs]] throughout the United States, Canada, and Europe.
* The online 'zine ''[[Phrack]]'' is established.
* ''[[The Hacker's Handbook]]'' is published in the UK.<ref>{{Cite book|last=Cornwall, Hugo.|url=https://www.worldcat.org/oclc/21561291|title=The hacker's handbook|date=1986|publisher=E.A. Brown Co|isbn=0-912579-06-4|edition=Rev.|location=Alexandria, Minn.|oclc=21561291}}</ref>
* The FBI, Secret Service, Middlesex County NJ Prosecutor's Office and various local law enforcement agencies execute seven search warrants concurrently across New Jersey on July 12, 1985, seizing equipment from BBS operators and users alike for "complicity in computer theft",<ref>{{cite web|url=https://www.scribd.com/doc/34933732/2600-The-Hacker-Quarterly-Volume-2-Number-8-August-1985 |title=2600: The Hacker Quarterly (Volume 2, Number 8, August 1985) &#124; United States Postal Service &#124; Telephone Tapping |website=Scribd.com |access-date=July 1, 2017}}</ref> under a newly passed, and yet untested criminal statute.<ref>{{cite web|url=http://nj-statute-info.com/getStatute.php?statute_id=1618 |title=New Jersey Statute Directory - NJSA 2C:20-25 Computer criminal activity; degree of crime; sentencing |website=Nj-statute-info.com |access-date=July 1, 2017}}</ref> This is famously known as the Private Sector Bust,<ref>{{cite web |url=http://www.artofhacking.com/tucops/etc/law/live/aoh_psbust.htm |title=TUCoPS :: Cyber Law :: psbust.txt |website=Artofhacking.com |access-date=July 1, 2017 |archive-date=September 23, 2015 |archive-url=https://web.archive.org/web/20150923174209/http://www.artofhacking.com/tucops/etc/law/live/aoh_psbust.htm |url-status=dead }}</ref> or the 2600 BBS Seizure,<ref>{{cite web |url=http://2600.wrepp.com/2600/article.php?i=128&a=1777 |title=2600 Article |access-date=October 26, 2011 |url-status=dead |archive-url=https://web.archive.org/web/20120426005909/http://2600.wrepp.com/2600/article.php?i=128&a=1777 |archive-date=April 26, 2012 }}</ref> and implicated the Private Sector BBS sysop, Store Manager (also a BBS sysop), Beowulf, Red Barchetta, The Vampire, the NJ Hack Shack BBS sysop, and the Treasure Chest BBS sysop.

===1986===
* After more and more break-ins to [[government]] and [[corporation|corporate]] computers, Congress passes the [[Computer Fraud and Abuse Act]], which makes it a crime to break into computer systems. The law, however, does not cover juveniles.{{Citation needed|date=August 2017|reason=CFAA article does not mention juvenile exception}}<ref>{{Cite web |last=Shrivastava |first=Akash |date=2024-09-27 |title=Cyber Attacks and Data Breaches |url=https://www.hackersvella.org/blog/post/cyber-attack-and-data-breaches |access-date=2024-09-27 |website=HackersvellA}}</ref>
* [[Robert Schifreen]] and [[Stephen Gold]] are convicted of accessing the [[Telecom Gold]] account belonging to the [[Prince Philip, Duke of Edinburgh|Duke of Edinburgh]] under the [[Forgery and Counterfeiting Act 1981]] in the United Kingdom, the first conviction for illegally accessing a computer system. On appeal, the conviction is overturned as hacking is not within the legal definition of forgery.<ref>'Hacking' into Prestel is not a Forgery Act offence" (Law Report), The Times, July 21, 1987.</ref>
* Arrest of a hacker who calls himself The Mentor. He published a now-famous treatise shortly after his arrest that came to be known as the [[Hacker Manifesto]] in the e-zine [[Phrack]]. This still serves as the most famous piece of hacker literature and is frequently used to illustrate the mindset of hackers.
* Astronomer [[Clifford Stoll]] plays a pivotal role in tracking down hacker [[Markus Hess]], events later covered in Stoll's 1990 book ''[[The Cuckoo's Egg]]''.<ref>{{cite book
| title=The cuckoo's egg
| url=https://archive.org/details/cuckooseggtracki00stol
| url-access=registration
| first=Cliff
| last=Stoll
| publisher=Doubleday
| location=New York
| year=1989
| isbn=0-370-31433-6 }}</ref>

===1987===
* The [[Christmas Tree EXEC]] "worm" causes major disruption to the [[VNET]], [[BITNET]] and [[European Academic Research Network|EARN]] networks.<ref>Burger, R.: "Computer viruses - a high tech disease", ''Abacus/Data Becker GmbH'' (1988), {{ISBN|1-55755-043-3}}</ref>

===1988===
* The ''[[Morris Worm]]''. Graduate student Robert T. Morris, Jr. of Cornell University launches a worm on the government's ARPAnet (precursor to the Internet).<ref>Spafford, E.H.: "The Internet Worm Program: An Analysis", ''Purdue Technical Report CSD-TR-823'' (undated)</ref><ref>Eichin, M.W. and Rochlis, J.A.: "With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988", ''MIT''(1989)</ref> The worm spreads to 6,000 networked computers, clogging government and university systems. Robert Morris is dismissed from Cornell, sentenced to three years' probation, and fined $10,000.<ref>[https://www.nytimes.com/1990/05/05/us/computer-intruder-is-put-on-probation-and-fined-10000.html "Computer Intruder is Put on Probation and Fined" by John Markoff, ''The New York Times'']. The total fine ran to $13,326, which included a $10,000 fine, $50 special assessment, and $3,276 cost of probation oversight.</ref>
* [[First National Bank of Chicago]] is the victim of $70 million computer theft.
* The [[CERT Coordination Center|Computer Emergency Response Team]] (CERT) is created by [[DARPA]] to address [[network security]].
* The [[Father Christmas (computer worm)]] spreads over [[DECnet]] networks.

===1989===
* [[Jude Milhon]] (aka St Jude) and [[R. U. Sirius]] launch ''[[MONDO 2000]]'', a major '90s tech-lifestyle magazine, in [[Berkeley, California]].
* The politically motivated [[WANK (computer worm)|WANK worm]] spreads over [[DECnet]].
* Dutch magazine [[Hack-Tic]] begins.
* [[The Cuckoo's Egg]] by Clifford Stoll is published.
* The detection of [[AIDS (Trojan horse)]] is the first instance of a ransomware detection.

==1990s==
{{Hacking in the 1990s}}

===1990===
* [[Operation Sundevil]] introduced. After a prolonged sting investigation, Secret Service agents swoop down on organizers and prominent members of BBSs in 14 U.S. cities including the [[Legion of Doom (hacking)|Legion of Doom]], conducting early-morning raids and arrests. The arrests involve and are aimed at cracking down on credit-card theft and telephone and wire fraud. The result is a breakdown in the hacking community, with members informing on each other in exchange for immunity. The offices of [[Steve Jackson Games]] are also raided, and the [[role-playing game|role-playing]] sourcebook [[GURPS Cyberpunk]] is confiscated, possibly because the government fears it is a "handbook for computer crime". Legal battles arise that prompt the formation of the [[Electronic Frontier Foundation]], including the trial of [[Craig Neidorf|Knight Lightning]].
* Australian federal police tracking ''Realm'' members ''[[Nahshon Even-Chaim|Phoenix]]'', ''[[Electron (computer hacker)|Electron]]'' and ''Nom'' are the first in the world to use a remote data intercept to gain evidence for a computer crime prosecution.<ref>{{cite book | author=Bill Apro & Graeme Hammond | title=Hackers: The Hunt for Australia's Most Infamous Computer Cracker | year= 2005 | isbn=1-74124-722-5 | publisher= Five Mile Press }}</ref>
* The [[Computer Misuse Act 1990]] is passed in the United Kingdom, criminalising any unauthorised access to computer systems.

===1992===
* Release of the movie ''[[Sneakers (1992 film)|Sneakers]]'', in which security experts are blackmailed into stealing a universal decoder for [[encryption]] [[system]]s.
* One of the first ISPs, [[MindVox]], opens to the public.
* Bulgarian virus writer [[Dark Avenger]] wrote [[1260 (computer virus)|1260]], the first known use of [[polymorphic code]], used to circumvent the type of pattern recognition used by [[antivirus software]], and nowadays also [[intrusion detection system]]s.{{Citation needed|date=August 2008}}<ref>{{Cite web |last=Shrivastava |first=Akash |date=2024-09-27 |title=Cyber Attacks and Data Breaches |url=https://www.hackersvella.org/blog/post/cyber-attack-and-data-breaches |access-date=2024-09-27 |website=HackersvellA}}</ref><ref>{{Cite journal|last=Easttom|first=C|date=2018|title=An Examination of the Operational Requirements of Weaponised Malware|url=https://www.proquest.com/docview/2137386551|journal=Journal of Information Warfare|volume=17|pages=1–15|id={{ProQuest|2137386551}}|via=ProQuest}}</ref>
* Publication of a hacking instruction manual for penetrating [[TRW Credit|TRW credit]] reporting agency by Infinite Possibilities Society (IPS) gets Dr. Ripco, the sysop of Ripco BBS mentioned in the IPS manual, arrested by the [[United States Secret Service]].<ref name="ripco">{{cite web|url=http://w2.eff.org/legal/cases/SJG/?f=ripco_case_closed.article.txt|title="Operation Sundevil" is finally over for Dr. Ripco|last=Esquibel|first=Bruce|date=October 8, 1994|publisher=[[Electronic Frontier Foundation]]|access-date=March 8, 2009|url-status=dead|archive-url=https://web.archive.org/web/20110810225717/http://w2.eff.org/legal/cases/SJG/?f=ripco_case_closed.article.txt|archive-date=August 10, 2011}}</ref>

===1993===
* The first [[DEF CON]] hacking conference takes place in [[Las Vegas, Nevada|Las Vegas]]. The conference is meant to be a one-time party to say good-bye to BBSs (now replaced by the Web), but the gathering was so popular it became an annual event.
* [[AOL]] gives its users access to [[Usenet]], precipitating [[Eternal September]].

===1994===
* Summer: [[Russia]]n [[Hacker (computer security)|crackers]] siphon $10 million from Citibank and transfer the money to bank accounts around the world. [[Vladimir Levin (hacker)|Vladimir Levin]], the 30-year-old [[wikt:ringleader|ringleader]], used his work laptop after hours to transfer the funds to accounts in Finland and [[Israel]]. Levin stands trial in the United States and is sentenced to three years in prison. Authorities recover all but $400,000 of the stolen money.
* Hackers adapt to emergence of the [[World Wide Web]] quickly, moving all their how-to information and hacking programs from the old BBSs to new hacker [[web site]]s.
* [[AOHell]] is released, a [[freeware]] [[application software|application]] that allows a burgeoning community of unskilled [[script kiddie]]s to wreak havoc on [[America Online]]. For days, hundreds of thousands of AOL users find their mailboxes flooded with multi-megabyte [[email bomb]]s and their chat rooms disrupted with [[spamming|spam]] messages.
* December 27: After experiencing an [[IP spoofing]] attack by [[Kevin Mitnick]], computer security expert [[Tsutomu Shimomura]] started to receive prank calls that popularized the phrase "[[My kung fu is stronger than yours]]".<ref>{{cite news | url =https://www.zdnet.com/article/the-case-of-the-kung-fu-phreak/|title=The case of the kung fu 'phreak'|first=Kevin|last=Poulsen|work=[[ZDNet]]| date=January 21, 2000| access-date =May 12, 2015}}</ref>

===1995===
* The movies ''[[The Net (1995 film)|The Net]]'' and ''[[Hackers (film)|Hackers]]'' are released.
* The Canadian ISP dlcwest.com is hacked and website replaced with a graphic and the caption "You've been hacked MOFO"
* The US Secret Service raid 12 and arrest 6 cellular phone hackers in [[Operation Cybersnare]]
* February 22: The [[FBI]] raids the "Phone Masters".<ref name="emptimes11mar95">{{cite news
 | url = http://www.textfiles.com/magazines/EMPIRE/empire-7.phk
 | title = Recent Large Name Phreaker Busts by Anonymous
 | publisher = EmpireTimes
 | date = March 11, 1995 }}</ref>

===1996===
* Hackers alter Web sites of the [[United States Department of Justice]] (August), the [[CIA]] (October), and the [[U.S. Air Force]] (December).
* Canadian hacker group, Brotherhood, breaks into the [[Canadian Broadcasting Corporation]].
* Arizona hacker, John Sabo A.K.A FizzleB/Peanut, was arrested for hacking Canadian ISP dlcwest.com claiming the company was defrauding customers through over billing.
* The US general accounting office reports that hackers attempted to break into Defense Department computer files some 250,000 times in 1995 alone with a success rate of about 65% and doubling annually.<ref>{{cite book |last1=Office |first1=United States General Accounting |title=Information Security: Computer Attacks at Department of Defense Pose Increasing Risks : Report to Congressional Requesters |year=1996 |publisher=The Office |page=2 |url=https://books.google.com/books?id=efKOYhSaz_wC&pg=PA2}}</ref><ref>
{{cite book |last1=United States Congress Senate Committee on Governmental Affairs Permanent Subcommittee on Investigations |title=Security in Cyberspace: Hearings Before the Permanent Subcommittee on Investigations of the Committee on Governmental Affairs, United States Senate, One Hundred Fourth Congress, Second Session, May 22, June 5, 25, and July 16, 1996 |year=1996 |publisher=U.S. Government Printing Office |isbn=978-0-16-053913-8 |page=424 |url=https://books.google.com/books?id=t-AUYV0YPsMC&pg=PA424}}</ref><ref>
{{cite book |last1=Holt |first1=Thomas J. |last2=Bossler |first2=Adam M. |last3=Seigfried-Spellar |first3=Kathryn C. |title=Cybercrime and Digital Forensics: An Introduction |date=2017 |publisher=Routledge |isbn=978-1-315-29695-1 |url=https://books.google.com/books?id=7SA6DwAAQBAJ&pg=PT70}}</ref><ref>
{{cite book |last1=Wang |first1=Shuangbao Paul |last2=Ledley |first2=Robert S. |title=Computer Architecture and Security: Fundamentals of Designing Secure Computer Systems |date=2013 |publisher=John Wiley & Sons |isbn=978-1-118-16881-3 |page=29 |url=https://books.google.com/books?id=b2P5DwAAQBAJ&pg=PA29}}</ref>
* [[Cryptovirology]] is born with the invention of the cryptoviral extortion protocol that would later form the basis of modern [[ransomware]].<ref name="Young and Yung 96">{{cite conference|author=A. Young, [[Moti Yung|M. Yung]]|title=Cryptovirology: Extortion-Based Security Threats and Countermeasures|book-title=IEEE Symposium on Security & Privacy, May 6–8, 1996|pages=129&ndash;141}} [https://ieeexplore.ieee.org/document/502676/;jsessionid=A44B2BA6AA9CE3A440E9910E490610A3?arnumber=502676 IEEEExplore: Cryptovirology: extortion-based security threats and countermeasures]</ref>

===1997===
* The greatest AOL hack program ever written, Lucifer-X by NailZ, is released. In a matter of days AOL is being used for free by hundreds of thousands of users.{{cn|date=May 2025}}
* A 16-year-old [[Croatia]]n youth penetrates computers at a U.S. Air Force base in [[Guam]].<ref>[https://web.archive.org/web/20040313235420/http://www.nap.edu/html/trust/trust-1.htm Trust in Cyberspace], Committee on Information Systems Trustworthiness, National Research Council, 1999</ref>
* June: [[Eligible Receiver 97]] tests the American government's readiness against [[cyberattack]]s.
* December: [https://www.hackersvella.org/blog/post/cyber-attack-and-data-breaches Information Security]<ref>{{Cite web |last=Shrivastava |first=Akash |date=2024-09-27 |title=Cyber Attacks and Data Breaches |url=https://www.hackersvella.org/blog/post/cyber-attack-and-data-breaches |access-date=2024-09-27 |website=HackersvellA}}</ref> publishes first issue.{{Clarify|date=January 2017}}
* First high-profile attacks on Microsoft's [[Windows NT]] [[operating system]]<ref>[http://news.cnet.com/Hackers-jam-Microsofts-site/2100-1023_3-200788.html Hackers jam Microsoft's site], 1997</ref>

===1998===
* January: [[Yahoo!]] notifies Internet users that anyone visiting its site in the past month might have downloaded a [[logic bomb]] and [[Computer worm|worm]] planted by hackers claiming a "logic bomb" will go off if computer hacker [[Kevin Mitnick]] is not released from prison.<ref>{{cite news|last1=Associated Press|title=Hackers Leave Ransom Note on Yahoo Site|url=https://www.latimes.com/archives/la-xpm-1997-dec-10-fi-62418-story.html|access-date=May 19, 2017|date=December 10, 1997}}</ref>
* February: The [[Internet Software Consortium]] proposes the use of DNSSEC ([[Domain Name System Security Extensions]]) to secure [[DNS server]]s.
* May 19: The seven members of the hacker think tank known as [[L0pht]] testify in front of the US congressional Government Affairs committee on "Weak Computer Security in Government".
* June: Information Security publishes its first annual Industry Survey, finding that nearly three-quarters of organizations suffered a security incident in the previous year.{{Clarify|date=January 2017}}
* September: [[Electronic Disturbance Theater]], an online political performance-[[art group]], attacks the websites of [[The Pentagon]], Mexican president [[Ernesto Zedillo]], and the [[Frankfurt Stock Exchange]], calling it [[conceptual art]] and claiming it to be a protest against the suppression of the [[Zapatista Army of National Liberation]] in southern Mexico. EDT uses the FloodNet software to bombard its opponents with access requests.<ref>{{cite magazine|url=http://archive.wired.com/politics/law/news/1998/09/14931 |title=Pentagon Deflects Web Assault &#124; WIRED |magazine=Wired |date= September 10, 1998|access-date=July 1, 2017}}</ref>
* October: "[[U.S. Attorney General]] [[Janet Reno]] announces [[National Infrastructure Protection Center]]."

===1999===
* [[Software security]] goes mainstream In the wake of Microsoft's [[Windows 98]] release, 1999 becomes a banner year for security (and hacking). Hundreds of advisories and patches are released in response to newfound (and widely publicized) [[computer bug|bug]]s in Windows and other commercial software products. A host of security software vendors release anti-hacking products for use on home computers.
* U.S. President [[Bill Clinton]] announces a $1.46 billion initiative to improve government [[computer security]]. The plan would establish a network of intrusion detection monitors for certain federal agencies and encourage the private sector to do the same.
* January 7: The "Legion of the Underground" (LoU) declares "war" against the governments of Iraq and the People's Republic of China. An international coalition of hackers (including [[Cult of the Dead Cow]], ''2600''{{'}}s staff, ''[[Phrack]]''{{'}}s staff, [[L0pht]], and the [[Chaos Computer Club]]) issued a joint statement ([https://web.archive.org/web/20060316225519/http://www.cultdeadcow.com/news/statement19990107.html CRD 990107 - Hackers on planet earth against infowar]) condemning the LoU's declaration of war. The LoU responded by withdrawing its declaration.
* March: The [[Melissa worm]] is released and quickly becomes the most costly malware outbreak to date.
* July: [[Cult of the Dead Cow]] releases [[Back Orifice 2000]] at [[DEF CON]].
* August: [[Kevin Mitnick]], is sentenced to 5 years, of which over 4 years had already been spent pre-trial including 8 months' solitary confinement.
* September: [[Level Seven Crew]] hacks the [[Embassy of the United States, Beijing|U.S. Embassy in China]]'s website and places racist, anti-government slogans on embassy site in regards to [[1998 U.S. embassy bombings]].<ref>{{Cite web|url=http://www.cnn.com/TECH/computing/9909/08/hack.folo/|title=CNN - Embassy site hackers aimed to show its vulnerability - September 8, 1999|website=[[CNN]]|date=February 6, 2003|archive-url=https://web.archive.org/web/20030206011937/http://www.cnn.com/TECH/computing/9909/08/hack.folo/|archive-date=2003-02-06}}</ref>
* September 16: The [[United States Department of Justice]] sentences the "Phone Masters".<ref name="usdoj16sep99">{{cite news
 | url = http://www.usdoj.gov/criminal/cybercrime/phonmast.htm
 | title = U.S. Department of Justice, For Immediate Release, Dallas, Texas
 | publisher = [[USDOJ]]
 | date = September 16, 1999
| url-status = dead
 | archive-url = https://web.archive.org/web/20090531153024/http://www.usdoj.gov/criminal/cybercrime/phonmast.htm
 | archive-date = May 31, 2009
}}</ref>
* October: [[American Express]] introduces the "Blue" [[smart card]], the industry's first chip-based credit card in the US.
* November 17: A hacker interviewed by [[Hilly Rose]] during the radio show ''[[Coast to Coast AM]]'' (then hosted by [[Art Bell]]) exposes a plot by al-Qaeda to derail [[Amtrak]] trains. This results in all trains being forcibly stopped over [[Year 2000 problem|Y2K]] as a safety measure.

==2000s==
{{Hacking in the 2000s}}

===2000===
* May: The [[ILOVEYOU]] worm, also known as VBS/Loveletter and Love Bug worm, is a computer worm written in VBScript. It infected millions of computers worldwide within a few hours of its release. It is considered to be one of the most damaging worms ever. It originated in the Philippines; made by an [[AMA Computer University|AMA Computer College]] student Onel de Guzman for his thesis.
* September: Computer hacker [[Jonathan James]] became the first juvenile to serve jail time for hacking.

===2001===
* Microsoft becomes the prominent victim of a new type of hack that attacks the [[domain name server]]. In these [[denial-of-service attack]]s, the DNS paths that take users to Microsoft's websites are corrupted.
* February: A Dutch cracker releases the [[Anna Kournikova]] [[Anna Kournikova (computer virus)|virus]], initiating a wave of viruses that tempts users to open the infected attachment by promising a sexy picture of the Russian [[tennis]] star.
* April: FBI agents trick two Russian [[Hacker (computer security)|crackers]] into coming to the U.S. and revealing how they were hacking U.S. banks.<ref>{{Cite web | url=https://www.theregister.co.uk/2002/10/07/fbi_sting_snares_top_russian/ | title=FBI sting snares top Russian crackers| website=[[The Register]]}}</ref>
* July: Russian programmer [[Dmitry Sklyarov]] is arrested at the annual [[DEF CON]] hacker convention. He was the first person criminally charged with violating the [[Digital Millennium Copyright Act]] (DMCA).
* August: [[Code Red worm]], infects tens of thousands of machines.
* The National Cyber Security Alliance (NCSA) is established in response to the September 11 attacks on the World Trade Center.<ref>{{Cite web | url=https://www.staysafeonline.org |title = Get Online Safety Resources from the National Cyber Security Alliance}}</ref>

===2002===
* January: [[Bill Gates]] decrees that Microsoft will [[security|secure]] its products and services, and kicks off a massive internal [[training]] and [[quality control]] campaign.
* March: [[Gary McKinnon]] is arrested following unauthorized access to US military and NASA computers.
* May: [[Klez|Klez.H]], a variant of the worm discovered in November 2001, becomes the biggest [[malware]] outbreak in terms of machines infected, but causes little monetary damage.
* June: The Bush administration files a bill to create the [[Department of Homeland Security]], which, among other things, will be responsible for protecting the nation's critical [[Information technology|IT]] [[infrastructure]].
* August: Researcher Chris Paget publishes a paper describing "[[shatter attack]]s", detailing how Windows' unauthenticated [[messaging system]] can be used to take over a machine. The paper raises questions about how securable Windows could ever be. It is however largely derided as irrelevant as the vulnerabilities it described are caused by vulnerable applications (placing windows on the desktop with inappropriate privileges) rather than an inherent flaw within the Operating System.
* October: The [[(ISC)²|International Information Systems Security Certification Consortium]]—(ISC)²—confers its 10,000th [[CISSP]] certification.

===2003===
* The hacktivist group [[Anonymous (group)|Anonymous]] was formed.
* March: [[Cult of the Dead Cow]] and [[Hacktivismo]] are given permission by the [[United States Department of Commerce]] to export software utilizing strong encryption.

===2004===
* March: [[New Zealand]]'s Government (National Party) website defaced by hacktivist group BlackMask<ref>{{cite news | title=Police called after National Party website hacked | url=https://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=3554851|newspaper = NZ Herald|date = March 15, 2004}}</ref>
* July: [[North Korea]] claims to have trained 500 hackers who successfully crack South Korean, Japanese, and their allies' computer systems.<ref>{{cite web | title=North Korean hackers sabotage computer networks of South Korea | url=http://english.pravda.ru/world/20/91/366/14396_nkorea.html | publisher=[[Pravda Online]] | access-date=October 14, 2008 | url-status=dead | archive-url=https://web.archive.org/web/20070806085912/http://english.pravda.ru/world/20/91/366/14396_nkorea.html | archive-date=August 6, 2007 }}</ref>
* October: National Cyber Security Awareness Month was launched by the National Cyber Security Alliance and U.S. Department of Homeland Security.

===2005===
* April 2: Rafael Núñez (aka RaFa), a notorious member of the hacking group World of Hell, is arrested following his arrival at Miami International Airport for breaking into the [[Defense Information Systems Agency]] computer system in June 2001.<ref>Rob Lemos. [http://www.securityfocus.com/news/10868 "Campaign seeks to defang Rafa's hacker image"], "Security Focus", April 11, 2005.</ref>
* September 13: [[Cameron Lacroix]] is sentenced to 11 months for gaining access to [[T-Mobile US|T-Mobile]]'s network and exploiting [[Paris Hilton]]'s [[Danger Hiptop|Sidekick]].<ref>Krebs, Brian. [https://www.washingtonpost.com/wp-dyn/content/article/2005/09/13/AR2005091301423.html "Teen Pleads Guilty to Hacking Paris Hilton's Phone"], ''The Washington Post'', September 13, 2005. <!--accessed September 13, 2009.--></ref>
* November 3: [[Jeanson James Ancheta]], whom prosecutors say was a member of the "Botmaster Underground", a group of [[script kiddie]]s mostly noted for their excessive use of [[Botnet|bot attack]]s and propagating vast amounts of [[spamming|spam]], was taken into custody after being lured to FBI offices in Los Angeles.<ref name="vnunet_2145579">{{cite web |date=November 4, 2005|url = http://www.vnunet.com/vnunet/news/2145579/fbi-arrest-botnet-master|title = FBI sting nets botnet hacker|publisher = vnunet.com| access-date = September 26, 2008 | last=Iain Thomson |archive-url=https://web.archive.org/web/20071220142959/http://www.vnunet.com/vnunet/news/2145579/fbi-arrest-botnet-master|archive-date=December 20, 2007}}</ref>

===2006===
* January: One of the few worms to take after the old form of malware, destruction of data rather than the accumulation of zombie networks to launch attacks from, is discovered. It had various names, including [[Kama Sutra (computer worm)|Kama Sutra]] (used by most media reports), Black Worm, Mywife, Blackmal, Nyxem version D, Kapser, KillAV, Grew and CME-24. The worm would spread through e-mail client address books, and would search for documents and fill them with garbage, instead of deleting them to confuse the user. It would also hit a web page counter when it took control, allowing the programmer who created it as well as the world to track the progress of the worm. It would replace documents with random garbage on the third of every month. It was hyped by the media but actually affected relatively few computers, and was not a real threat for most users.
* May: Jeanson James Ancheta receives a 57-month prison sentence,<ref name="techweb.com">{{cite web |url=http://www.techweb.com/wire/security/187201459 |title=Botnet Herder Corralled; to Serve 57 Months - Security Technology News by TechWeb |access-date=May 3, 2007 |url-status=dead |archive-url=https://web.archive.org/web/20070927001108/http://www.techweb.com/wire/security/187201459 |archive-date=September 27, 2007 }}</ref> and is ordered to pay damages amounting to $15,000 to the Naval Air Warfare Center in China Lake and the Defense Information Systems Agency, for damage done due to DDoS attacks and hacking. Ancheta also had to forfeit his gains to the government, which include $60,000 in cash, a BMW, and computer equipment.<ref name="techweb.com"/>
* May: The largest defacement in Web History as of that time is performed by the [[Turkey|Turkish]] hacker iSKORPiTX who successfully hacked 21,549 websites in one shot.<ref>{{Cite web |title=World Record : 404907 websites hacked by Iskorpitx (Turkish Hacker) ! |url=https://thehackernews.com/2010/12/world-record-404907-websites-hacked-by.html |access-date=2022-05-01 |website=The Hacker News |language=en}}</ref>
* July: Robert Moore and Edwin Pena were the first people to be charged by U.S. authorities for VoIP hacking. Robert Moore served 2 years in federal prison and was given $152,000 restitution. Once Edwin Pena was caught after fleeing the country, evading authorities for almost 2 years, he was sentenced to 10 years and given $1 million restitution.<ref>{{cite news |last1=McMillan |first1=Robert |title=Man gets 10 years for VoIP hacking |url=https://www.computerworld.com/article/2516044/man-gets-10-years-for-voip-hacking.html |access-date=May 27, 2019 |work=Computerworld |date=September 24, 2010}}</ref>
* September: Viodentia releases FairUse4WM tool which would remove [[Digital rights management|DRM]] information off [[Windows Media Audio]] (WMA) files downloaded from music services such as Yahoo! Unlimited, Napster, Rhapsody Music and Urge.

===2007===
* May 17: [[Estonia]] recovers from massive denial-of-service attack<ref>{{cite web|url=http://www.networkworld.com/news/2007/051707-estonia-recovers-from-massive-denial-of-service.html|title=Estonia recovers from massive denial-of-service attack|first=Jeremy|last=Kirk|date=May 17, 2007|work=Network World|access-date=March 14, 2015|url-status=dead|archive-url=https://web.archive.org/web/20131203004316/http://www.networkworld.com/news/2007/051707-estonia-recovers-from-massive-denial-of-service.html|archive-date=December 3, 2013}}</ref>
* June 13: FBI [[Operation: Bot Roast|Operation Bot Roast]] finds over 1 million botnet victims<ref>{{cite web|url=http://www.networkworld.com/community/node/16193|title=FBI: Operation Bot Roast finds over 1 million botnet victims|first=Michael|last=Cooney|date=June 13, 2007|work=Network World|access-date=March 14, 2015|archive-date=December 3, 2013|archive-url=https://web.archive.org/web/20131203013446/http://www.networkworld.com/community/node/16193|url-status=dead}}</ref>
* June 21: A [[spear phishing]] incident at the [[Office of the Secretary of Defense]] steals sensitive U.S. defense information, leading to significant changes in identity and message-source verification at OSD.<ref name="McMillan">{{cite news
 | first = Robert
 | last = McMillan
 | url = http://www.infoworld.com/article/07/06/21/Pentagon-shuts-down-systems-after-cyberattack_1.html
 | title = Pentagon shuts down systems after cyberattack
 | work = [[InfoWorld]]
 | publisher = [[International Data Group|IDG]]
 | date = June 21, 2007
| access-date = March 10, 2008
 | url-status = dead
 | archive-url = https://web.archive.org/web/20080706013512/http://www.infoworld.com/article/07/06/21/Pentagon-shuts-down-systems-after-cyberattack_1.html
 | archive-date = July 6, 2008
}}</ref><ref name="Aitoro">{{cite news
 | first = Jill R.
 | last = Aitoro
 | url = http://www.govexec.com/story_page.cfm?articleid=39456
 | archive-url = https://web.archive.org/web/20080310011808/http://www.govexec.com/story_page.cfm?articleid=39456
 | url-status = dead
 | archive-date = March 10, 2008
 | title = Defense officials still concerned about data lost in 2007 network attack
 | work = Government Executive
 | publisher = [[National Journal Group]]
 | date = March 5, 2008
 | access-date = March 10, 2008
 }}</ref>

* August 11: [[United Nations]] website hacked by Indian Hacker Pankaj Kumar Singh.<ref>{{cite web|url=http://www.internethaber.com/news_detail.php?id=99151|title=BMnin sitesi hacklendi haberi|work=Internethaber|access-date=March 14, 2015|url-status=dead|archive-url=https://web.archive.org/web/20110930111801/http://www.internethaber.com/news_detail.php?id=99151|archive-date=September 30, 2011}}</ref>
*November 14: Panda Burning Incense which is known by several other names, including Fujacks and Radoppan.T lead to the arrest of eight people in China. Panda Burning Incense was a parasitic virus that infected executable files on a PC. When infected, the icon of the executable file changes to an image of a panda holding three sticks of incense. The arrests were the first for virus writing in China.<ref>{{Cite web|url=https://www.csoonline.com/article/2121666/eight-arrested-for-creating-panda-burning-incense-virus.html|title=Eight Arrested for Creating Panda Burning Incense Virus|last=Gradijan|first=Dave|date=February 13, 2007|website=CSO Online|language=en|access-date=July 20, 2019}}</ref>

===2008===
* January 17: [[Project Chanology]]; [[Anonymous (group)|Anonymous]] attacks Scientology website servers around the world. Private documents are stolen from Scientology computers and distributed over the Internet.
* March 7: Around 20 Chinese hackers claim to have gained access to the world's most sensitive sites, including [[the Pentagon]]. They operated from an apartment on a Chinese Island.<ref name="cnn7mar08">{{cite news | url = http://edition.cnn.com/2008/TECH/03/07/china.hackers/index.html | title = Chinese hackers: No site is safe | publisher = CNN | date = March 7, 2008 | access-date = March 7, 2008}}</ref>
* March 14: [[Trend Micro]] website successfully hacked by Turkish hacker Janizary (aka Utku).<ref>{{cite web|url=http://www.crn.com/news/security/206903880/trend-micro-victim-of-malicious-hack.htm|title=Trend Micro Victim Of Malicious Hack|first=Stefanie|last=Hoffman|work=CRN|access-date=March 14, 2015|date=March 14, 2008}}</ref>

===2009===
* April 4: [[Conficker]] worm infiltrated millions of PCs worldwide including many government-level top-security computer networks.<ref>{{cite news |url = https://www.nytimes.com/2009/08/27/technology/27compute.html|title = Defying Experts, Rogue Computer Code Still Lurks|newspaper = New York Times|date = August 26, 2009|access-date = August 27, 2009 | first=John | last=Markoff}}</ref>

==2010s==
{{Hacking in the 2010s}}

===2010===
* January 12: [[Operation Aurora]] Google publicly reveals<ref name="googleblog">{{cite web|url=http://googleblog.blogspot.com/2010/01/new-approach-to-china.html|title=A new approach to China|date=January 12, 2010|publisher=Google Inc.|access-date=January 17, 2010}}</ref> that it has been on the receiving end of a ''"highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google"''
* June: [[Stuxnet]] The Stuxnet worm is found by VirusBlokAda. Stuxnet was unusual in that while it spread via Windows computers, its payload targeted just one specific model and type of [[SCADA]] systems. It slowly became clear that it was a cyber attack on Iran's nuclear facilities—with most experts believing that Israel<ref name="nyt-19stuxnet">{{cite news| url=https://www.nytimes.com/2010/11/19/world/middleeast/19stuxnet.html | work=The New York Times | first1=William J. | last1=Broad | first2=David E. | last2=Sanger | title=Worm in Iran Can Wreck Nuclear Centrifuges | date=November 18, 2010}}</ref> was behind it—perhaps with US help.
* December 3: The first Malware Conference, [[Malcon|MALCON]] took place in India. Founded by Rajshekhar Murthy, malware coders are invited to showcase their skills at this annual event supported by the Government of India.

===2011===
* The hacker group [[Lulz Security]] is formed.
* April 9: [[Bank of America]] website got hacked by a Turkish hacker named JeOPaRDY. An estimated 85,000 credit card numbers and accounts were reported to have been stolen due to the hack. Bank officials say no personal customer bank information is available on that web-page. Investigations are being conducted by the FBI to trace down the incriminated hacker.<ref>{{cite web|url=http://thehackernews.com/2011/03/thousands-of-bank-of-america-accounts.html|title=Thousands of Bank of America Accounts Hacked !|first=Mohit|last=Kumar|date=March 26, 2011|work=The Hacker News - Biggest Information Security Channel|access-date=March 14, 2015}}</ref>
* April 17: An "[[PlayStation Network outage|external intrusion]]" sends the [[PlayStation Network]] offline, and compromises personally identifying information (possibly including credit card details) of its 77 million accounts, in what is claimed to be one of the five largest [[data breach]]es ever.<ref>{{cite news|url=https://www.cbc.ca/news/science/playstation-data-breach-deemed-in-top-5-ever-1.1059548 |title=PlayStation data breach deemed in 'top 5 ever' - Business - CBC News |publisher=Cbc.ca |date= April 27, 2011|access-date=April 29, 2011}}</ref>
* Computer hacker sl1nk releases information of his penetration in the servers of the Department of Defense (DoD), Pentagon, NASA, NSA, US Military, Department of the Navy, Space and Naval Warfare System Command and other UK/US government websites.<ref>''[http://thehackernews.com/2011/05/exclusive-report-is-department-of.html Is Department of Defense (DoD), Pentagon, NASA, NSA secure?]'', TheHackerNews, May 14, 2011.</ref>
* September: Bangladeshi hacker TiGER-M@TE made a world record in defacement history by hacking 700,000 websites in a single shot.<ref>{{cite web|url=http://news.softpedia.com/news/700-000-InMotion-Websites-Hacked-by-TiGER-M-TE-223607.shtml|title=700,000 InMotion Websites Hacked by TiGER-M@TE|first=Eduard|last=Kovacs|date=September 26, 2011|work=softpedia|access-date=March 14, 2015}}</ref>
* October 16: The [[YouTube]] channel of ''[[Sesame Street]]'' was hacked, streaming pornographic content for about 22 minutes.<ref>{{cite magazine|url=http://www.pcworld.com/article/242009/sesame_street_hacked_porn_posted.html|title=Sesame Street Hacked, Porn Posted|magazine =[[PC World (magazine)|PC World]]|author=John P. Mello Jr.|access-date=October 26, 2011}}</ref>
* November 1: The main phone and Internet networks of the [[Palestinian territories]] sustained a hacker attack from multiple locations worldwide.<ref>{{cite web|url=http://www.imemc.org/article/62409|title=PA Telecommunications minister: Palestinian Internet Under Hacking Attacks|publisher =[[IMEMC]]|first=Alaa|last=Ashkar|date=2 November 2011 |access-date=November 2, 2011}}</ref>
* November 7: The forums for [[Valve Corporation|Valve]]'s [[Steam (service)|Steam]] service were hacked. Redirects for a hacking website, Fkn0wned, appeared on the Steam users' forums, offering "hacking tutorials and tools, porn, free giveaways and much more."<ref>{{cite web|last=Ashcraft|first=Brian|title=Steam Forums Apparently Hacked|date=7 November 2011 |url=http://kotaku.com/5856975/steam-forums-apparently-hacked|publisher=Kotaku}}</ref>
* December 14: Five members of the Norwegian hacker group, Noria, were arrested, allegedly suspected for hacking into the email account of the militant extremist [[Anders Behring Breivik]] (who perpetrated the [[2011 Norway attacks|2011 attacks]] in the country).<ref>{{cite news|url=http://www.dagbladet.no/2011/12/14/nyheter/innenriks/hackere/19420895/|title=News article about the arrests of Noria|newspaper =Dagbladet|author=Jonas Sverrisson Rasch|access-date=December 14, 2012}}</ref>

===2012===
* A hacker published over 400,000 credit cards online,<ref>{{cite news| url=https://www.washingtonpost.com/blogs/blogpost/post/saudi-hackers-say-they-published-israeli-credit-card-information/2012/01/03/gIQAkMIMYP_blog.html | newspaper=The Washington Post | first=Elizabeth | last=Flock | title=Saudi hackers say they published Israeli credit card information | date=January 3, 2012}}</ref> and threatened [[Israel]] to release 1 million credit cards in the future. In response to that incident, an Israeli hacker published over 200 Albanian' credit cards online.<ref>[http://readwrite.com/2012/01/06/saudi_hacker_threatens_to_release_1_million_israel Kosovo Hacker Threatens to Release 1 Million Israeli Credit Card Numbers], Curt Hopkins, January 6, 2012</ref><ref>{{cite news| url=https://www.bbc.co.uk/news/world-middle-east-16526067 | work=BBC News | title=Israeli hacker retaliates to credit card hacking | date=January 12, 2012}}</ref>
*[[Gottfrid Svartholm|Gottfrid Svartholm Warg]], the co-founder of [[The Pirate Bay|Pirate Bay]], was convicted in Denmark of hacking a mainframe computer, what was then Denmark's biggest hacking case.<ref>{{Cite news|date=2014-10-31|title=Pirate Bay co-founder sentenced to 42 months in jail in Denmark|language=en|work=Reuters|url=https://www.reuters.com/article/us-piratebay-sentence-idUSKBN0IK1TL20141031|access-date=2021-08-05}}</ref>
*January 7: "Team Appunity", a group of Norwegian hackers, were arrested for breaking into Norway's largest prostitution website then publishing the user database online.<ref>{{cite web|url=https://www.politi.no/aktuelt/nyhetsarkiv/2012_01/Nyhet_10828.xhtml|title=(Norwegian) Tre personer siktet for datainnbrudd|publisher=Kripos|author=Kripos|access-date=April 25, 2012|url-status=dead|archive-url=https://web.archive.org/web/20130728112727/https://www.politi.no/aktuelt/nyhetsarkiv/2012_01/Nyhet_10828.xhtml|archive-date=July 28, 2013}}</ref>
*February 3: [[Marriott International|Marriott]] was hacked by a [[New Age]] ideologist, Attila Nemeth who was resisting against the [[New World Order (conspiracy theory)|New World Order]] where he said that corporations are allegedly controlling the world. As a response Marriott reported him to the United States Secret Service.<ref>{{cite web|url=http://it.slashdot.org/story/11/11/27/0240253/hacker-tries-to-land-it-job-at-marriott-via-extortion| title=Marriott, Hack, Extortion, Arrest and important websites hacked | date=February 3, 2012}}</ref>
*February 8: [[Foxconn]] is hacked by a hacker group, "Swagg Security", releasing a massive amount of data including email and server logins, and even more alarming—bank account credentials of large companies like Apple and Microsoft. Swagg Security stages the attack just as a Foxconn protest ignites against terrible working conditions in southern China.<ref>{{cite news| url=https://www.theguardian.com/technology/2012/feb/09/apple-foxconn-hackers-factory-conditions | location=London | work=The Guardian | first=Juliette | last=Garside | title=Apple supplier Foxconn hacked in factory conditions protest | date=February 9, 2012}}</ref>
*May 4: The websites of several Turkish representative offices of international IT-companies are defaced within the same day by F0RTYS3V3N (Turkish Hacker), including the websites of [[Google]], [[Yandex]], [[Microsoft]], [[Gmail]], [[MSN]], [[Hotmail]], [[PayPal]].<ref>{{cite news| url=https://www.cnnturk.com/2012/bilim.teknoloji/teknoloji/05/05/com.trler.nasil.hacklendi/659932.0/index.html | work=CNNTurk | title=Com.tr'ler nasıl hacklendi? | date=May 4, 2012}}</ref><ref>{{cite news| url=https://www.hurriyet.com.tr/teknoloji/turk-hackerlar-com-tr-uzantili-sitelere-saldirdi-20486704 | work=Hurriyet | title=Türk hacker'lar com.tr uzantılı sitelere saldırdı | date=May 4, 2012}}</ref><ref>{{cite news| url=https://turk-internet.com/nic-tr-sistemlerine-sizilinca-tr-uzantili-siteler-baska-yerlere-yonlendirildi/ | work=Turk-Internet | title=Nic.tr Sistemlerine Sızılınca, '.tr' Uzantılı Siteler Başka Yerlere Yönlendirildi | date=May 4, 2012}}</ref><ref>{{cite news| url=http://www.zone-h.org/archive/special=1/notifier=F0RTYS3V3N | title=Google, Microsoft, Yandex, Paypal and important websites hacked Zone-H Mirror | date=May 4, 2012}}</ref>
*May 24: WHMCS is hacked by [[UGNazi]], they claim that the reason for this is because of the illegal sites that are using their software.
*May 31: [[MyBB]] is hacked by newly founded hacker group, [[UGNazi]], the website was defaced for about a day, they claim their reasoning for this was because they were upset that the forum board Hackforums.net uses their software.
*June 5: The social networking website [[LinkedIn]] has been [[2012 LinkedIn hack|hacked]] and the passwords for nearly 6.5 million user accounts are stolen by cybercriminals. As a result, a United States grand jury indicted Nikulin and three unnamed co-conspirators on charges of aggravated identity theft and computer intrusion.
*August 15: [[Saudi Aramco]] is crippled by a cyber warfare attack for months by malware called [[Shamoon]]. Considered the biggest hack in history in terms of cost and destructiveness. Carried out by an Iranian attacker group called Cutting Sword of Justice.<ref>{{cite news|title=Jose Pagliery: The inside story of the biggest hack in history|url=https://money.cnn.com/2015/08/05/technology/aramco-hack/index.html|date=August 5, 2015|access-date=August 19, 2012}}</ref> Iranian hackers retaliated against Stuxnet by releasing Shamoon. The malware destroyed over 35,000 [[Saudi Arabia|Saudi]] Aramco computers, affecting business operations for months.
*December 17: Computer hacker sl1nk announced that he has hacked a total of 9 countries' [[SCADA]] systems. The proof includes 6 countries: France, Norway, Russia, Spain, Sweden and the United States.<ref>{{cite web |url=http://zerosecurity.org/2012/12/scada-systems-of-6-countries-breached-by-sl1nk |title=SCADA systems of 6 countries breached by Sl1nk |access-date=June 15, 2015 |url-status=dead |archive-url=https://web.archive.org/web/20160304091224/http://zerosecurity.org/2012/12/scada-systems-of-6-countries-breached-by-sl1nk |archive-date=March 4, 2016 }}</ref>

===2013===
* The social networking website [[Tumblr]] is attacked by hackers. Consequently, 65,469,298 unique emails and passwords were leaked from Tumblr. The data breach's legitimacy is confirmed by computer security researcher [[Troy Hunt]].<ref>{{cite web|url=https://www.vice.com/en/article/hackers-stole-68-million-passwords-from-tumblr-new-analysis-reveals/ |title=Hackers Stole 65 Million Passwords From Tumblr, New Analysis Reveals - Motherboard |website=Motherboard.vice.com |date=May 30, 2016 |access-date=July 1, 2017}}</ref>
* August: [[Yahoo! data breaches]] occurred.  More than 3 billion users data are being leaked.<ref>{{cite web | url=https://www.bbc.com/news/business-41493494.amp | title=Yahoo 2013 data breach hit 'all accounts' | date=3 October 2017 }}</ref>

===2014===
* February 7: The [[bitcoin]] exchange [[Mt. Gox]] filed for bankruptcy after $460{{nbsp}}million was apparently stolen by hackers due to "weaknesses in [their] system" and another $27.4{{nbsp}}million went missing from its bank accounts.<ref>{{cite magazine|url=https://www.wired.com/2014/03/bitcoin-exchange/|title=The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster - WIRED|magazine=WIRED|access-date=March 14, 2015|date=March 3, 2014}}</ref>
* October: The White House computer system was hacked.<ref>{{cite news|url=https://www.bbc.com/news/technology-29817644|title=White House computer network 'hacked' - BBC|work=BBC|access-date=November 6, 2015|date=October 29, 2014}}</ref> It was said that the FBI, the Secret Service, and other U.S. intelligence agencies categorized the attacks "among the most sophisticated attacks ever launched against U.S. government systems."<ref>{{cite news|last1=Evan Perez|last2=Shimon Prokupecz|title=How the U.S. thinks Russians hacked the White House|url=https://edition.cnn.com/2015/04/07/politics/how-russians-hacked-the-wh/index.html|access-date=December 17, 2016|work=CNN|date=April 8, 2015|quote=Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.}}</ref>
* November 24: In response to the release of the film ''[[The Interview]]'', the servers of [[Sony Pictures]] are [[Sony Pictures hack|hacked]] by a hacker group calling itself "Guardian of Peace".
* November 28: The website of the Philippine telecommunications company [[Globe Telecom]] was hacked in response to the poor internet service they were distributing.<ref>{{cite web|url=http://www.coorms.com/2014/11/globe-website-was-hacked-by-bloodsec-hackers.html|title=Globe Website was Hacked by Blood Sec Hackers|author=Michael Angelo Santos|work=Coorms}}</ref>

===2015===
* June: the records of 21.5 million people, including social security numbers, dates of birth, addresses, fingerprints, and security clearance-related information, are [[Office of Personnel Management data breach|stolen from the United States Office of Personnel Management]] (OPM).<ref name="reuters20150709">{{cite web | url=https://www.reuters.com/article/us-cybersecurity-usa-idUSKCN0PJ2M420150709 | title=Estimate of Americans hit by government personnel data hack skyrockets | work=[[Reuters]] | first1=Patricia | last1=Zengerle | first2=Megan | last2=Cassella | date=July 9, 2015 | access-date=July 9, 2015}}</ref> Most of the victims are employees of the United States government and unsuccessful applicants to it. ''[[The Wall Street Journal]]'' and ''[[The Washington Post]]'' report that government sources believe the hacker is the government of China.<ref name=wsj>{{cite web | url=https://www.wsj.com/articles/u-s-suspects-hackers-in-china-behind-government-data-breach-sources-say-1433451888 | title=U.S. Suspects Hackers in China Breached About four (4) Million People's Records, Officials Say | work=Wall Street Journal | date=June 5, 2015 | access-date=June 5, 2015 | author=Barrett, Devlin}}</ref><ref name=npr>{{cite web | url=https://www.npr.org/sections/thetwo-way/2015/06/04/412086068/massive-data-breach-puts-4-million-federal-employees-records-at-risk | title=Massive Data Breach Puts 4 Million Federal Employees' Records At Risk | work=NPR | date=June 4, 2015 | access-date=June 5, 2015 | author=Sanders, Sam}}</ref>
*July: The servers of extramarital affairs website [[Ashley Madison data breach|Ashley Madison]] were [[Ashley Madison data breach|breached]].

===2016===
* February: The 2016 [[Bangladesh Bank heist]] attempted to steal US$951 million from a [[Bangladesh Bank]], and succeeded in getting $101 million—although some of this was later recovered.
* July 22: [[WikiLeaks]] published the documents from the [[2016 Democratic National Committee email leak]].
* July 29: a group suspected coming from China launched hacker [[Vietnamese airports hackings|attacks on the website of Vietnam Airlines]].
* August 13: The Shadow Brokers (TSB) started publishing several leaks containing hacking tools from the [[National Security Agency]] (NSA), including several [[Zero-day (computing)|zero-day exploits]]. Ongoing leaks until April 2017 ([[The Shadow Brokers]])
* September: Hacker Ardit Ferizi is sentenced to 20 years in prison after being arrested for hacking U.S. servers and passing the leaked information to members of [[ISIL]] terrorist group back in 2015.<ref>{{cite web|url=https://www.justice.gov/opa/pr/isil-linked-kosovo-hacker-sentenced-20-years-prison|title=ISIL-Linked Kosovo Hacker Sentenced to 20 Years in Prison |publisher=Justice Department of the United States|date=September 23, 2016 }}</ref>
* October: The [[2016 Dyn cyberattack]] is being conducted with a botnet consisting of IOTs infected with [[Mirai (malware)|Mirai]] by the hacktivist groups SpainSquad, Anonymous, and New World Hackers, reportedly in retaliation for [[Ecuador]]'s rescinding Internet access to [[WikiLeaks]] founder [[Julian Assange]] at their [[Embassy of Ecuador, London|embassy in London]], where he has been granted [[right of asylum|asylum]].<ref name="politico1">{{cite web|last1=Romm|first1=Tony|last2=Geller|first2=Eric|title=WikiLeaks supporters claim credit for massive U.S. cyberattack, but researchers skeptical|url=http://www.politico.com/story/2016/10/websites-down-possible-cyber-attack-230145|website=POLITICO|date=21 October 2016 |access-date=October 22, 2016}}</ref>
*Late 2016: Hackers steal international personal user data from the company [[Uber]], including phone numbers, email addresses, and names, of 57 million people and 600,000 driver's license numbers of drivers for the company. Uber's [[GitHub]] account was accessed through [[Amazon Web Services|Amazon's cloud]]-based service. Uber paid the hackers $100,000 for assurances the data was destroyed.<ref>{{Cite web|url=https://money.cnn.com/2017/11/22/technology/uber-hack-consequences-cover-up/index.html|title=Uber's massive hack: What we know|last=Larson|first=Selena|date=November 22, 2017|website=CNNMoney|access-date=June 20, 2019}}</ref>
* December 2016: [[Yahoo! data breaches]] reported and affected more than 1 billion users.  The data leakage includes user names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords

===2017===
* April: A hacker group calling itself "The Dark Overlord" posted unreleased episodes of ''[[Orange Is the New Black]]'' TV series online after failing to extort the online entertainment company [[Netflix]].<ref>{{cite web|last=Mussa |first=Matthew |url=http://heavy.com/news/2017/04/netflix-hacker-thedarkoverlord-dark-overlord-hack-memes-orange-is-the-new-black/ |title='The Dark Overlord', Netflix Hacker: 5 Fast Facts You Need to Know |website=Heavy.com |date=April 30, 2017 |access-date=July 1, 2017}}</ref>
* May: [[WannaCry ransomware attack]] started on Friday, May 12, 2017,<ref>{{cite web|url=https://nakedsecurity.sophos.com/2017/05/17/wannacry-the-ransomware-worm-that-didnt-arrive-on-a-phishing-hook/|title=WannaCry: the ransomware worm that didn't arrive on a phishing hook|last=Brenner|first=Bill|date=May 16, 2017|website=Naked Security|access-date=May 18, 2017}}</ref> and has been described as unprecedented in scale, infecting more than 230,000 computers in over 150 countries.<ref>{{Cite news|url=https://www.bbc.com/news/world-europe-39907965|title=Cyber-attack: Europol says it was unprecedented in scale|date=May 13, 2017|work=BBC News|access-date=May 18, 2017|language=en-GB}}</ref> A version of the unreleased [[Disney]] film ''[[Pirates of the Caribbean: Dead Men Tell No Tales]]'' is held for ransom, with the attackers threatening its release to the public unless a ransom is paid in Bitcoin.<ref>{{Cite news |date=2017-05-16 |title=Disney hack: Ransom demanded for stolen film |url=https://www.bbc.com/news/entertainment-arts-39933406 |access-date=2024-06-01 |work=BBC News |language=en-GB}}</ref>
* May: 25,000 digital photos and ID scans relating to patients of the Grozio Chirurgija [[cosmetic surgery]] clinic in [[Lithuania]] were obtained and published without consent by an unknown group demanding ransoms.<ref name="guardian-20170531">{{cite news|first=Alex|last=Hern |url=https://www.theguardian.com/technology/2017/may/31/hackers-publish-private-photos-cosmetic-surgery-clinic-bitcoin-ransom-payments |title=Hackers publish private photos from cosmetic surgery clinic &#124; Technology |newspaper=[[The Guardian]] |access-date=May 31, 2017}}</ref><ref>{{cite news|url=http://www.seattletimes.com/nation-world/plastic-surgery-clinics-hacked-25000-photos-data-online/ |title=Plastic surgery clinics hacked; 25,000 photos, data online |newspaper=[[The Seattle Times]] |access-date=May 31, 2017}}</ref><ref>{{cite web|url=https://abcnews.go.com/Technology/wireStory/plastic-surgery-clinics-hacked-25000-photos-data-online-47728631|title=Plastic surgery clinics hacked; 25,000 photos, data online|website=Abcnews.go.com|access-date=May 31, 2017|url-status=dead|archive-url=https://web.archive.org/web/20170531124102/https://abcnews.go.com/Technology/wireStory/plastic-surgery-clinics-hacked-25000-photos-data-online-47728631|archive-date=May 31, 2017}}</ref> Thousands of clients from more than 60 countries were affected.<ref name="guardian-20170531"/> The breach brought attention to weaknesses in Lithuania's information security.<ref name="guardian-20170531"/>
*June: [[2017 Petya cyberattack]].<ref>{{Cite news|url=https://www.bbc.com/news/technology-40416611|title=Global ransomware attack causes chaos|date=June 27, 2017|work=BBC News|access-date=June 27, 2017|language=en-GB}}</ref>
*June: TRITON (TRISIS), a malware framework designed to reprogram [[Triconex]] [[safety instrumented system]]s (SIS) of [[industrial control system]]s (ICS), discovered in Saudi Arabian Petrochemical plant.<ref>{{Cite web|url=https://www.csoonline.com/article/3388228/group-behind-triton-industrial-sabotage-malware-made-more-victims.html|title=Group behind TRITON industrial sabotage malware made more victims|last=Constantin|first=Lucian|date=April 10, 2019|website=CSO Online|language=en|access-date=July 17, 2019}}</ref>
*August: Hackers demand $7.5 million in [[Bitcoin]] to stop pre-releasing [[HBO]] shows and scripts, including ''[[Ballers]]'', ''[[Room 104]]'' and ''[[Game of Thrones]]''.<ref>{{Cite journal|url=https://slate.com/technology/2017/08/hbo-hackers-want-7-5-million-to-stop-leaking-game-of-thrones.html|title=The HBO Hackers Are Demanding $7.5 Million to Stop Leaking Game of Thrones|journal=Slate |date=8 August 2017|last1=Glaser |first1=April }}</ref>
* May–July 2017: [[Equifax#May.E2.80.93July 2017 security breach|The Equifax breach]].<ref name=":0">{{Cite web|url=https://www.cnbc.com/2017/09/07/credit-reporting-firm-equifax-says-cybersecurity-incident-could-potentially-affect-143-million-us-consumers.html|title=Credit reporting firm Equifax says data breach could potentially affect 143 million US consumers|last=Haselton|first=Todd|date=September 7, 2017|website=cnbc.com|access-date=October 16, 2017}}</ref> 
* September 2017: [[Deloitte#E-mail hack|Deloitte breach]].<ref name="guardsep2017">{{cite web|url=https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails|title=Deloitte hit by cyber-attack revealing clients' secret emails|first=Nick|last=Hopkins|date=September 25, 2017|access-date=October 16, 2017|website=Theguardian.com}}</ref>
*December: [[Mecklenburg County, North Carolina|Mecklenburg County]], North Carolina computer systems were hacked. They did not pay the ransom.<ref>{{Cite news|url=https://www.nytimes.com/2017/12/06/us/mecklenburg-county-hackers.html|title=North Carolina County Refuses to Pay $23,000 Ransom to Hackers|last=Stack|first=Liam|date=December 6, 2017|work=The New York Times|access-date=June 20, 2019|language=en-US|issn=0362-4331}}</ref>

=== 2018 ===
* March: Computer systems in the city of [[Atlanta]], in the U.S. state of Georgia, are seized by hackers with [[ransomware]]. They did not pay the ransom,<ref>{{Cite news|url=https://www.wsj.com/articles/atlanta-hit-with-cyberattack-1521823062|title=Atlanta Hit With Cyberattack|last=McWhirter|first=Joseph De Avila and Cameron|newspaper=Wall Street Journal|date=23 March 2018|language=en-US|access-date=June 20, 2019}}</ref> and two Iranians were indicted by the [[FBI]] on cyber crime charges for the breach.<ref>{{Cite news|url=https://www.wsj.com/articles/two-iranians-indicted-in-atlanta-on-cyber-crime-charges-1544044025|title=Two Iranians Indicted in Atlanta on Cyber Crime Charges|agency=Associated Press|newspaper=Wall Street Journal|date=5 December 2018|language=en-US|access-date=June 20, 2019}}</ref>
* The town of [[Wasaga Beach]] in Ontario, Canada computer systems are seized by hackers with ransomware.<ref>{{Cite web|url=https://www.simcoe.com/news-story/8586806-wasaga-beach-town-hall-computers-seized-by-hackers/|title=Wasaga Beach town hall computers seized by hackers|last=Adams|first=Ian|date=May 1, 2018|website=Simcoe.com|language=en-CA|access-date=June 20, 2019}}</ref>
*September: [[Facebook]] was hacked, exposing to hackers the personal information of an estimated 30 million Facebook users (initially estimated at 50 million) when the hackers "stole" the "access tokens" of 400,000 Facebook users. The information accessible to the hackers included users' email addresses, phone numbers, their lists of friends, Groups they are members of, users' search information, posts on their timelines, and names of recent Messenger conversations.<ref name="facebook_hacked_2018_09_28_nytimes_com">[https://www.nytimes.com/2018/09/28/business/facebook-was-hacked-here-are-3-things-you-should-do.html "Facebook Was Hacked. 3 Things You Should Do After the Breach. The social networking giant said attackers had exploited a weakness that enabled them to hijack the accounts of nearly 50 million users. Here are some tips for securing your account,"] September 28, 2018, [[New York Times]], retrieved April 15, 2021</ref><ref name="facebook_says_2018_10_12_foxnews_com">[https://www.foxnews.com/tech/facebook-says-hackers-accessed-phone-numbers-email-addresses-as-part-of-latest-breach "Facebook says hackers accessed phone numbers, email addresses as part of latest breach,"] October 12, 2018, [[Fox News]], retrieved April 15, 2021</ref>
*October: [[West Haven, Connecticut|West Haven, Connecticut USA]] computer systems are seized by hackers with ransomware, they paid $2,000 in ransom.<ref>{{Cite web|url=https://www.courant.com/breaking-news/hc-br-west-haven-cyber-attack-ransomware20181019-story.html|title=Hackers Target Connecticut City, Force Officials To Pay $2,000 Ransom|last=Rondinone|first=Nicholas|website=courant.com|date=19 October 2018 |access-date=June 20, 2019}}</ref>
*November: 
**The first U.S. indictment of individual people for [[ransomware]] attacks occurs. The [[U.S. Justice Department]] indicted two men Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri who allegedly used the SamSam ransomware for extortion, netting them more than $6 million in ransom payments. The companies infected with the [[ransomware]] included [[Allscripts]], [[MedStar Health|Medstar Health]], and [[Hollywood Presbyterian Medical Center]]. Altogether, the attacks caused victims to lose more than $30 million, in addition to the ransom payments.<ref>{{Cite web|url=https://www.modernhealthcare.com/article/20181129/NEWS/181129923/feds-indict-ransomware-hackers-of-allscripts-others|title=Feds indict ransomware hackers of Allscripts, others|date=November 29, 2018|website=Modern Healthcare|language=en|access-date=June 20, 2019}}</ref>
**Marriott disclosed that its Starwood Hotel brand had been [[Marriott International#Data breach|subject to a security breach]].

=== 2019 ===
*March: [[Jackson County, Georgia|Jackson County]] computer systems in the U.S. state of Georgia are seized by hackers with [[ransomware]], they paid $400,000 in ransom.<ref>{{Cite web|url=https://www.zdnet.com/article/georgia-county-pays-a-whopping-400000-to-get-rid-of-a-ransomware-infection/|title=Georgia county pays a whopping $400,000 to get rid of a ransomware infection|last=Cimpanu|first=Catalin|website=ZDNet|language=en|access-date=June 20, 2019}}</ref> The city of [[Albany, New York|Albany]] in the U.S. state of New York experiences a ransomware cyber attack.<ref>{{Cite web|url=http://cbs6albany.com/news/local/city-of-albany-experiences-cyber-attack|title=City of Albany experiences cyber attack|date=March 30, 2019|website=WRGB|access-date=June 20, 2019}}</ref><ref>{{Cite news|url=https://www.timesunion.com/news/article/Albany-police-can-t-access-scheduling-system-13730578.php|title=Albany cyber attack affecting records, police|last=Moench|first=Mallory|date=March 31, 2019|website=Times Union|access-date=June 20, 2019}}</ref>
*April: Computer systems in the city of [[Augusta, Maine|Augusta]], in the U.S. state of Maine, are seized by hackers using ransomware.<ref>{{Cite news|url=https://www.newscentermaine.com/article/news/local/augusta-city-offices-hit-by-computer-virus/97-2e380b61-5e75-4627-b8a1-b3b3af6e23e2|title=Augusta city offices hit by computer virus|newspaper=Newscentermaine.com|date=20 April 2019|access-date=June 20, 2019}}</ref><ref>{{Cite web|url=https://bangordailynews.com/2019/04/29/news/augusta/hacker-wanted-more-than-100k-to-restore-maine-citys-computers/|title=Hacker wanted more than $100K to restore Maine city's computers|website=Bangor Daily News|date=29 April 2019|language=en-US|access-date=June 20, 2019}}</ref> The [[Greenville, North Carolina|City of Greenville]] (North Carolina)'s computer systems are seized by hackers using ransomware known as RobbinHood.<ref>{{Cite web|url=https://www.witn.com/content/news/Greenville-city-computers-shut-down-after-virus-attack-508373251.html|title=FBI now investigating "RobinHood" ransomware attack on Greenville computers|website=www.witn.com|date=10 April 2019 |language=en|access-date=June 20, 2019}}</ref><ref name=bleeping>{{Cite web|url=https://www.bleepingcomputer.com/news/security/a-closer-look-at-the-robbinhood-ransomware/|title=A Closer Look at the RobbinHood Ransomware|website=BleepingComputer}}</ref> [[Imperial County, California|Imperial County]], in the U.S. state of California, computer systems are seized by hackers using Ryuk ransomware.<ref>{{Cite web|url=https://www.latimes.com/local/lanow/la-me-imperial-county-website-down-20190418-story.html|title=Ryuk malware hacked a county government website. It's been down for 6 days|last=Shalby|first=Colleen|website=[[Los Angeles Times]]|access-date=June 20, 2019|date=April 18, 2019}}</ref>
* May: computer systems belonging to the [[Baltimore, Maryland|City of Baltimore]] are seized by hackers using ransomware known as RobbinHood that encrypts files with a "file-locking" virus, as well as the tool [[EternalBlue]].<ref>{{Cite news|url=https://www.nytimes.com/2019/05/22/us/baltimore-ransomware.html|title=Hackers Are Holding Baltimore Hostage: How They Struck and What's Next|last=Chokshi|first=Niraj|date=May 22, 2019|work=The New York Times|access-date=June 20, 2019|language=en-US|issn=0362-4331}}</ref><ref>{{Cite web|url=https://www.baltimoresun.com/politics/bs-md-ci-it-outage-20190507-story.html|title=Baltimore city government computer network hit by ransomware attack|last=Campbell|first=Ian Duncan, Colin|website=baltimoresun.com|date=7 May 2019 |language=en-US|access-date=June 20, 2019}}</ref><ref>{{Cite news|url=https://www.baltimoresun.com/politics/bs-md-ci-ransomware-attack-20190517-story.html|title=Analysis of ransomware used in Baltimore attack indicates hackers needed 'unfettered access' to city computers|last=Zhang|first=Ian Duncan, Christine|website=baltimoresun.com|language=en-US|access-date=June 20, 2019}}</ref><ref>{{Cite news|url=https://www.wsj.com/articles/u-s-cities-strain-to-fight-hackers-11559899800|title=Hackers Won't Let Up in Their Attack on U.S. Cities|last=Kamp|first=Scott Calvert and Jon|newspaper=Wall Street Journal|date=7 June 2019|language=en-US|access-date=June 20, 2019}}</ref>
*June: The city of [[Riviera Beach, Florida]], paid roughly $600,000 ransom in [[Bitcoin]] to hackers who seized their computers using ransomware.<ref>{{Cite web|url=https://www.cnn.com/2019/06/20/us/riviera-beach-to-pay-hacker/index.html|title=Florida city to pay $600K ransom to hacker who seized computer systems weeks ago|first=Faith|last=Karimi|website=CNN|date=20 June 2019|access-date=June 20, 2019}}</ref> Hackers stole 18 hours of unreleased music from the band [[Radiohead]] demanding $150,000 ransom. Radiohead released the music to the public anyway and did not pay the ransom.<ref>{{Cite web|url=https://nakedsecurity.sophos.com/2019/06/12/radiohead-releases-ok-computer-sessions-that-hacker-tried-to-ransom/|title=Radiohead releases 'OK Computer' sessions that hacker tried to ransom|date=June 12, 2019|website=Naked Security|language=en|access-date=June 20, 2019}}</ref>
*November: The [[Anonymous (group)|Anonymous]] hacktivist collective announced that they have hacked into four Chinese computer databases and donated those to data breach indexing/notification service vigilante.pw. The hack was conducted in order to support the [[2019 Hong Kong protests]], amidst the Hong Kong police's siege of the city's [[Hong Kong Polytechnic University|Polytechnic University]]. They also brought up a possible peace plan first proposed by a professor at [[Inha University]] in hopes of having the [[Korean reunification]] and the five key demands of the Hong Kong protest being fulfilled at once.<ref>{{cite web |title=Anonymous Hacks China As Chinese Military Moves On Hong Kong, Students Trapped at Polytechnic University |url=https://www.activistpost.com/2019/11/anonymous-hacks-china-as-chinese-military-moves-on-hong-kong-students-trapped-at-polytechnic-university.html |website=Activist Post |access-date=August 25, 2020 |date=November 19, 2019}}</ref>

==2020s==
{{Hacking in the 2020s|state=collapsed}}
{{Update section|date=March 2025}}
===2020===
* May: Anonymous declared a large hack on May 28, three days after the [[murder of George Floyd]]. An individual claiming to represent Anonymous stated that "We are Legion. We do not forgive. We do not forget. Expect us." in a now-deleted video. Anonymous addressed police brutality and said they "will be exposing [their] many crimes to the world". It was suspected that Anonymous were the cause for the downtime and public suspension of the [[Minneapolis Police Department]] website and its parent site, the website of the [[City of Minneapolis]].<ref>{{Cite web | url=https://variety.com/2020/digital/news/anonymous-hackers-minneapolis-police-department-website-george-floyd. | title=Variety| date=26 September 2023}}</ref>
* May: Indian national Shubham Upadhyay posed as Superintendent of Police and, using [[social engineering (security)|social engineering]], used a free caller identification app to call up the in-charge of the Kotwali police station, K. K. Gupta, in order to threaten him to get his phone repaired amidst the [[COVID-19 pandemic lockdown in India|COVID-19 lockdown]]. The attempt was foiled.<ref>{{cite web |last1=Jaiswal |first1=Priya |title=UP: 23-year-old man poses as police official to get mobile phone repaired, lands in lockup |url=https://www.indiatvnews.com/news/india/uttar-pradesh-azamgarh-23-year-old-man-poses-police-official-mobile-phone-repair-614583 |website=www.indiatvnews.com |access-date=August 14, 2020 |language=en |date=May 6, 2020}}</ref>
* June: Anonymous claimed responsibility for stealing and leaking a trove of documents collectively nicknamed '[[BlueLeaks]]'. The 269-gigabyte collection was published by a leak-focused activist group known as [[Distributed Denial of Secrets]]. Furthermore, the collective took down [[Atlanta Police Department]]'s website via [[DDoS]], and defaced websites such as a [[Philippines|Filipino]] governmental webpage and that of [[Brookhaven National Labs]]. They expressed support for [[Julian Assange]] and press freedom, while briefly "taking a swing" against [[Facebook]], [[Reddit]] and [[Wikipedia]] for having 'engaged in shady practices behind our prying eyes'. In the case of Reddit, they posted a link to a court document describing the possible involvement of a moderator of a large traffic subreddit (/r/news) in an online harassment-related case.<ref>{{cite magazine |title=Anonymous Stole and Leaked a Megatrove of Police Documents |url=https://www.wired.com/story/blueleaks-anonymous-law-enforcement-hack/ |magazine=Wired |access-date=June 26, 2020 |language=en-us}}</ref><ref>{{cite web |title=An Interview With Anonymous - George Floyd Protests, Hacks, And Press Freedom |url=https://www.activistpost.com/2020/06/an-interview-with-anonymous-george-floyd-protests-hacks-and-press-freedom.html |website=Activist Post |access-date=June 26, 2020 |date=June 23, 2020}}</ref>
* June: The [[Buffalo, New York|Buffalo, NY]] police department's website was supposedly hacked by Anonymous.<ref>{{Cite news|title=Anonymous Strike Back At Buffalo PD After Shoving Incident|url=https://www.hotnewhiphop.com/anonymous-strike-back-at-buffalo-pd-after-shoving-incident-news.111974.html|access-date=June 6, 2020|website=HotNewHipHop|date=6 June 2020|language=en}}</ref> While the website was up and running after a few minutes, Anonymous tweeted again on Twitter urging that it be taken down.<ref>{{Cite web|title=@GroupAnon: "#TangoDown again. Those lasers are firing hot."|url=https://twitter.com/groupanon/status/1269351212043902976|access-date=June 6, 2020|website=Twitter|language=en}}</ref> A few minutes later, the Buffalo NY website was brought down again. They also hacked [[Chicago]] police radios to play [[N.W.A]]'s "[[Fuck tha Police]]".<ref>{{cite web |title=Anonymous hack Chicago police radios to play NWA's 'Fuck Tha Police'|url=https://www.nme.com/news/music/anonymous-hack-chicago-police-radios-to-play-nwas-fuck-tha-police-2680017 |website=NME Music News, Reviews, Videos, Galleries, Tickets and Blogs {{!}} NME.COM |access-date=June 26, 2020 |date=June 1, 2020}}</ref>
* June: Over 1,000 accounts on multiplayer online game [[Roblox]] were hacked to display that they supported U.S. President [[Donald Trump]].<ref>{{cite web |title=Roblox accounts hacked to support Donald Trump |url=https://www.bbc.com/news/technology-53236050 |website=BBC News |access-date=August 13, 2020 |date=June 30, 2020}}</ref>
* July: The [[2020 Twitter bitcoin scam]] occurred.
* July: User credentials of writing website [[Wattpad]] were stolen and leaked on a hacker forum. The database contained over 200 million records.<ref>{{cite web |title=Wattpad data breach exposes account info for millions of users |url=https://www.bleepingcomputer.com/news/security/wattpad-data-breach-exposes-account-info-for-millions-of-users/ |website=BleepingComputer |access-date=August 14, 2020 |language=en-us}}</ref>
* August: [[India|Indian]] hackers hacked [[Pakistan|Pakistani]] television channel '[[Dawn News]]' and displayed India's national flag with the message “Happy Independence Day” (referring to [[Independence Day (India)|15 August, Independence Day of India]]) written on it, at around 3:30 pm [[Indian Standard Time|IST]].<ref>{{Cite web |date=2020-08-03 |title=Pakistan news channel Dawn hacked, screen shows Indian tricolour; probe launched |url=https://indianexpress.com/article/pakistan/pakistan-news-channel-dawn-hacked-screen-shows-indian-tricolour-6537093/ |url-status=live |archive-url=https://web.archive.org/web/20230623222134/https://indianexpress.com/article/pakistan/pakistan-news-channel-dawn-hacked-screen-shows-indian-tricolour-6537093/ |archive-date=23 June 2023 |access-date=2024-07-19 |website=The Indian Express |language=en}}</ref><ref>{{Cite news |date=3 August 2020 |title=Pakistan's Dawn news channel hacked, Indian flag with 'Happy Independence Day' message flashed |url=https://www.moneycontrol.com/news/world/pakistans-dawn-news-channel-hacked-indian-flag-with-happy-independence-day-message-flashed-5638411.html |url-status=live |archive-url=https://web.archive.org/web/20221001060358/https://www.moneycontrol.com/news/world/pakistans-dawn-news-channel-hacked-indian-flag-with-happy-independence-day-message-flashed-5638411.html |archive-date=1 October 2022 |work=Money Control |pages=1}}</ref><ref>{{Cite web |date=2020-08-03 |title=WATCH: Pakistan News Channel 'Dawn' Hacked; Indian Tricolour, Happy Independence Day Message Displayed |url=https://news.abplive.com/news/world/pakistan-news-channel-dawn-hacked-hackers-display-indian-tricolour-happy-independence-day-message-1301945 |url-status=live |archive-url=https://web.archive.org/web/20210126083337/https://news.abplive.com/news/world/pakistan-news-channel-dawn-hacked-hackers-display-indian-tricolour-happy-independence-day-message-1301945 |archive-date=26 January 2021 |access-date=2024-07-19 |website=ABP Live |language=en}}</ref> Dawn News issued a statement saying they are investigating the matter.<ref>{{Cite web |date=2020-08-02 |title=ڈان نیوز چینل پر ہیکرز کا حملہ، اسکرین پر بھارتی ترنگا لہرانے کی تحقیقات |trans-title=Hacker attack on Dawn news channel, investigation into hoisting of Indian tricolor on screen |url=https://www.dawnnews.tv/news/1138677 |url-status=live |archive-url=https://web.archive.org/web/20240621182916/https://www.dawnnews.tv/news/1138677/ |archive-date=21 June 2024 |access-date=2024-07-19 |website=Dawn News Urdu |language=ur}}</ref>
* August: A large number of [[reddit|subreddits]] were hacked to post materials endorsing [[Donald Trump]]. The affected subreddits included r/BlackPeopleTwitter, r/3amJokes, r/NFL, r/PhotoshopBattles. An entity with the name of "calvin goh and Melvern" had purportedly claimed responsibility for the massive defacement, and also made violent threats against a [[List of diplomatic missions of China|Chinese embassy]].<ref>{{cite web |title=Everything We Know About the Reddit Hack, Including Who Is Claiming Responsibility |url=https://www.newsweek.com/everything-we-know-about-reddit-hack-1523704 |website=Newsweek |date=7 August 2020 |access-date=August 11, 2020}}</ref>
* August: The US Air Force's Hack-A-Sat event was hosted at DEF CON's virtual conference where groups such as Poland Can Into Space, FluxRepeatRocket, AddVulcan, Samurai, Solar Wine, PFS, 15 Fitty Tree, and 1064CBread competed in order to control a satellite in space. The Poland Can Into Space team stood out for having successfully manipulated a satellite to take a picture of the [[Moon]].<ref>{{cite web |title=Einmal zum Mond und wieder zurück – Hacker der Hochschule Bonn-Rhein erfolgreich beim Hack-A-Sat |url=https://idw-online.de/de/news752398 |website=idw-online.de |access-date=August 16, 2020 |language=de}}</ref><ref>{{cite web |title=The Race to Hack a Satellite at DEF CON |url=https://www.darkreading.com/application-security/the-race-to-hack-a-satellite-at-def-con/d/d-id/1338657 |website=Dark Reading |date=13 August 2020 |access-date=August 16, 2020 |language=en}}</ref>
* August: The website of Belarusian company "BrestTorgTeknika" was defaced by a hacker nicknaming herself "[[Queen Elsa]]", in order to support the [[2020–21 Belarusian protests]]. In it, the page hacker exclaimed "Get Iced Iced already" and "Free Belarus, revolution of our times" with the latter alluding to the famous slogan used by [[2019 Hong Kong protests]]. The results of the hack were then announced on Reddit's /r/Belarus subreddit by a poster under the username "Socookre".<ref>{{cite web |title=Гостевая книга (Actual archive of defaced page) |url=http://www.bresttorg.by/guestbook/guestbook.php |access-date=August 25, 2020 |date=August 18, 2020|archive-url=https://web.archive.org/web/20200818162750/http://www.bresttorg.by/guestbook/guestbook.php |archive-date=2020-08-18 }}</ref>
* August: Multiple DDoS attacks forced [[New Zealand]]'s stock market to temporarily shut down.<ref>{{cite web |last1=Farrer |first1=Martin |title=New Zealand stock exchange hit by cyber attack for second day |url=https://www.theguardian.com/technology/2020/aug/26/new-zealand-stock-exchange-hit-by-cyber-attack-for-second-day |website=The Guardian |access-date=11 September 2020 |date=26 August 2020}}</ref>
* September: The first suspected death from a cyberattack was reported after cybercriminals hit a hospital in [[Düsseldorf]], [[Germany]], with [[ransomware]].<ref>{{cite web |last1=Eddy |first1=Melissa |last2=Perlroth |first2=Nicole |title=Cyber Attack Suspected in German Woman's Death |url=https://www.nytimes.com/2020/09/18/world/europe/cyber-attack-germany-ransomeware-death.html |website=The New York Times |access-date=19 September 2020 |date=18 September 2020}}</ref>
* October: A wave of [[botnet]]-coordinated [[ransomware]] [[Cyberattack#Hospitals|attacks against hospital infrastructure]] occurred in the United States, identified as {{ill|Internet in Russia|lt=associated with Russia|ru|Интернет в России|preserve=1}}.<ref name="NYT20201028">{{Cite news|url=https://www.nytimes.com/2020/10/28/us/hospitals-cyberattacks-coronavirus.html|title=Officials Warn of Cyberattacks on Hospitals as Virus Cases Spike: Government officials warned that hackers were seeking to hold American hospitals' data hostage in exchange for ransom payments.|department=The Coronavirus Outbreak|surname=Perlroth|given=Nicole|date=2020-10-28|newspaper=[[The New York Times]]|archive-url=https://web.archive.org/web/20201103005351/https://www.nytimes.com/2020/10/28/us/hospitals-cyberattacks-coronavirus.html|archive-date=2020-11-03|url-status=live}}</ref>  State security officials and American corporate security officers were concerned that these attacks might be a prelude to [[Election security|hacking of election infrastructure]] during the [[2020 United States elections|elections of the subsequent month]], like similar incidents during the [[Russian interference in the 2016 United States elections#Intrusions into state election systems|2016 United States elections]] and [[Cyberwarfare by Russia|other attacks]];<ref name="NYT20201012">{{Cite news|url=https://www.nytimes.com/2020/10/12/us/politics/election-hacking-microsoft.html|title=Microsoft Takes Down a Risk to the Election, and Finds the U.S. Doing the Same: Fearing Russian ransomware attacks on the election, the company and U.S. Cyber Command mounted similar pre-emptive strikes. It is not clear how long they may work.|department=US Politics|surname=Sanger|given=David E.|author-link=David E. Sanger|surname2=Perlroth|given2=Nicole|date=2020-10-12|edition=October 21, 2020|newspaper=[[The New York Times]]|archive-url=https://web.archive.org/web/20201104020855/https://www.nytimes.com/2020/10/12/us/politics/election-hacking-microsoft.html|archive-date=2020-11-04|url-status=live}}</ref> there was, however, no evidence that they performed attacks on election infrastructure in 2020.<ref name="60Min20201129">{{cite episode|surname=Krebs|given=Christopher Cox|subject-link=Chris Krebs|editor-surname=Pelley|editor-given=Scott Cameron|editor-link=Scott Pelley|id=Securing the Election, The Last Slave Ship, James Corden|season=53|number=13|title=Fired director of U.S. cyber agency Chris Krebs explains why President Trump's claims of election interference are false|url=https://www.cbsnews.com/news/election-results-security-chris-krebs-60-minutes-2020-11-29/|series=60 Minutes|series-link=60 Minutes|network=[[CBS]]|time=11:30|date=2020-11-29|archive-url=https://web.archive.org/web/20201202060053/https://www.cbsnews.com/news/election-results-security-chris-krebs-60-minutes-2020-11-29/|archive-date=2020-12-02|url-status=live|quote=It was quiet. There was no indication or evidence that there was any sort of hacking or compromise of election systems on, before, or after November third.}}</ref>
* December: A [[supply chain attack]] targeting upstream dependencies from Texas IT service provider "SolarWinds" results in serious, wide-ranging security breaches at the [[U.S. Treasury]] and [[United States Commerce Department|Commerce]] departments. White House officials did not immediately publicly identify a culprit; [[Reuters]], citing sources "familiar with the investigation", pointed toward the Russian government.<ref>{{cite news|url=https://www.reuters.com/article/us-usa-cyber-amazon-com-exclsuive/u-s-treasury-breached-by-hackers-backed-by-foreign-government-sources-idUSKBN28N0PG|title=Suspected Russian hackers spied on U.S. Treasury emails - sources|first=Christopher|last=Bing|newspaper=Reuters|date=13 December 2020}}</ref> An official statement shared by Senate Finance Committee ranking member, [[Ron Wyden]] said: "Hackers broke into systems in the Departmental Offices division of Treasury, home to the department’s highest-ranking officials."<ref>{{Cite web|last=ArcTitan|date=2021-02-21|title=U.S. Treasury Hit by Email Hacks|url=https://www.arctitan.com/blog/u-s-treasury-hit-by-email-hacks/|access-date=2021-03-16|website=ArcTitan|language=en-US}}</ref>
* December: A bomb threat posted from a [[Twitter]] account that was seemingly hacked by persons with the aliases of "Omnipotent" and "choonkeat",  against the [[Aeroflot]] Flight 102, a passenger flight with the plane tail number of VQ-BIL coming from [[Moscow]] to [[New York City]]. Due to that, a runway of New York's [[John F. Kennedy International Airport]] was temporarily closed and resulted in the delay of Aeroflot Flight 103, a return flight back to Moscow.<ref>{{Cite tweet |user=nyc311 |number=1335659290846244867|archive-url=https://web.archive.org/web/20201206185941/https://twitter.com/nyc311/status/1335659290846244867 |archive-date=6 December 2020|title=New York City 311's tweet responding to the bomb threat}}</ref><ref>{{cite web |title=Plane Lands Safely at JFK Airport After Report of Bomb Threat: Officials |url=https://www.nbcnewyork.com/news/local/plane-lands-safely-at-jfk-airport-after-report-of-bomb-threat-officials/2764208/ |website=NBC New York |date=6 December 2020 |access-date=12 December 2020}}</ref><ref>{{cite web |author1=Helen Coffey |title=Flight to New York evacuated after bomb threat |url=https://www.independent.co.uk/travel/news-and-advice/flight-evacuated-bomb-threat-russia-new-york-b1767353.html |website=independent.co.uk |publisher=[[The Independent]] |access-date=7 May 2024 |date=7 December 2020}}</ref>
* December: The [[Anonymous (group)|Anonymous]] group initiated 'Christmas gift' defacements against multiple Russian portals including a municipal website in [[Tomsk]] and that of a regional football club. Inside the defacements, they made multiple references such as Russian opposition activist [[Alexei Navalny]], freedom protests in [[Thailand]] and [[Belarus]], and opposition to the [[Chinese Communist Party]]. They also held a mock award based on an event on the game platform [[Roblox]] that was called "RB Battles" where YouTubers Tanqr and KreekCraft, the winner and the runner up of the actual game event, were compared to both Taiwan and [[New Zealand]] respectively due to the latter's reportedly stellar performance in fighting the [[COVID-19 pandemic]].<ref>{{cite web |title=Anonymous claims hacking of multiple Russian websites to deliver a 'Christmas Gift' |url=https://www.dailykos.com/story/2020/12/28/2004491/-Anonymous-claims-hacking-of-multiple-Russian-websites-to-deliver-a-Christmas-Gift |publisher=Daily Kos |access-date=29 December 2020 |date=28 December 2020|archive-url = https://web.archive.org/web/20201228180104/https://webcache.googleusercontent.com/search?q=cache%3ACfxbYun5tWwJ%3Ahttps%3A%2F%2Fwww.dailykos.com%2Fstory%2F2020%2F12%2F28%2F2004491%2F-Anonymous-claims-hacking-of-multiple-Russian-websites-to-deliver-a-Christmas-Gift+|archive-date = 2020-12-28}}</ref>

===2021===
* January: [[2021 Microsoft Exchange Server data breach|Microsoft Exchange Server data breach]]
* February: Anonymous announced cyber-attacks of at least five [[Malaysia]]n websites. As a result, eleven individuals were nabbed as suspects.<ref>{{cite web |title='Anonymous Malaysia' hackers say they defaced five government websites {{!}} Coconuts KL |url=https://coconuts.co/kl/news/anonymous-malaysia-hackers-say-they-defaced-five-government-websites/ |website=Coconuts |access-date=19 February 2021 |date=1 February 2021}}</ref><ref>{{cite web |last1=Ar |first1=Zurairi |title=Hacktivist group Anonymous Malaysia resurfaces, vows cyber-attack against govt over data breaches {{!}} Malay Mail |url=https://www.malaymail.com/news/malaysia/2021/01/25/hacktivist-group-anonymous-malaysia-resurfaces-vows-cyber-attack-against-go/1943943 |website=www.malaymail.com |date=25 January 2021 |access-date=19 February 2021 |language=en}}</ref><ref>{{cite web |last1=Cimpanu |first1=Catalin |title=Malaysia arrests 11 suspects for hacking government sites |url=https://www.zdnet.com/article/malaysia-arrests-11-suspects-for-hacking-government-sites/ |website=ZDNet |access-date=19 February 2021 |language=en}}</ref><ref>{{cite web |title=11 suspects of 'Anonymous Malaysia' hacker group nabbed {{!}} The Star |url=https://www.thestar.com.my/news/nation/2021/02/18/11-suspects-of-039anonymous-malaysia039-hacker-group-nabbed |website=www.thestar.com.my |date=18 February 2021 |access-date=19 February 2021}}</ref>
* February: The group "Myanmar Hackers" attacked several websites belonging to [[Myanmar]] government agencies such as the [[Central Bank of Myanmar]] and the military-run ''[[Tatmadaw]] True News Information Team''. The group also targeted the Directorate of Investment and Company Administration, Trade Department, Customs Department, Ministry of Commerce, Myawady TV and state-owned broadcaster Myanmar Radio and Television and some private media outlets. A computer technician in Yangon found that the hacks were denial-of-service attacks, while the group's motive is to protest the [[2021 Myanmar coup]].<ref>{{cite web |title=Myanmar Hackers Take Down Military-Run Websites |url=https://www.irrawaddy.com/news/burma/myanmar-hackers-take-military-run-websites.html |website=The Irrawaddy |access-date=19 February 2021 |date=17 February 2021}}</ref>
*March: Cyber insurer [[CNA Financial]], one of the largest insurance companies based in the US, was attacked with ransomware, causing the company to lose control over its network.<ref>{{Cite web|last1=Mehrotra|first1=Kartikay|last2=Turton|first2=William|date=20 May 2021|title=CNA Financial Paid $40 Million in Ransom After March Cyberattack|url=https://www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack|url-status=live|access-date=30 November 2021|website=www.bloomberg.com|archive-url=https://web.archive.org/web/20210520225018/https://www.bloomberg.com/news/articles/2021-05-20/cna-financial-paid-40-million-in-ransom-after-march-cyberattack |archive-date=20 May 2021 }}</ref> The company paid $40 million to regain network control. CNA had, at first, ignored the hackers, attempting to solve the problem independently; remaining locked out, however, CNA paid the ransom within a week.<ref name=":1">{{Cite web|last=Abrams|first=Lawrence|date=25 March 2021|title=Insurance giant CNA hit by new Phoenix CryptoLocker ransomware|url=https://www.bleepingcomputer.com/news/security/insurance-giant-cna-hit-by-new-phoenix-cryptolocker-ransomware/|url-status=live|access-date=30 November 2021|website=BleepingComputer|language=en-us|archive-url=https://web.archive.org/web/20210325183052/https://www.bleepingcomputer.com/news/security/insurance-giant-cna-hit-by-new-phoenix-cryptolocker-ransomware/ |archive-date=25 March 2021 }}</ref> CNA's investigation reported that [[cyberattack]] group Phoenix had used Phoenix Locker malware, a variant of the Hades ransomware used by Russian criminal hacking group [[Dridex#Evil Corp|Evil Corp]].<ref>{{Cite web |title=CNA pays $40 million ransom to lift malware from its systems |url=https://www.insurancebusinessmag.com/us/news/cyber/cna-pays-40-million-ransom-to-lift-malware-from-its-systems-255714.aspx |access-date=2023-06-18 |website=www.insurancebusinessmag.com |language=en}}</ref> Phoenix Locker malware encrypted 15,000 devices on the network, as well as the computers of employees working remotely while logged into the company's VPN during the attack.<ref name=":1" />
* April: Over 500 million [[Facebook]] users' personal info—including info on 32 million in the United States—was discovered posted on a hackers' website, though Facebook claimed that the information was from a 2019 hack, and that the company had already taken mitigation measures; however, the company declined to say whether it had notified the affected users of the breach.<ref name="facebook_hacked_2021_04_05_ktnv_com">[https://www.ktnv.com/news/national/cybersecurity-millions-of-facebook-accounts-hacked "Cybersecurity:  Millions of Facebook accounts hacked,"] April 5, 2021, [[KTNV-TV]], [[Las Vegas, Nevada]], retrieved April 15, 2021</ref><ref name="facebook_users_2021_04_05_fox5sandiego_com">[https://fox5sandiego.com/news/tech/533-million-facebook-users-were-hacked-how-to-find-out-if-you-were-one-of-them/ "Facebook hack How to find out if you were one of the 533 million Facebook users hacked,"], Fox5 TV, [[San Diego, California]], retrieved April 15, 2021</ref><ref name="facebook_data_breach_2021_04_13_timesofindia_com">[https://timesofindia.indiatimes.com/videos/news/facebook-data-breach-explained-how-the-worlds-largest-social-media-platform-got-hacked/videoshow/82029617.cms "2021-04-13 Facebook data breach explained: How the world’s largest social media platform got hacked,"] April 13, 2021, ''[[Times of India]],'' retrieved April 15, 2021</ref>{{better source needed|date=April 2021}}
* April: The [[Ivanti Pulse Connect Secure data breach]] of unauthorized access to the networks of high-value targets since at least June 2020 via {{CVE|2021-22893}} across the U.S. and some E.U. nations{{additional citation needed|date=May 2021}}<ref>{{Cite web |last=Shrivastava |first=Akash |date=2024-09-27 |title=Cyber Attacks and Data breaches |url=https://www.hackersvella.org/blog/post/cyber-attack-and-data-breaches |access-date=2024-09-27 |website=HackersvellA}}</ref> due to their use of [[Vulnerability (computing)|vulnerable]], [[Proprietary software|proprietary]] software was reported.<ref>{{cite news |last1=Goodin |first1=Dan |title=More US agencies potentially hacked, this time with Pulse Secure exploits |url=https://arstechnica.com/gadgets/2021/04/more-us-agencies-potentially-hacked-this-time-with-pulse-secure-exploits/ |access-date=9 May 2021 |work=Ars Technica |date=30 April 2021 |language=en-us}}</ref><ref>{{cite web |title=Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day |url=https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html |website=FireEye |access-date=9 May 2021 |language=en}}</ref>
* May: Operation of the U.S. [[Colonial Pipeline cyber attack|Colonial Pipeline is interrupted]] by a [[ransomware]] cyber operation.<ref>{{cite news |title=Cyber attack shuts down U.S. fuel pipeline 'jugular,' Biden briefed |url=https://www.reuters.com/technology/colonial-pipeline-halts-all-pipeline-operations-after-cybersecurity-attack-2021-05-08/ |access-date=13 June 2021 |work=Reuters |date=2021-05-08}}</ref>
* May: On 21 May 2021 [[Air India]] was subjected to a [[2021 Air India cyberattack|cyberattack wherein the personal details of about 4.5 million customers around the world were compromised]] including passport, credit card details, birth dates, name and ticket information.<ref>{{Cite web|date=2021-05-22|title=Explained: What is the data breach that has hit Air India customers?|url=https://indianexpress.com/article/explained/air-india-sita-data-breach-explained-7325501/|access-date=2021-05-23|website=The Indian Express|language=en}}</ref><ref>{{Cite news|title=Air India cyberattack: Personal data of over 4.5 million passengers leaked|url=https://www.irishtimes.com/news/world/asia-pacific/air-india-cyberattack-personal-data-of-over-4-5-million-passengers-leaked-1.4572596|access-date=2021-05-23|newspaper=The Irish Times|language=en}}</ref>
* July: On 22 July 2021 [[Saudi Aramco]] data were leaked by a third-party contractor and demanded $50 million ransom from Saudi Aramco. Saudi Aramco confirmed the incident after a hacker claimed on dark web that he had stolen 1 terabyte of data about location of oil refineries and employees data in a post that was posted on June 23.<ref>{{Cite web|date=2021-07-22|title=Saudi Aramco confirms data leak after $50 million cyber ransom demand|url=https://arstechnica.com/information-technology/2021/07/saudi-aramco-confirms-data-leak-after-50-million-cyber-ransom-demand/|access-date=2021-07-22|website=ARS Technica|language=en}}</ref><ref>{{Cite web|date=2021-07-22|title=Hackers reportedly demand $50m from Saudi Aramco over data leak|url=https://www.bbc.com/news/business-57924355|website=BBC|language=en}}</ref><ref>{{Cite web|date=2021-07-22|title=Saudi Aramco Confirms Data Leak After Reported Cyber Ransom|url=https://www.bloomberg.com/news/articles/2021-07-21/saudi-aramco-confirms-data-leak-after-reported-cyber-extortion|website=bloomberg|language=en}}</ref>
* August: T-Mobile reported that data files with information from about 40 million former or prospective T-Mobile customers, including first and last names, date of birth, SSN, and driver's license/ID information, were compromised.<ref>
* {{cite web |title=T‑Mobile Shares Updated Information Regarding Ongoing Investigation into Cyberattack {{!}} T‑Mobile Newsroom |url=https://www.t-mobile.com/news/network/additional-information-regarding-2021-cyberattack-investigation |website=T-Mobile Newsroom}}
* {{cite web |last1=Krebs |first1=Brian |title=T-Mobile: Breach Exposed SSN/DOB of 40M+ People – Krebs on Security |date=27 August 2021 |url=https://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/}}
* {{cite news |last1=Vaas |first1=Lisa |title=T-Mobile: >40 Million Customers' Data Stolen |url=https://threatpost.com/t-mobile-40-million-customers-data-stolen/168778/ |work=threatpost.com}}
* {{cite news |last1=Hill |first1=Michael |title=The T-Mobile data breach: A timeline |url=https://www.csoonline.com/article/3630093/the-t-mobile-data-breach-a-timeline.html |work=CSO Online |date=27 August 2021}}
</ref>
*September and October: [[2021 Epik data breach]]. Anonymous obtained and released over 400{{Nbsp}}gigabytes of data from the domain registrar and web hosting company [[Epik]]. The data was shared in three releases between September 13 and October 4. The first release included domain purchase and transfer details, account credentials and logins, payment history, employee emails, and unidentified private keys.<ref name=":3">{{Cite web|last=Goforth|first=Claire|date=September 14, 2021|title=Anonymous to release massive data set of the far-right's preferred web hosting company|url=https://www.dailydot.com/debug/anonymous-hack-far-right-web-host-epik/|access-date=September 14, 2021|website=[[The Daily Dot]]|language=en-US}}</ref> The hackers claimed they had obtained "a decade's worth of data", including all customer data and records for all domains ever hosted or registered through the company, and which included poorly encrypted passwords and other sensitive data stored in [[plaintext]].<ref name=":3" /><ref name=":6">{{Cite web|last=Cimpanu|first=Catalin|date=September 15, 2021|title=Anonymous hacks and leaks data from domain registrar Epik|url=https://therecord.media/anonymous-hacks-and-leaks-data-from-domain-registrar-epik/|access-date=September 16, 2021|website=[[The Record by Recorded Future]]|language=en}}</ref> The second release consisted of bootable disk images and API keys for third-party services used by Epik;<ref name=":2">{{Cite web|last=Thalen|first=Mikael|date=September 29, 2021|title=New leak of Epik data exposes company's entire server|url=https://www.dailydot.com/debug/anonymous-new-epik-leak/|access-date=September 29, 2021|website=[[The Daily Dot]]|language=en-US}}</ref> the third contained additional disk images and an archive of data belonging to the [[Republican Party of Texas]], who are an Epik customer.<ref name=":4">{{Cite web|last=Thalen|first=Mikael|date=October 4, 2021|title=Anonymous releases data on Texas GOP in latest Epik hack dump|url=https://www.dailydot.com/debug/anonymous-texas-gop-epik/|access-date=October 4, 2021|website=[[The Daily Dot]]|language=en-US}}</ref>
*October: On October 6, 2021, an anonymous 4chan user reportedly hacked and leaked the source code of [[Twitch (service)|Twitch]], as well as information on how much the streaming service paid almost 2.4 million streamers since August 2019.<ref>{{Cite web|last=Warren|first=Tom|date=2021-10-06|title=Twitch source code and creator payouts part of massive leak|url=https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor|access-date=2021-10-07|website=The Verge|language=en}}</ref> Source code from almost 6,000 GitHub repositories was leaked, and the 4chan user said it was "part one" of a much larger release.<ref>{{Cite news|last=Browning|first=Kellen|date=2021-10-06|title=A 'potentially disastrous' data breach hits Twitch, the livestreaming site.|language=en-US|work=The New York Times|url=https://www.nytimes.com/2021/10/06/technology/twitch-data-breach.html|access-date=2021-10-07|issn=0362-4331}}</ref>
* November and December: On November 24, Chen Zhaojun of Alibaba's Cloud Security Team reported a [[Zero-day (computing)|zero-day]] vulnerability (later dubbed [[Log4Shell]]) involving the use of [[arbitrary code execution]] in the ubiquitous [[Java logging framework]] software [[Log4j]].<ref name="lunasec">{{Cite web |last1=Wortley |first1=Free |last2=Thrompson |first2=Chris |last3=Allison |first3=Forrest |date=9 December 2021 |title=Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package |url=https://www.lunasec.io/docs/blog/log4j-zero-day/ |access-date=12 December 2021 |website=LunaSec}}</ref><ref>{{Cite web |title=CVE-2021-44228 |url=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 |access-date=12 December 2021 |website=Common Vulnerabilities and Exposures}}</ref><ref name="Log4Shell, Bloomberg">{{cite news |last1=Turton |first1=William |last2=Gillum |first2=Jack |last3=Robertson |first3=Jordan |title=Inside the Race to Fix a Potentially Disastrous Software Flaw |url=https://www.bloomberg.com/news/articles/2021-12-13/how-apache-raced-to-fix-a-potentially-disastrous-software-flaw |work=www.bloomberg.com}}</ref> The report was privately disclosed to project developers of [[Log4j]], a team at [[The Apache Software Foundation]], on November 24. On December 8, Zhaojun contacted the developers again detailing how the vulnerability was being discussed in public security chat rooms, was already known by some security researchers, and pleaded that the team expedite the solution to the vulnerability in the official release version of [[Log4j]].<ref name="Log4Shell, Bloomberg" /> Early exploitations were noticed on Minecraft servers on December 9; however, forensic analysis indicates that Log4Shell may have been exploited as early as December 1 or 2nd.<ref name="Log4Shell, Bloomberg" /><ref name="Duckett2021">{{cite web|last1=Duckett|first1=Chris|title=Log4j RCE activity began on December 1 as botnets start using vulnerability|url=https://www.zdnet.com/article/log4j-rce-activity-began-on-december-1-as-botnets-start-using-vulnerability/|website=ZDNet|quote=Cisco Talos said in a blog post that it observed activity for the vulnerability known as CVE-2021-44228 from December 2, and those looking for indicators of compromise should extend their searches to at least that far back.}}
</ref><ref name="Berger2021" /><ref>{{cite web|last1=Prince|first1=Matthew|title=Tweet|url=https://twitter.com/eastdakota/status/1469800951351427073|website=Twitter|quote=Earliest evidence we’ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC. That suggests it was in the wild at least 9 days before publicly disclosed. However, don’t see evidence of mass exploitation until after public disclosure.}}</ref> Due to the ubiquity of devices with the [[Log4j]] software (hundreds of millions) and the simplicity in executing the vulnerability, it is considered to be arguably one of the largest and most critical vulnerabilities ever.<ref>The top U.S. cybersecurity defense official, Jen Easterly, deemed the flaw “one of the most serious I’ve seen in my entire career, if not the most serious”:

* {{Cite web|last=Woodyard|first=Chris|title='Critical vulnerability': Smaller firms may find it harder to stop hackers from exploiting Log4j flaw|url=https://www.usatoday.com/story/money/business/2021/12/16/log-4-j-vulnerability-small-business/8910567002/|access-date=2021-12-17|website=[[USA Today]]}}
* {{cite news|date=20 December 2021|title=Expert discusses what you need to know about 'most serious' security breach ever|work=ABC7 San Francisco|agency=Associated Press|url=https://abc7news.com/log4j-kronos-ransomware-attack-hack-cyberattack/11362714/}}
* {{cite news|date=15 December 2021|title=Chinese and Iranian hackers exploit Log4j computer flaw, affecting hundreds of millions|agency=Associated Press|url=https://www.foxnews.com/tech/chinese-iranian-hackers-exploit-log4j-computer-flaw}}
* {{cite web|last1=Starks|first1=Tim|date=13 December 2021|title=CISA warns 'most serious' Log4j vulnerability likely to affect hundreds of millions of devices|url=https://www.cyberscoop.com/log4j-cisa-easterly-most-serious/|website=CyberScoop}}
</ref><ref>* {{Cite web|last=Goodin|first=Dan|date=2021-12-13|title=As Log4Shell wreaks havoc, payroll service reports ransomware attack|url=https://arstechnica.com/information-technology/2021/12/as-log4shell-wreaks-havoc-payroll-service-reports-ransomware-attack/|access-date=2021-12-17|website=[[Ars Technica]]|quote=arguably the most severe vulnerability ever}}
* {{Cite news|last=Barrett|first=Brian|title=The Next Wave of Log4J Attacks Will Be Brutal|magazine=[[Wired (magazine)|Wired]]|url=https://www.wired.com/story/log4j-log4shell-vulnerability-ransomware-second-wave/|access-date=2021-12-17|issn=1059-1028}}
* {{Cite news|last1=Hunter|first1=Tatum|last2=de Vynck|first2=Gerrit|date=20 December 2021|title=The 'most serious' security breach ever is unfolding right now. Here's what you need to know.|newspaper=[[The Washington Post]]|url=https://www.washingtonpost.com/technology/2021/12/20/log4j-hack-vulnerability-java/}}
</ref> Yet, big names in security hacking helped in regaining control over server, like [[Graham Ivan Clark]], and Elhamy A. Elsebaey.  A portion of the vulnerability was fixed in a patch distributed on December 6, three days before the vulnerability was publicly disclosed on December 9.<ref name="Log4Shell, Bloomberg" /><ref name="Berger2021">
{{cite web |last1=Berger |first1=Andreas |title=What is Log4Shell? The Log4j vulnerability explained (and what to do about it) |url=https://www.dynatrace.com/news/blog/what-is-log4shell/ |website=Dynatrace news |date=17 December 2021}}
</ref><ref>
{{cite web |last1=Rudis |first1=boB |title=Widespread Exploitation of Critical Remote Code Execution in Apache Log4j {{!}} Rapid7 Blog |url=https://www.rapid7.com/blog/post/2021/12/10/widespread-exploitation-of-critical-remote-code-execution-in-apache-log4j/ |website=Rapid7 |date=10 December 2021}}
</ref><ref>{{Cite web |date=5 December 2021 |title=Restrict LDAP access via JNDI by rgoers #608 |url=https://github.com/apache/logging-log4j2/pull/608 |access-date=12 December 2021 |website=Log4j |via=[[GitHub]]}}</ref>

===2022===
* February: The German [[Chaos Computer Club]] has reported more than fifty data leaks. Government institutions and companies from various business sectors were affected. In total, the researchers had access to over 6.4 million personal data records as well as terabytes of log data and source code.<ref>{{Cite web|author=tweakers|date=2022-02-14|title=Hackersclub CCC vindt 6,4 miljoen persoonsgegevens via vijftigtal datalekken|url=https://tweakers.net/nieuws/193238/hackersclub-ccc-vindt-6-komma-4-miljoen-persoonsgegevens-via-vijftigtal-datalekken.html|access-date=2022-02-17|language=nl}}</ref><ref>{{Cite web|author=Chaos Computer Club|date=2022-02-14|title=Chaos Computer Club meldet 6,4 Millionen Datensätze in über 50 Leaks|url=https://www.ccc.de/de/updates/2022/web-patrouille-ccc|access-date=2022-02-17|language=de}}</ref>
* March: As a response to the [[Russian invasion of Ukraine]], [[Anonymous (hacker group)|Anonymous]] [[Anonymous and the Russian invasion of Ukraine|performed many attacks]] against computer systems in [[Russia]]. Most notably, Anonymous committed a cyberattack against [[Roskomnadzor]].<ref>{{cite news |title=Anonymous hacks Russian federal agency, releases 360,000 documents |url=https://www.jpost.com/breaking-news/article-700940 |newspaper=The Jerusalem Post &#124; Jpost.com |access-date=6 April 2022}}</ref>
*March: On 23 March 2022, hackers compromised the Ronin Network, stealing approximately US$620 million in [[Ethereum|Ether]] and [[USD Coin|USDC]].<ref name=":42">{{Cite web |last=Sigalos |first=MacKenzie |date=2022-03-29 |title=Crypto hackers steal over $615 million from network that runs popular game Axie Infinity |url=https://www.cnbc.com/2022/03/29/hackers-steal-over-615-million-from-network-running-axie-infinity.html |access-date=2022-03-30 |website=CNBC |language=en}}</ref><ref name=":5">{{Cite web |last=Takahashi |first=Dean |date=2022-03-29 |title=Hackers steal $620M in Ethereum and dollars from Axie Infinity maker Sky Mavis' Ronin network |url=https://venturebeat.com/2022/03/29/hackers-steal-620m-in-ethereum-and-dollars-in-axie-infinity-maker-sky-mavis-ronin-network/ |access-date=2022-03-30 |website=VentureBeat |language=en-US}}</ref><ref name=":62">{{Cite web |last=Hollerith |first=David |date=30 March 2022 |title=Hackers steal $615 million in crypto from Axie Infinity's Ronin Network |url=https://finance.yahoo.com/news/hackers-steal-615-million-in-crypto-194522160.html |access-date=30 March 2022 |website=Yahoo Finance |language=en-US}}</ref> A total of 173,600 Ether and 25.5 million USDC tokens were stolen in two transactions.<ref name=":7">{{Cite news |last=Kharif |first=Olga |date=March 29, 2022 |title=Hackers Steal About $600 Million in One of the Biggest Crypto Heists |work=Bloomberg News |url=https://www.bloomberg.com/news/articles/2022-03-29/hackers-steal-590-million-from-ronin-in-latest-bridge-attack |access-date=2022-09-23}}</ref>  It took the company six days to notice the hack.<ref name=":7" /> The hack currently sits as the largest-ever breach in the cryptocurrency sector by dollar value.<ref>{{Cite web |last=Tsihitas |first=Theo |date=2022-03-29 |title=Worldwide cryptocurrency heists tracker (updated daily) |url=https://www.comparitech.com/crypto/biggest-cryptocurrency-heists/ |access-date=2022-03-31 |website=Comparitech.com |publisher=Comparitech Limited}}</ref> It further damaged the value of SLP.<ref name="vice">{{Cite web |last=Ongweso Jr. |first=Edward |date=2022-04-04 |title=The Metaverse Has Bosses Too. Meet the 'Managers' of Axie Infinity |url=https://www.vice.com/en/article/the-metaverse-has-bosses-too-meet-the-managers-of-axie-infinity/ |access-date=2022-06-06 |website=Vice Motherboard}}</ref> On 8 April 2022, Sky Mavis said it expected it would be able to recover some of the funds, but it would take several years.<ref>{{cite news |last1=Servando |first1=Kristine |date=8 April 2022 |title=Axie Owner Says Recovering Stolen Crypto Could Take Two Years |language=en |work=Bloomberg.com |url=https://www.bloomberg.com/news/articles/2022-04-08/axie-owner-says-recovering-stolen-crypto-could-take-two-years |access-date=17 April 2022}}</ref> The company raised additional venture capital and reimbursed all users affected in the hack.<ref>{{Cite news |last=Kharif |first=Olga |date=2022-06-23 |title=Axie-Infinity Developer to Reimburse Hack Victims, Restart Ronin |work=Bloomberg News |url=https://www.bloomberg.com/news/articles/2022-06-23/axie-infinity-developer-to-reimburse-hack-victims-restart-ronin |access-date=2022-09-24}}</ref> On 14 April 2022, the [[Federal Bureau of Investigation|FBI]] issued a statement that the [[Lazarus Group]] and APT38, which are [[North Korea]]n state-sponsored hacker groups, were responsible for the theft.<ref>{{Cite news |date=2022-04-15 |title=North Korean hackers target gamers in $615m crypto heist - US |language=en-GB |work=BBC News |url=https://www.bbc.com/news/world-asia-61036733 |access-date=2022-04-15}}</ref><ref name="novak">{{cite news |last1=Novak |first1=Matt |date=15 April 2022 |title=FBI Says North Korea Behind Biggest Crypto Theft in History Against Axie Infinity |language=en-us |work=Gizmodo |url=https://gizmodo.com/fbi-says-north-korea-behind-biggest-crypto-theft-in-his-1848797691 |access-date=17 April 2022}}</ref> Accordingly, the US Treasury has [[Sanctions against North Korea|sanctioned]] the cryptocurrency address. Some of the cryptocurrency has been laundered through a [[cryptocurrency tumbler]] known as "[[Tornado Cash]]".<ref name="novak" /><ref name="gach">{{cite news |last1=Gach |first1=Ethan |date=16 April 2022 |title=Crypto Gaming 'Landlords' Upset They Can't Keep Exploiting All The Players Quitting |language=en-us |work=Kotaku |url=https://kotaku.com/axie-infinity-nft-crypto-hack-landlord-scholar-pokemon-1848800557 |access-date=17 April 2022}}</ref><ref>{{Cite web |title=North Korea's Lazarus Group moves funds through Tornado Cash {{!}} TRM Insights |url=https://www.trmlabs.com/post/north-koreas-lazarus-group-moves-funds-through-tornado-cash |access-date=2022-07-17 |website=www.trmlabs.com |language=en}}</ref>
* April: Anonymous hacked Russian companies Aerogas, Forest, and Petrovsky Fort. From there they leaked around 437,500 emails which they donated to non-profit whistleblower organization [[Distributed Denial of Secrets]]. Furthermore, they leaked 446 GB of data from [[Russian Ministry of Culture]].<ref>{{cite web |title=Anonymous Hits 3 Russian Entities, Leaks 400 GB Worth of Emails |url=https://www.hackread.com/anonymous-hits-russian-entities-leaks-400-gb-emails/ |access-date=12 April 2022 |date=12 April 2022}}</ref><ref>{{cite web |title=Anonymous Hits Russian Ministry of Culture- Leaks 446GB of Data |url=https://www.hackread.com/anonymous-hits-russian-ministry-of-culture-leaks-446gb-of-data/ |access-date=13 April 2022 |date=12 April 2022}}</ref>
* April: On April 19, Gijón City Council (Spain) was attacked by the GERVASIA computer virus and suffered data hijacking.<ref>{{cite web |title=Gijón City Council (Spain) was attacked by GERVASIA |url=https://www.elcomercio.es/gijon/hackean-red-informatica-ayuntamiento-gijon-20220419103023-nt.html/ |access-date=19 April 2022 |date=19 April 2022}}</ref>
* May: Network Battalion 65 (NB65), a hacktivist group affiliated with Anonymous, has reportedly hacked Russian payment processor [[Qiwi]]. A total of 10.5 [[terabytes]] of data including transaction records and customers' credit cards had been exfiltrated. They further infected Qiwi with [[ransomware]]s and threatened to release more customer records.<ref>{{cite web |title=Anonymous NB65 Claims Hack on Russian Payment Processor Qiwi |url=https://www.hackread.com/anonymous-nb65-hacki-russia-payment-processor-qiwi/ |access-date=9 May 2022 |date=9 May 2022}}</ref>
* May: During the [[Victory Day (9 May)|Victory Day in Russia]], anti-war messages were inserted into Russian TV schedules including that of [[Russia-1]], Channel 1, and [[NTV-Plus]]. One of the messages were "On your hands is the blood of thousands of Ukrainians and their hundreds of murdered children. TV and the authorities are lying. No to war."<ref>{{cite web |last1=Jankowicz |first1=Mia |title=Hackers replaced Russian TV schedules during Putin's 'Victory Day' parade with anti-war messages, saying the blood of Ukrainians is on Russians' hands |url=https://www.businessinsider.com/russia-victory-day-tv-broadcasts-hacked-anti-war-messages-2022-5 |website=Business Insider |access-date=9 May 2022}}</ref>
* June: A hacker on the Breach Forums claimed to have leaked more than 1 billion people's personal records from the [[Shanghai National Police Database]].<ref>{{Cite web |date=2022-07-04 |title=Hacker claims to have obtained data on 1 billion Chinese citizens |url=https://www.theguardian.com/technology/2022/jul/04/hacker-claims-access-data-billion-chinese-citizens |access-date=2022-07-09 |website=the Guardian |language=en}}</ref>

===2023===
* March: Amidst the [[2022 Russian invasion of Ukraine|Russian invasion of Ukraine]], hackers accessed Russian TV and radio stations to broadcast false warning messages about an impending [[nuclear warfare|nuclear attack]].<ref>{{cite web |title=Russians warned of nuclear attack after hackers break in to country's TV service |url=https://news.yahoo.com/russians-warned-nuclear-attack-hackers-203332617.html |website=Yahoo News |access-date=24 March 2023}}</ref>
* October: In response to [[2023 Hamas-led attack on Israel|October 7 Hamas-led attack on Israel]], Indian hacktivist group [[Indian Cyber Force]] took down the websites of [[The National Bank (Palestine)|Palestinian National Bank]], [[Paltel Group|National Telecommunications Company]] and [[Hamas]].<ref>{{Cite web |date=9 October 2023 |title=Israel-Palestine conflict: How Indian hackers sunk their cyber fangs into Hamas, Palestinian national bank |url=https://www.dnaindia.com/india/report-israel-palestine-conflict-how-indian-hackers-sunk-their-cyber-fangs-into-hamas-palestinian-national-bank-3063682 |url-status=live |archive-url=https://web.archive.org/web/20240105230440/https://www.dnaindia.com/india/report-israel-palestine-conflict-how-indian-hackers-sunk-their-cyber-fangs-into-hamas-palestinian-national-bank-3063682 |archive-date=5 January 2024 |access-date=2024-07-19 |website=DNA India |language=en}}</ref><ref>{{Cite web |last=Shankar |first=Siddharth |date=2023-10-08 |title=Israel-Palestine Conflict: As 'Islamic' Hackers Continue Targeting Israel, Indian Hackers Take Down Official Hamas Website |url=https://www.timesnownews.com/technology-science/israel-palestine-cyber-warfare-indian-hackers-hamas-website-takedown-article-104259001 |url-status=live |archive-url=https://web.archive.org/web/20240110222308/https://www.timesnownews.com/technology-science/israel-palestine-cyber-warfare-indian-hackers-hamas-website-takedown-article-104259001 |archive-date=10 January 2024 |access-date=2024-07-19 |website=Times Now |language=en}}</ref><ref>{{Cite web |date=2023-10-10 |title=Israel-Hamas War: 'Indian Cyber Force' Claims It Hacked Palestinian Websites After Targeting Canada |url=https://www.hindustantimes.com/videos/world-news/israelhamas-war-indian-cyber-force-claims-it-hacked-palestinian-websites-after-targeting-canada-101696939146619.html |url-status=live |archive-url=https://web.archive.org/web/20240110131434/https://www.hindustantimes.com/videos/world-news/israelhamas-war-indian-cyber-force-claims-it-hacked-palestinian-websites-after-targeting-canada-101696939146619.html |archive-date=10 January 2024 |access-date=2024-07-19 |website=Hindustan Times |language=en}}</ref>

* November: A cyberattack on [[DP World]] paralyzes imports and exports in Australia for several days. DP World accounts for about 40% of Australia's imports and exports, leading to a 30,000-container backlog and economic chaos; additionally, data was stolen.<ref>{{Cite news |date=2023-11-12 |title=Australia Cyberattack Leaves 30,000 Containers Stuck at Ports |language=en |work=Bloomberg.com |url=https://www.bloomberg.com/news/articles/2023-11-12/australian-port-operations-slowly-resume-after-cyberattack-on-dp |access-date=2023-11-13}}</ref><ref>{{Cite web |last=AAP |date=2023-11-12 |title=DP World cyber hack: 40% of Australia's international freight affected |url=https://www.smartcompany.com.au/technology/cyber-security/dp-world-cyber-hack-40-australia-international-freight-affected/ |access-date=2023-11-13 |website=SmartCompany |language=en-AU}}</ref><ref>{{Citation |title=DP World Confirms Data Breach In Cyber-Attack That Delayed Australian Ports {{!}} 10 News First | date=13 November 2023 |url=https://www.youtube.com/watch?v=XC74Bx32jHI |access-date=2023-11-13 |language=en}}</ref>

===2024===
* January: Indian hacktivist group [[Indian Cyber Force]] targeted [[Maldives]] amid diplomatic tension between the two nations following derogatory comments made by three Maldives ministers on social media against Prime Minister of India, [[Narendra Modi]]. Websites including that of Maldives' [[Ministry of Homeland Security and Technology (Maldives)|Home Ministry]], [https://juvenilecourt.gov.mv/ Juvenile Court], [https://presidency.gov.mv/ President's Office] were [[Website defacement|defaced]]. The [[Facebook]] page of Auditor General's Office was also compromised.<ref>{{Cite web |date=2024-02-25 |title=Maldives' Home Ministry website hacked over 'anti-India actions': Report |url=https://www.businesstoday.in/india/story/maldives-home-ministry-website-hacked-over-anti-india-actions-report-418856-2024-02-25 |url-status=live |archive-url=https://web.archive.org/web/20240317041633/https://www.businesstoday.in/india/story/maldives-home-ministry-website-hacked-over-anti-india-actions-report-418856-2024-02-25 |archive-date=17 March 2024 |access-date=2024-07-19 |website=Business Today |language=en}}</ref><ref>{{Cite news |date=7 January 2024 |title=Hackers Targeted Maldives' Pro-China President? Suspicion After Website Goes Down Amid India Tussle |url=https://www.hindustantimes.com/videos/world-news/hackers-targeted-maldives-pro-china-president-suspicion-after-website-goes-down-amid-india-tussle-101704627501703.html |url-status=live |archive-url=https://web.archive.org/web/20240229024802/https://www.hindustantimes.com/videos/world-news/hackers-targeted-maldives-pro-china-president-suspicion-after-website-goes-down-amid-india-tussle-101704627501703.html |archive-date=29 February 2024 |work=Hindustan Times |pages=1}}</ref><ref>{{Cite AV media |url=https://www.youtube.com/watch?v=gL7yj8iJ7FM |title=Hackers Target Maldives' Pro-China President? Suspicion After Website Goes Down Amid India Tussle |date=2024-01-07 |last=Hindustan Times |access-date=2024-07-19 |via=YouTube}}</ref><ref>{{Cite web |last=Khaitan |first=Ashish |date=2024-01-08 |title=Cyberattack On Maldives Government: Websites Restored |url=https://thecyberexpress.com/cyberattack-on-maldives-government/ |url-status=live |archive-url=https://web.archive.org/web/20240108073007/https://thecyberexpress.com/cyberattack-on-maldives-government/ |archive-date=8 January 2024 |access-date=2024-07-19 |website=The Cyber Express |language=en-US}}</ref><ref>{{Cite web |last=Jain |first=Samiksha |date=2024-01-10 |title=Maldivian Juvenile Court Website Hacked In Amid India Spat |url=https://thecyberexpress.com/maldivian-juvenile-court-website-hacked/ |url-status=live |archive-url=https://web.archive.org/web/20240207001558/https://thecyberexpress.com/maldivian-juvenile-court-website-hacked/ |archive-date=7 February 2024 |access-date=2024-07-19 |website=The Cyber Express |language=en-US}}</ref>
* February: [[XZ Utils backdoor]] incident.
* February: The website of Burger Singh, an [[India|Indian]] food franchise, was hacked by [[Pakistan|Pakistani]] hacker group "Team Insane PK". On the defaced website, the group warned Indian hackers to cease attacking Pakistani websites while uploading a YouTube video depicting the [[Pakistani Air Force]].<ref>{{cite web |title=Pakistani hackers deface Burger Singh website; read hackers' message and the company's response |url=https://timesofindia.indiatimes.com/gadgets-news/pakistani-hackers-deface-burger-singh-website-read-hackers-message-and-companys-response/articleshow/108068183.cms |website=The Times of India |access-date=21 March 2024 |date=29 February 2024}}</ref>
*June: Russian hackers infiltrated Microsoft's systems, accessing staff and customer emails, leading to regulatory scrutiny and a Congressional hearing. Microsoft is notifying affected customers and working to enhance its security practices in response to ongoing vulnerabilities.<ref>{{Cite news |last1=Siddiqui|first1=Zeba |date=27 June 2024 |title=Microsoft informs customers that Russian hackers spied on emails |newspaper=Reuters |url=https://www.reuters.com/technology/cybersecurity/microsoft-tells-clients-russian-hackers-viewed-emails-bloomberg-news-reports-2024-06-27/ |access-date=1 July 2024}}</ref>
*September: Unknown hackers access [[National Police Corps (Netherlands)|National Police Corps]] of the [[Netherlands]] data, resulting in a data breach.<ref name=bitdefender-foreign-state-suspected-in-theft-of-police-officers-data>{{Cite news |title=Foreign State Suspected in Theft of Dutch Police Officers' Data |last=Constantinescu |first=Vlad |date=2024-10-08 |url=https://www.bitdefender.com/en-us/blog/hotforsecurity/foreign-state-suspected-in-theft-of-dutch-police-officers-data/ |access-date=2024-10-17 |work=[[Bitdefender]]}}</ref>

===2025===
* April: [[4chan]] was hacked by an anonymous user of "soyjak.party", a rival [[imageboard]] website with origins related to 4chan. Source code and user logins of those who registered with emails were reportedly acquired by the user and leaked online.<ref>{{Cite web |last=Silberling |first=Lorenzo Franceschi-Bicchierai, Amanda |date=2025-04-15 |title=Notorious image board 4chan hacked and internal data leaked |url=https://techcrunch.com/2025/04/15/notorious-image-board-4chan-hacked-and-internal-data-leaked/ |access-date=2025-04-17 |website=TechCrunch |language=en-US}}</ref><ref>{{Cite web |last=Dellinger |first=A. J. |date=2025-04-15 |title=Internet Cesspool 4chan Is Down After Alleged Hack, Rival Forum Users Claim Credit |url=https://gizmodo.com/internet-cesspool-4chan-is-down-after-alleged-hack-rival-forum-users-claim-credit-2000589582 |access-date=2025-04-17 |website=Gizmodo |language=en-US}}</ref> Additionally, the earlier deleted /qa/ board was restored.<ref>{{Cite web |date=2025-04-17 |title=4chan, internet's 'most notorious website', is likely dead |url=https://www.firstpost.com/tech/4chan-internets-most-notorious-website-is-likely-dead-13880817.html |access-date=2025-04-17 |website=Firstpost |language=en-us}}</ref>

==See also==
* [[List of cyberattacks]]
* [[List of data breaches]]
* [[List of phishing incidents]]

==References==
{{reflist|33em|refs=17.	Kaplan, Fred. "Dark Territory: The Secret History of Cyber Warfare". (2016), Simon & Schuster, pp. 1-3.}}

==Further reading==
* {{cite book| title=Virus! The secret world of computer invaders that breed and destroy| first=Allan| last=Lundell| year=1989| publisher=Wayne A. Yacco| isbn=0-8092-4437-3| url=https://archive.org/details/virussecretworld0000lund}}
* {{cite book| title=Out of the Inner Circle | first=Bill | last=Landreth | publisher=Tempus Books of Microsoft Press | date=1985 | isbn=1-55615-223-X }}
* {{cite book | title=Beating the System: Hackers, phreakers and electronic spies | first1=Owen | last1=Bowcott | first2=Sally | last2=Hamilton | publisher=Bloomsbury | year=1990 | isbn=0-7475-0513-6 }}
* {{cite book | title=The computer virus crisis |first1=Philip |last1=Fites |first2=Peter |last2=Johnston |first3=Martin |last3=Kratz | publisher=Van Nostrand Reinhold | year=1989 | isbn=0-442-28532-9 | url=https://archive.org/details/computerviruscri00fite }}
* {{cite book | first=Bruce | last=Sterling | title=The Hacker Crackdown: Law and disorder on the electronic frontier | publisher=Penguin | year=1992 | isbn=0-14-017734-5 }}
* {{cite book | first=Steve | last=Gold | title=Hugo Cornwall's New Hacker's Handbook | year=1989 | publisher=Century Hutchinson Ltd | isbn=0-7126-3454-1 | location=London }}

[[Category:Computing timelines|Computer Security Hacker History]]
[[Category:Computer security]]
[[Category:Hacking (computer security)]]