The Biggest Corporate Hacks of 2021

Businesses are a prime target for cybercriminals, regardless of their size, industry, or location.

In this graphic sponsored by Global X ETFs, we’ve visualized the largest corporate hacks of 2021, as measured by ransom size. The full list is also tabulated below.

Victim Country Industry Amount paid or requested (USD millions) Microsoft U.S. Technology Undisclosed Kia Motors South Korea Automotive $20M* Bombardier Canada Aviation Undisclosed CNA Financial U.S. Financial Services $40M Harris Federation UK Education $8M* Colonial Pipeline U.S. Energy $4.4M Brenntag German Chemicals $4.4M JBS Canada Food $11M Kaseya U.S. Technology $70M* Accenture U.S. Technology $50M* Acer Taiwan Technology $50M*

*Requested but not paid in full. Source: Microsoft (2021), CRN (2021)

Continue reading below for details on some of these extraordinary hacks.

Energy: Colonial Pipeline Co.

The Colonial Pipeline ransomware attack was the largest ever cyberattack on an American oil infrastructure target.

On May 7, hackers took down the company’s billing system and threatened to release stolen data if a ransom was not paid. During negotiations, the company halted its pipelines, resulting in gas shortages across the Southeastern United States.

It’s been reported that Colonial Pipeline promptly paid a ransom of $4.4 million in bitcoin (based on prices at the time). The FBI managed to retrieve some of these bitcoins, but their exact method was not revealed.

Technology: Accenture

Accenture, one of the world’s largest IT consultants, fell victim to a ransomware attack in August of 2021. While this may seem ironic, it further proves that any business, regardless of industry, can be susceptible to hackers.

“There was no impact on Accenture’s operations, or on our client’s systems. As soon as we detected the presence of this threat, we isolated the affected servers.”

– Accenture spokesperson

The hack was traced back to LockBit, which claims to have stolen several terabytes of data from Accenture’s servers. A $50 million ransom was demanded, though it’s unknown whether the company actually made any payments.

Automotive: Kia Motors

Kia’s American business fell victim to a ransomware attack in February by a group called DoppelPaymer. Hackers threatened to release stolen data within 2 to 3 weeks if a ransom of $20 million (in bitcoin) was not paid.

This hack affected various systems including the Kia Owner Portal, Kia Connect (a mobile app for Kia owners), and internal programs used by dealerships. This also prevented buyers from picking up their new cars.

Kia denied it was hacked, but the timing of the ransom note and Kia’s service outages was suspicious. According to the FBI, DoppelPaymer has been responsible for numerous attacks since 2020. Victims include U.S. police departments, community colleges, and even a hospital in Germany.

Food: JBS

JBS, one of the world’s largest meat processing companies, experienced disruptions at its North American facilities in May. Shortly after, the company confirmed it had paid hackers a ransom of $11 million in bitcoin.

“This was a very difficult decision to make for our company and for me personally.”

– Andre Nogueira, CEO, JBS USA

This attack, along with the Colonial Pipeline hack, represents an alarming trend of critical industries being targeted. For context, JBS claims it has an annual IT budget of over $200 million, and employs over 850 IT personnel globally. The group responsible for this attack is known as REvil, a now defunct hacker group based in Russia.

Increased Spending on the Menu

The rising frequency and sophistication of corporate hacks is a major threat to the world. In fact, recent research from PricewaterhouseCoopers has highlighted that 69% of businesses predict a rise in future cybersecurity spending.

