The Top Cyberattacks And Data Breaches Of 2020

The Top Cyberattacks And Data Breaches Of 2020

There is no doubt that 2020 has been an anomalous year in many ways. In the cybersecurity arena, perhaps not so much. Yes, over the last few months we have witnessed numerous security threats, cyberattacks and data breaches that have affected companies, institutions and users. But this was not something unpredictable, quite the opposite. While it is true that cybercriminals, as they always do, have adapted to the "circumstances", modifying the baits of their attacks to the situation in which we find ourselves at all times.

The result is being countless attempts at cyberattacks and data breaches that occur daily. Some incidents and security breaches come to light, others do not, but certainly, the number of these is increasing every year.

At the beginning of 2019, for example, what is known to date (for now) the largest known data breach, the so-called “Collection”.

Ransomware attacks, vulnerable databases and systems, or user fraud that resulted in unauthorized access have been some of the main attack vectors in recent years. Vectors that haven't changed much in 2020.

Until November 2020, 1,200 security breaches that have affected personal data were notified through this channel, 96 fewer notifications than in the same period of 2019. The number of notifications during the first quarter was several dozen more than in 2020, as you can see in the graph, but it has been slowing down throughout the year.

Top Cyber ​​Attacks, Data Breaches and Security Vulnerabilities of 2020

We now review some of the biggest global cyberattacks, data breaches and security breaches so far this unusual year.

Data theft, ransomware and subsequent economic (and reputational) blackmail have been some of the main weapons of cybercriminals.

SolarWinds and US agencies

2020 could not end in any other way if it is not with what is considered one of the largest hacks in the history of the United States. In December, the cyberattack on SolarWinds, a company that provides software to thousands of companies, including the largest in the United States and its five military agencies, was known. It is believed that the hack occurred in March 2020, in an update that was carried out, in which it is believed that they introduced a back door, compromising the Orion tool from SolarWinds and incidentally the entire infrastructure of the companies that use it .

In parallel to this case, sources from the US Administration confirmed that the computer systems of various government agencies, including the Departments of the Treasury and Commerce, were hacked by cybercriminals acting on behalf of a foreign government, targeting Russia. The attackers managed to intercept Microsoft software update packages prepared by SolarWinds, gaining access through this software to the systems of the United States Departments of Justice and Treasury.

Apparently, the affected US systems suffered, according to their statements, one of the largest cyber attacks in recent years. Attacks that began in the spring, and continued undetected during the months of the pandemic and the elections.


The American cybersecurity firm FireEye denounced in December 2020 that it had been the victim of a cybersecurity attack on its systems that was caused by a state agent. The solutions of this firm are used precisely to check the level of cyber defense of the clients. The company has called the incident an "attack by a nation with first-rate offensive capabilities." Although it was reported in December, the period in which the attack took place is not known.


CEO Fraud was the technique of choice for cybercriminals to attack Zendal. This Galician pharmaceutical company from Porto was the victim of this attack for which they were cheated of more than 9 million euros. The health sector has been a clear target of cybercrime during 2020.

Prestige Software

A security breach of the Prestige Software company located in Spain exposed the personal data of millions of hotel customers around the world at the beginning of November, affecting numerous companies in the tourism sector such as,, Expedia, Agoda or Amadeus.

Adeslas SegurCaixa

After the high-profile cases of Mapfre (August 2020) and QuironSalud (May 2020), the insurer was the victim in September 2020 of a ransomware attack. The company was forced to activate the contingency plan due to delays in appointment services and policy management, among others.


In September, the airline suffered the consequences of a SQL Injection security flaw in the database of one of its suppliers, which has exposed data from thousands of users.


This is a story that could have a fatal outcome but fortunately was resolved without incident. In August 2020, the Teslarati medium published that a Tesla employee had received an offer from a cybercriminal group to introduce malware into its Nevada factory. Elon Musk himself responded on Twitter that it was "a serious attack." The attack was thwarted thanks to the refusal of the employee, who made it known to Tesla and this in turn to the FBI.

New Zealand Stock Exchange

At the end of August, the New Zealand Stock Exchange was taken out of the game for several days in a row due to a cyber attack. Specifically, a distributed denial of service (DDoS) attack that served its purpose: bring down their systems.


On August 15, the insurer Mapfre suffered a ransomware attack that affected its activity, impacting "some of our computer systems and slowing down our response capacity," according to its CEO in Iberia, José Manuel Inchausti. The executive has periodically updated the situation through his social networks. One of his latest updates pointed to the almost complete restoration of his systems after the attack.


At the end of July, Garmin suffered a security incident that left its users without service for five days. Mobile apps or customer service went uninterrupted. A ransomware attack was the culprit, and customer data was apparently not accessed.


At the end of July 2020, Adif suffered blackmail by cybercriminals. The cybercriminal group REvil was behind the theft of 800 GB of data belonging to the Spanish public company. If their demands were not met, they would be published.

REvil is known for using ransomware called “Sodinokibi”, and they are behind other online crimes such as the attack on the law firm specializing in American personalities and celebrities, Grubman Shire Meiselas & Sacks. The cyberattack was confirmed by Adif who said that the infrastructure and services had not been affected.


It's called the "Twitter Bitcoin Scam of 2020" and has its own Wikipedia entry. In mid-July, thousands of high-profile Twitter accounts were hacked. Elon Musk, Bill Gates or Jeff Bezos were some of the victims. Several Twitter accounts with millions of followers were apparently compromised in order to promote a bitcoin scam. What happened was a social engineering attack against the Twitter employees managing the verified accounts. From the social network they explained that they detected a "coordinated attack of social engineering by people who successfully targeted some of our employees with access to internal systems and tools."

Must ReadTwitter Hack is WORSE Than You Think

On the other hand, as a result of this event, as published by Bloomberg in July, more than 1,500 company employees have access to personal data of users.

Honda and Enel

In mid-June, the automaker and a division of power company Enel were two of the latest victims of the SNAKE ransomware, which already affected other large companies this year, such as the Fresenius group.


EasyJet suffered a cyberattack in mid-May that exposed the data of 9 million customers. As we explained here, it is noteworthy that cybercriminals were inside their systems for more than 4 months.

Grubman Shire Meiselas & Sacks

The name of this law firm will not be familiar to many, but the people they represent probably will. Robert de Niro, Lady Gaga and Elton John are some of the clients of this firm who were the victim of a cyberattack in early May in which they accessed sensitive information, and it is also pointed out that a ransomware-type attack, probably REvil or Sodinokibi , which have been wreaking havoc over the past few months.

The cybercriminals requested a ransom of 21 million euros to avoid revealing any of the 756 gigabytes of personal data stolen from their customers.

Fresenius (Chiron)

At the beginning of May (and in the middle of the COVID-19 pandemic) the largest owner of private hospitals in Europe, owner of the Quirónsalud centers, was the victim of a cyber attack. The CCN-CERT later published a report about the ransomware that affected their systems, known as SNAKE or EKANS.


A misconfiguration of cloud services by the Spanish training company 8Belts has leaked data from more than 150,000 of its users, as revealed in an investigation by vpnMentor in April.


The Coronavirus crisis has not only caused an increase in the number of cyberattacks, but also at times their modus operandi. Portugal's energy company EDP was the victim of a combined ransomware attack in early April. Cybercriminals stole more than 10 terabytes of confidential company data, as well as encrypting computers using a ransomware called “Ragnar Locker”. As a ransom to recover the information and not publish the stolen data, they requested 10 million euros.


The subsidiary in Spain has acknowledged that a data breach suffered in February has exposed information from more than 36,000 customers, a leak discovered by vpnMentor.

What to do if your data is leaked in a security breach?

As a result of any of these or other data breaches, it is possible that your personal data or your digital identifiers, such as usernames and passwords, have been leaked. What to do and how to check it?

  • Companies that suffer from these security flaws involving confidential data are obliged to alert users to report it and explain the steps to follow, which usually consists of changing the password.
    • They usually do it through email, so stay tuned for these types of communications. But before doing anything, of course, verify that this email is legitimate and is not an impersonation or phishing.
    • Avoid changing the passwords through the links that are sent to you by email in this type of communication, do it directly on the website of the affected platform or service.
    • As a good practice, remember that it is advisable to have different passwords for each service, you can use a password manager to help you.
    • As an additional layer of security, whenever possible, enable double factor authentication.
    • If you want to verify that the data associated with your email accounts has not been leaked in a data breach, you can do it in services such as those offered by, you just have to enter your email address and check if it is part of any of the databases exposed (and known) so far.
    Previous Post Next Post