These are the worst hacks, cyberattacks, and data breaches of 2018

Millions of records were lost, services were disrupted, and credit card data was stolen as hackers ran amok over the year.
By Charlie Osborne, Contributing Writer
1 of 24 Charlie Osborne/ZDNET

UK government website cryptojacking

2 of 24 Charlie Osborne/ZDNET


February -- June: Third-party code on Ticketmaster's web domain was compromised, leading to the implant of credit card skimming malware on the domain. Up to 40,000 UK and international customers are believed to have been affected, with information including names, addresses, email addresses, telephone numbers, payment details, and Ticketmaster login details involved in the breach.

Researchers later connected the cyberattack to the Magecart campaign.

3 of 24 Charlie Osborne/ZDNET
5 of 24 Charlie Osborne/ZDNET

Facebook, Cambridge Analytica

March: The Facebook -- Cambridge Analytica scandal was one of the largest this year with severe consequences that are still being felt by the companies and regulators alike.

In total, information belonging to up to 87 million users was improperly shared by a developer with Cambridge Analytica for the purpose of voter profiling. It has been suggested that this may have been used to spread propaganda and help elect US President Trump.

6 of 24 Charlie Osborne/ZDNET

British Airways

April -- July: British Airways leaked data belonging to hundreds of thousands of customers who used a credit card to make reward bookings between April and July. The compromised information included names, billing addresses, email addresses, and payment information including card numbers, expiry dates, and CVV security codes.

The leak was uncovered following the Ticketmaster breach. It is believed the hack was the work of Magecart, which has also claimed victims including Newegg, Feedify, and broadcaster ABS-CBN.

7 of 24 Charlie Osborne/ZDNET

Rail Europe

May: Rail Europe, a company which sells tickets for trips around the bloc, suffered a three-month-long data breach caused by credit-card skimming malware. Credit card numbers, expiration dates, and CVV card verification codes were all stolen during the covert campaign, and while the company did not reveal exactly how many customers were involved, Rail Europe accounted for five million customers last year.

10 of 24 Charlie Osborne/ZDNET


June: Ticketfly pulled its website offline on the basis that the event seller believed there had been a cyberattack -- a premise which turned out to be correct. The company said that information had been leaked which belonged to roughly 27 million customer accounts and included names, email addresses, physical addresses, and phone numbers.

A hacker believed to be responsible attempted to blackmail Ticketfly a single Bitcoin to keep the data from spreading.

12 of 24 Charlie Osborne/ZDNET


June: You would be forgiven for not knowing of Exactis, a marketing and data aggregation company, but the firm's name became somewhat well-known following a data breach which exposed 340 million records on a publicly accessible server.

Close to two terabytes of information were available in the public domain, including a range of data on US citizens and businesses.

13 of 24 Charlie Osborne/ZDNET


July: Singapore suffered the "most serious" data breach in the country's history this year when healthcare institutions group SingHealth's networks were compromised.

In total, over 1.5 million healthcare patient records, including one belonging to Prime Minister Lee Hsien Loong, were stolen. Data including patient names, national identification numbers, addresses, genders, and dates of birth were compromised.

17 of 24 Charlie Osborne/ZDNET
19 of 24 Charlie Osborne/ZDNET


August: T-Mobile detected unauthorized entry into the carrier's network, and although the intruder was quickly booted out, this was not before the attacker was able to access customer data. Roughly three percent of its 77 million customers -- or approximately 2 - 2.5 million customers -- were impacted, with information including customer names, billing ZIP codes, phone numbers, email addresses, account numbers, and account types exposed.

20 of 24 Charlie Osborne/ZDNET

Facebook's network breach

September: If dealing with the aftermath of Cambridge Analytica was not enough, a vulnerability in Facebook's code permitted attackers to steal authentication tokens. Information including names, contact details, cities, device types, places of work, and more was also stolen from some users.

Original estimates pegged the theft as impacting 50 million users, which were later revised to 30 million.

22 of 24 Charlie Osborne/ZDNET

Canada Post

November: Information relating to roughly 4,500 customers of the Ontario Cannabis Store (OCS) was improperly shared and leaked, including the names or initials of nominated signatories, postcodes, dates of delivery, reference numbers, Canada Post tracking numbers, and OCS corporate names and business addresses.

While the breach was small, the sensitive subject matter -- and the recent decision to make recreational cannabis legal in Ontario, Canada -- made the incident stand out. It may now be legal, but that does not mean smokers would be happy with others knowing about their recreational use.

23 of 24 Charlie Osborne/ZDNET


November: As is often the case with the most well-known companies, if a security incident occurs, they will often give out information which is necessary -- but no more. Amazon followed this pattern, admitting that a "technical error" had exposed the names and email addresses of some customers, but did not go any further into detail.

Despite a lack of concrete information, when a company such as Amazon has a security lapse, it is certainly of note.

24 of 24 Charlie Osborne/ZDNET


In late December, Google revealed a fresh bug in the Google+ API which had the potential to permit attackers to steal private data belonging to close to 52.5 million users. This discovery pushed the Google+ closure data forward from August to April 2019.

Read on: ZDNet

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes
Holiday lights in Central Park background

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes

21 Photos
Winter backgrounds for your next virtual meeting
Wooden lodge in pine forest with heavy snow reflection on Lake O'hara at Yoho national park

Related Galleries

Winter backgrounds for your next virtual meeting

21 Photos
Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes
3D Rendering Christmas interior

Related Galleries

Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes

21 Photos
Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos