Cyberattacks, whether accidental or purposeful, have been a threat long before the invention of the World Wide Web. These attacks aim to steal money, data, or resources — and sometimes serve as tools for gaining an edge over rival nations.
Each incident is a stark reminder for businesses to fortify their digital defenses while also underscoring the crucial role of security teams that work tirelessly to identify and neutralize these threats. The following attacks had a significant impact on U.S. businesses, organizations, and individuals.
Although each was eventually resolved, their consequences left lasting effects.
The Morris Worm’s code fundamentally shifted the nascent computing industry’s understanding of what was possible. In 1988, Cornell University graduate student Robert Tappan Morris unleashed the experimental worm from MIT’s networks, causing widespread disruption throughout about 6,000 of the then 60,000 internet-connected computers. Emails were blocked for days, and military computer systems experienced significant slowdowns.
Some facilities hit by the Morris Worm were forced to completely replace their computer systems, while others spent up to a week on resolving slowdowns and shutdowns. Morris apologized for releasing the worm, describing it as a “harmless experiment,” according to an FBI case study. He explained that its widespread release was the result of a programming error.
The Morris Worm transformed internet-borne attacks from theoretical to real. Even the term “internet” gained widespread recognition because of the worm, making its first major appearance in an article by The New York Times about the incident.
The Melissa virus spread via email, enticing victims with attachments promising adult content. Released by programmer David Lee Smith in March 1999, Melissa became the first widely known example of what would later be recognized as a common type of email scam. The virus replicated rapidly, overwhelming email servers.
Melissa was one of the first incidents to make people cautious about opening unsolicited emails. Melissa was one of several cyber incidents that led to the FBI establishing its Cyber Division in 2002, shortly after Smith was sentenced to prison.
Shortly before Y2K dominated computer-related news, 15-year-old Jonathan James breached NASA’s Marshall Space Flight Center by installing a backdoor. He gained access to emails, usernames, and passwords from the Defense Threat Reduction Agency, leaving NASA scrambling for 21 days to assess and contain the situation.
The government worked to close the backdoor and patch its systems. At the time, the attack was estimated to have cost $41,000 in labor and lost equipment.
In 2000, the worm that traveled through emails with subject lines like “ILOVEYOU” damaged tens of millions of computers worldwide. It caused an estimated $10 billion in damages by infiltrating large organizations such as Ford, Merrill Lynch, and the U.S. Army. The virus was an early example of an email worm that propagated itself through inboxes, overwhelming servers and rendering files unusable.
The “Love Bug” was relatively easy to trace, as each email copy contained visible source code, allowing security researchers to quickly develop countermeasures. Like the Melissa virus, it served as a wake-up call about the dangers of clicking on mysterious emails. It also raised mainstream awareness of the growing trend in spam emails with attention-grabbing subject lines — a tactic that seems almost quaint today.
An attacker stole the gaming accounts of 77 million people in 2011, forcing a shutdown of the PlayStation network service. The hack was particularly notable for exposing millions of credit cards, as each account was linked to a card. Ultimately, the breach cost Sony $171 million in lost profits, legal fees, support costs, and an identity theft protection program offered to victims.
PlayStation Network service was restored after about a week of intensive effort. Sony, along with external experts, conducted a forensic analysis to determine the nature of the hack.
SEE: Today, generative AI serves as both a potential solution for cyberattacks and a potential tool for attackers.
This breach exposed the email addresses, phone numbers, dates of birth, and hashed passwords of all 3 billion Yahoo users, although the full extent was only revealed in 2017. At the time, it was the largest hacking incident in history. While Yahoo faced several other attacks in the subsequent years, including one attributed to Russian state-sponsored threat actors, the root cause of the 2013 attack remains unknown — although it is widely believed that the attackers exploited a forged cookie vulnerability.
Yahoo responded by requiring all users to change their account passwords and invalidated unencrypted security questions and answers. The company paid $117.5 million to settle a class action lawsuit related to the breach.
In 2014, a group calling itself Guardians of Peace held for ransom massive amounts of sensitive data from Sony Pictures Entertainment. This included unreleased films, employee data such as performance review notes, and controversial private messages. The attackers also deployed malware to wipe data from corporate computers. Eventually, all the stolen data was made public, fueling what was considered at the time the largest corporate cybersecurity attack in history based on impact and publicity.
A U.S. government investigation attributed the attack to North Korean state-sponsored actors, although this conclusion sparked controversy. Some investigators suggested it may have been an inside job or linked to Russian threat actors. Sony experienced another data breach in 2023 that exposed personal information about employees.
The WannaCry ransomware attack impacted 300,000 computers in 150 countries. The attackers — allegedly state-sponsored actors associated with North Korea — exploit a vulnerability in the SMB protocol on Windows servers. Hospitals in the U.K. were hit particularly hard, with service severely disrupted.
After the attack, Microsoft and CISA released various mitigation measures for WannaCry, although recovering encrypted files remained challenging. Microsoft had already issued a patch for the exploit WannaCry leveraged, but many organizations had failed to implement it in time.
Petya’s reach wasn’t as widespread as some other malware on this list, but its novel approach and its role in the sociopolitical landscape — specifically with a variant used to target Ukraine — make it particularly notable. Check Point referred to Petya as “the next step in ransomware evolution” because it encrypted hard drives’ Master-File-Table (MFT). This meant it could hold the entire drive hostage rather than just individual files.
In 2017, a variant used in the Ukraine attacks was dubbed “NotPetya” by security firm Kaspersky due to its distinct features. However, the two types of ransomware are often discussed together due to their similar appearance around the same time.
Interpol, the U.S. Department of Homeland Security, and other governments investigated the source of the attacks. Meanwhile, Microsoft continued to release patches to address the vulnerabilities that Petya and NotPetya exploited.
Personal data and credit card information from hundreds of millions of Equifax customers worldwide was exposed in this attack. Similar to previous breaches, the Equifax hack could have been prevented if the proper security update had been applied. For several months, attackers exploited a vulnerability in Equifax’s online dispute portal.
Equifax agreed to pay up to $425 million in a settlement related to the breach. In 2020, the FBI charged four members of the Chinese military in connection with the hack.
Millions of accounts belonging to people who had stayed at Marriott hotels were exposed in this data breach. The attack stemmed from a backdoor an attacker had created in a Starwood Hotels Group system before Marriott acquired Starwood in 2016. The breach went undetected until after the acquisition. The situation highlighted how attacks can occur even when data is protected while at rest.
The Marriott case was an early example of GDPR enforcement, with the U.K. fining the hotel chain £18.4 million ($24.1 million) for noncompliance. Because the attack originated in Starwood’s system and Marriott did not use encryption, the incident served as a reminder both to keep company computer systems encrypted and to carefully assess how acquired systems fit into the acquiring company’s cybersecurity strategy and standards.
This attack was one of a wave of ransomware incidents targeting cities over several years, with threat actors disrupting public services such as water bill payment portals. The attackers demanded payment in Bitcoin to restore system access, deploying a strain of ransomware known as RobbinHood. This attack highlighted the nature of modern ransomware incidents — organized groups targeting real-world infrastructure and demanding cryptocurrency payments.
The city of Baltimore chose not to pay the ransom, following recommended best practices. Instead, the city brought in external cybersecurity experts, deployed new monitoring tools, and rebuilt their gutted systems from the ground up.
The ransomware attack on the Colonial Pipeline Company, an oil provider in the southeastern U.S., highlighted the devastating impact ransomware can cause on critical infrastructure. Colonial Pipeline shut down its entire operation to contain the attack and because customers would not be charged accurately without the billing system. The shutdown sparked fears of widespread gas shortages.
Colonial Pipeline paid the ransom of approximately $4.4 million in Bitcoin in cooperation with the U.S. government, and, by June 2021, the Department of Justice recovered some of the ransom money.
MoveIT, a file transfer software, gained notoriety in 2023 when government customers worldwide fell victim to cyberattacks originating from the service. The U.S. Department of Energy, motor vehicle agencies in Louisiana and Oregon, the BBC, British Airways, and others were affected by data theft.
MoveIT thoroughly documented the vulnerability and provided steps to mitigate it. The prevailing theory is that the attack was launched by an independent, Russia-based, ransomware group seeking financial gain.
Microsoft is still working to restore confidence in its security posture after a hack exposed several U.S. government email addresses. The attack, which Microsoft attributed to a Chinese nation-state threat actor, originated from a forged authentication token used for Outlook Web Access in Exchange Online and Outlook.com. It exposed 60,000 emails from 10 accounts belonging to individuals working for the U.S. State Department in East Asia, the Pacific, and Europe.
Microsoft identified and blocked the perpetrator from accessing Outlook accounts. The company emphasized that most customers were not affected. However, the attack shook faith between Microsoft and the U.S. government, a major customer.