Public Sector Digital Trends 2026 | Article

Chronology of information security and cyber incidents (1985–2025)

Authors and contributors: Martin Ferguson, Diana Rebaza, Yasmine Hajji, David Ogden

Jump to section

1980s – Hacking emerges and legislation begins

1985

  • KILOBAUD a hacking group reorganised into The P.H.I.R.M.
  • ‘Phrack’ an online magazine written by and for hackers, was first published 
  • The Hacker’s Handbook was published in the UK.
  • The Private Sector Bust (also known as the 2600 BBS Seizure) involved a law enforcement execution of seven search warrants and seized equipment from Private sector bulletin board system (BBS) operators and users.

1986

  • Congress passed the Computer Fraud and Abuse Act in the US.
  • The first US Fraud and Abuse Act was passed, defining federal computer crimes and penalties.
  • Robert Schifreen and Stephen Gold were convicted in the UK for accessing the Telecom Gold account belonging to the Duke of Edinburgh; this was the first conviction for illegally accessing a computer system, though it was later overturned on appeal.
  • The arrest of the hacker known as ‘The Mentor’ led to the publication of the Hacker Manifesto in Phrack.

1987

  • The Christmas Tree EXEC “worm” caused major disruption across the VNET, BITNET, and EARN networks.

1988

  • Robert T. Morris, Jr. launched the Morris Worm on the ARPAnet (a precursor to the internet), clogging an estimated 6,000 networked computers.
  • The Computer Emergency Response Team (CERT) was created by DARPA to address network security.
  • The Father Christmas (computer worm) spread over DECnet networks.

1989

  • The detection of the AIDS (Trojan horse) marked the first instance of a ransomware detection.

1990s – Malware and legislative response

1990

  • The Computer Misuse Act 1990 was passed in the United Kingdom, criminalising unauthorised attempts to access computer systems.
  • Operation Sundevil involved Secret Service raids in 14 U.S. cities against BBS organisers and prominent members.

1992

  • The Bulgarian virus writer Dark Avenger authored 1260, the first known use of polymorphic code, designed to circumvent pattern recognition used by antivirus software.

1994

  • Russian crackers tapped $10 million from Citibank.
  • AOHell, a freeware application, was released, allowing script kiddies to disrupt America Online.

1996

  • The concept of cryptovirology was born with the invention of the crypto viral extortion protocol, which later formed the basis of modern ransomware.
  • The US general accounting office reported that hackers attempted to break into Defense Department computer files approximately 250,000 times in 1995 alone.

1998

  • Members of the hacker think tank L0pht testified in front of the US congressional Government Affairs committee regarding weak computer security in government.

1999

  • The Melissa worm was released, quickly becoming the most costly malware outbreak of its time.
  • Cult of the Dead Cow released Back Orifice 2000 at DEF CON.
  • The Melissa virus infected users via Microsoft Outlook, causing an estimated $1.2 billion damage.

2000s – Major worms, DDoS, and enhanced security focus

2000

  • The ILOVEYOU worm (Love Bug) affected over 500,000 systems worldwide and resulted in an estimated $15 billion worth of damage.
  • Jonathan James became the first juvenile to serve jail time for hacking.

2001

  • Microsoft became the victim of a new type of hack attacking the Domain Name Server in a denial-of-service (DoS) attack.
  • The Code Red worm infected tens of thousands of machines.
  • The terrorist attacks on the World Trade Center and Pentagon brought a new, tragic meaning to business continuity planning, making “mega-disasters” a grim reality for organisations. The aftermath led to a temporary decrease in public concern over privacy relative to security.

2002

  • Gary McKinnon was arrested following unauthorised access to US military and NASA computers.
  • A DDoS attack struck 13 DNS root servers, knocking out five, marking the first attempt to disable the internet.

2003

  • The hacktivist group Anonymous was formed.

2004

  • Gartner predicted that cyber attacks exploiting software flaws would double in speed by 2006.
  • The cyberthreat hype cycle in January 2004 showed “Phishing,” “Zero-Day Threats,” and “Hybrid Worms” at the peak of inflated hyperbole.

2005

  • The Freedom of Information Act (FoI) came into full force in the UK.
  • Charges were brought against a man in Scotland for DoS attacks aimed at extortion, only the second time in history criminal charges were brought for DoS under the Computer Misuse Act.

2008

  • US Presidential and Homeland Security directives initiated a national effort to counter network attacks.
  • Facebook was hacked, exposing personal information of approximately 30 million users.
  • The first U.S. indictment occurred for individuals using SamSam ransomware, netting them over $6 million in ransom payments.

2010s – Geopolitics, large-scale breaches, and ransomware escalation

2010

  • Operation Aurora was revealed by Google, involving a sophisticated attack originating from China resulting in intellectual property theft.
  • The Stuxnet worm was found, identified as a sophisticated cyber-attack targeting Iran’s nuclear facilities.

2011

  • The Wikileaks controversy highlighted the necessity of enhanced internal security systems to prevent confidential information leaks.
  • The PlayStation Network suffered an external intrusion, compromising potentially sensitive information for 77 million accounts.
  • The News International phone hacking scandal came to light, involving the hacking of victims’ voicemails, including that of murdered schoolgirl Milly Dowler and relatives of 7/7 attack victims.

2011–2016 (Breach Window): Credit monitoring firm Equifax suffered a breach affecting around 15.2 million UK customer records and resulting from a technician failing to apply a security framework correctly.

July 2011 – July 2012: The UK’s National Health Service (NHS) experienced a series of 16 major breaches and data leaks, compromising over 1.8 million health and employee records across multiple entities. Fines were issued to multiple trusts by the Information Commissioner’s Office (ICO) for violations of the Data Protection Act.

2012

  • A hacker claimed to leak data on 1 billion Chinese citizensfrom the Shanghai National Police Database.

2013

  • US retailer Target suffered a massive data breach exposing 40 million credit card customers.

2014

  • The Cyber Essentials scheme was launched to boost businesses’ cyber defenses.

2015

  • Records of 21.5 million people were stolen from the U.S. Office of Personnel Management (OPM), including social security numbers and fingerprints.
  • Servers for the extramarital affairs website Ashley Madison were breached.
  • The TalkTalk data breach occurred, exposing over 157,000 records, exploiting known SQL injection vulnerabilities. The ICO issued a massive £400,000 fine.

2016

  • The EU adopted the NIS Directive, the first EU-wide cyber security law.
  • (Which led eventually to the NCSC CAF (Cyber Assessment Framework) and GovAssure.
  • JD Wetherspoon announced a data breach affecting over 650,000 customers, believed to be the work of a Russian group.
  • Three Mobile UK suffered a data breach, compromising 130,000 customer records via an employee’s access credentials.
  • Tesco Bank was hit by cyber criminals, resulting in nearly £2.26 million being stolen from 8,261 customer accounts.
  • Yahoo! data breaches affecting more than 1 billion users were reported.

2017

  • The first EU-wide cyber security law started
  • The WannaCry ransomware attack infecting approximately 300,000 computer systems in four days globally.
  • Wonga suffered a data breach compromising up to 270,000 customer records.
  • Dixons Carphone (now Currys) suffered a massive breach due to malware installed on tills, compromising 14 million personal records and 5.6 million payment card information. The ICO fined the company £500,000.

2018

  • The General Data Protection Regulation (GDPR) came into force across EU countries.
  • Research revealed security flaws in every computer chip made in the last 20 years.
  • British Airways suffered a data breach compromising payment card details of almost 500,000 customers via a fraudulent third-party payment service. The ICO issued the largest fine ever for a GDPR violation.

2019

  • Currency exchange firm Travelex suffered a ransomware attack (Sodinokibi) on New Year’s Eve, exploiting a vulnerability that the firm had failed to patch. Travelex paid over £2 million in Bitcoin ransom.

2020s – Geopolitical conflict, supply chain attacks, and increased UK focus

2020

  • The rapid shift to remote working due to Covid-19 led to increased frequency and intensity of cyber attacks on remote workers.
  • Broadband provider Virgin Media exposed the personal data of 900,000 customers for around ten months due to a database misconfiguration.
  • Construction company Interserve exposed 113,000 staff records after an employee forwarded a phishing email, leading to attackers uninstalling antivirus software and encrypting data.
  • The SolarWinds supply chain attack occurred, where hackers compromised the vendor’s systems and added malicious code to its software updates.

2021

  • Supply chain attacksbecame a key threat, often catching organizations unwittingly.
  • The Colonial Pipeline fuel group in the US was attacked by the Darkside ransomware group, serving as a “wake-up call” to the potential impact on critical national infrastructure (CNI).
  • The Log4Shell zero-day vulnerability was discovered, considered arguably one of the largest and most critical vulnerabilities ever due to its ubiquity and ease of exploitation.

2022

  • Cyber threats increased significantly due to the fallout from Russia’s invasion of Ukraine.
  • The Ronin Network was compromised, leading to the theft of approximately $620 million in Ether and USDC, later attributed by the FBI to the North Korean state-sponsored Lazarus Group.

2023

  • Ransoms paid by companies reached $1 billion.
  • A cyberattack on DP World paralysed imports and exports in Australia for several days.

2024

  • Russian hackers infiltrated Microsoft’s systems, accessing staff and customer emails.
  • The NCSC responded to several cyber-attacks in the health sector, including the ransomware attack on pathology services provider Synnovis. This incident caused significant clinical healthcare disruption across London, incurred costs of £32.7 million, and directly contributed to at least one patient death.
  • The UK and allies publicly uncovered a Russian military unit carrying out cyber-attacks and digital sabotage for the first time.
  • The NCSC issued advice to counter a China-linked campaign targeting thousands of devices.
  • All UK schools were made eligible for the free protective DNS (PDNS) cyber resilience service.
  • The 10th anniversary of the Cyber Essentials scheme was marked.

2024–2025 (NCSC Annual Review Period)

  • The NCSC Incident Management Team handled 429 total cyber incidents, with 204 classified as nationally significant—a staggering 129% increase from the previous year.
  • Incidents categorised as highly significant (category 2) reached 18, marking a 50% increase for the third consecutive year.
  • High-profile ransomware attacks impacted major organisations, including Marks & Spencer, the Co-op Group and Jaguar Land Rover. The estimated cost of the Marks and Spencer incidents exceeded £300m.
  • Attacks exploiting vulnerabilities in legacy systems, such as those related to Microsoft SharePoint Server, Ivanti Connect Secure, and Fortinet FortiManager (three CVEs), were associated with 29 incidents managed by the NCSC.

2025

  • The NCSC published new guidance outlining a three-phase timeline for organisations to transition to quantum-resistant encryption methods by 2035.
  • DSIT and the NCSC launched the Cyber Governance Code of Practice and Training for Boards.
  • The NCSC led international attribution against the Russian military intelligence group APT28.
  • Iranian state television faced a broadcast signal intrusion by Israeli hackers.
  • The Cyber Assessment Framework (CAF) v4.0 was launched to support essential service providers in strengthening cyber risk management.
  • Cyber security revenues are forecasted to reach $290 billion by 2027.