The secret to great cybersecurity is to always be learning, developing and discovering – and this means keeping abreast of the latest developments, stories and updates. As we kick off 2025 with a clean slate, what better way to remind ourselves of the importance of cybersecurity than with a look back at some of the most significant cybersecurity breaches of the last 12 months?
As the old adage goes: knowledge is power, so read on to discover some of the biggest cyber scandals to hit the headlines in 2024 – and the crucial lessons that we can learn from the misfortune of others.
Healthcare: A sector under siege
Healthcare is an area that we all rely on, and one which is home to millions of confidential details, private medical history, and potentially valuable information. Cyber attacks in this industry can be devastating – and 2024 saw the sector targeted in a number of high profile incidents.
NHS Dumfries and Galloway ransomware attack (February 2024)
In February 2024, NHS Dumfries and Galloway in Scotland experienced a ransomware attack attributed to the Russian cybercriminal group Inc Ransom. The attackers exfiltrated approximately three terabytes of data, including confidential patient information. The health board chose not to pay the ransom, leading the hackers to publish the stolen data online. This breach had significant repercussions, affecting numerous individuals and highlighting the persistent threat posed by ransomware to healthcare services.
Synnovis ransomware attack (June 2024)
Synnovis, a pathology laboratory serving several NHS organisations in South East London, suffered a ransomware attack on June 3, 2024. The Russian cyber-criminal group Qilin claimed responsibility, subsequently publishing nearly 400GB of sensitive data, including patient names, dates of birth, NHS numbers, and blood test details. This breach led to the postponement of over 10,000 outpatient appointments and nearly 2,000 elective procedures. Services were gradually restored, with most back online by October 2024.
Impact of the CrowdStrike-Related IT outage (July 2024)
Chaos continued that summer – in July 2024, a global IT outage linked to a faulty software update from cybersecurity firm CrowdStrike caused widespread disruptions across various sectors, including healthcare. The NHS was notably affected, with many general practices (GPs) across England experiencing significant disruptions. Services that relied on the EMIS Web software were unable to access and manage medical records, issue prescriptions, or schedule appointments. This incident highlighted the NHS’s dependence on third-party cybersecurity solutions and the cascading effects of their failures.
Liverpool hospitals cyberattack (December 2024)
In early December, cybercriminals struck again, this time at three hospitals in Liverpool—Alder Hey Children’s Hospital, Liverpool Heart and Chest Hospital, and Royal Liverpool University Hospital, all of which were targeted in a cyberattack. Hackers unlawfully accessed data through a shared digital gateway service. While services remained operational, there were concerns about potential data breaches.
Government and Politics: Westminster in the crosshairs
Politics is another area which has seen an onslaught of attacks over 2024, highlighting the frightening ease with which the world’s most secure systems can be breached, and underscoring key vulnerabilities within governmental and political institutions. Notable incidents include:
Electoral Commission data breach (August 2023 -into 2024)
In 2024, the UK’s Electoral Commission reported a cyberattack that originated in 2023, but went undetected for over a year, resulting in unauthorised access to the personal data of millions of voters – not ideal in a critical General Election year. The breach raised concerns about the security of electoral processes and the potential for foreign interference – and these concerns are legitimate. The same year saw the National Cyber Security Centre (NCSC) identify China as a significant cyber threat, with state-sponsored actors targeting UK political institutions. Incidents included attempts to access parliamentary emails and influence democratic processes, prompting calls for enhanced cybersecurity measures.
Parliamentary email system vulnerabilities (2024)
Former aides retained access to parliamentary email accounts after leaving their positions, exploiting this to obtain confidential information, including MPs’ private contact details and sensitive communications. This lapse highlighted significant weaknesses in parliamentary IT security management.
Ministry of Defence payroll system breach (May 2024)
May 2024 saw the UK’s Ministry of Defence (MoD) experience a cyberattack targeting its payroll system, compromising the personal and financial details of approximately 270,000 personnel. While initial reports suggested Chinese involvement, Defence Secretary Grant Shapps indicated that attributing the attack would require further investigation.
Labour Party data protection reprimand (August 2024)
August 2024 saw senior politicians receive a sharp slap on the wrist when the Information Commissioner’s Office (ICO) formally reprimanded the Labour Party for failing to comply with data protection laws. This action followed more than 150 complaints regarding delays in responding to Subject Access Requests (SARs) after a cyberattack in October 2021.
Westminster honeytrap scandal (2024)
Perhaps one of the most high profile cyber scandals to hit the political landscape in 2024 was the so-called “Honeytrap Scandal.” A cyber-enabled “honeytrap” operation targeted MPs, staffers, and political journalists, resulting in individuals receiving unsolicited flirtatious messages via platforms like WhatsApp and Grindr from personas named “Charlie” or “Abi,” leading some to share compromising information. The Metropolitan Police’s investigation faced criticism after a data breach inadvertently exposed victims’ identities to each other.
These incidents underscore the pressing need for robust cybersecurity protocols within UK political institutions to safeguard democratic processes and maintain public trust.
Transport and Infrastructure: A year of disruption
Transport is another integral part of our daily lives and once again, was the target of attack in a major incident. As we discussed previously, Transport for London is often a key target for attack, and the 2024 incident was a key look into the flaws of the system, requiring the help of the National Cybersecurity Centre (NCSC).
TFL (September 2024)
In September 2024, TfL detected suspicious activity on its network, leading to a cyber security incident. The attack affected several online systems, including Oyster and contactless payment services, and led to the suspension of new Oyster photocard applications. Approximately 5,000 customers’ data, including bank account numbers and sort codes, were potentially accessed. A 17-year-old male was arrested in connection with the attack. By December 2024, TfL reported spending over £30 million on incident response and system recovery efforts.
Football and sporting events: cybercriminals targeting popularity
Critical infrastructure was not the only target of cybercriminals in 2024 – popular sporting events such as football also fell victim to attacks and incidents, as criminals took advantage of rapt crowds and a captive audience.
The sports industry, including football, has seen a significant rise in cyber threats over the past decade. Reports indicate that 70% of sports organisations experience cyberattacks annually, and the digital transformation of sports venues and the increasing online engagement of fans have introduced new vulnerabilities. Incidents such as ransomware attacks on major sports teams and data breaches involving fan information underscore the pressing need for robust cybersecurity measures within the industry.
Aston Villa data breach (March 2024):
Aston Villa Football Club inadvertently exposed a publicly accessible Amazon Web Services (AWS) S3 bucket containing personally identifiable information (PII) of approximately 135,770 individuals. The leaked data included full names, dates of birth, home addresses, phone numbers, email addresses, membership details, and purchase information. This exposure heightened risks of spear phishing, social engineering attacks, and identity theft for the affected fans.
UEFA Euro 2024 cyber threats:
The UEFA Euro 2024 tournament in Germany attracted significant cybercriminal activity:
- Credential theft: Over 15,000 credentials associated with UEFA customers were found on underground forums, with an additional 2,000 available for sale on the dark web. Many of these credentials belonged to individuals using corporate email addresses, posing potential security risks to their organisations.
- Distributed Denial of Service (DDoS) Attacks: During the tournament, several DDoS attacks targeted online broadcasts and related services. Notably, the online broadcast of Poland’s opening match against Estonia was disrupted, with suspicions pointing towards Russian-linked hackers.
- Phishing and scam activities: Cybercriminals exploited the tournament’s popularity by setting up fraudulent websites and mobile apps impersonating official UEFA platforms. These malicious entities aimed to deceive fans into revealing personal or financial information, downloading malware, or purchasing counterfeit tickets.
Liverpool targeted by ticket touts (July and November 2024)
The rise in digital technology has also seen football fans impacted through targeting ticket sales, as highlighted in industry publications such as The Athletic. July and November 2024 saw online sales for Liverpool FC members subject to a cyber attack, where the target was illegally harvested tickets. The club retaliated by closing around 100,000 fake ticketing accounts, cancelling 1500 tickets suspected to be fraudulent, and issuing criminals with indefinite suspensions (136 in total), and 47 lifetime bans. The next season followed suit, with 47 lifetime bans, 1200 cancelled tickets, and the closure of 20,000 ticketing accounts – Liverpool are fighting back against the fake fans.
Lessons learned from 2024
The events of 2024 made clear that cyber threats are systemic risks capable of crippling industries, disrupting services, and undermining national security. To counter these threats, organisations must focus on resilience, preparedness, and collaboration. The diversity of these threats also show that anyone can fall victim to cybercrime; if major corporations such as TFL, the NHS and Liverpool football club can become victims, then so can anyone. Cybersecurity awareness training, therefore, is crucial no matter the size, shape or nature of your business – and can also reap rewards for individuals.
Key priorities include:
- Third-Party Risk Management: Incidents like the CrowdStrike outage show the need for robust vendor risk assessments, clear SLAs, and contingency plans to prevent cascading failures.
- Ransomware Defences: Attacks like the NHS Synnovis breach emphasise the urgency of advanced monitoring, offline backups, and testing response plans to minimise disruption.
- Cybersecurity Education: Human error, evident in phishing scams like the Westminster honeytrap, underscores the importance of regular training and a cybersecurity-focused culture.
- Nation-State Threats: Attacks on critical systems demand better threat intelligence sharing, detection capabilities, and cross-industry collaboration to deter state-backed actors.
The challenges faced in 2024 prove that cybersecurity is essential. A united effort across organisations, governments, and individuals is crucial to building a secure future – and we all have a part to play in keeping cybercriminals at bay in 2025 and beyond.