> series: anatomy_of_a_breach —— part: 084 —— year: 2015 —— verdict: everything_is_a_target<span class="cursor-blink">_</span>_
2015 closed with an event that security professionals had long warned about but many considered hypothetical: on 23 December, Russian state-sponsored hackers attacked three Ukrainian power distribution companies, using the BlackEnergy malware and KillDisk wiper to disable SCADA systems and leave approximately 230,000 customers without electricity for up to six hours. It was the first confirmed cyber attack to take down a power grid — and it demonstrated that the theoretical threat to critical infrastructure documented since Stuxnet (2010) was now operational reality.
The Ukraine power grid attack was the capstone of a year that proved everything is a target. Ashley Madison showed data can destroy lives. TalkTalk showed UK businesses are not prepared. OPM lost 21.5 million security clearances. Anthem and Premera proved healthcare is under sustained attack. VTech exposed 6.4 million children. And Hacking Team's leaked zero-days armed every criminal on the internet. No sector, no data type, and no organisation was safe.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call| # | Breach | Key Lesson |
|---|---|---|
| 073 | Moonpig | UK: API with zero authentication. Any customer ID returned any customer's data. Ignored for 17 months. |
| 074 | Anthem | 78.8M health records. Largest healthcare breach ever. $115M settlement. |
| 075 | Premera Blue Cross | 11M records including clinical data. Healthcare under sustained APT attack. |
| 076 | GitHub Great Cannon | China weaponised millions of internet users to DDoS anti-censorship tools. |
| 077 | US OPM | 21.5M security clearances + 5.6M fingerprints. The most damaging intelligence theft in US history. |
| 078 | LastPass | The password manager was breached. Even the vault that protects your passwords needs protection. |
| 079 | Hacking Team | 400GB leaked including zero-days. Surveillance vendor hacked, exploits went wild within days. |
| 080 | Ashley Madison | 32M affair-seekers exposed. Extortion, divorces, suicides. Data as a weapon of shame. |
| 081 | Carphone Warehouse | UK: 2.4M customers, £400K fine. Outdated WordPress, no testing, no WAF. |
| 082 | TalkTalk | UK: SQL injection by a 15-year-old. CEO on live TV. £400K fine. 101K customers lost. |
| 083 | VTech | 6.4M children. Photos. Chat logs. SQL injection + MD5. The most vulnerable data, the weakest protection. |
| 084 | Ukraine Power Grid + Review | First cyber attack on a power grid. 230,000 without electricity. Everything is a target. |
With 84 articles spanning seven years, this series has documented the complete evolution of the modern threat landscape. From HMRC's lost CDs to Ukraine's darkened power grid, from Gonzalez's SQL injections to TalkTalk's teenage attacker, from T-Mobile's insider to Ashley Madison's 32 million exposed secrets. The threats have evolved from opportunistic to industrial to existential. The root causes have not changed. The controls remain the same. The organisations that implement them survive. The rest fill the pages of this series.
Penetration testing. Cyber Essentials. SOC in a Box. UK Cyber Defence. Seven years of evidence. One conclusion. Start now.
<a href="/penetration-testing">Test your defences</a>. <a href="/cyber-essentials">Certify your baseline</a>. <a href="https://www.socinabox.co.uk">Monitor continuously</a>. <a href="https://www.cyber-defence.io">Prepare for the worst</a>. Because everything is a target — and 84 breaches have proved it.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call