What are the Biggest Breaches of 2022 (So Far)

Despite the many steps forward we’ve seen in the world of security, the unfortunate reality remains that co-ordinated cyber-attacks and data breaches continue to be big business for gangs of digital thieves.

Likely to be another record-breaking year in terms of the cost of these attacks and breaches, today we take a look at some of the most devastating and impactful attacks, breaches, and threats of 2022 so far.

Costa Rican Government

Perpetrated in the early hours of April 17th, this devastating ransomware attack crippled nearly 30 institutions of the Costa Rican government, including the Republic’s Ministry of Finance, Ministry of Science and Ministry for Science, Innovation, Technology and Telecommunications.

Unfolding over the course of weeks and costing an estimated $30 million (USD) a day in lost productivity, the Russia-centric Conti ransomware gang initially demanded $10 million to return access to the government’s data.

With President Rodrigo Chaves declaring a national emergency in response, stating “we are at war”, the President also issued a public refusal to pay the ransom, resulting in the gang increasing their extortionate demand to $20 million.

Thought to have been enabled by malware installed on a Ministry of Finance computer, the attack severely damaged digital infrastructure, including public healthcare and online tax collection for several months.

Coming to an end following the general discontinuation of the ransomware syndicate, this case is a prime example of just how disruptive cyber-attacks can be at a state-level.

Cash App Data Breach

Confirmed by Block (formerly Square) in April of this year and affecting the sensitive information of over 8 million users of the payment services application, this data breach occurred as a result of a former employee’s unauthorised accessing of company systems.

Including customers’ names, portfolio information, trading activity and brokerage account numbers, this form of insider threat often has significant effects for organisations’ reputations, with the company stating in a US Securities and Exchange Commission (SEC) filing:

“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended.”

Although details are murky about exactly how the former employee still had access to this sensitive data, around 8.2 million former and current US customers were impacted by the breach.

With around 40+ million users across the US and United Kingdom, this massive breach illustrates the risk that disgruntled employees can present, as well as the need for robust IT infrastructure and employee offboarding processes.

Lapsus$ Spree

Perhaps one of the most notorious international hacking groups of 2022, Lapsus$ (sometimes known as DEV-0537) quickly earned a name for targeting large and notable tech companies with cavalier information security attacks.

With targets including Brazil’s Ministry of Health, Samsung, Ubisoft, Uber, and Rockstar Games, one aspect which makes this group unique is their public recruitment of company insiders to help carry out their destructive strikes.

Having stolen and posted a file containing around 37GB of Microsoft source code, accessing hundreds of gigabytes of proprietary data from Nvidia, the gang is believed to have used a variety of social engineering techniques to access sensitive information.

From phone-based social engineering to SIM-swapping and even bribery, the Lapsus$ gang was thankfully disrupted following an investigation headed by the City of London Police.

With seven UK teenagers between the ages of 16 and 21 being arrested, one suspected leader is thought to have amassed around $14 million from the gang's online escapades.

Although the gang may not have been active for long, this case is an interesting example of how a relatively rudimentary arsenal of tactics can prove effective against even the most guarded of tech organisations.


Binance, the world’s largest cryptocurrency exchange, has reportedly lost around $570 million worth of digital assets in one cryptos all-time biggest hacks.

Happening only a matter of days before the writing of this article, the situation is still evolving, though what is currently known is the exchange was temporarily forced to suspend transactions as the exploit was being investigated and contained.

Only the latest in a long string of attacks against prominent crypto companies, the incident does signify another blow to an already turbulent industry struggling to regain legitimacy and stability.

With many of these recent cryptocurrency attacks being linked to state-sponsored actors operating out of North-Korea, it is unknown how much of the funds will eventually be recovered, or if any parties will be held responsible.

Shields Health Care Group

The Massachusetts-based medical services provider, specialised in MRI, PETT/CT, and surgery services, announced that on March 28th they were hit with a massive hacking incident in which the medical data of over 2 million people was affected.

Providing services to over 50 medical facilities, the illicitly breached data included the names, social security numbers, addresses, and insurance and financial information of both former and current patients.

Though any breach involving this form of highly sensitive personal data is distinctly impactful, following the disclosure, the company has also been hit with a class action suit which alleges not only those whose information was exposed now face a “substantially increased and certainly impending risk” of identity theft, but also that Shields failed to alert victims within the 60-day window required by law.

While the case is ongoing and no perpetrator has been publicly named, the organisation has stated it will “continue to review and further enhance protections”; though, given the extent of the hack and the serious nature of the information breached, the incident does serve as a cautionary tale to other organisations responsible for the protection of personal data.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.


How to Audit for GDPR Compliance?

Auditing for GDPR Compliance

Questions to consider when auditing your business or SME for General Data Protection Regulation (GDPR) compliance.

Ideas to Improve Employee Cyber Security?

Improving Employee Cyber Security

With human error responsible for many breaches and attacks, we offer some helpful areas for improving employee security compliance.

A Few Cyber Tips for your Organisation

5 Cyber Tips for your Business

Essential cyber tips for helping your business or SME improve information and cyber security.

Maintaining Compliance for Businesses

The Benefits Of Maintaining Compliance For Your Business

By maintaining compliance for your business you can ensure operational efficiency, reduce financial risk, enhance public trust, engage your employees and realise your mission.

5 of the Top Phishing Trends in 2022

Top 5 Phishing Trends in 2022

Insights, trends, and statistics from the world of phishing in 2022.

What are the 10 Steps to Cyber Security?

10 Steps to Cyber Security

The main concepts of the Nation Cyber Security Centre's '10 Steps to Cyber Security' guidance.

The Psychology of Behaviour Change: Optimisation

Cyber Awareness Part II: The Psychology of Behaviour Change

Part two in our blog series examining how the psychology of behaviour change will help us deliver effective awareness campaigns.

The Anti-Phishing Insights  Every CISO Should Know

5 Anti-Phishing Insights Every CISO Should Know

Based the latest scientific research, tips to reduce human error and protect businesses against phishing attacks.

The Psychology of Behaviour Change: Science, Behaviour & Social Influence

Cyber Awareness Part I: The Psychology of Behaviour Change

Cyber awareness helps reduce human error and insecure behaviours. Examining how the psychology of behaviour change will help us deliver effective awareness campaigns.

The importance of an email security policy

Why Organisations Need an Email Security Policy

An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.

Speak to us about your Cyber Awareness