Complete history of cyber attacks, key threat analysis, and essential resources to check if your data has been compromised
Understanding the cyber threat landscape is crucial for protecting yourself and your organization
U.S. losses to online crime hit $16+ billion in 2024, up 33% year-over-year according to the FBI's IC3 report.
View FBI ReportThe global average cost of a data breach reaches into the multi-million-dollar range, with healthcare and financial sectors hit hardest.
IBM Cost ReportRansomware and mass-exploitation campaigns like MOVEit and Log4Shell show how one flaw can ripple through thousands of organizations.
MOVEit AnalysisCISA's Known Exploited Vulnerabilities (KEV) catalog is the definitive list of threats being actively used by attackers right now.
View KEV CatalogA cyber attack is any deliberate attempt to disrupt, disable, steal from, or gain unauthorized control of a computer system or network. This includes phishing, malware and ransomware, supply-chain compromises, DDoS, zero-day exploitation, data exfiltration, and attacks on industrial control systems (ICS).
View ENISA Threat LandscapeKey incidents that shaped the cyber threat landscape and evolved attack tactics
First major Internet-scale worm affects 6,000+ computers (10% of Internet). Leads to the first felony conviction under the U.S. Computer Fraud and Abuse Act.
FBI Case StudyPrecision malware sabotages Iran's Natanz nuclear centrifuges. A watershed moment for ICS-focused attacks and cyber-physical warfare.
CFR AnalysisGlobal ransomware outbreak disrupts 200,000+ systems across 150+ countries, including England's NHS healthcare system.
NHS Case StudyDestructive malware masquerading as ransomware causes >$10B in global damages, hitting Maersk, Merck, and countless others.
WIRED InvestigationSupply-chain compromise of Orion software hits multiple U.S. federal agencies and thousands of enterprises worldwide.
CISA AdvisoryDarkSide ransomware halts fuel supply across the U.S. East Coast. Ransom paid, with partial recovery later by DOJ.
CISA AnalysisCritical vulnerability in ubiquitous Apache Log4j logging library leads to mass exploitation across the internet.
CISA GuidanceCl0p ransomware group exploits MOVEit file transfer software, compromising 1,000+ organizations and 60+ million individuals.
TechCrunch AnalysisSocial engineering attacks target major casino operations. Caesars reportedly paid ~$15M ransom; MGM faced ~$100M impact.
Attack OverviewRansomware attack triggers nationwide healthcare disruption. ~$22M ransom reportedly paid with multibillion-dollar fallout.
WIRED ReportUnderstanding the most common and dangerous cyber attack methods in plain English
Sophisticated social engineering attacks that trick users into sending money, credentials, or sensitive information. BEC attacks alone cause billions in losses annually and are a major driver of FBI IC3 reported crimes.
Malicious software that encrypts systems and/or threatens to leak stolen data unless ransom is paid. Modern variants often combine encryption with data theft for double extortion.
Attacks that abuse trusted software updates or vendor relationships to gain widespread access. These attacks are particularly dangerous because they leverage existing trust relationships.
Attacks targeting previously unknown vulnerabilities or widely-used components before or just after public disclosure. These create massive exposure windows across the internet.
Distributed attacks that flood services with traffic to make them unavailable to legitimate users. Often used as cover for other attacks or for extortion purposes.
Essential tools and resources to check if your information appears in known data breaches
The most comprehensive database for checking if your email or phone number appears in known data breaches. Also includes "Pwned Passwords" to check if your passwords have been compromised.
Searchable database of data breach notifications filed with the California Attorney General. Includes downloadable CSV data for comprehensive analysis.
Official U.S. Department of Health and Human Services database of HIPAA breaches affecting 500 or more individuals at healthcare entities.
Official site for free credit reports from all three major bureaus. Now available weekly instead of annually.
Free service to block new credit accounts from being opened in your name. The most effective protection against identity theft.
Official FTC site to report identity theft and receive a personalized recovery plan with step-by-step guidance.
If a company notifies you of a breach, use the official channels in that notice (free credit monitoring, PINs, dedicated hotlines) and be wary of phishing emails that imitate breach notifications.
Step-by-step checklist to protect yourself when your data has been compromised
Immediately change passwords for affected accounts and enable multi-factor authentication (MFA), preferably app-based or hardware key authentication.
Sign out of all devices and sessions, then rotate API keys, app passwords, and access tokens that may have been compromised.
Place a credit freeze with all three major credit bureaus and consider adding a fraud alert to your credit reports.
Freeze & alerts
Freeze & alerts
Freeze & alerts
Watch your bank statements, credit card bills, and credit reports weekly for any unauthorized activity or new accounts.
File reports with appropriate authorities to create an official record and help prevent future incidents.
Check Explanation of Benefits, contact your insurer/provider, and review HHS breach listings if uncertain about medical data exposure.
Keep these resources handy in case of a security incident
Contact all three to place freezes and alerts
IdentityTheft.gov for reporting and recovery
Report cyber crimes and online fraud