Companies with Major Losses from Cyber Scams
Mark & Spencer (UK)
Nature of Business :
Retail – clothing, food, home goods
Approximate Total Loss :
£ 136 million
Method of Attack :
Tricked an IT staffer (by Social Engineering) to give access to Mark & Spencer’s secured network
Year
2025
Bol (NL)
Nature of Business :
Ecommerce– clothing, grocery, home goods
Approximate Total Loss :
€750 thousand
Method of Attack :
Business Email Compromise (BEC).
Year
2021
Ingram Micro (USA)
Nature of Business :
IT distribution and logistics
Approximate Total Loss :
~$400 million
Method of Attack :
Exploited VPN software using stolen credentials.
Year
2025
Change Healthcare (UnitedHealth Subsidiary,USA)
Nature of Business :
Healthcare IT and payments
Approximate Total Loss :
~$1.6 to $2.87 billion
Method of Attack :
Unpatched vulnerability (Uncovered Security Flaw) + Lack of MFA (multi-factor Authentication)
Year
2024
Synnovis (NHS affiliated, UK)
Nature of Business :
Medical diagnostics and pathology
Approximate Total Loss :
~£32.7 million
Method of Attack :
Weak MFA and Absence of Network Segmentation (allowed fast lateral spread)
Year
2024
CDK Global (Texas, USA)
Nature of Business :
Automotive dealership software
Approximate Total Loss :
$25 million ransom + further losses
Method of Attack :
Phishing and unpatched software vulnerability
Year
2024
Johnson Controls International (Ireland)
Nature of Business :
Building systems and automation
Approximate Total Loss :
≥ $27 million in initial response & remediation costs
Method of Attack :
Unauthorized Access due to Weak MFA
Year
2023
Clorox Company (CA,USA)
Nature of Business :
Consumer cleaning and household products
Approximate Total Loss :
~$380 million
Method of Attack :
Social Engineering (Attackers impersonated as staff having login issues)
Year
2023
