Cybersecurity for the Technology sector

2024

In mid-2024, Snowflake, a major cloud data warehousing provider, was at the center of a widespread data breach that exposed customer environments across at least 165 organizations. The intrusion was attributed to UNC5537, a financially motivated threat actor who systematically accessed customer instances using stolen credentials harvested through infostealer malware. These credentials, many of which had remained active for years without rotation or multi-factor authentication, enabled unauthorized access and large-scale data exfiltration. Snowflake's core infrastructure was not compromised, but the breach revealed significant lapses in access control enforcement among its customer base.[1] High-profile victims included AT&T, Santander, Ticketmaster, and Advance Auto Parts. AT&T reportedly paid $370,000 in an effort to contain the fallout.[2]  

The campaign operated quietly over time, using standard administrative tools to perform reconnaissance and extract sensitive data, which was later advertised for sale on cybercriminal forums. The actor behind the operation, known online as “Judische,” was arrested in Canada in October following a coordinated law enforcement investigation.[3] The incident demonstrated the scale of damage possible when credential hygiene and third-party access are not adequately managed. It also showed how compromise at a single technology provider can lead to widespread downstream impact, highlighting the real-world consequences of supply chain exposure, even in the absence of direct infrastructure compromise.

2021 - 2023

Between 2021 and 2023, T-Mobile experienced a series of significant data breaches that exposed the personal information of tens of millions of people. The largest occurred in August 2021, when a threat actor claimed to possess data on 100 million individuals. T-Mobile confirmed the breach shortly after, estimating that 76 million customers were affected. The stolen information included names, phone numbers, addresses, Social Security numbers, and PINs: data that enabled identity theft, phishing attempts, and account takeovers.[4] The 2022 and 2023 incidents involved credential theft, phishing attacks on employees, and API exploitation due to misconfigured access controls. One breach in early 2023 allowed attackers to access account data of 37 million customers via automated queries submitted through a vulnerable API. 

In 2024, T-Mobile reached a settlement with the Federal Communications Commission that included a $15.75 million civil penalty and a binding agreement to invest an additional $15.75 million over two years to improve its cybersecurity resilience.[5] The T-Mobile breaches underscored the risks of poor access control, inconsistent incident response, and technical debt.

2021

In early 2021, Microsoft disclosed a global cyberattack exploiting four zero-day vulnerabilities in its on-premises Exchange Server software. The state-sponsored Chinese group HAFNIUM was identified as the primary actor, leveraging flaws (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) to access email accounts, elevate privileges, and install web shells: tools allowing persistent backdoor access.[6] The attack began as early as January and impacted over 250,000 servers worldwide, including those of law firms, universities, think tanks, and government agencies. While patches were released on March 2, many systems remained vulnerable as attackers raced to exploit unpatched servers. The attack demonstrated how Exchange servers – central to enterprise communication – could become launchpads for broader network compromise. Threat actors extracted emails, passwords, and in some cases installed ransomware like DearCry. Despite Microsoft's mitigation tools, backdoors often remained after patching.[7] 

A later attack in 2023, targeting Exchange Online, prompted a damning 2024 review by the U.S. Cyber Safety Review Board. It found Microsoft’s security culture lacking, citing delayed detection, premium logging restrictions, and weak risk management. The board deemed the breach “entirely preventable” and called for sweeping reforms at not just Microsoft, but across cloud infrastructure providers.[8] The Exchange hacks served as a wake-up call for the risks of concentrated digital dependencies and illustrated how a compromise in widely used platforms can cascade across countless organisations, amplifying the kind of systemic exposure typical of supply chain attacks.

2020

In 2020, attackers linked to Russia’s Foreign Intelligence Service carried out one of the most sophisticated supply chain attacks in history, targeting IT management software provider SolarWinds. The breach originated from malicious code inserted into an update for the company’s Orion platform, a tool widely used for network monitoring and infrastructure management. Once deployed, the compromised update provided attackers with a hidden backdoor, giving them remote access to customer systems. Nearly 18,000 organizations downloaded the tainted software, including major tech firms like Microsoft, Intel, and Cisco, as well as U.S. federal agencies such as the Department of Homeland Security and the Department of Energy. While only a smaller group of high-value targets were actively exploited, the intrusion enabled deep network access and months-long espionage.[9] 

The SolarWinds incident underscored how vulnerable the software supply chain has become. Trusted vendor relationships, especially in the technology sector, can quickly become single points of failure, allowing attackers to pivot from one target to many. As a result, the breach sparked widespread calls for improved supply chain security and tighter scrutiny of third-party software providers. To learn more about how the SolarWinds attack could have been prevented, read our blog post. 

2018

In late September 2018, Facebook suffered its first major hack since its launch, when attackers exploited a flaw in the “View As” feature to steal access tokens: digital keys that allow users to stay logged in without reentering credentials. Initial reports indicated up to 50 million accounts were compromised, with Facebook forcing 90 million users to log out as a precaution. The stolen tokens also posed a risk to any third-party app using Facebook’s single sign-on (SSO), such as Spotify and Airbnb. Researchers warned of a cascading security threat, as a compromised social login could unlock dozens of connected services. Facebook rapidly patched the vulnerability, disabled the feature, and reset millions of tokens. They notified law enforcement and users, but didn’t confirm any misuse of specific accounts.[10] 

The incident highlighted two major risks: how deeply integrated social logins increase attack surfaces, and how quickly large-scale vulnerabilities can spread. In 2024, EU regulators fined Meta €251 million under GDPR law, finding only 29 million accounts were impacted in Europe, but pointing to systemic failures in safeguarding user data.[11] 

2013 - 2014

In what remains the largest known data breach in history, Yahoo confirmed in 2017 that all 3 billion user accounts had been compromised during a 2013 cyberattack. The stolen data included names, email addresses, phone numbers, birth dates, and hashed passwords, along with security questions and answers - some of which were unencrypted.  

Yahoo initially disclosed the breach in 2016, estimating 1 billion affected users. A year later, that number was revised; tripling in scale after further forensic analysis.[12] The delay in full disclosure drew sharp criticism from regulators and cybersecurity experts, particularly since Yahoo had also suffered a separate breach in 2014 that compromised an additional 500 million accounts. That attack was believed to have been orchestrated by Russian state-sponsored hackers attempting to spy on U.S. targets.[13] So why wasn’t the 2013 breach disclosed earlier? At the time, Yahoo was in the process of finalizing the sale of its core business to Verizon Communications, Inc. When the breach became public in 2016, Verizon negotiated a $350 million reduction in the acquisition price, citing concerns over brand damage and legal liability. Yahoo also faced lawsuits, intense public backlash, and a $35 million fine from the SEC for failing to disclose the breach in a timely manner.[14] 

Together, these incidents underscore how poor breach visibility and delayed reporting can devastate a company’s reputation and directly affect its valuation.