Arrow back

2021’s biggest breaches (and what they can teach you)

12 January, 2022

We’re officially made it to 2022, and although the New Year brings plenty of promise, there’s always value in looking back to see what we can learn from the previous twelve months.

2021 was, of course, a challenging year for many individuals and organisations for a number of reasons. Compounding those difficulties, though, data breaches continued to threaten the viability of businesses and other organisations last year, with criminals taking advantage of the uncertainty and pressures of home working.

Around half of all businesses were subjected to a cybersecurity breach in 2021, with medium-sized businesses even higher at 65%. This pattern of increasing numbers of breaches is expected to continue, so it’s crucial that we learn what we can from the breaches of the previous 12 months so that you can develop and refine your cybersecurity strategy for 2022.

These are some of the highest-profile breaches in 2021 - and what you can learn from them:

What were the biggest breaches of 2021?


In June 2021, data associated with 700 million LinkedIn users was posted in a forum on the Dark Web.

That number accounted for 92% of all LinkedIn users and included full names, email addresses, social media account details, phone numbers and geolocation records. More than simply embarrassing for LinkedIn, however, this data is could be used by social engineers to use in identity theft attacks.

LinkedIn issued a statement to say that there had not actually been a data breach and that data had been scraped from the website by bots. However, some cybersecurity experts believe that LinkedIn APIs that share data with other websites were abused.

Crucially, it highlighted the value of training your team to understand what they’re making available online - regardless of its visibility.

Colonial Pipeline

Few breaches in 2021 were as visible as that on Colonial Pipeline, an American oil pipeline that carries 3 million barrels of fuel per day across America, from Texas to New York.

On May 6th, the company was hit by a ransomware attack that encrypted their data and held them to ransom, pausing the pipeline in the process and causing a significant shortfall in available gasoline.

Short of options, Colonial Pipeline, paid the ransom (a fee of around $5m), but the financial impact of the attack amounted to much more than that. The Chief Executive revealed that the attack used a legacy VPN system that did not have a multifactor authentication in place and hackers were able to steal a password.

As is the case with many attacks, a single password allowed hackers to disrupt the entire pipeline, once again highlighting how important it is to train everyone in your organisation on how to create, secure passwords with effective multi-step verification.


Showing that no company is too big to be breached, social media giant Facebook was also hit with a major data breach in 2021.

A leaked database containing 533 million accounts was discovered with data including personal information such as full names, email addresses and phone numbers. It is thought that attackers were able to create a data set by abusing a Facebook address book contacts import feature.

With phone numbers made visible, Facebook users were exposed to attacks that would otherwise be prevented by two-factor authentication methods. Although Facebook declined to notify individuals whether they’d been part of the breach, 4.9% was wiped from their stock price and the company was later rebranded as Meta in a bid to shift the perception of their company.

Why should you care?

You might be thinking why you should care. After all, the breaches above were to high-profile, high-value targets. Who would go after an SME when there are far bigger targets available?

The answer is simple: small and medium-sized companies typically deploy far less training than larger organisations and often employ purely technological systems like firewalls and email filters to protect them from attacks.

With cybercriminals continuing to develop new, more sophisticated techniques and methods to steal data, it’s vital that you take steps to protect your organisation from a breach before it’s too late.

How to protect your business from cyberattacks

To give your company the best chance of avoiding breaches, it’s important to get everyone in your organisation on the same page. As the Colonial Pipeline hack proved, just one error from a single employee can bring a massive company to its knees.

Doing that begins by providing high-quality cybersecurity training to employees. With 90% of breaches occurring as a result of human error, giving your team the knowledge they need to protect themselves and your company is quite simply the most effective way of reducing your risk of breach.

Bob’s Business provides engaging online training solutions to raise cybersecurity awareness amongst employees so that they can capably protect the business from a wide range of online threats.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance