<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=259493914477262&amp;ev=PageView&amp;noscript=1">

Tabush Group's Cloud & Managed IT Blog

The Biggest Cyberattacks of 2022

Since the inception of information technology, cybersecurity has come a long way. Unfortunately, cyberattacks have kept pace and malicious actors are constantly on the hunt for new targets. High-profile cyberattacks frequently occur across a variety of industries, proving that anyone can become a target. If 2022 taught us anything, it’s that no business or service is safe from becoming a target. Here are some of the biggest cyberattacks of 2022.

The San Francisco 49ers

If you had to pick a prime target for a cyberattack, an NFL team is probably not your first thought. That sentiment did not hinder BlackByte, an infamous ransomware gang responsible for targeting large corporations. In January 2022, the San Francisco 49ers were competing for a spot in the Super Bowl; Two weeks later their systems were crippled by a ransomware attack.

The attack was quickly discovered by the 49ers organization, prompting them to contact law enforcement and partner with a cybersecurity firm. Despite a quick response, the cyber criminals obtained the personal information of more than 20,000 individuals, including some Social Security numbers. One of the team’s security guards, John Garvey, was sent a letter from the team nearly 8 months after the attack occurred, letting him know his Social Security number was compromised. Garvey subsequently sued the 49ers in August, setting the stage for a class-action lawsuit. In addition, an Atlanta Falcons employee, also compromised by the breach, filed a separate suit seeking class action certification.

Medibank Data Leak

Cyberattacks can target anyone and unfortunately for Medibank, Australia’s largest health insurance company, they were no exception. In October 2022, Medibank notified their customers that a cyber incident had occurred. A cybercriminal group associated with a ransomware gang bought Medibank credentials from the dark web and used those credentials to access Medibank’s systems. They began extracting data but were promptly shut down by Medibank’s cybersecurity team. Shortly after, Medibank was contacted by the cybercriminals, explaining that they had obtained 200GB worth of data and were ready to publicly release it unless a ransom was paid. What ensued was a high-profile standoff between Medibank and the breachers.

According to the World Bank, Australia’s population was 25.69 million in 2021. With that in mind, the Medibank breach resulted in 9.7 million customers, nearly 40% of Australia’s population, being compromised. As Medibank refused to pay repeated ransom demands, the cybercriminals began posting personal and healthcare information for millions of people. At the time of writing, the cybercriminals are threatening to release credit card details, but Medibank claims that no financial information was accessed. Medibank believes paying the ransom will only make things worse and encourage further attacks.


Financial service firms handle sensitive payment and personal information, making the industry a prime target for cyberattacks. Nelnet, the largest student loans servicer in the US holds 42% of all student loans. During the summer of 2022, Nelnet discovered that an unknown party had accessed their systems. After blocking the attack, Nelnet contacted the Department of Education (DoE) and law enforcement, notifying them of the breach. According to Nelnet’s forensic investigation, the unknown party accessed a wealth of borrower information including names, addresses, phone numbers, and Social Security numbers. In total, 2.5 million borrowers were impacted, and a class-action lawsuit is underway.


DoorDash, the popular food delivery app, was one of many targets of a widespread phishing campaign in May of 2022. Cybercriminals were able to access the company’s internal system by successfully phishing one of DoorDash’s third-party vendors. Once they discovered the breach, DoorDash cut off the vendor’s access, but it was too late. The malicious actor stole the personal information of nearly 5 million customers, restaurants, and delivery drivers.

DoorDash released a blog post addressing the incident, claiming that “the phishing campaign did not compromise sensitive information.” However, according to the same blog post, consumer names, email addresses, physical addresses, phone numbers, and partial credit card numbers were compromised. Drivers and restaurants working with DoorDash also had their driver's licenses and partial bank account numbers stolen. In the wake of the breach, DoorDash began working with a cybersecurity firm to assist with their investigation and improve their defenses.

Los Angeles Unified School District

The Los Angeles Unified School District (LAUSD) is the second largest public school district in the US and in 2022, became the target of another high-profile ransomware attack. Similar to the Medibank attack, cybercriminals used leaked login credentials to internally access LAUSD’s system and installed the ransomware. In September 2022, LAUSD was locked out of its systems and received a ransom demand with only 3 days to pay. The ransomware crippled the district’s operational abilities and school closures seemed imminent. LAUSD’s superintendent, Alberto M. Carvalho, took to social media, publicly denying payment of the undisclosed ransom amount.

Carvalho said the money in the school district is for the students and their schools remained open despite limited access to IT resources. After repeated refusals to pay, the attackers released 500GB of stolen data including student and employee health information, passport details, Social Security numbers, as well school legal documents, contract reports, and bank account details. An investigation is underway and a full report is yet to be issued at the time of writing.

Looking Ahead

All of these attacks have one thing in common: they could have been prevented. The fact is any organization can be targeted by malicious actors and a set-it-and-forget-it approach to cybersecurity is not sustainable. Protecting your business before an attack happens and regularly training your employees in cybersecurity is the best way to keep your clients, your company, and your reputation safe.

While the companies on this list may be able to recover from and prevent future cyberattacks, small to midsize businesses do not have access to the same financial and human resources. The costs associated with installing, maintaining, and scaling safe IT infrastructure are typically too high for a small or midsize firm. Partnering with a managed IT provider who has cybersecurity expertise can take the heavy lifting off of your shoulders and keep your business safe.

Don’t wait until it’s too late, see how Tabush Group can improve your cybersecurity and streamline your IT.

Topics: Cybersecurity IT Best Practices