Breach Tracker Updated regularly

A cybersecurity breach tracker for small businesses

Notable, publicly-documented incidents that hit small and mid-sized businesses — organised by sector, each with what happened, the lesson, and a link to how you avoid the same fate. Every entry is sourced.

These are public incidents summarised for educational purposes from the sources cited with each entry. Figures reflect public reporting at the time and may be revised as investigations conclude. This page is general information, not legal advice.

Auto DealersRansomware (supply chain) June 2024

CDK Global dealer-management outage

A ransomware attack on CDK Global took its dealer-management platform offline, disrupting operations at roughly 15,000 auto dealerships across the US and Canada for about two to three weeks — halting sales, service, parts, and F&I workflows.

The lesson

Your DMS vendor is part of your supply chain. When it goes down, your in-store posture — backups, manual runbooks, and a WISP — is what keeps you trading.

Lessons from the CDK ransomware attack

Source: Widely reported (Reuters, Associated Press), June 2024

Real EstateBusiness email compromise (wire fraud) 2024 (annual report)

FBI: business email compromise remains a top-loss crime

The FBI's Internet Crime Complaint Center (IC3) continues to rank business email compromise among the costliest cybercrimes, with billions in reported losses annually — a large share tied to intercepted or spoofed payment and real-estate closing wires.

The lesson

Verify every payment-instruction change out-of-band, by a known phone number. One confirmed call prevents the wire that can't be recalled.

Wire fraud at closing

Source: FBI IC3 Internet Crime Report (annual)

HealthcareRansomware February 2024

Change Healthcare (UnitedHealth) ransomware

A ransomware attack on Change Healthcare, a major claims-clearing subsidiary of UnitedHealth Group, disrupted pharmacy and provider claims nationwide for weeks and became one of the largest healthcare data breaches on record. Initial access has been reported as tied to a remote-access account without multi-factor authentication.

The lesson

MFA on every remote-access and admin account is the single control that most often separates a blocked attempt from a national-scale incident.

Healthcare ransomware response

Source: Widely reported; UnitedHealth Group disclosures and US Congressional testimony, 2024

Cross-IndustrySocial engineering (vishing) September 2023

MGM Resorts & Caesars help-desk compromise

Attackers linked to the 'Scattered Spider' group reportedly reset employee credentials by phoning IT help desks and impersonating staff, then deployed ransomware. Caesars reportedly paid a large ransom; MGM endured a multi-day operational outage.

The lesson

Your help desk is an attack surface. Identity-verification procedures for password/MFA resets stop the phone call that starts the breach.

Social-engineering attacks

Source: Widely reported (Reuters, TechCrunch); company 8-K filings, 2023

Supply ChainZero-day exploitation (supply chain) May–June 2023

MOVEit Transfer zero-day (Clop)

The Clop ransomware group exploited a zero-day flaw in Progress Software's MOVEit Transfer file-transfer tool, stealing data from thousands of organisations worldwide through a single vendor's software — including many that had never heard of the product until their data leaked.

The lesson

You inherit the risk of every vendor in your data chain. Third-party/vendor due diligence is a control, not paperwork.

Third-party & vendor risk

Source: Widely reported; CISA advisory AA23-158A, 2023

Supply ChainRansomware December 2022

Rackspace hosted-Exchange ransomware

A ransomware attack on Rackspace's hosted Microsoft Exchange environment knocked out email for thousands of small and mid-sized business customers, some for days, and the legacy service was ultimately retired.

The lesson

A hosted-email outage can stop an SMB cold. Modern, well-configured Microsoft 365 with backup and MFA is more resilient than legacy hosted Exchange.

Is Microsoft 365 secure enough?

Source: Widely reported (BleepingComputer); Rackspace incident updates, 2022–2023

NonprofitsRansomware / data theft May 2020

Blackbaud ransomware (nonprofit donor data)

A ransomware attack on Blackbaud, a leading provider of fundraising and CRM software to nonprofits and schools, exposed donor data held on behalf of thousands of nonprofit and education clients — most of whom learned they were affected only after the fact.

The lesson

Nonprofits hold sensitive donor and payment data and are frequently reached through a shared software vendor. Vendor due diligence and breach-notification readiness matter here too.

Third-party & vendor risk

Source: Widely reported; multiple state Attorney General settlements, 2020–2023

Would your business survive one of these?

Get a free 30-minute assessment. We'll map your current controls against the way these incidents actually started — MFA, backups, vendor risk, and email — and hand you a plain-English list of what to fix first.