Written by: Ferhat Dikbiyik, Chief Research & Intelligence Officer

Last year, several cyber incidents made headlines for their cascading impacts on devices, companies, industries, and individuals around the world. The CrowdStrike outage caused blue-screen chaos for more than 8.5 million devices, and the Snowflake attack campaign rippled into disruptions at giants like Ticketmaster and AT&T, among others.

In our 2025 Third-Party Breach Report, The Silent Breach: How Third Parties Became the Biggest Cyber Threat in 2024, the Black Kite Research and Intelligence Team (BRITE) dug beyond general statistics to find the stories behind nearly 100 major cyber incidents from last year. From those, we identified eight incidents that we believe had the biggest impact on global industries and the cyber risk landscape: 

  1. Cencora Ransomware Attack
  2. Change Healthcare Ransomware Attack
  3. Snowflake Attack Campaign
  4. CrowdStrike Service Outage
  5. CDK Global Ransomware Attack
  6. HealthEC LLC Software Vulnerability
  7. Blue Yonder Ransomware Attack
  8. Cleo Exploitation

Check out the infographic below to learn more about each incident, its cascading effects, and key takeaways for security teams. You can also read on for commonalities and trends we identified among our top eight incidents.

Common Themes in 2024’s Most Significant Cyber Incidents

Last year’s most significant cyber incidents saw new targets, known bad actor priorities, and some old tricks. Here are three trends we identified among last year’s most noteworthy cyber events:

The Cascading Impact of a Single Incident Can Impair Entire Supply Chains

The interconnected nature of the world today can be a boon for business innovation, but it also creates room for bigger risks. Increasingly in 2024, we saw how attacks on individual organizations can ripple downstream, exposing the fragility of entire supply chains. Consider the following examples: 

  • Crowdstrike: While not an attack, the Crowdstrike outage impacted an estimated 8.5 million devices worldwide across several industries. It’s estimated the event cost more than $5 billion in direct costs and lost productivity. 
  • Snowflake: Attackers gained access to Snowflake accounts without multi-factor authentication (MFA), ultimately leading to data exposure for organizations like Ticketmaster, Santander Bank, LendingTree, and AT&T.

Bad Actors Remain Fixated on Industries Rich in Sensitive Data, Like Healthcare

Bad actors’ fixation on industries rich in sensitive data isn’t new—but it is persistent. In 2024, the lure of sensitive data in healthcare still proved especially tempting for bad actors. Three of the companies involved in our top incidents from last year operate in the healthcare space:

  • Cencora: A breach at this pharmaceutical distributor exposed sensitive patient data for millions of individuals and came with an alleged $75 million ransom—potentially the largest on record. 
  • Change Healthcare: A ransomware attack on this healthcare data provider caused disruptions throughout the U.S. healthcare ecosystem. It also triggered an increase in more aggressive tactics from ransomware affiliates. 
  • HealthEC LLC: A breach at this healthcare technology firm exposed the sensitive information of approximately 45 million patients.

Despite ongoing concerns about the impacts of AI on the cyber landscape, some threat actors found that old tricks and techniques still work just fine. Consider the following incidents from our list that used known attack vectors and vulnerabilities to exploit entire supply chains: 

  • Cleo: The Cl0p ransomware group exploited vulnerabilities in Cleo’s Managed File Transfer (MFT) solutions to breach downstream organizations, similar to the previous year’s MOVEit and GoAnywhere incident.
  • CDK Global and Blue Yonder: Ransomware is still a menace. CDK Global suffered a ransomware attack that caused disruptions at thousands of car dealerships across the U.S. Meanwhile, a ransomware attack at Blue Yonder caused disarray for retail giants. 

Dig into the details of each incident by downloading our infographic: 

Black Kite_Infographic_2025ThirdPartyBreachReport_Top8IncidentsDownload

The incidents of 2024 exposed the “silent breaches” lurking within our interconnected ecosystems. These breaches often went unnoticed until their cascading effects wreaked havoc on industries such as healthcare, retail, and logistics. 

What does that mean for cybersecurity teams? Now, more than ever, there’s an urgent need for proactive risk management, robust defense, and greater visibility into vendor ecosystems. 
CTA: Want to learn more about the biggest cyber incidents of 2024 and what you can do to protect your organization? Download our full 2025 Third-Party Breach Report, The Silent Breach: How Third Parties Became the Biggest Cyber Threat in 2024 (no download required).



Dig into our full 2025 Third Party Breach Report: The Silent Breach: How Third Parties Became the Biggest Cyber Threat in 2024 – accessible instantly, no download required.




Read Now