Cybersecurity breaches are getting worse. As AI development continues apace, criminals are employing increasingly sophisticated methods to dupe unsuspecting individuals and gain access to your information. According to the Tech.co “Impact of Technology on the Workplace” report, at least 16% of companies experienced a breach in 2024, with a further 5% unsure.
The repercussions of these data breaches can be grave. In the short-term, you could be faced with significant financial problems. For instance, cybercriminals can hold your information to ransom. If you don’t pay, it can end up on the dark web – at which point, your customers will probably file a lawsuit.
It is in the long term, however, that companies experience the direst consequences. Recently, reports emerged that DNA testing firm 23andMe was to file for bankruptcy and later sell itself as it continues to suffer the fallout from a high-profile breach in 2023. And there are countless other examples.
From destroying your reputation to plundering your finances, data breaches can have a truly catastrophic impact on your company. In this guide, I’ve put together a list of some of the businesses that have had to endure extreme hardship due to a cyberattack.
23andMe
As mentioned above, the genetic testing firm has been embroiled in legal trouble since it was hit by a massive data breach in October 2023. A cyber criminal seized personal information belonging to no fewer than 6.9 million customers – just under half of the company’s total customer base.
Reportedly, the criminal took advantage of two features – known as “DNA Relatives” and “Family Tree” – that allow customers to share information with each other, in order to steal so much information.
This just in! View
the top business tech deals for 2025 👨💻
It has also transpired that they specifically targeted individuals with Chinese and Ashkenazi Jewish heritage, whose information was put up for sale on the dark web. 23andMe initially failed to notify these customers.
What happened to 23andMe?
The company was promptly hit with a class action lawsuit. In September 2024, it agreed to pay $30 million in cash payments to individuals whose information was stolen. It also agreed to provide three years of security monitoring, with customers permitted to enroll in a program known as “Privacy & Medical Shield + Genetic Monitoring.”
This enormous financial outlay necessitated a company restructure, which ultimately resulted in 200 employees, or 40% of the total workforce, losing their jobs. 23andMe stopped all development of its therapies, and put itself up for sale. After several failed takeover bids, CEO Anne Wojcicki resigned. The company has now filed for bankruptcy as it seeks a new buyer.
With doubts over the company’s future swirling, customers are concerned about their data. On March 21, 2025, California Attorney General Rob Bonta issued a consumer alert, urging people to delete their accounts and corresponding genetic data. When all is said and done, the 23andMe data breach has been nothing short of a disaster for both business and customer alike.
Meta
The social media giant is no stranger to controversy. Over the years, the Mark Zuckerberg-helmed company has been at the center of numerous scandals, from Facebook-Cambridge Analytica to accusations of widespread election misinformation in 2016.
It also holds the dubious honor of recipient of the biggest data privacy violation fine in history. It all started in 2013, when Austrian activist Max Schrems brought a class action suit against Meta, citing concerns that when European users’ data was transferred to the US, it was not being adequately protected from American intelligence agencies.
Then, in August 2020, Ireland’s Data Protection Commission (DPC) launched an inquiry into Meta Platform Ireland Limited, which was eventually concluded in May 2023. Meta Ireland was found guilty of failing to establish appropriate guardrails to safeguard the user information in question.
What happened to Meta?
The platform was billed $1.3 billion for violation of General Data Protection Regulation (GDPR), a European Union (EU) mandate designed to enforce information privacy. EU regulators have also ordered Meta to suspend the transfer of personal data to the US, which has had a sizeable knock-on impact on the way that Meta carries out its operations in Europe.
Beyond that, the company has suffered a massive blow to its reputation. While difficult to quantify, the impacts of this are often far-reaching and permanent. Meta intends to appeal the decision, but the damage has been done.
TravelEx
In December 2019, foreign exchange company TravelEx suffered a massive data breach. Cyber criminals launched a sophisticated ransomware attack on New Year’s Eve that brought the company to a complete standstill. TravelEx took down its websites across 30 countries to try and contain the attack, but it was in trouble.
The criminals, who were part of a gang known as REvil, claimed to have already accessed the company’s computer network and stolen 5GB of sensitive customer data. Allegedly, this included dates of birth, credit card information, and national insurance numbers.
TravelEx failed to file a data breach report to the UK Information Commissioner’s Office (ICO), which is a national requirement for companies that suffer data breaches. Under GDPR, failing to do so within 72 hours of the original breach can result in a fine of 4% of the company’s global turnover.
What happened to TravelEx?
After negotiating with the preparators, the company agreed to pay a ransom of $2.3 million. Its parent company, Finablr, attempted to sell the company, but was ultimately unsuccessful. A subsequent restructure resulted in the loss of over 1,300 jobs.
It later transpired that concerns around digital security vulnerabilities had been raised earlier in 2019. When this came to light, the impact on TravelEx’s reputation was catastrophic. The company survived the ordeal, but it has never recaptured the market share that it held before it suffered the cybersecurity breach.
MediSecure
Australian prescriptions vendor MediSecure revealed that it had experienced a data breach in July 2024, during which the personal information of 12.9 million people was compromised. In other words, almost half of the population of the country.
Information on the nature of the breach is scarce, but it’s thought that cyber criminals exploited a vulnerability within the company’s IT estate to plant a ransomware attack. From there, they encrypted sensitive customer data and demanded a ransom for its release.
What happened to MediSecure?
Whether or not the company gave in to the criminals’ demands is unclear, but what we do know for sure is that they didn’t stop there. With all that personal information at their disposal, the criminals also launched a series of subsequent attacks against affected individuals.
Anticipating an avalanche of lawsuits from disgruntled customers, MediSecure requested a bailout from the Australian government. It was rejected. The company has since entered into administration, meaning that it is in the process of being reorganized, with a view to its total shutdown.
National Public Data
The employee background check company was subject to a massive data breach in August 2024. Reportedly, cyber criminals gained access to the company’s database via a zip file located on the company website. They stole no fewer than 2.9 billion records belonging to 170 million people.
What happened to National Public Data?
Predictably, the company never recovered. Shortly after the breach came to light, the company filed for bankruptcy to prepare for the subsequent litigation and investigations. Ultimately, it was shut down.
