When cyber security goes wrong: 5 companies that paid the price


Businesses of all sizes and types can succumb to cyber attacks. Over the last few years, there have been many notable breaches — as well as hundreds that fly under the radar.

In this guide, we show you the price of a cyber security breach, as experienced in real terms by several companies. The impacts may vary — from internal disruption, loss of confidence from customers and staff, to direct monetary costs.

The larger corporations tend to hit the headlines but these issues are felt by all sizes of business across the UK (and the world) every day, and as such, these five cyber attack examples serve as a reminder that all businesses must be vigilant and prepared at all times.

Cyber Security ebook

The NHS WannaCry attack (2017)

In 2017, the NHS suffered a cyber breach as part of the WannaCry global ransomware attack that took place across many organisations around the world. 

The ransomware infected systems which caused users to be locked out of their computers and their data held to ransom; i.e. a payment was demanded for the now encrypted data. The hackers were looking to retrieve the ransom payments in the Bitcoin cryptocurrency. More than 600 NHS organisations were affected, including 34 hospitals.

Impact on the organisation and patients

During the attack, which lasted more than a week, NHS staff were unable to access IT systems as well as other high-tech machinery such as MRI scanners that rely on network access.

The knock on effect was that many patients’ appointments were cancelled — some for serious conditions such as cancer diagnoses. There were also reports of ambulances being turned away from accident and emergency units due to capacity issues.

Cost implications

Although the ransom was not paid, the attack was still costly for the NHS, with estimates* putting the total damage at around £6 million through rearranged appointments and reduced activity.

The Weir Group ransomware attack (2021)

Industrial engineering company, The Weir Group, was targeted by a sophisticated ransomware attack in October 2021.

The incident led to a sustained period of turbulence within the business, with the group citing* disruptions to areas “including engineering, manufacturing and shipment rephasing”, all of which “resulted in revenue deferrals and overhead under-recoveries.”

Impact on the company

At the time, Weir said there was no evidence that any personal or other sensitive data had been stolen or encrypted. The initial attack led to some delays in the company’s processes, including a stall on shipment of its products to the tune of around £50 million. Some Weir staff were also directly affected, as they were unable to be paid their wages at the correct time or value.

Cost implications

The company acted quickly to react, with systems brought back online in order of business priority. However, it estimated that the incident cost as much as £5 million.

Sainsbury’s DDoS attack (2021)

Sainsbury’s, the second largest supermarket chain in the UK, suffered a breach in late 2021 as part of a distributed denial of service (DDoS) attack on the payroll systems provider, Kronos. The Kronos platform is used to log and process hours worked by employees.

The attack meant that several systems were compromised and data lost or unusable.

Logistical implications

The attack led to the loss of around a week’s worth of data for Sainsbury’s’ 150,000 employees, resulting in some disruption to payment schedules. Internal payroll and HR teams had to work using time-consuming manual methods to analyse previous data around working patterns to ensure staff were paid the right amount in the build up to Christmas.

The Travelex ransomware attack (2019/20)

Travelex, the foreign currency exchange service, suffered a brutal cyber attack on New Year’s Eve 2019. The attack, which saw hackers infiltrate the Travelex systems and hold the data to ransom, meant that the Travelex services were massively disrupted for weeks into the following year.

A group calling themselves Sodinokib, or REvil, claimed responsibility for the attack, and said at the time they were looking for a £4.6 million payment to return the data to the company. The total theft was around 5GB of sensitive customer data, including:

  • Dates of birth
  • Credit card details
  • National insurance numbers

The group threatened to double the ransom if its demands weren’t met, with further threats to release the details.

Impact on the company

The attack was hugely disruptive for Travelex, leading to the company having to suspend all its online operations and resorting to being able to serve customers using traditional pen and paper methods.

There was a knock on effect to other businesses too, including Barclays, HSBC and Sainsbury’s Bank, all of which relied on Travelex’s platform to provide foreign currency to their customers.

Travelex was criticised in the aftermath of the incident for the way it handled the situation, with many customers disgruntled at the lack of transparency and updates as to what had happened.

Cost implications

Despite recommendations from cyber security experts not to pay the ransom, Travelex eventually negotiated with the hackers and made a settlement of around £1.75 million, paid in Bitcoin, in return for the stolen data.

The attack had further reaching complications, though, with the company’s debts increasing by £25 million in the quarter following the breach. Just seven months later, Travelex fell into administration* with the loss of more than 1,000 jobs.

The Heritage Company ransomware attack (2019/20)

Cyber attacks can be wounding for any business, but for small and medium sized companies, they can be terminal. That was the case for The Heritage Company, a US-based telemarketing company, which was targeted in a ransomware attack in 2019.

The company’s servers were hit by hackers who stole large amounts of sensitive data and demanded a ransom for its release. The incident caused much confusion across the business, with operations shut down almost entirely as a resolution was sought.

Cost implications

The Heritage Company ended up paying a ransom payment to the hackers, but weeks afterward, the business’ systems were still down. 

CEO, Sandra Franecke, wrote a letter to staff explaining the breach, and confirming that she had paid an undisclosed amount to the group responsible. She advised employees that the IT teams were busy trying to restore service, and eventually an automated message told staff* they were free to pursue alternative employment.

Franecke also claimed to have paid staff’s salaries from her own pocket due to the financial strain put on the business by the attack

Impact on staff

The incident meant a turbulent festive period for the company’s 300 strong workforce. The breach, which took place in October 2019, first came to light just before Christmas and continued into the new year with only vague updates.

Although Franecke had initially hoped for the shutdown to be temporary, The Heritage Company never recovered and has not traded since, leaving its workforce jobless.

Is your business adequately protected from cyber crime?

These five cyber attack examples show just how costly a security breach can be from both a financial and reputational perspective. And that’s not to mention the emotional turmoil placed on business owners and employed staff who are at the heart of the disruption.

What’s important to remember is that cyber security is important for every business, large or small. Even the smallest businesses possess vital data that criminals can take advantage of if they have a chance.

It’s therefore essential for any business owner to ensure that their cyber defences are robust and strong enough to repel potential attacks. Yes there is additional investment required but the alternative is stark: an open invitation to attackers to steal or corrupt your data and leave your business hanging in the balance.

Download our free ebook, Protect, React, Recover: A Guide to Cyber Resilience for SMEs, to understand how you can better protect your business and its data.

Cyber Security ebook

Looking to bolster your cyber security now? Contact us today on 03300 886 116 or info@pcsupportgroup.com, and we’ll be happy to help you implement a stronger defensive network.


  • Imperial College London
  • IFSEC Global
  • Threat Post