Every time a major breach hits the headlines, executives everywhere ask the same question:
"How did that happen to them—and could it happen to us?"
The reality is, behind nearly every major incident is a list of overlooked basics. Most of these breaches didn’t result from some exotic, never-before-seen exploit. They happened because companies failed to do simple things that could have prevented or contained the damage.
Here are five real-world breaches and the critical missteps behind them—plus what your business can do to stay out of the next headline.
💥 Real Case: Colonial Pipeline (2021)
A single set of compromised VPN credentials—with no MFA—allowed attackers from the DarkSide ransomware group to gain access and shut down one of the largest fuel pipelines in the U.S. for several days.
🎯 The Lesson:
Even large, critical infrastructure firms get this wrong. If Colonial had required MFA, the attackers would have needed more than a leaked password to get in.
✅ What to Do:
Enforce MFA for all remote access, cloud services, and admin accounts
Use phishing-resistant options like hardware tokens or app-based approvals
Audit enforcement across all business units and vendors
💥 Real Case: Scripps Health (2021)
A ransomware attack forced this major hospital system to take patient care systems offline for weeks. Investigations revealed poor visibility into infrastructure and backup environments, which delayed response and recovery.
🎯 The Lesson:
Scripps didn’t know which systems were impacted, where backups were stored, or how far attackers had reached—because they lacked a real-time asset inventory and network segmentation.
✅ What to Do:
Maintain a live asset inventory of endpoints, cloud assets, and software
Segment networks to isolate critical systems (e.g., finance from marketing)
Monitor for unauthorized or unmanaged devices
💥 Real Case: Equifax (2017)
One of the most notorious breaches in U.S. history exposed the personal data of 147 million Americans. The cause? A known Apache Struts vulnerability that went unpatched for two months.
🎯 The Lesson:
Equifax had received an internal alert about the vulnerability—but failed to verify that the fix had been applied. Regulators and courts viewed this as preventable negligence.
✅ What to Do:
Implement a vulnerability management program with clear SLAs
Track patch status by system and owner—not just send reminders
Focus especially on internet-facing and high-risk systems
💥 Real Case: Norsk Hydro (2019)
This global aluminum producer was hit by a ransomware attack that disrupted production across 170 sites. Their saving grace? A well-practiced incident response plan.
🎯 The Lesson:
While Norsk Hydro did have a plan (and it helped), many companies don’t. Those that scramble during a breach suffer longer downtimes, legal exposure, and greater reputational harm.
✅ What to Do:
Write and test your Incident Response Plan (IRP)
Assign roles across legal, IT, comms, and leadership
Run tabletop exercises twice a year
💥 Real Case: Morgan Stanley (2022 enforcement by SEC)
Morgan Stanley faced a $35M SEC fine not for being breached, but for failing to properly document how they decommissioned devices containing client data. Lacking documentation, they couldn’t prove they had followed reasonable procedures.
🎯 The Lesson:
Good intentions and practices mean nothing without documentation. Regulators and courts need to see what you did, when, and why.
✅ What to Do:
Keep a written security program (WISP), risk assessments, and audit logs
Document training, vendor reviews, and incident response drills
Get executive sign-off and maintain version history
Breaches aren’t always the result of advanced cybercrime. Often, they happen because a company missed the basics—and failed to fix issues that were known and fixable.
At Bawn, we help organizations build defensible, business-aligned cybersecurity programs that hold up to real-world threats, regulators, and insurers.
Use Theirs.
Want help applying these lessons to your company? We'll walk you through a complimentary risk readiness review—tailored to your industry, size, and goals.
→ Schedule your Cyber Readiness Review with Bawn today.