Looking back over the past year, it’s impossible not to recognize the widespread data breaches that have caused such chaos. Secret and sensitive data of hundreds of millions of people and companies has been decrypted and exposed and then sold. Data breaches are a terrifying trend in the world of cybercrime, which shows no signs of slowing down just yet. We’re looking at billions of records stolen and this trend is only getting worse. Here are the Top 100 Cybersecurity Breaches, so far:
Records: 3 billion
Hackers have stolen names, dates of birth, phone numbers and passwords with poor encryption protection. In addition, they also had access to security questions and backup emails, useful information in case they were unable to crack certain passwords.
2. Capital One
Records: 106 Million
Date: March 2019,
Paige Thompson, a former employee of online retail giant Amazon, exploited misconfigured firewalls on Amazon servers leased by Capital One. The data included social security numbers in the United States, a million social insurance numbers in Canada and more than 80,000 bank account numbers.
Records: 37 million
Despite being warned by a cybersecurity expert in August 2017 of a data breach at their site, the Panera IT team only acted 8 months later, when the leak occurred. They later announced the website’s closure security maintenance.
Records: 250 million
Microsoft discovered that an internal support database it used to measure scans was misconfigured for about three weeks. Due to the misconfiguration, anyone with a web browser could access over 250 million customer support records.
Records: 50 million
Newegg was hacked by the cybergang Magecart, which injected a credit card hijack code on the site. Each time a customer made purchases online, payment information was directly transmitted to Magecart’s servers.
6. Friend Finder Network
Records: 412 million
The breach included 319 million accounts on Adult Friend Finder, the world’s largest dating sites for adults. The 2016 hack did not disclose sensitive information, such as each user’s sexual preferences. However, a prior Friend Finder hack in 2015, in which 4 million accounts were compromised, did.
7. Elastic Search
Records: 82 million
Cyber security experts believe they have traced the source of the unprotected databases: Elastic Search was hacked by a data management company that has since closed its doors. The company is still unknown.
8. First American Corporation
Records: 885 million
Customer records of First American Corporation insurance company were found to be publicly available. A First America spokesperson told Gizmodo that the error was due to a “design flaw” in one of its applications.
Records: 50 million
This is the infamous Facebook-Cambridge Analytica scandal where user information was illegally collected without their permission by a data collection company. The covert operation was politically motivated, especially in order to influence the 2016 US presidential campaign.
Records: 93 million
The Russian social network site Vkontakte, known as VK, was the victim of a security breach in which 93 million accounts were exposed. The flaw became known in June 2016 when names, phone numbers, email addresses and passwords of users were discovered in an internet black market.
11. My Heritage
Records: 92 million
Cyber security researchers alerted the genealogy site in June 2018 that an external server had been discovered with sensitive information on MyHeritage. The company warned its users that all account holders who signed up before October 26, 2017 are no longer protected and must change their passwords.
Records: 112 million
Experts found a data gap that allegedly originated in the Badoo social web and was circulating on the Internet. It looked like the information had been stolen a year earlier. 112 million email addresses, names, dates of birth and passwords.
Records: 100 million
There are still many questions surrounding the details of this breach, but Quora reported to its users that a third party had unauthorized access to one of their systems, without saying more.
Records: 153 million
Adobe was the victim of the largest security incident in its history. 153 million accounts have been stolen, including user IDs, names, passwords, and other encrypted raw text.
15. Under Armor
Records: 150 million
Under Armor’s food and nutrition application was hacked, providing usernames, email addresses and encrypted passwords to hackers. Luckily, no payment information, which the company processes through a separate channel.
Records: 164 million
LinkedIn revealed that 164 million email addresses and passwords had been exposed. The problem is, the company had suffered a security breach in 2012, but the data has remained hidden over the years. Until the cybercriminals finally decided to put them up for sale on the black market.
Records: 340 million
Data collection company Exactis saw 2 terabytes of data relocated to a public site visible to everyone. It is not known who or how many people accessed the information before it was discovered.
Records: 359 million
MySpace’s Data breach resulted in 360 million accounts being hacked. In 2016, the data was posted on the dark web for sale. The data was a collection of email addresses, usernames, and the first 10 characters of each password.
Records: 500 million
Like many other official violation reports, Starwood’s Marriott-owned hotel chain released a statement saying its servers suffered from “unauthorized access,” but recent findings from the investigation indicate that the violation may have been caused by the Chinese government for political purposes.
Records: 1.1 billion
Anonymous sellers on WhatsApp charged up to Rs 500 for a single ID authority portal in India where records of virtually all citizens were at the payer’s fingertips.
21. PlayStation Network
Records: 77 million
Sony announced that some functions of the PlayStation Network had been taken down. PlayStation’s online service was affected for about a month, in which 77 million accounts were offline for 23 days. Sony confirmed that the cost for these 23 days of interruption had a cost around 140 million pounds.
22. Sony Pictures Entertainment
Records: 100 Terabytes
Three years after the PlayStation Network was affected, the spotlight was on Sony again when confidential information from Sony Pictures Entertainment was leaked. The self-styled “Guardians of Peace” group claimed responsibility for the cyberattack , claiming that they had gained access to computers a year before it was made public. Sony used $ 15 million to deal with these attacks, however, it was unable to stop various leaks
23. JP Morgan Chase.
Records: 79 million
One of the costliest cyberattacks in history was suffered by Epsilon, the world’s largest marketing service provider, whose companies it serves include JP Morgan Chase and Best Buy.
It is estimated that the cost for this attack could be between $ 225 million to $ 4 billion. The hackers’ targets were email accounts to use for criminal purposes.
Records: 20 million Euros.
At the start of the year, the French technology-consulting giant Altran was the victim of a cyberattack which temporarily interrupted its activity in Europe. Using a cryptolocker ransomware attack, the hacker managed to enter the company’s computer system and encrypt its files one by one before demanding $1 million fee.
Records: 9.4 million.
Airbus, the aeronautics group was also a target of hackers. Although the attack had no consequences on commercial operations, personal data was nonetheless breached by the hackers including: professional contact details and identity of employees.
26. MGM Resorts
Records: 142 million
MGM Resorts has revealed that the personal data of more than 142 million customers who stayed at the company’s properties in 2019 has been published on the web. The number of affected customers was initially 10.6 million, but has since been revised.
Records: 15 million
A breach at telecom provider T-Mobile allowed hackers to gain access to employee and customer data. Note: In early January 2021, T-Mobile disclosed another flaw that potentially exposed customer phone numbers and call records.
Records: 538 million
The Weibo social network has been hacked and the personal data of more than 538 million users has been stolen and then put up for sale on the web.
29. Virgin Media
Records: 900 Thousands
A breach at Virgin Media revealed the data of 900,000 users, whose private information remained insecure and accessible online for 10 months.
Records: 10.9 billion
Adult site CAM4.com left its production server unprotected, exposing 10.88 billion records.
31. Advanced Info Service
Records: 8 billion
The Thailand-based mobile network operator Advanced Info Service, left its database exposed and publicly available, leading to the leak of 8 billion records.
32. Antheus Tecnologia
Records: 76 thousands
Antheus Tecnologia, a Brazil-based biometrics company, left sensitive information exposed on an unsecured server, including 76,000 unique fingerprint records.
33. Magellan Health
Records: 365 thousands
Magellan Health was the victim of a ransomware attack in which more than 365,000 patient records were compromised.
34. Blackbaud Cloud
A ransomware attack on cloud service provider Blackbaud Cloud impacted hundreds of nonprofits (and subsequently led to 23 consumer class action proposals). While the number of records may be low, Blackbaud had some heavy weight universities and users in its severs.
Preen recently issues a statement reveling that personal details of around 100,000 influencers have been disclosed. Later, 250.000 more data was posted in the dark web for sale.
Records: 320 million
The breach was found on the mobile app and had led to the hack of more than 320 million user data. Airtel has learned the hard way.
Records: 300 million
The Truecaller data was hacked and sold on the dark web for less than a 1000$. The sum may be insignificant, but it is what reported thus far. The number of stolen record is also staggering.
Records: 275 million
The MongoDB website was victim to a ransomware attack that left the databases open without the need of a password.
Records: 271 million
Wattpad suffered a data breach that exposed nearly 271 million records. The hackers were able to get their hands on emails, IP addresses, phone numbers and so much more.
40. Google Cloud.
Records: 2 billion.
The attack on Google Cloud resulted in more than 2 billion of stolen data including emails, phones addresses, social media accounts and more.
Records: 235 million.
Nearly 235 million profiles linked to social media giants Instagram, Tik-tok and Youtube have been hacked and left unprotected without any passwords.
Records: 173 million.
This is considered one of the top 10 cyberattacks breaches in history. Zynga’s Words With Friends and Draw Something players had had their log in information stolen.
Records: $ 2.4 million
A Cisco security engineer hacked into his employer, costing the company $ 2.4 million. The hacker was then sentenced to two years in prison.
Records: 160 Thousands.
A breach in the famous online casting agency MyCastingFile has revealed the personal data of more than 260,000 users.
Records: 20 GB of Data.
20 GB of sensitive corporate data – including documents and records marked as confidential and secret belonging to Intel – have been posted online.
Records: 163 Million.
It was reported that the Equifax data breach has affected half the population of USA. The hackers stole financial data as well as other personal information.
Records: 145 Million.
eBay asked users to change their passwords days after the hackers stole data including names, IP addresses, emails, phone numbers and dates of birth.
Records: 140 Million.
On May 24, hackers managed to steal data from Canva.com of more than 140 million users. Luckily, the hackers did not get any credit card details, password or social media emails of users.
Records: 130 Million.
Hackers managed to steal bankcards details of more than 130 million user in what is considered the biggest credit card fraud in history.
Records: 120 Million.
Tetrad, A market analysis company exposed data from big retailers such as Kate Spade & Co. and Beverages & More Inc.
Records: 120 Million.
Target was victim of one of the biggest credit card hack in history. More than 40 million credit cards data was stolen.
52. Just Dial.
Records: 100 Million.
The hackers managed to steal data including names, email ids, mobile numbers, gender, date of birth and addresses publicly available when they hit JustDial.
Records: 98 Million.
The Russian search engine Rambler, was hit hard back in 2022 where cyberattacks were less frequent. The data included emails, user names, password and other information.
Records: 92 Million.
AOL’s subscriber list was stolen by a software engineer from America Online who sold it on the internet for spammers.
55. Anthem Inc.
Records: 80 Million.
The investigations on Anthem’s data breach led to the fact that the data stolen included names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.
56. National Archives and Records Administration
Records: 76 Million.
A hard drive was sent to the manufacturer with the aim of repair but data of 76 million about US military veterans was leaked.
Records: 68 Million.
Hackers managed to get access to Dropbox servers through using an improperly secured employee password.
Records: 65 Million.
While Tumblr refused to issue a statement regarding how many users impacted, an independent data sources revealed that more that 65 million unique emails and passwords were stolen.
59. US Postal Service.
Records: 60 Million.
USPS website had a bug where everyone with an account could see details of other users, they managed to fix it but 60 million records had already been breached.
Records: 57 Million.
57 million records were stolen by two people who worked outside Uber. The breach affected riders and drivers.
61. Check People
Records: 56 Million.
Check People’s stolen data included emails, phone numbers, home addresses, age, gender and more.
62. Home Depot
Records: 56 Million.
Banks stated that they could see activity from Home Depot that perfectly implies there was a breach. 56 million credit cards were stolen.
Records: 50 Million.
Evernote has asked all its users to change their passwords after they detected a cyberattack on their database in 2013
64. Living Social
Records: 50 Million.
Living Social has reached out to all its users and asked them to change their passwords. 50 million emails and password had bene stolen in this attack.
65. Animal Jam.
Records: 50 Million.
Wild Works’ Animal Jam is one of the most popular gams for kids but his did not prevent it from being breached. Data such as gender, age, emails, and user names were stolen.
Records: 43 Million.
I February 2016, Weebly announced to its users that their database has been breached and asked them to change their passwords.
Records: 42 Million.
A database of nearly 42 million personal information and profiles connected to TikTok has been stolen due to the company’s weak security systems.
68. CardSystems Solutions.
Records: 40 Million.
More than 40 million credit cards details were stolen after an individual infiltrated the security of CardSystems Solutions through a third party service they were using.
69. View media.
Records: 38 Million.
The online marketing View Media was struck by an attack that resulted in the theft of 38 million records including full name, emails, home addresses and phone numbers.
Records: 20.000 samples.
Eurofins, the world leader in biological analysis, fell victim to ransomware, which disrupted its computer systems and exposed the health data of hundreds of thousands of French people. The repercussion of this computer attack was considerable, since the loss is estimated at 35% on the group’s half-year profits. Beyond the financial consequences, the impact is also measured in terms of trust and reputation.
Records: 35 Million.
Valve announced that Steam suffered from a data breach through which the hackers managed to steal login details, credit cards and email addresses.
72. Ashley Madison
Records: 32 Million.
Sensitive Data was stolen from Ashley Madison. A 10 gigabytes of account details and log-ins for more than 32 million users.
73. Rock You
Records: 32 Million.
Rock You! committed the grave error of hiding their data in plain sight, and as expected 32 million records were hacked.
Records: 30 Million.
Credit card data stolen from Wawa was found being sold on the dark web months after it was breached.
Records: 29 Million.
Taringa hackers managed to get their hands on approximately 29 million records including usernames, email addresses and hashed passwords.
Records: 29 Million.
Travelex services have been taken offline due to malware infection. The company itself and the companies using the platform to provide foreign exchange services were all affected by the attack.
77. IRS Tax Refunds
Records: $12 Million.
A resident of the United States has been convicted of using information disclosed through data breaches to complete fraudulent tax returns, worth $ 12 million.
78. Manor Independent School District
Records: $2 Million.
The Texas school district lost $ 2.3 million in a phishing attack.
79. Medical Marijuana Industry
A database used by point-of-sale systems used in medical and recreational marijuana dispensaries was compromised, impacting approximately 30,000 US users.
80. Estée Lauder
Records: 440 Million
440 million Estée Lauder internal files were believed to have been exposed due to middleware security failures.
81. Danish Government Tax Portal
Records: 1.26 Million
The taxpayer identification numbers of 1.26 million Danish citizens were accidentally exposed.
82. DOD DISA
The Defense Information Systems Agency (DISA), which manages information technology for the White House, admitted it had a data breach that could have compromised employee records.
83. UK Financial Conduct Authority (FCA)
The FCA mistakenly disclosed sensitive information belonging to approximately 1,600 consumers as part of an access to information request.
84. Clearview AI
The entire Clearview AI customer list has been stolen due to a software vulnerability.
85. General Electric
Records: Unknown (all employees)
General Electrics has warned its employees that an unauthorized person has been able to access information belonging to them due to security breaches at its supplier, Canon Business Process Service.
Records: 900 million
The anonymous secrets-sharing app Whisper exposed the private profiles and data of millions of online users.
87. UK Home Office
The UK Home Office broke data protection laws when a contractor lost a memory stick with information on thousands of prisoners, a watchdog has ruled.
88. SIM-swap Hacking Circles
Records: 100 million in cryptocurrencies
Europol has made arrests across Europe, arresting hackers responsible for the theft of more than 100 million in cryptocurrencies.
89. MCA Wizard
Records: 425GB of data
425 GB of sensitive documents belonging to financial companies were accessible through a database linked to the MCA Wizard application.
NutriBullet was the victim of a Magecart-type attack, with a payment card theft code that infected the company’s e-commerce site.
US Small Business Administration
Up to 8,000 emergency loan applicants have been affected by a personal data leak from SBA
160,000 Nintendo users have been affected by an account hijacking campaign.
The Italian email provider failed to protect the data of 600,000 users, leading to their resale on the dark web.
Records: 9 million
The low-cost airline EasyJet has revealed a leak that exposed data belonging to 9 million customers, including some financial records.
Records: 200 MB
A data breach suffered by the company has also potentially resulted in the theft of confidential missile design data.
95. Toll Group
Records: 95 million
The logistics giant Toll Group has been hit by a second ransomware attack in three months.
Records: 115 million
Data belonging to 115 million Pakistani cell phone users leaked online.
Records: 40 million
40 million user records from Wishbone have been posted online by hacking group ShinyHunters.
Records: $3.2 million
A South African bank employee got a master key and stole $ 3.2 million from Postbank.
99. Stock X
Records: 6.8 million
The stolen data from Stock X included names, email address, hashed passwords, shoe sizes, trading currencies and device version profiles.
Records: 500 megabytes
The DopplePaymer gang claimed to have hacked into the networks of a NASA contractor. The data is about Mars’ mission and Curiosity Rover that landed in February 2020.