Top 100 Cybersecurity Breaches

Looking back over the past year, it’s impossible not to recognize the widespread data breaches that have caused such chaos. Secret and sensitive data of hundreds of millions of people and companies has been decrypted and exposed and then sold. Data breaches are a terrifying trend in the world of cybercrime, which shows no signs of slowing down just yet.   We’re looking at billions of records stolen and this trend is only getting worse.  Here are the Top 100 Cybersecurity Breaches, so far:

1.      Yahoo

Records: 3 billion

Date: 2013

Hackers have stolen names, dates of birth, phone numbers and passwords with poor encryption protection. In addition, they also had access to security questions and backup emails, useful information in case they were unable to crack certain passwords.

2.      Capital One

Records: 106 Million

Date: March 2019,

Paige Thompson, a former employee of online retail giant Amazon, exploited misconfigured firewalls on Amazon servers leased by Capital One. The data included social security numbers in the United States, a million social insurance numbers in Canada and more than 80,000 bank account numbers.

3.      Panera

Records: 37 million

Date: 2018

Despite being warned by a cybersecurity expert in August 2017 of a data breach at their site, the Panera IT team only acted 8 months later, when the leak occurred. They later announced the website’s closure security maintenance.

4.      Microsoft

Records: 250 million

Date: 2019

Microsoft discovered that an internal support database it used to measure scans was misconfigured for about three weeks. Due to the misconfiguration, anyone with a web browser could access over 250 million customer support records.

5.      Newegg

Records: 50 million

Date: 2018

Newegg was hacked by the cybergang Magecart, which injected a credit card hijack code on the site. Each time a customer made purchases online, payment information was directly transmitted to Magecart’s servers.

6.      Friend Finder Network

Records: 412 million

Date: 2016

The breach included 319 million accounts on Adult Friend Finder, the world’s largest dating sites for adults. The 2016 hack did not disclose sensitive information, such as each user’s sexual preferences. However, a prior Friend Finder hack in 2015, in which 4 million accounts were compromised, did.

7.      Elastic Search

Records: 82 million

Date: 2018

Cyber ​​security experts believe they have traced the source of the unprotected databases: Elastic Search was hacked by a data management company that has since closed its doors. The company is still unknown.

8.      First American Corporation

Records: 885 million

Date: 2019

Customer records of First American Corporation insurance company were found to be publicly available. A First America spokesperson told Gizmodo that the error was due to a “design flaw” in one of its applications.

9.    Facebook

Records: 50 million

Date:  2018

This is the infamous Facebook-Cambridge Analytica scandal where user information was illegally collected without their permission by a data collection company. The covert operation was politically motivated, especially in order to influence the 2016 US presidential campaign.

10. VK

Records: 93 million

Date: 2012

The Russian social network site Vkontakte, known as VK, was the victim of a security breach in which 93 million accounts were exposed. The flaw became known in June 2016 when names, phone numbers, email addresses and passwords of users were discovered in an internet black market.

11. My Heritage

Records: 92 million

Date: 2018

Cyber ​​security researchers alerted the genealogy site in June 2018 that an external server had been discovered with sensitive information on MyHeritage. The company warned its users that all account holders who signed up before October 26, 2017 are no longer protected and must change their passwords.

12. Badoo

Records: 112 million

Date: 2016

Experts found a data gap that allegedly originated in the Badoo social web and was circulating on the Internet. It looked like the information had been stolen a year earlier. 112 million email addresses, names, dates of birth and passwords.

13. Quora

Records: 100 million

Date: 2018

There are still many questions surrounding the details of this breach, but Quora reported to its users that a third party had unauthorized access to one of their systems, without saying more.

14. Adobe

Records: 153 million

Date: 2013

Adobe was the victim of the largest security incident in its history. 153 million accounts have been stolen, including user IDs, names, passwords, and other encrypted raw text.

15. Under Armor

Records: 150 million

Date: 2018

Under Armor’s food and nutrition application was hacked, providing usernames, email addresses and encrypted passwords to hackers. Luckily, no payment information, which the company processes through a separate channel.

16. LinkedIn

Records: 164 million

Date: 2016

LinkedIn revealed that 164 million email addresses and passwords had been exposed. The problem is, the company had suffered a security breach in 2012, but the data has remained hidden over the years. Until the cybercriminals finally decided to put them up for sale on the black market.

17. Exactis

Records: 340 million

Date: 2018

Data collection company Exactis saw 2 terabytes of data relocated to a public site visible to everyone. It is not known who or how many people accessed the information before it was discovered.

18. MySpace

Records: 359 million

Date: 2008

MySpace’s Data breach resulted in 360 million accounts being hacked. In 2016, the data was posted on the dark web for sale. The data was a collection of email addresses, usernames, and the first 10 characters of each password.

19. Starwood

Records: 500 million

Date: 2015

Like many other official violation reports, Starwood’s Marriott-owned hotel chain released a statement saying its servers suffered from “unauthorized access,” but recent findings from the investigation indicate that the violation may have been caused by the Chinese government for political purposes.

20. Aadhaar

Records: 1.1 billion

Date: 2017

Anonymous sellers on WhatsApp charged up to Rs 500 for a single ID authority portal in India where records of virtually all citizens were at the payer’s fingertips.

21. PlayStation Network

Records: 77 million

Date: 2011

Sony announced that some functions of the PlayStation Network had been taken down. PlayStation’s online service was affected for about a month, in which 77 million accounts were offline for 23 days. Sony confirmed that the cost for these 23 days of interruption had a cost around 140 million pounds.

22. Sony Pictures Entertainment

Records: 100 Terabytes

Date: 2014

Three years after the PlayStation Network was affected, the spotlight was on Sony again when confidential information from Sony Pictures Entertainment was leaked. The self-styled “Guardians of Peace” group claimed responsibility for the cyberattack , claiming that they had gained access to computers a year before it was made public. Sony used $ 15 million to deal with these attacks, however, it was unable to stop various leaks

23. JP Morgan Chase.

Records: 79 million

Date: 2011

One of the costliest cyberattacks in history was suffered by Epsilon, the world’s largest marketing service provider, whose companies it serves include JP Morgan Chase and Best Buy.

It is estimated that the cost for this attack could be between $ 225 million to $ 4 billion. The hackers’ targets were email accounts to use for criminal purposes.

24. Altran

Records: 20 million Euros.

Date: 2019

At the start of the year, the French technology-consulting giant Altran was the victim of a cyberattack which temporarily interrupted its activity in Europe. Using a cryptolocker ransomware attack, the hacker managed to enter the company’s computer system and encrypt its files one by one before demanding $1 million fee.

25. Airbus

Records: 9.4 million.

Date: 2019

Airbus, the aeronautics group was also a target of hackers. Although the attack had no consequences on commercial operations, personal data was nonetheless breached by the hackers including: professional contact details and identity of employees.

26. MGM Resorts

Records: 142 million

Date: 2020

MGM Resorts has revealed that the personal data of more than 142 million customers who stayed at the company’s properties in 2019 has been published on the web. The number of affected customers was initially 10.6 million, but has since been revised.

27. T-Mobile

Records: 15 million

Date: 2015

A breach at telecom provider T-Mobile allowed hackers to gain access to employee and customer data. Note: In early January 2021, T-Mobile disclosed another flaw that potentially exposed customer phone numbers and call records.

28. Weibo

Records: 538 million

Date: 2020

The Weibo social network has been hacked and the personal data of more than 538 million users has been stolen and then put up for sale on the web.

29. Virgin Media

Records: 900 Thousands

Date: 2020

A breach at Virgin Media revealed the data of 900,000 users, whose private information remained insecure and accessible online for 10 months.

30. CAM4

Records: 10.9 billion

Date: 2020

Adult site CAM4.com left its production server unprotected, exposing 10.88 billion records.

31. Advanced Info Service

Records: 8 billion

Date: 2020

The Thailand-based mobile network operator Advanced Info Service, left its database exposed and publicly available, leading to the leak of 8 billion records.

32. Antheus Tecnologia

Records: 76 thousands

Date: 2020

Antheus Tecnologia, a Brazil-based biometrics company, left sensitive information exposed on an unsecured server, including 76,000 unique fingerprint records.

33. Magellan Health

Records: 365 thousands

Date: 2020

Magellan Health was the victim of a ransomware attack in which more than 365,000 patient records were compromised.

34. Blackbaud Cloud

Records: 45.000

Date: 2020

A ransomware attack on cloud service provider Blackbaud Cloud impacted hundreds of nonprofits (and subsequently led to 23 consumer class action proposals). While the number of records may be low, Blackbaud had some heavy weight universities and users in its severs.

35. Preen

Records: 350.000

Date: 2020

Preen recently issues a statement reveling that personal details of around 100,000 influencers have been disclosed. Later, 250.000 more data was posted in the dark web for sale.

36. Airtel

Records: 320 million

Date: 2019

The breach was found on the mobile app and had led to the hack of more than 320 million user data. Airtel has learned the hard way.

37. Truecaller

Records: 300 million

Date: 2019

The Truecaller data was hacked and sold on the dark web for less than a 1000$. The sum may be insignificant, but it is what reported thus far. The number of stolen record is also staggering.

38. MongoDB

Records: 275 million

Date: 2019

The MongoDB website was victim to a ransomware attack that left the databases open without the need of a password.

39. WattPad

Records: 271 million

Date: 2020

Wattpad suffered a data breach that exposed nearly 271 million records. The hackers were able to get their hands on emails, IP addresses, phone numbers and so much more.

40. Google Cloud.

Records: 2 billion.

Date: 2020

The attack on Google Cloud resulted in more than 2 billion of stolen data including emails, phones addresses, social media accounts and more.

41. Instagram.

Records: 235 million.

Date: 2020

Nearly 235 million profiles linked to social media giants Instagram, Tik-tok and Youtube have been hacked and left unprotected without any passwords.

42. Zynga

Records: 173 million.

Date: 2019

This is considered one of the top 10 cyberattacks breaches in history. Zynga’s Words With Friends and Draw Something players had had their log in information stolen.

43. Cisco

Records: $ 2.4 million

Date: 2020

A Cisco security engineer hacked into his employer, costing the company $ 2.4 million. The hacker was then sentenced to two years in prison.

44. MyCastingFile

Records: 160 Thousands.

Date: 2020

A breach in the famous online casting agency MyCastingFile has revealed the personal data of more than 260,000 users.

45. Intel

Records: 20 GB of Data.

Date: 2020

20 GB of sensitive corporate data – including documents and records marked as confidential and secret belonging to Intel – have been posted online.

46. Equifax

Records: 163 Million.

Date: 2017

It was reported that the Equifax data breach has affected half the population of USA. The hackers stole financial data as well as other personal information.

47. eBay

Records: 145 Million.

Date: 2014

eBay asked users to change their passwords days after the hackers stole data including names, IP addresses, emails, phone numbers and dates of birth.

48. Canva

Records: 140 Million.

Date: 2019

On May 24, hackers managed to steal data from Canva.com of more than 140 million users. Luckily, the hackers did not get any credit card details, password or social media emails of users.

49. Heartland.

Records: 130 Million.

Date: 2009

Hackers managed to steal bankcards details of more than 130 million user in what is considered the biggest credit card fraud in history.

50. Tetrad

Records: 120 Million.

Date: 2020

Tetrad, A market analysis company exposed data from big retailers such as Kate Spade & Co. and Beverages & More Inc.

51. Target.

Records: 120 Million.

Date: 2013

Target was victim of one of the biggest credit card hack in history. More than 40 million credit cards data was stolen.

52. Just Dial.

Records: 100 Million.

Date: 2019

The hackers managed to steal data including names, email ids, mobile numbers, gender, date of birth and addresses publicly available when they hit JustDial.

53. Rambler

Records: 98 Million.

Date: 2012

The Russian search engine Rambler, was hit hard back in 2022 where cyberattacks were less frequent. The data included emails, user names, password and other information.

54. AOL

Records: 92 Million.

Date: 2004

AOL’s subscriber list was stolen by a software engineer from America Online who sold it on the internet for spammers.

55. Anthem Inc.

Records: 80 Million.

Date: 2015

The investigations on Anthem’s data breach led to the fact that the data stolen included names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.

56. National Archives and Records Administration

Records: 76 Million.

Date: 2009

A hard drive was sent to the manufacturer with the aim of repair but data of 76 million about US military veterans was leaked.

57. Dropbox.

Records: 68 Million.

Date: 2012

Hackers managed to get access to Dropbox servers through using an improperly secured employee password.

58. Tumblr

Records: 65 Million.

Date: 2013

While Tumblr refused to issue a statement regarding how many users impacted, an independent data sources revealed that more that 65 million unique emails and passwords were stolen.

59. US Postal Service.

Records: 60 Million.

Date: 2018

USPS website had a bug where everyone with an account could see details of other users, they managed to fix it but 60 million records had already been breached.

60. Uber

Records: 57 Million.

Date: 2017

57 million records were stolen by two people who worked outside Uber. The breach affected riders and drivers.

61. Check People

Records: 56 Million.

Date: 2020

Check People’s stolen data included emails, phone numbers, home addresses, age, gender and more.

62. Home Depot

Records: 56 Million.

Date: 2014

Banks stated that they could see activity from Home Depot that perfectly implies there was a breach. 56 million credit cards were stolen.

63. Evernote

Records: 50 Million.

Date: 2013

Evernote has asked all its users to change their passwords after they detected a cyberattack on their database in 2013

64. Living Social

Records: 50 Million.

Date: 2013

Living Social has reached out to all its users and asked them to change their passwords. 50 million emails and password had bene stolen in this attack.

65. Animal Jam.

Records: 50 Million.

Date: 2020

Wild Works’ Animal Jam is one of the most popular gams for kids but his did not prevent it from being breached. Data such as gender, age, emails, and user names were stolen.

66. Weebly.

Records: 43 Million.

Date: 2016

I February 2016, Weebly announced to its users that their database has been breached and asked them to change their passwords.

67. Tik-Tok

Records: 42 Million.

Date: 2020

A database of nearly 42 million personal information and profiles connected to TikTok has been stolen due to the company’s weak security systems.

68. CardSystems Solutions.

Records: 40 Million.

Date: 2005

More than 40 million credit cards details were stolen after an individual infiltrated the security of CardSystems Solutions through a third party service they were using.

69. View media.

Records: 38 Million.

Date: 2020

The online marketing View Media was struck by an attack that resulted in the theft of 38 million records including full name, emails, home addresses and phone numbers.

70. Eurofins

Records: 20.000 samples.

Date: 2019

Eurofins, the world leader in biological analysis, fell victim to ransomware, which disrupted its computer systems and exposed the health data of hundreds of thousands of French people. The repercussion of this computer attack was considerable, since the loss is estimated at 35% on the group’s half-year profits. Beyond the financial consequences, the impact is also measured in terms of trust and reputation.

71. Steam

Records: 35 Million.

Date: 2011

Valve announced that Steam suffered from a data breach through which the hackers managed to steal login details, credit cards and email addresses.

72. Ashley Madison

Records: 32 Million.

Date: 2015

Sensitive Data was stolen from Ashley Madison. A 10 gigabytes of account details and log-ins for more than 32 million users.

73. Rock You

Records: 32 Million.

Date: 2009

Rock You! committed the grave error of hiding their data in plain sight, and as expected 32 million records were hacked.

74. WaWa

Records: 30 Million.

Date: 2020

Credit card data stolen from Wawa was found being sold on the dark web months after it was breached.

75. Taringa

Records: 29 Million.

Date: 2017

Taringa hackers managed to get their hands on approximately 29 million records including usernames, email addresses and hashed passwords.

76. Travelex

Records: 29 Million.

Date: 2017

Travelex services have been taken offline due to malware infection. The company itself and the companies using the platform to provide foreign exchange services were all affected by the attack.

77. IRS Tax Refunds

Records: $12 Million.

Date: 2010

A resident of the United States has been convicted of using information disclosed through data breaches to complete fraudulent tax returns, worth $ 12 million.

78. Manor Independent School District

Records: $2 Million.

Date: 2020

The Texas school district lost $ 2.3 million in a phishing attack.

79. Medical Marijuana Industry

Records: 30.000

Date: 2020

A database used by point-of-sale systems used in medical and recreational marijuana dispensaries was compromised, impacting approximately 30,000 US users.

80. Estée Lauder

Records: 440 Million

Date: 2020

440 million Estée Lauder internal files were believed to have been exposed due to middleware security failures.

81. Danish Government Tax Portal

Records: 1.26 Million

Date: 2020

The taxpayer identification numbers of 1.26 million Danish citizens were accidentally exposed.

82. DOD DISA

Records: 8.000

Date: 2019

The Defense Information Systems Agency (DISA), which manages information technology for the White House, admitted it had a data breach that could have compromised employee records.

83. UK Financial Conduct Authority (FCA)

Records: 1600

Date: 2020

The FCA mistakenly disclosed sensitive information belonging to approximately 1,600 consumers as part of an access to information request.

84. Clearview AI

Records: Unknown

Date: 2020

The entire Clearview AI customer list has been stolen due to a software vulnerability.

85. General Electric

Records: Unknown (all employees)

Date: 2020

General Electrics has warned its employees that an unauthorized person has been able to access information belonging to them due to security breaches at its supplier, Canon Business Process Service.

86. Whisper

Records: 900 million

Date: 2020

The anonymous secrets-sharing app Whisper exposed the private profiles and data of millions of online users.

87. UK Home Office

Records: 84.000

Date: 2008

The UK Home Office broke data protection laws when a contractor lost a memory stick with information on thousands of prisoners, a watchdog has ruled.

88. SIM-swap Hacking Circles

Records: 100 million in cryptocurrencies

Date: 2020

Europol has made arrests across Europe, arresting hackers responsible for the theft of more than 100 million in cryptocurrencies.

89. MCA Wizard

Records: 425GB of data

Date: 2020

425 GB of sensitive documents belonging to financial companies were accessible through a database linked to the MCA Wizard application.

90. NutriBullet

Records: Unknown.

Date: 2020

NutriBullet was the victim of a Magecart-type attack, with a payment card theft code that infected the company’s e-commerce site.

US Small Business Administration

Records: 8.000.

Date: 2020

Up to 8,000 emergency loan applicants have been affected by a personal data leak from SBA

91. Nintendo

Records: 160.000.

Date: 2020

160,000 Nintendo users have been affected by an account hijacking campaign.

92. Email.it

Records: 600.000.

Date: 2018

The Italian email provider failed to protect the data of 600,000 users, leading to their resale on the dark web.

93. EasyJet

Records: 9 million

Date: 2019

The low-cost airline EasyJet has revealed a leak that exposed data belonging to 9 million customers, including some financial records.

94. Mitsubishi

Records: 200 MB

Date: 2020

A data breach suffered by the company has also potentially resulted in the theft of confidential missile design data.

95. Toll Group

Records: 95 million

Date: 2020

The logistics giant Toll Group has been hit by a second ransomware attack in three months.

96. Pakistan:

Records: 115 million

Date: 2020

Data belonging to 115 million Pakistani cell phone users leaked online.

97. Wishbone

Records: 40 million

Date: 2020

40 million user records from Wishbone have been posted online by hacking group ShinyHunters.

98. Postbank

Records: $3.2 million

Date: 2020

A South African bank employee got a master key and stole $ 3.2 million from Postbank.

99. Stock X

Records: 6.8 million

Date: 2019

The stolen data from Stock X included names, email address, hashed passwords, shoe sizes, trading currencies and device version profiles.

 

100. NASA

Records: 500 megabytes

Date: 2018

The DopplePaymer gang claimed to have hacked into the networks of a NASA contractor. The data is about Mars’ mission and Curiosity Rover that landed in February 2020.

 

Global InfoSec Awards 2021

We are in our 9th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW