Looking back over the past year, it’s impossible not to recognize the widespread data breaches that have caused such chaos. Secret and sensitive data of hundreds of millions of people and companies has been decrypted and exposed and then sold. Data breaches are a terrifying trend in the world of cybercrime, which shows no signs of slowing down just yet. We’re looking at billions of records stolen and this trend is only getting worse. Here are the Top 100 Cybersecurity Breaches, so far:
1. Yahoo
Records: 3 billion
Date: 2013
Hackers have stolen names, dates of birth, phone numbers and passwords with poor encryption protection. In addition, they also had access to security questions and backup emails, useful information in case they were unable to crack certain passwords.
2. Capital One
Records: 106 Million
Date: March 2019,
Paige Thompson, a former employee of online retail giant Amazon, exploited misconfigured firewalls on Amazon servers leased by Capital One. The data included social security numbers in the United States, a million social insurance numbers in Canada and more than 80,000 bank account numbers.
3. Panera
Records: 37 million
Date: 2018
Despite being warned by a cybersecurity expert in August 2017 of a data breach at their site, the Panera IT team only acted 8 months later, when the leak occurred. They later announced the website’s closure security maintenance.
4. Microsoft
Records: 250 million
Date: 2019
Microsoft discovered that an internal support database it used to measure scans was misconfigured for about three weeks. Due to the misconfiguration, anyone with a web browser could access over 250 million customer support records.
5. Newegg
Records: 50 million
Date: 2018
Newegg was hacked by the cybergang Magecart, which injected a credit card hijack code on the site. Each time a customer made purchases online, payment information was directly transmitted to Magecart’s servers.
6. Friend Finder Network
Records: 412 million
Date: 2016
The breach included 319 million accounts on Adult Friend Finder, the world’s largest dating sites for adults. The 2016 hack did not disclose sensitive information, such as each user’s sexual preferences. However, a prior Friend Finder hack in 2015, in which 4 million accounts were compromised, did.
7. Elastic Search
Records: 82 million
Date: 2018
Cyber security experts believe they have traced the source of the unprotected databases: Elastic Search was hacked by a data management company that has since closed its doors. The company is still unknown.
8. First American Corporation
Records: 885 million
Date: 2019
Customer records of First American Corporation insurance company were found to be publicly available. A First America spokesperson told Gizmodo that the error was due to a “design flaw” in one of its applications.
9. Facebook
Records: 50 million
Date: 2018
This is the infamous Facebook-Cambridge Analytica scandal where user information was illegally collected without their permission by a data collection company. The covert operation was politically motivated, especially in order to influence the 2016 US presidential campaign.
10. VK
Records: 93 million
Date: 2012
The Russian social network site Vkontakte, known as VK, was the victim of a security breach in which 93 million accounts were exposed. The flaw became known in June 2016 when names, phone numbers, email addresses and passwords of users were discovered in an internet black market.
11. My Heritage
Records: 92 million
Date: 2018
Cyber security researchers alerted the genealogy site in June 2018 that an external server had been discovered with sensitive information on MyHeritage. The company warned its users that all account holders who signed up before October 26, 2017 are no longer protected and must change their passwords.
12. Badoo
Records: 112 million
Date: 2016
Experts found a data gap that allegedly originated in the Badoo social web and was circulating on the Internet. It looked like the information had been stolen a year earlier. 112 million email addresses, names, dates of birth and passwords.
13. Quora
Records: 100 million
Date: 2018
There are still many questions surrounding the details of this breach, but Quora reported to its users that a third party had unauthorized access to one of their systems, without saying more.
14. Adobe
Records: 153 million
Date: 2013
Adobe was the victim of the largest security incident in its history. 153 million accounts have been stolen, including user IDs, names, passwords, and other encrypted raw text.
15. Under Armor
Records: 150 million
Date: 2018
Under Armor’s food and nutrition application was hacked, providing usernames, email addresses and encrypted passwords to hackers. Luckily, no payment information, which the company processes through a separate channel.
16. LinkedIn
Records: 164 million
Date: 2016
LinkedIn revealed that 164 million email addresses and passwords had been exposed. The problem is, the company had suffered a security breach in 2012, but the data has remained hidden over the years. Until the cybercriminals finally decided to put them up for sale on the black market.
17. Exactis
Records: 340 million
Date: 2018
Data collection company Exactis saw 2 terabytes of data relocated to a public site visible to everyone. It is not known who or how many people accessed the information before it was discovered.
18. MySpace
Records: 359 million
Date: 2008
MySpace’s Data breach resulted in 360 million accounts being hacked. In 2016, the data was posted on the dark web for sale. The data was a collection of email addresses, usernames, and the first 10 characters of each password.
19. Starwood
Records: 500 million
Date: 2015
Like many other official violation reports, Starwood’s Marriott-owned hotel chain released a statement saying its servers suffered from “unauthorized access,” but recent findings from the investigation indicate that the violation may have been caused by the Chinese government for political purposes.
20. Aadhaar
Records: 1.1 billion
Date: 2017
Anonymous sellers on WhatsApp charged up to Rs 500 for a single ID authority portal in India where records of virtually all citizens were at the payer’s fingertips.
21. PlayStation Network
Records: 77 million
Date: 2011
Sony announced that some functions of the PlayStation Network had been taken down. PlayStation’s online service was affected for about a month, in which 77 million accounts were offline for 23 days. Sony confirmed that the cost for these 23 days of interruption had a cost around 140 million pounds.
22. Sony Pictures Entertainment
Records: 100 Terabytes
Date: 2014
Three years after the PlayStation Network was affected, the spotlight was on Sony again when confidential information from Sony Pictures Entertainment was leaked. The self-styled “Guardians of Peace” group claimed responsibility for the cyberattack , claiming that they had gained access to computers a year before it was made public. Sony used $ 15 million to deal with these attacks, however, it was unable to stop various leaks
23. JP Morgan Chase.
Records: 79 million
Date: 2011
One of the costliest cyberattacks in history was suffered by Epsilon, the world’s largest marketing service provider, whose companies it serves include JP Morgan Chase and Best Buy.
It is estimated that the cost for this attack could be between $ 225 million to $ 4 billion. The hackers’ targets were email accounts to use for criminal purposes.
24. Altran
Records: 20 million Euros.
Date: 2019
At the start of the year, the French technology-consulting giant Altran was the victim of a cyberattack which temporarily interrupted its activity in Europe. Using a cryptolocker ransomware attack, the hacker managed to enter the company’s computer system and encrypt its files one by one before demanding $1 million fee.
25. Airbus
Records: 9.4 million.
Date: 2019
Airbus, the aeronautics group was also a target of hackers. Although the attack had no consequences on commercial operations, personal data was nonetheless breached by the hackers including: professional contact details and identity of employees.
26. MGM Resorts
Records: 142 million
Date: 2020
MGM Resorts has revealed that the personal data of more than 142 million customers who stayed at the company’s properties in 2019 has been published on the web. The number of affected customers was initially 10.6 million, but has since been revised.
27. T-Mobile
Records: 15 million
Date: 2015
A breach at telecom provider T-Mobile allowed hackers to gain access to employee and customer data. Note: In early January 2021, T-Mobile disclosed another flaw that potentially exposed customer phone numbers and call records.
28. Weibo
Records: 538 million
Date: 2020
The Weibo social network has been hacked and the personal data of more than 538 million users has been stolen and then put up for sale on the web.
29. Virgin Media
Records: 900 Thousands
Date: 2020
A breach at Virgin Media revealed the data of 900,000 users, whose private information remained insecure and accessible online for 10 months.
30. CAM4
Records: 10.9 billion
Date: 2020
Adult site CAM4.com left its production server unprotected, exposing 10.88 billion records.
31. Advanced Info Service
Records: 8 billion
Date: 2020
The Thailand-based mobile network operator Advanced Info Service, left its database exposed and publicly available, leading to the leak of 8 billion records.
32. Antheus Tecnologia
Records: 76 thousands
Date: 2020
Antheus Tecnologia, a Brazil-based biometrics company, left sensitive information exposed on an unsecured server, including 76,000 unique fingerprint records.
33. Magellan Health
Records: 365 thousands
Date: 2020
Magellan Health was the victim of a ransomware attack in which more than 365,000 patient records were compromised.
34. Blackbaud Cloud
Records: 45.000
Date: 2020
A ransomware attack on cloud service provider Blackbaud Cloud impacted hundreds of nonprofits (and subsequently led to 23 consumer class action proposals). While the number of records may be low, Blackbaud had some heavy weight universities and users in its severs.
35. Preen
Records: 350.000
Date: 2020
Preen recently issues a statement reveling that personal details of around 100,000 influencers have been disclosed. Later, 250.000 more data was posted in the dark web for sale.
36. Airtel
Records: 320 million
Date: 2019
The breach was found on the mobile app and had led to the hack of more than 320 million user data. Airtel has learned the hard way.
37. Truecaller
Records: 300 million
Date: 2019
The Truecaller data was hacked and sold on the dark web for less than a 1000$. The sum may be insignificant, but it is what reported thus far. The number of stolen record is also staggering.
38. MongoDB
Records: 275 million
Date: 2019
The MongoDB website was victim to a ransomware attack that left the databases open without the need of a password.
39. WattPad
Records: 271 million
Date: 2020
Wattpad suffered a data breach that exposed nearly 271 million records. The hackers were able to get their hands on emails, IP addresses, phone numbers and so much more.
40. Google Cloud.
Records: 2 billion.
Date: 2020
The attack on Google Cloud resulted in more than 2 billion of stolen data including emails, phones addresses, social media accounts and more.
41. Instagram.
Records: 235 million.
Date: 2020
Nearly 235 million profiles linked to social media giants Instagram, Tik-tok and Youtube have been hacked and left unprotected without any passwords.
42. Zynga
Records: 173 million.
Date: 2019
This is considered one of the top 10 cyberattacks breaches in history. Zynga’s Words With Friends and Draw Something players had had their log in information stolen.
43. Cisco
Records: $ 2.4 million
Date: 2020
A Cisco security engineer hacked into his employer, costing the company $ 2.4 million. The hacker was then sentenced to two years in prison.
44. MyCastingFile
Records: 160 Thousands.
Date: 2020
A breach in the famous online casting agency MyCastingFile has revealed the personal data of more than 260,000 users.
45. Intel
Records: 20 GB of Data.
Date: 2020
20 GB of sensitive corporate data – including documents and records marked as confidential and secret belonging to Intel – have been posted online.
46. Equifax
Records: 163 Million.
Date: 2017
It was reported that the Equifax data breach has affected half the population of USA. The hackers stole financial data as well as other personal information.
47. eBay
Records: 145 Million.
Date: 2014
eBay asked users to change their passwords days after the hackers stole data including names, IP addresses, emails, phone numbers and dates of birth.
48. Canva
Records: 140 Million.
Date: 2019
On May 24, hackers managed to steal data from Canva.com of more than 140 million users. Luckily, the hackers did not get any credit card details, password or social media emails of users.
49. Heartland.
Records: 130 Million.
Date: 2009
Hackers managed to steal bankcards details of more than 130 million user in what is considered the biggest credit card fraud in history.
50. Tetrad
Records: 120 Million.
Date: 2020
Tetrad, A market analysis company exposed data from big retailers such as Kate Spade & Co. and Beverages & More Inc.
51. Target.
Records: 120 Million.
Date: 2013
Target was victim of one of the biggest credit card hack in history. More than 40 million credit cards data was stolen.
52. Just Dial.
Records: 100 Million.
Date: 2019
The hackers managed to steal data including names, email ids, mobile numbers, gender, date of birth and addresses publicly available when they hit JustDial.
53. Rambler
Records: 98 Million.
Date: 2012
The Russian search engine Rambler, was hit hard back in 2022 where cyberattacks were less frequent. The data included emails, user names, password and other information.
54. AOL
Records: 92 Million.
Date: 2004
AOL’s subscriber list was stolen by a software engineer from America Online who sold it on the internet for spammers.
55. Anthem Inc.
Records: 80 Million.
Date: 2015
The investigations on Anthem’s data breach led to the fact that the data stolen included names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.
56. National Archives and Records Administration
Records: 76 Million.
Date: 2009
A hard drive was sent to the manufacturer with the aim of repair but data of 76 million about US military veterans was leaked.
57. Dropbox.
Records: 68 Million.
Date: 2012
Hackers managed to get access to Dropbox servers through using an improperly secured employee password.
58. Tumblr
Records: 65 Million.
Date: 2013
While Tumblr refused to issue a statement regarding how many users impacted, an independent data sources revealed that more that 65 million unique emails and passwords were stolen.
59. US Postal Service.
Records: 60 Million.
Date: 2018
USPS website had a bug where everyone with an account could see details of other users, they managed to fix it but 60 million records had already been breached.
60. Uber
Records: 57 Million.
Date: 2017
57 million records were stolen by two people who worked outside Uber. The breach affected riders and drivers.
61. Check People
Records: 56 Million.
Date: 2020
Check People’s stolen data included emails, phone numbers, home addresses, age, gender and more.
62. Home Depot
Records: 56 Million.
Date: 2014
Banks stated that they could see activity from Home Depot that perfectly implies there was a breach. 56 million credit cards were stolen.
63. Evernote
Records: 50 Million.
Date: 2013
Evernote has asked all its users to change their passwords after they detected a cyberattack on their database in 2013
64. Living Social
Records: 50 Million.
Date: 2013
Living Social has reached out to all its users and asked them to change their passwords. 50 million emails and password had bene stolen in this attack.
65. Animal Jam.
Records: 50 Million.
Date: 2020
Wild Works’ Animal Jam is one of the most popular gams for kids but his did not prevent it from being breached. Data such as gender, age, emails, and user names were stolen.
66. Weebly.
Records: 43 Million.
Date: 2016
I February 2016, Weebly announced to its users that their database has been breached and asked them to change their passwords.
67. Tik-Tok
Records: 42 Million.
Date: 2020
A database of nearly 42 million personal information and profiles connected to TikTok has been stolen due to the company’s weak security systems.
68. CardSystems Solutions.
Records: 40 Million.
Date: 2005
More than 40 million credit cards details were stolen after an individual infiltrated the security of CardSystems Solutions through a third party service they were using.
69. View media.
Records: 38 Million.
Date: 2020
The online marketing View Media was struck by an attack that resulted in the theft of 38 million records including full name, emails, home addresses and phone numbers.
70. Eurofins
Records: 20.000 samples.
Date: 2019
Eurofins, the world leader in biological analysis, fell victim to ransomware, which disrupted its computer systems and exposed the health data of hundreds of thousands of French people. The repercussion of this computer attack was considerable, since the loss is estimated at 35% on the group’s half-year profits. Beyond the financial consequences, the impact is also measured in terms of trust and reputation.
71. Steam
Records: 35 Million.
Date: 2011
Valve announced that Steam suffered from a data breach through which the hackers managed to steal login details, credit cards and email addresses.
72. Ashley Madison
Records: 32 Million.
Date: 2015
Sensitive Data was stolen from Ashley Madison. A 10 gigabytes of account details and log-ins for more than 32 million users.
73. Rock You
Records: 32 Million.
Date: 2009
Rock You! committed the grave error of hiding their data in plain sight, and as expected 32 million records were hacked.
74. WaWa
Records: 30 Million.
Date: 2020
Credit card data stolen from Wawa was found being sold on the dark web months after it was breached.
75. Taringa
Records: 29 Million.
Date: 2017
Taringa hackers managed to get their hands on approximately 29 million records including usernames, email addresses and hashed passwords.
76. Travelex
Records: 29 Million.
Date: 2017
Travelex services have been taken offline due to malware infection. The company itself and the companies using the platform to provide foreign exchange services were all affected by the attack.
77. IRS Tax Refunds
Records: $12 Million.
Date: 2010
A resident of the United States has been convicted of using information disclosed through data breaches to complete fraudulent tax returns, worth $ 12 million.
78. Manor Independent School District
Records: $2 Million.
Date: 2020
The Texas school district lost $ 2.3 million in a phishing attack.
79. Medical Marijuana Industry
Records: 30.000
Date: 2020
A database used by point-of-sale systems used in medical and recreational marijuana dispensaries was compromised, impacting approximately 30,000 US users.
80. Estée Lauder
Records: 440 Million
Date: 2020
440 million Estée Lauder internal files were believed to have been exposed due to middleware security failures.
81. Danish Government Tax Portal
Records: 1.26 Million
Date: 2020
The taxpayer identification numbers of 1.26 million Danish citizens were accidentally exposed.
82. DOD DISA
Records: 8.000
Date: 2019
The Defense Information Systems Agency (DISA), which manages information technology for the White House, admitted it had a data breach that could have compromised employee records.
83. UK Financial Conduct Authority (FCA)
Records: 1600
Date: 2020
The FCA mistakenly disclosed sensitive information belonging to approximately 1,600 consumers as part of an access to information request.
84. Clearview AI
Records: Unknown
Date: 2020
The entire Clearview AI customer list has been stolen due to a software vulnerability.
85. General Electric
Records: Unknown (all employees)
Date: 2020
General Electrics has warned its employees that an unauthorized person has been able to access information belonging to them due to security breaches at its supplier, Canon Business Process Service.
86. Whisper
Records: 900 million
Date: 2020
The anonymous secrets-sharing app Whisper exposed the private profiles and data of millions of online users.
87. UK Home Office
Records: 84.000
Date: 2008
The UK Home Office broke data protection laws when a contractor lost a memory stick with information on thousands of prisoners, a watchdog has ruled.
88. SIM-swap Hacking Circles
Records: 100 million in cryptocurrencies
Date: 2020
Europol has made arrests across Europe, arresting hackers responsible for the theft of more than 100 million in cryptocurrencies.
89. MCA Wizard
Records: 425GB of data
Date: 2020
425 GB of sensitive documents belonging to financial companies were accessible through a database linked to the MCA Wizard application.
90. NutriBullet
Records: Unknown.
Date: 2020
NutriBullet was the victim of a Magecart-type attack, with a payment card theft code that infected the company’s e-commerce site.
US Small Business Administration
Records: 8.000.
Date: 2020
Up to 8,000 emergency loan applicants have been affected by a personal data leak from SBA
91. Nintendo
Records: 160.000.
Date: 2020
160,000 Nintendo users have been affected by an account hijacking campaign.
92. Email.it
Records: 600.000.
Date: 2018
The Italian email provider failed to protect the data of 600,000 users, leading to their resale on the dark web.
93. EasyJet
Records: 9 million
Date: 2019
The low-cost airline EasyJet has revealed a leak that exposed data belonging to 9 million customers, including some financial records.
94. Mitsubishi
Records: 200 MB
Date: 2020
A data breach suffered by the company has also potentially resulted in the theft of confidential missile design data.
95. Toll Group
Records: 95 million
Date: 2020
The logistics giant Toll Group has been hit by a second ransomware attack in three months.
96. Pakistan:
Records: 115 million
Date: 2020
Data belonging to 115 million Pakistani cell phone users leaked online.
97. Wishbone
Records: 40 million
Date: 2020
40 million user records from Wishbone have been posted online by hacking group ShinyHunters.
98. Postbank
Records: $3.2 million
Date: 2020
A South African bank employee got a master key and stole $ 3.2 million from Postbank.
99. Stock X
Records: 6.8 million
Date: 2019
The stolen data from Stock X included names, email address, hashed passwords, shoe sizes, trading currencies and device version profiles.
100. NASA
Records: 500 megabytes
Date: 2018
The DopplePaymer gang claimed to have hacked into the networks of a NASA contractor. The data is about Mars’ mission and Curiosity Rover that landed in February 2020.
;
We are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.