| alternative name
|
organisation
|
year
|
records lost
|
displayed records
|
sector
|
method
|
story
|
date
|
data sensitivity
|
|
|
Kaiser Permanente
|
2024
|
13,400,000
|
|
health
|
oops!
|
A leading U.S. healthcare organization transmitted personal information to third-party vendors, including Google, Microsoft Bing, and X (formerly Twitter), including search terms entered in Kaiser's health encyclopedia.
|
Apr 24
|
3
|
|
|
Ticketmaster
|
2024
|
560,000,000
|
560m
|
media
|
hacked
|
Hacker group ShinyHunters say it stole names, addresses, phone numbers and partial credit cards details from hundreds of millions of Ticketmaster customers around the world.
|
Jun 24
|
3
|
|
|
Stanford University
|
2023
|
27,000
|
|
academic
|
hacked
|
The Akira ransomware group claims to have stolen 430 GB of data, including names and social security numbers. The breach went unnoticed for four months, suggesting a possible prolonged attacker presence
|
May 23
|
2
|
|
|
Cooler Master
|
2024
|
500,000
|
|
tech
|
hacked
|
Threat actor 'Ghostr' hacked the company's Fanzone website, stealing 103 GB of data. Compromised info includes names, emails, phone numbers, birth dates, addresses, product details, employee info, and vendor correspondence.
|
May 24
|
2
|
| FBCS
|
Financial Business and Consumer Solutions
|
2024
|
3,200,000
|
|
tech
|
hacked
|
A U.S. debt collection agency reported a breach Initially affecting 1.9m people but the number has since increased significantly. Stolen data includes names, SSNs, birthdates, account info, and driver's license numbers.
|
Feb 24
|
2
|
|
|
Santander
|
2024
|
30,000,000
|
|
financial
|
hacked
|
Threat actor 'ShinyHunters' claim to be selling Santander bank data on 30m customers from Chile, Spain and Uruguay.
|
May 24
|
3
|
|
|
Everbridge
|
2024
|
5,600,000
|
|
tech
|
hacked
|
The American crisis management software company, serving the U.S. Army, Atlanta Airport, and Norway and Australia, suffered a major data breach. Both business and user data compromised.
|
May 24
|
1
|
|
|
BBC
|
2024
|
25,000
|
|
media
|
hacked
|
Personal information of BBC Pension Scheme members, including current and former employees, was compromised. Data types include names, National Insurance numbers, birthdates, and home addresses.
|
May 24
|
2
|
|
|
First American
|
2023
|
44,000
|
|
finance
|
hacked
|
The second largest title insurance company in the US did not reveal which personal information was compromissed.
|
Dec 23
|
2
|
|
|
Christie's
|
2024
|
500,000
|
|
retail
|
hacked
|
Famous auction house Christie's lost sensitive information on 500,000 clients to the RansomHub extortion gang. This includes full names, physical addresses, and ID details. Ironically, the cybercriminals also auction these stolen files to the highest bidder.
|
May 24
|
2
|
|
|
Sav-Rx
|
2023
|
2,800,000
|
|
health
|
hacked
|
Prescription management company Sav-Rx warned over 2.8m people in the US of a data breach. Compromised data includes full names, birthdates, SSNs, emails, addresses, phone numbers, eligibility data, and insurance IDs.
|
Oct 23
|
2
|
|
|
Cencora
|
2024
|
100,000
|
|
health
|
hacked
|
Major drug companies, including Novartis and Bayer, disclosed data breaches after a February 2024 cyberattack at Cencora, their pharmaceutical services partner. Compromised data includes names, addresses, diagnoses, medications, and prescriptions.
|
Feb 24
|
4
|
|
|
WebTPA
|
2023
|
2,400,00
|
|
tech
|
hacked
|
The breach at this employer service compromised names, contact info, birth/death dates, SSNs, and insurance details. Impacted individuals include customers of The Hartford, Transamerica, and Gerber Life Insurance.
|
Apr 23
|
2
|
| Nissan North America
|
Nissan
|
2023
|
53;000
|
|
transport
|
hacked
|
This breach of the car manufacturer exposed personal data (including Social Security numbers) belonging to current and former employees.
|
Nov 23
|
2
|
| Singing River Health System
|
Singing River
|
2023
|
895,000
|
|
health
|
hacked
|
A healthcare provider in the Gulf Coast region was breached by the Rhysida ransomware gang. Compromised data includes names, birthdates, addresses, SSNs, and medical info.
|
Aug 23
|
4
|
| Helsinki
|
City of Helsinki
|
2024
|
80,000
|
|
government
|
hacked
|
A data breach in Helsinki's education division affected tens of thousands of students, guardians, and personnel. Compromised data includes usernames, emails, IDs, addresses, fee details, education info, welfare requests, and medical certificates.
|
Apr 24
|
4
|
|
|
Firstmac
|
2024
|
100,000
|
|
finance
|
hacked
|
Australia's largest non-bank lender had 500GB of data stolen by the Embargo cyber-extortion group. Stolen data includes names, addresses, emails, phone numbers, birthdates, bank account info, and driver's license numbers.
|
Apr 24
|
3
|
|
|
The Post Millennial
|
2024
|
26,000,000
|
|
media
|
hacked
|
A conservative Canadian news magazine was breached leaking data on mailing lists, subscriber info, and details of writers and editors: names, emails, usernames, passwords, IPs, phone numbers, addresses, and genders.
|
May 24
|
2
|
|
|
Dell
|
2024
|
49,000,000
|
|
tech
|
oops!
|
The Dell data breach by a threat actor scraped 49m customer records via a partner portal API accessed as a fake company. Data includes customer names, order info, warranty details, service tags, and locations.
|
Apr 24
|
2
|
|
|
UK Ministry of Defense
|
2024
|
270,000
|
|
government
|
hacked
|
A threat actor breached the Ministry of Defence, accessing the Armed Forces payment network. Compromised data includes personal and banking details and a few addresses of active, reserve, and some retired personnel.
|
May 24
|
2
|
| Dropbox Sign
|
Dropbox
|
2024
|
100,000
|
|
tech
|
hacked
|
A Dropbox service which allows online document signatures, was breached. Hackers accessed authentication tokens, MFA keys, hashed passwords, and customer information.
|
Apr 24
|
2
|
|
|
Panda Restaurants
|
2024
|
47,000
|
|
retail
|
hacked
|
Information exposed includes names or other personal identifiers and their driver's license numbers or ID card numbers for an undisclosed cohort.
|
Mar 24
|
2
|
|
|
Philadelphia Inquirer
|
2023
|
25,000
|
|
media
|
hacked
|
A breach at this daily newspaper exposed names, personal identifiers, and financial account or credit/debit card numbers with security codes, passwords, or PINs. The Cuba ransomware gang claimed responsibility.
|
May 23
|
4
|
|
|
French government
|
2024
|
43,000,000
|
43m
|
government
|
hacked
|
A breach in a French government department - responsible for registering and assisting unemployed people - exposed 20 years of personal data, including names, birthdates, Social Security numbers, travel IDs, emails, postal addresses, and phone numbers.
|
Feb 24
|
2
|
| University System of Georgia
|
USG
|
2023
|
800,000
|
|
government
|
hacked
|
USG, operating 26 public colleges and universities in Georgia, was compromised in the 2023 Clop MOVEit attacks, which impacted thousands of organizations worldwide. Data included full/partial SSNs, birthdates, bank account numbers, and tax documents with Tax IDs.
|
May 24
|
2
|
|
|
Ohio Lottery
|
2023
|
538,000
|
|
gaming
|
hacked
|
The DragonForce ransomware gang claimed responsibility for the Christmas Eve attack on the Ohio Lottery. They accessed names, SSNs, and other personal identifiers of affected individuals.
|
Dec 24
|
2
|
|
|
OmniVision
|
2023
|
100,000
|
|
tech
|
hacked
|
The Cactus ransomware gang claimed an attack, leaking passport scans, NDAs, contracts, and confidential documents from OmniVision, a subsidiary of Will Semiconductor, designs imaging sensors for various devices.
|
Sep 24
|
3
|
|
|
Western Sydney University
|
2023
|
7,500
|
|
academic
|
hacked
|
Hackers had accessed the University's Microsoft Office 365 environment, including email accounts and SharePoint files.
|
May 24
|
1
|
|
|
AT&T
|
2024
|
73,000,000
|
73m
|
telecoms
|
hacked
|
Sensitive 2019 data from 7.6m current AT&T account holders and approximately 65.4m former account holders. Emails, passcodes, social security numbers.
|
Apr 24
|
4
|
|
|
Irish towing company
|
2023
|
512,000
|
|
transport
|
poor security
|
The driving licences and payment card etails of thousands of motorists who had vehicles towed on behalf of the Irish police
|
Oct 23
|
3
|
|
|
Maine Government
|
2023
|
1,300,000
|
|
government
|
hacked
|
Russian ransomware group Clop stole names, dates of birth, Social Security numbers, driver’s license and other state or taxpayer identification numbers. Some individuals had medical and health insurance information taken.
|
May 23
|
4
|
|
|
Welltok
|
2023
|
8,500,000
|
|
health
|
hacked
|
Patient data was exposed during the breach, including full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information.
|
Nov 23
|
4
|
|
|
Maximus
|
2023
|
10,000,000
|
|
government
|
hacked
|
Exploit of a zero-day flaw in the MOVEit file transfer application. Data stolen included social security numbers, protected health information.
|
Jul 23
|
4
|
|
|
Okta
|
2023
|
134
|
|
tech
|
hacked
|
Names and email addresses of customers of the identity security company. 134 of the company's 18,400 clients were impacted, but that only five instances of successful session hijacking were logged
|
Nov 23
|
1
|
|
|
Delta Dental
|
2023
|
7,000,000
|
|
health
|
hacked
|
The dental insurance company suffered unauthorized access by threat actors through the MOVEit file transfer software application exposing full credit card details of customers
|
May 23
|
3
|
|
|
Xfinity
|
2023
|
36,000,000
|
|
telecoms
|
hacked
|
Hackers using the CitrixBleed vulnerability accessed acocunt details like name, last four digits of social security numbers and hashed passwords
|
Oct 23
|
2
|
|
|
Atlassian
|
2023
|
13,200
|
|
tech
|
oops!
|
SiegedSec hacked Atlassian, the owner of Trello and other apps, via a third party office app, leaking employee details and office floor plans after an employee publicly shared credentials.
|
Feb 23
|
1
|
|
|
Reddit
|
2023
|
100,000
|
|
web
|
hacked
|
A phishing attack granted access to Reddit's internal documents and systems, but without breaching main production systems, user passwords, or accounts.
|
Feb 23
|
1
|
|
|
Go Daddy
|
2022
|
1,228,000
|
|
web
|
hacked
|
GoDaddy faced a multi-year breach (2020-2022) by a single intruder, resulting in stolen source code, user credentials, malware installation, and user redirects to malicious sites. WordPress customers’ email addresses, usernames, passwords, and even their SSL private keys were stolen.
|
Dec 23
|
3
|
|
|
MGM
|
2023
|
10,600,000
|
|
retail
|
hacked
|
AlphV and Scattered Spider's cyberattack on MGM caused slot machine errors and hotel queues in Las Vegas, stealing pre-March 2019 customer data and inflicting a $100m loss on the company's Q3 results. MGM declined to say if any ransom was paid.
|
Sept 23
|
3
|
|
|
Uber
|
2022
|
20,000,000
|
|
transport
|
hacked
|
Data on 77,000 Uber employees and internal reports were leaked on forums. While Uber denied ownership of the implicated source code, the breach stemmed from their third-party vendor, Teqtivity, which had a security incident earlier that year.
|
Dec 22
|
1
|
|
|
X (Twitter)
|
2023
|
200,000,000
|
200m
|
web
|
poor security
|
From Nov 2022 to Jan 2023, over 200 million Twitter users' data, including emails and names, was exposed due to repeated security flaw exploitations and posted on hacker forums. But no highly sensitive data was revealed.
|
Jan 23
|
1
|
|
|
CommuteAir
|
2023
|
1,500,000
|
|
transport
|
hacked
|
Swiss hacker Maia Arson Crimew, stumbled upon a misconfigured AWS server containing TSA's No Fly list and exposed ~250,000 'selectees' (selectees are automatically chosen for additional screening each time they fly) to a hacker forum.
|
Jan 23
|
2
|
|
|
Yum!
|
2023
|
10,000,000
|
|
retail
|
hacked
|
The brand owner of KFC, Pizza Hut, and Taco Bell fast food chains saw an undisclosed amount of personal user information stolen during a ransomware attack: names, driver's license numbers, and other ID card numbers. ~300 restaurants were shut down in the UK due to IT system disruptions caused by the attack.
|
Jan 23
|
2
|
|
|
PharMerica
|
2023
|
5,800,000
|
|
health
|
hacked
|
Full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people.
|
May 23
|
4
|
|
|
NATO
|
2023
|
8,000
|
|
government
|
hacked
|
Hacktivist group, SiegedSec, claimed to have broken into six NATO web portals and stolen >3,000 files and 9GB of data. Threat intel biz CloudSEK analysis revealed 20 unclassified documents and 8,000 personnel records with names, job titles, email addresses, home addresses, and photos.
|
Jul 23
|
4
|
|
|
Topgolf Callaway
|
2023
|
1,114,954
|
|
retail
|
hacked
|
Only full names, shipping and email addresses, phone numbers, order histories, account passwords and answers to security questions were exposed.
|
Aug 23
|
2
|
|
|
Sony
|
2023
|
6,800
|
|
tech
|
hacked
|
Personal information belonging to current and former employees and their family members was stolen by Clop in a ransomware attack. Details unrevealed by Sony.
|
Oct 23
|
2
|
|
|
23andMe
|
2023
|
6,900,000
|
6.9m
|
health
|
hacked
|
Hackers accessed the genetic site's user data via login guesses and information from DNA relatives (users opt into sharing info through DNA relatives for others to see). Stolen data included personal and some genetic ancestry and health details. After two breaches, one unverified, 23andMe now faces legal action.
|
Oct 23
|
4
|
|
|
Optus
|
2022
|
9,700,000
|
|
telecoms
|
hacked
|
The telecom company faced a 'sophisticated attack' exposing ~10 million accounts including personal details (passport, driver’s licence & Medicare numbers). Hacker demanded $1m ransom but later apologized and claimed data deletion, unverified.
|
Sept 2022
|
4
|
|
|
PayPal
|
2023
|
34942
|
|
finance
|
hacked
|
PayPal's breach involved unauthorized account access using credential stuffing (exploiting users reusing the same password for multiple accounts). It wasn't from a direct security lapse and hackers couldn't transact. PayPal reset passwords.
|
Dec 22
|
2
|
|
|
Acer
|
2023
|
10,000,000
|
|
tech
|
hacked
|
Acer suffered a data breach when a server was hacked, with threat actors selling 160GB of stolen data. The company said the incident hadn't impacted customer info.
|
Mar 23
|
1
|
|
|
MSI
|
2023
|
10,000,000
|
|
tech
|
hacked
|
Money Message ransomware group claims to have stolen MSI's source code, demanding $4 million to prevent leaks. MSI downplays impact and hasn't confirmed paying ransom, assuring no user data was affected but advises software downloads only from official sources.
|
Apr 23
|
1
|
|
|
T-Mobile
|
2023
|
37,000,000
|
|
telecoms
|
hacked
|
T-Mobile's system was exploited by 'bad actors' from November 2022 to January 2023, exposing customer data. It's their ninth hack since 2018, with a 2021 breach affecting 49 million customers.
|
Jan 23
|
2
|
|
|
T-Mobile
|
2023
|
836
|
|
telecoms
|
hacked
|
T-Mobile faced its second 2023 data breach, exposing PINs and data from Feb to Mar. Though way smaller than the first 2023 breach (only affecting 836 customers), it adds to the $350mil 2021 settlement and erodes customer trust.
|
Mar 23
|
2
|
|
|
ChatGPT
|
2023
|
101,000
|
|
tech
|
hacked
|
Over 101,000 ChatGPT accounts were stolen by malware last year. Breakdown: Asia-Pacific 40,999, Middle-East/Africa 24,925, Europe 16,951, Latin America 12,314, North America 4,737. Malware extracts browser credentials from SQLite databases, using CryptProtectData function to decrypt stored data.
|
Mar 23
|
2
|
| The Teachers Insurance and Annuity Association of America
|
TIAA
|
2023
|
2,300,000
|
|
finance
|
hacked, poor security
|
This US retirement fund for teachers faced a data breach exposing client details. A former teacher-client is suing for inadequate cybersecurity and leaving data unencrypted on a vulnerable platform.
|
May 23
|
2
|
|
|
Microsoft
|
2023
|
30,000,000
|
|
web
|
hacked
|
Anonymous Sudan hacked Microsoft, accessed customer data, and caused outages. They offered the database for $50,000. But Microsoft claims no evidence of compromised customer data.
|
Jun 23
|
2
|
|
|
Microsoft
|
2023
|
10,000,000
|
unknown
|
web
|
hacked
|
China-backed hackers stole a cryptographic key from Microsoft, undetected for a month, accessing 25 organizations, including government. Microsoft's postmortem cites past system vulnerabilities.
|
May 23
|
3
|
|
|
Roblox
|
2020
|
4,000
|
|
gaming
|
poor security
|
Data identifying Roblox creators was breached at a developers' conference, undisclosed for 2 years due to a third-party security issue.
|
Dec 20
|
2
|
|
|
Discord.io
|
2023
|
760,000
|
|
gaming
|
hacked
|
Unidentified person listed user data for sale on darknet. Discord.io enables custom Discord invites.
|
Aug 23
|
1
|
|
|
Clorox
|
2023
|
10,000,000
|
unknown
|
retail
|
hacked
|
Clorox detected unauthorized IT activity in August 2023. By September, the contained hack led to slower production and a 2% stock drop. Specific affected files undisclosed
|
Aug 23
|
1
|
|
|
Latitude Financial
|
2023
|
14,000,000
|
|
finance
|
hacked
|
14 million customer records, including driver's licence numbers, passport numbers and financial statements, stolen in a cyber-attack that was worse than the company initially reported.
|
Apr 23
|
2
|
|
|
Toyota
|
2022
|
296,019
|
|
transport
|
poor security
|
An access key to a data server storing customer email addresses and management numbers was mistakenly published publically on GitHub for five years.
|
Oct 22
|
2
|
|
|
Shein
|
2022
|
39,000,000
|
|
retail
|
hacked
|
Online fast fashion retailer suffered a breach of its login credentials in 2018 but failed to notify its customers
|
Oct 22
|
2
|
| BPJS Kesehatan
|
Indonesia's health agency
|
2022
|
279,000,000
|
|
government
|
hacked
|
The ID numbers, salary and phone numbers of every single man, woman and child in the country was stolen.
|
May 21
|
3
|
|
|
CoinSquare
|
2022
|
50,000
|
|
tech
|
hacked
|
Major Canadian Crypto Exchange. company claims customer assets are “secure in cold storage and are not at risk.”
|
Nov 22
|
1
|
|
|
Indian Railways
|
2022
|
30,000,000
|
|
transport
|
hacked
|
Stolen data includes usernames, emails, phone numbers, gender, city, state, invoices
|
Dec 22
|
2
|
|
|
Indonesian SIM cards
|
2022
|
1,000,000,000
|
1.3bn
|
telecoms
|
hacked
|
A vast data hack of 1.3 bn SIM registrations evealing national identity numbers, phone numbers, and more.
|
Oct 22
|
3
|
|
|
LastPass
|
2022
|
33,000,000
|
|
web
|
hacked
|
Popular password manager breached; basic account info exposed. Sensitive vault data like usernames and passwords remained safely encrypted.
|
Aug 22
|
2
|
|
|
Twitter
|
2022
|
200,000,000
|
|
web
|
hacked
|
Over 200 million Twitter emails were stolen and posted online, possibly before Musk's 2022 takeover.
|
Dec 22
|
1
|
|
|
City of Amagasaki, Japan
|
2022
|
500,000
|
|
government
|
oops!
|
An unnamed government official lost his bag after a night's drinking. It contained a USB stick with sensitive data of the entire city's residents. USB stick was encrypted and passworded.
|
Jun 2022
|
3
|
|
|
Shanghai Police
|
2022
|
500,000,000
|
"one billion"
|
finance
|
hacked
|
A database containing records of over a billion Chinese civilians – allegedly stolen from the Shanghai Police. Addresses, police records and national ID numbers. Potentially one of the largest data breaches in history. Details repressed and censored by Chinese media.
|
Jul 2022
|
5
|
|
|
Twitter
|
2021
|
5,400,000
|
|
web
|
hacked
|
Zero day vulnerability allowed a threat actor to create profiles of 5.4 million Twitter users inc. a verified phone number or email address, and scraped public information, such as follower counts, screen name, login name, etc
|
Dec 2021
|
2
|
|
|
Plex
|
2022
|
15,000,000
|
|
web
|
hacked
|
Intruders access password data, usernames, and emails for at least half of its 30 million users.
|
Aug 2022
|
1
|
|
|
Dubai Real Estate Leak
|
2022
|
800,000
|
|
finance
|
inside job
|
Data leak exposes how criminals, officials, and sanctioned politicians poured money into Dubai real estate including more than 100 members of Russia's political elite, public officials, or businesspeople close to the Kremlin, as well as dozens of Europeans implicated in money laundering and corruption
|
May 2022
|
1
|
|
|
Heroku
|
2022
|
50,000
|
|
tech
|
hacked
|
A compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." on the Salesforce-owned cloud platform.
|
Apr 2022
|
2
|
|
|
Mailchimp
|
2022
|
106,586
|
|
tech
|
hacked
|
Hackers gained access to internal customer support and account management tools of the email marketing company to steal audience data and conduct phishing attacks.
|
Apr 2022
|
1
|
|
|
PayHere
|
2022
|
1,580,249
|
|
finance
|
hacked
|
Sri Lankan payment gateway PayHere suffered a data breach exposing more than 65GB of payment records including over 1.5M unique email addresses. (IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date).
|
Mar 2022
|
3
|
|
|
CDEK
|
2022
|
18,218,203
|
19m
|
retail
|
hacked
|
UNVERIFIED. Russian courier service CDEK was hacked by Ukrainian hacker group "IT Army" - including 19M unique email addresses along with names and phone numbers.
|
Mar 2022
|
3
|
|
|
Washington State Dpt of Licensing
|
2022
|
257,000
|
|
government
|
hacked
|
The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system.
|
Feb 2022
|
3
|
|
|
Red Cross
|
2022
|
500,000
|
|
NGO
|
hacked
|
A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.
|
Jan 2022
|
4
|
|
|
Open Subtitles
|
2022
|
100,000
|
|
web
|
hacked
|
|
Jan 2022
|
1
|
|
|
FlexBooker
|
2022
|
3,700,000
|
3.7m
|
web
|
hacked
|
appointment scheduling service
|
Jan 2022
|
3
|
|
|
LINE Pay
|
2021
|
133,000
|
|
finance
|
poor security
|
|
Dec 2021
|
2
|
|
|
Robinhood
|
2021
|
5,000,937
|
5m
|
finance
|
hacked
|
a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers.
|
Nov 2021
|
2
|
|
|
GoDaddy
|
2021
|
1,200,000
|
|
web
|
hacked
|
Security Incident Affecting Managed WordPress Servic
|
Nov 2021
|
1
|
|
|
Travelio
|
2021
|
471,376
|
470K
|
misc
|
hacked
|
The Indonesian real estate website Travelio suffered a data breach of over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens.
|
Nov 2021
|
2
|
|
|
Acer
|
2021
|
3,000,000
|
|
tech
|
hacked
|
|
Oct 2021
|
1
|
|
|
Brewdog
|
2021
|
200,000
|
|
retail
|
poor security
|
BrewDog, one of the world's largest craft beer brewers, has exposed personally identifiable information (PII) belonging to more than 200,000 of its shareholders and customers,
|
Oct 2021
|
1
|
| South Africa
|
Experian SA
|
2020
|
24,000,000
|
|
web
|
oops!
|
Handed over personal information of their South African customers to a fraudulent client.
|
Jul 2020
|
3
|
|
|
Nvidia
|
2021
|
100,000
|
|
tech
|
hacked
|
|
Mar 2021
|
2
|
|
|
Okta
|
2021
|
100,000
|
|
tech
|
hacked
|
Identity and access management provider Okta
|
Jan 2021
|
1
|
|
|
Royal Enfield
|
2020
|
420,873
|
|
transport
|
poor security
|
Motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. (Email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information)
|
Jan 2020
|
3
|
|
|
Avvo
|
2019
|
4,101,101
|
4.1m
|
legal
|
hacked
|
A data breach of the lawyer directory service released 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords.
|
Dec 2019
|
1
|
|
|
Aimware
|
2019
|
305,470
|
|
gaming
|
hacked
|
Video game cheats website "Aimware" suffered a data breach of subscribers' personal information (email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes)
|
May 2019
|
3
|
|
|
Twitch
|
2021
|
10,000,000
|
unknown
|
gaming
|
hacked
|
Full source code breach of the streaming gaming site revealed a trove of internal data & documents including core config packages, devtools, and payments to top streamers.
|
Oct 2021
|
4
|
|
|
Syniverse
|
2021
|
500,000,000
|
unknown
|
telecoms
|
hacked
|
"A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide."
|
Sep 2021
|
4
|
|
|
Pandora Papers
|
2021
|
11,900,000
|
|
government
|
hacked
|
Millions of documents reveal offshore deals and assets of more than 100 billionaires, 30 world leaders and 300 public officials
|
Oct 2021
|
4
|
|
|
Neiman Marcus
|
2021
|
4,600,000
|
|
retail
|
hacked
|
Occurred sometime in May 2020 after "an unauthorized party" obtained the personal information of some Neiman Marcus customers from their online accounts.
|
Sep 2021
|
3
|
|
|
Epik
|
2021
|
15,000,000
|
|
retail
|
hacked
|
An Internet-services company for concealing online identities, popular with the far right
|
Sep 2021
|
5
|
|
|
Thailand visitors
|
2021
|
100,000,000
|
100m
|
government
|
poor security
|
Any foreigner who has travelled to Thailand in the last decade ‘might have had their information exposed’
|
Sep 2021
|
2
|
|
|
T-Mobile
|
2021
|
76,000,000
|
|
telecoms
|
hacked
|
Exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. T-mobile paid a $500m settlement.
|
Aug 2021
|
3
|
|
|
Contact tracing data
|
2021
|
38,000,000
|
38m
|
telecoms
|
hacked
|
A thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases.
|
Aug 2021
|
3
|
|
|
Estonian gov
|
2021
|
280,000
|
|
government
|
hacked
|
A hacker was able to obtain over 280,000 personal identity photos following an attack on the state information system last Friday.
|
Jul 2021
|
4
|
| UK firearms sales website
|
Guntrader
|
2021
|
111,000
|
|
retail
|
hacked
|
Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords used by gun shops across the UK.
|
Jul 2021
|
2
|
|
|
Linkedin
|
2021
|
700,000,000
|
700m
|
web
|
hacked
|
The hacker appears to have misused the official LinkedIn API to scrape the data, the same method used in a similar breach back in April. User details, but no passwords.
|
Jul 2021
|
1
|
|
|
VW
|
2021
|
3,300,000
|
|
transport
|
hacked
|
Phone numbers, email addresses and some sensitive credit data. Nearly all those impacted were current or potential customers of Audi, one of the German automaker's luxury brands
|
Jun 2021
|
2
|
|
|
MacDonalds
|
2021
|
10,000,000
|
unknown
|
retail
|
hacked
|
Unknown detail
|
Jun 2021
|
2
|
|
|
Air India
|
2021
|
4,500,000
|
|
transport
|
hacked
|
Passenger’s name, date of birth, contact information, passport information, ticket information, frequent flyer data and credit card information.
|
May 2021
|
2
|
| Japanese dating app
|
Omiai dating app
|
2021
|
1,710,000
|
|
app
|
hacked
|
Addresses and dates of birth from identification, including passports, drivers’ licenses and health insurance cards, provided to the company.
|
May 2021
|
2
|
|
|
Amazon Reviews
|
2021
|
13,124,962
|
|
web
|
poor security
|
Database exposing an organized fake reviews scam affecting Amazon. The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free products
|
May 2021
|
2
|
|
|
Peloton
|
2021
|
3,000,000
|
|
tech
|
poor security
|
|
May 2021
|
2
|
|
|
Digital Ocean
|
2021
|
10,000,000
|
unknown
|
tech
|
poor security
|
|
Apr 2021
|
|
| mobile parking app
|
Park Mobile
|
2021
|
21,000,000
|
|
transport
|
hacked
|
Customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.
|
Apr 2021
|
2
|
|
|
Ubiquiti
|
2021
|
16,000,000
|
|
tech
|
hacked
|
Unknown amount of user data breached
|
Feb 2021
|
2
|
|
|
Meet Mindful
|
2021
|
2,240,000
|
|
tech
|
hacked
|
Dating site user data includes real names, phone numbers, Facebook account codes, latitude & longtitude. Thankfully private messages were not leaked.
|
Feb 2021
|
4
|
|
|
Experian Brazil
|
2021
|
220,000,000
|
220m
|
finance
|
hacked
|
Details hazy
|
Feb 2021
|
2
|
|
|
Gab
|
2021
|
4,000,000
|
100K
|
tech
|
hacked
|
Over 70GB of data from the far-right social media site was hacked. Alll posts, messages, passwords from all users were breached.
|
Mar 2021
|
3
|
|
|
Star Alliance
|
2021
|
16,000,000
|
|
transport
|
hacked
|
The Star Alliance of airlines including Singapore Airlines, Lufthansa and United, said on Thursday it had been the victim of a cyber attack leading to a breach of passenger data. Lufthansa, Cathay Pacific and Air New Zealand were also affected. Breached data was limited to "name, tier status and membership number”
|
Mar 2021
|
1
|
|
|
Facebook
|
2021
|
533,000,000
|
533m
|
tech
|
hacked
|
Phone numbers, full names, locations, email addresses, and biographical information on 533 million users from 106 countries. Scraped due to a vulnerability "patched in 2019".
|
Mar 2021
|
1
|
|
|
Ledger
|
2020
|
270,000
|
|
finance
|
hacked
|
A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free.
|
Dec 2020
|
2
|
|
|
T-mobile
|
2020
|
200,000
|
|
telecoms
|
hacked
|
The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.
|
Dec 2020
|
1
|
|
|
The Hospital Group
|
2020
|
1,000,000
|
|
health
|
hacked
|
Hackers compromised the plastic surgery firm and threatened to release over 900 gigabytes of private surgery photographs.
|
Dec 2020
|
4
|
|
|
SolarWinds
|
2020
|
50,000,000
|
|
app
|
hacked
|
Suspected Russian hackers compromised network monitoring software used by the Pentagon, intelligence agencies, nuclear labs and many Fortune 500 companies. A tainted software update acted as a trojan horse. An unknown number of companies and individuals might be affected.
|
Dec 2020
|
3
|
|
|
Ho Mobile
|
2020
|
2,500,000
|
|
telecoms
|
hacked
|
Italian mobile operator owned by Vodaphone is now taking the rare step of offering to replace the SIM cards of all affected customers. Data hacked full names, telephone numbers, social security numbers, email addresses, dates and places of birth, nationality, and home addresses.
|
Dec 2020
|
2
|
|
|
Spotify
|
2020
|
500,000
|
|
app
|
oops!
|
Undisclosed number of users had their email addresses and passwords left open online. Spotify said the vulnerability existed as far back as April 9 but wasn’t discovered until November 12.
|
Dec 2020
|
1
|
|
|
Drizly
|
2020
|
2,400,000
|
|
app
|
hacked
|
Alcohol delivery service hacked with email addresses, DOB, hashed passwords and some home addresses leaked.
|
Sep 2020
|
2
|
|
|
GEDmatch
|
2020
|
1,400,000
|
|
misc, health
|
hacked
|
DNA data on up to 1.4m users of this geneaology site may have been hacked.
|
Sep 2020
|
5
|
|
|
Call of Duty / Activision
|
2020
|
500,000
|
|
gaming
|
hacked
|
Login data for users of the popular video games may have compromised. Activision refutes the claim.
|
Sep 2020
|
1
|
|
|
Zhenhua
|
2020
|
2,400,000
|
|
misc
|
oops!
|
Personal details of millions of notable people around the world found in a leaked database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks. Mostly compiled from social media profiles.
|
Sep 2020
|
1
|
|
|
Cense AI
|
2020
|
2,500,000
|
|
tech, health
|
poor security
|
Medical records from an artificial intelligence company were left open online.
|
Aug 2020
|
4
|
|
|
Nintendo
|
2020
|
300,000
|
300K
|
gaming
|
hacked
|
Unauthorised access to thousands of Nintendo Switch accounts. Hackers were able to use saved payment details to make purchases.
|
Apr 2020
|
3
|
|
|
Pakistani mobile operators
|
2020
|
115,000,000
|
115m
|
telecoms
|
hacked
|
Personal details stolen from Jazz and other mobile networks were put up for sale for $2.1m in bitcoin.
|
Apr 2020
|
2
|
|
|
US Marshals Service
|
2020
|
387,000
|
287K
|
government
|
hacked
|
Prisoners had sensitive personal data stolen in December 2019. They were notified five months later.
|
May 2020
|
2
|
| "mystery breach"
|
db8151dd
|
2020
|
22,000,000
|
22m
|
web
|
hacked
|
Aggregated data from multiple websites was discovered in an open database. It included addresses, job titles, phone numbers and social media profiles. The breach was dubbed 'db8151dd'.
|
May 2020
|
2
|
|
|
EasyJet
|
2020
|
9,000,000
|
9m
|
transport
|
hacked
|
The airline became aware of a hack in January, but didn't notify customers until April. Email addresses, travel details and credit card details were stolen.
|
May 2020
|
3
|
|
|
Microsoft
|
2020
|
250,000,000
|
250m
|
web
|
poor security
|
Customer support records spanning 14 years were left online without password protection.
|
Jan 2020
|
1
|
|
|
Dutch Government
|
2020
|
6,900,000
|
6.9m
|
government
|
lost device
|
Two hard drives with data from 6.9m registered organ donors went missing. They contained contact details, ID numbers & signatures.
|
Mar 2020
|
4
|
|
|
Virgin Media
|
2020
|
900,000
|
900K
|
retail
|
poor security
|
A poorly-configured database left names, email addresses and phone numbers exposed for 10 months.
|
Mar 2020
|
1
|
|
|
Boots Advantage Card
|
2020
|
150,000
|
150K
|
retail
|
hacked
|
Hackers accessed Advantage Card records, but no financial data was stolen. Payment using points was suspended.
|
Mar 2020
|
1
|
|
|
Tesco Clubcard
|
2020
|
600,000
|
600K
|
retail
|
hacked
|
Details of accrued loyalty points were accessed, but financial details weren't exposed.
|
Mar 2020
|
1
|
|
|
Marriott Hotels
|
2020
|
5,200,000
|
5.2m
|
retail
|
inside job
|
Guest records were accessed using the logins of two employees between mid-Jan and end of Feb.
|
Mar 2020
|
2
|
|
|
Zoom
|
2020
|
500,000
|
500K
|
app
|
hacked
|
Email addresses, passwords and personal meeting URLs were sold on the dark web. It led to a host of zoom-bombing pranks.
|
Apr 2020
|
1
|
|
|
Israeli government
|
2020
|
6,500,000
|
6.5m
|
government
|
poor security
|
Names, addresses, and ID card numbers of every Israeli voter were found on an insecure website belonging to Elector, a political communications app.
|
Feb 2020
|
2
|
|
|
MGM Hotels
|
2020
|
10,600,000
|
10.6m
|
retail
|
hacked
|
Data stolen during an 2019 hack of an MGM server was published on a hacking forum.
|
Feb 2020
|
2
|
|
|
Buchbinder Car Rentals
|
2020
|
5,000,000
|
5m
|
transport
|
poor security
|
Correspondence, invoices and contracts containing personal details were left exposed on an unsecured company server.
|
Jan 2020
|
2
|
| fuel & convenience store chain
|
Wawa
|
2019
|
30,000,000
|
30m
|
retail
|
hacked
|
Card-stealing malware was installed, and remained undiscovered for nine months.
|
Dec 2019
|
3
|
|
|
Desjardins Group
|
2019
|
4,200,000
|
|
finance
|
inside job
|
An employee of the Canadian financial firm leaked customer information outside the organisation: names, addresses, birthdates, social insurance numbers & transaction habits.
|
Jun 2019
|
2
|
|
|
US Customs and Border Protection
|
2019
|
100,000
|
|
government
|
hacked
|
Photos of faces and license plates taken at an US border crossing were stolen in a cyberattack on a surveillance contractor.
|
Jun 2019
|
2
|
|
|
Quest Diagnostics
|
2019
|
20,000,000
|
|
health
|
poor security
|
For an 8 month period, a hacker group stole personal and payment information from a firm providing billing services for the US healthcare sector.
|
Jun 2019
|
4
|
|
|
Australian National University
|
2019
|
200,000
|
|
academic
|
hacked
|
A hacker accessed personal information including addresses, bank account details, payroll information and academic records. Staff, students and visitors were affected.
|
Jun 2019
|
4
|
|
|
Canva
|
2019
|
139,000,000
|
139m
|
web
|
hacked
|
Names, email addresses and location data belonging to users of an Australian graphic design service were stolen by a hacker.
|
May 2019
|
2
|
| Instagram Influencers
|
Chtrbox
|
2019
|
49,000,000
|
|
misc
|
poor security
|
Contact details for millions of Instagram influencers, celebrities and brand accounts was left exposed in an online database for at least six days.
|
May 2019
|
1
|
| A hotspot finder app
|
WiFi Finder
|
2019
|
2,000,000
|
|
app
|
poor security
|
An Android app for finding local WiFi passwords inadvertently provided access to the entire database, including domestic WiFi points.
|
Apr 2019
|
1
|
|
|
Toyota
|
2019
|
3,100,000
|
|
transport
|
hacked
|
A security breach of Toyota subsidiaries' IT systems may have leaked personal customer information.
|
Apr 2019
|
2
|
| Open database in China
|
Unknown
|
2019
|
1,800,000
|
|
web
|
poor security
|
A Dutch researcher found women's personal information in an open Chinese database. It included phone numbers, addressed and their "BreedReady" status, whatever that might be.
|
Mar 2019
|
4
|
| Sweden's healthcare hotline
|
Vårdguiden
|
2019
|
2,700,000
|
|
health
|
poor security
|
170,000 hours of sensitive calls to Sweden's healthcare hotline were stored on an open web server with no encryption or authentication. The breach was blamed on subcontractor Medicall.
|
Feb 2019
|
5
|
|
|
Dubsmash
|
2019
|
162,000,000
|
162m
|
web
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
ShareThis
|
2019
|
41,000,000
|
|
web
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
HauteLook
|
2019
|
28,000,000
|
|
retail
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
Animoto
|
2019
|
25,000,000
|
|
web
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
EyeEm
|
2019
|
22,000,000
|
|
web
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
8fit
|
2019
|
20,000,000
|
|
web
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
Whitepages
|
2019
|
18,000,000
|
|
web
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
Fotolog
|
2019
|
16,000,000
|
|
web
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
Armor Games
|
2019
|
11,000,000
|
|
gaming
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
BookMate
|
2019
|
8,000,000
|
|
web
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
CoffeeMeetsBagel
|
2019
|
6,000,000
|
|
web
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
Artsy
|
2019
|
1,000,000
|
|
web
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
DataCamp
|
2019
|
700,000
|
|
web
|
hacked
|
Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.
|
Feb 2019
|
1
|
|
|
Ixigo
|
2019
|
18,000,000
|
|
transport
|
poor security
|
Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.
|
Feb 2019
|
1
|
|
|
YouNow
|
2019
|
40,000,000
|
|
web
|
hacked
|
Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.
|
Feb 2019
|
1
|
|
|
Houzz
|
2019
|
57,000,000
|
|
retail
|
hacked
|
Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.
|
Feb 2019
|
2
|
|
|
Ge.tt
|
2019
|
1,800,000
|
|
web
|
hacked
|
Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.
|
Feb 2019
|
1
|
|
|
Coinmama
|
2019
|
450,000
|
|
finance
|
hacked
|
Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.
|
Feb 2019
|
1
|
|
|
Roll20
|
2019
|
4,000,000
|
|
gaming
|
hacked
|
Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.
|
Feb 2019
|
1
|
|
|
Stronghold Kingdoms
|
2019
|
5,000,000
|
|
gaming
|
hacked
|
Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.
|
Feb 2019
|
1
|
|
|
Petflow
|
2019
|
1,000,000
|
|
retail
|
poor security
|
Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.
|
Feb 2019
|
1
|
|
|
500px
|
2019
|
14,800,000
|
|
web
|
hacked
|
A July 2018 hack exposed the personal information of all 500px users, including names, usernames, email addresses, encrypted passwords, location, birth date, and gender.
|
Feb 2019
|
2
|
| password manager
|
Blur
|
2019
|
2,400,000
|
|
tech
|
oops!
|
A server belonging to the password manager service contained a freely accessible file with users' email addresses, names and encrypted passwords.
|
Jan 2019
|
1
|
|
|
Blank Media Games
|
2019
|
7,600,000
|
|
gaming
|
hacked
|
A hacker stole usernames, email addresses and encrypted passwords belonging to players of the game "Town of Salem" from an insecure server.
|
Jan 2019
|
1
|
|
|
Indian citizens
|
2019
|
275,265,298
|
275m
|
web
|
poor security
|
The discovery of a huge, unprotected MongoDB database containing personal information of Indian citizens, including their education, resume and current salary.
|
May 2019
|
2
|
|
|
Bulgarian National Revenue Agency
|
2019
|
5,000,000
|
|
government
|
hacked
|
A hacker stole personal details of Bulgarian citizens from 110 government databases. 5m records, out of a total population of 7m.
|
Jul 2019
|
2
|
|
|
Capital One
|
2019
|
100,000,000
|
100m
|
finance
|
hacked
|
The massive data breach included personal information from credit card applications over a 14-year period. A former Amazon employee, Paige Thompson, 36, was found guilty of wire fraud.
|
Jul 2019
|
3
|
| biometrics security company
|
Suprema
|
2019
|
27,800,000
|
|
tech
|
poor security
|
A biometric security company stored unencrypted usernames and passwords, fingerprints and facial recognition information on a publicly accessible database.
|
Aug 2019
|
5
|
|
|
Facebook
|
2019
|
419,000,000
|
420m
|
web
|
poor security
|
Several unprotected databases were found to contain the phone numbers of around 20% of all Facebook users, with (in some cases) names and locations.
|
Sep 2019
|
2
|
| food delivery company
|
DoorDash
|
2019
|
4,900,000
|
4.9m
|
transport
|
hacked
|
Users who joined the platform before April 2018 had their names, email addresses, order history, phone numbers and encrypted passwords stolen in a hack.
|
Sep 2019
|
2
|
| site selling stolen card data
|
BriansClub
|
2019
|
26,000,000
|
26m
|
web
|
hacked
|
A site selling stolen payment card data was hacked and 26 million records were leaked. Banks were able to invalidate those cards, taking around 1/3 of the world's stolen cards out of circulation.
|
Oct 2019
|
3
|
|
|
OxyData
|
2019
|
380,000,000
|
380m
|
tech
|
poor security
|
Information compiled by a data aggregation firm were found on an insecure server. It included complete scrapes of LinkedIn data, including recruiter information.
|
Nov 2019
|
2
|
|
|
Click2Gov
|
2018
|
300,000
|
|
finance
|
hacked
|
Vulnerabilities in government payment software allowed hackers to access financial records and personal data across 46 US cities.
|
Dec 2018
|
3
|
|
|
SingHealth
|
2018
|
1,500,000
|
|
health
|
hacked
|
Hackers stole personal details of 1.5 million patients, as well as the prescription details of 160,000 people, including prime minister Lee Hesien Loong.
|
Jul 2018
|
4
|
| Government Payment Service Inc
|
GovPayNow.com
|
2018
|
14,000,000
|
|
finance
|
poor security
|
A company used by US government agencies to accept online payments exposed personal records via a standard web browser, including addresses, phone numbers and credit card digits.
|
Sep 2018
|
2
|
|
|
Cathay Pacific Airways
|
2018
|
94,000,000
|
|
transport
|
hacked
|
Stolen data included names, nationalities, birth dates, phone numbers, addresses, passport & identity card numbers & expired credit card numbers.
|
Oct 2018
|
3
|
|
|
Chinese resume leak
|
2018
|
202,000,000
|
202m
|
web
|
poor security
|
Information thought to have been scraped from Chinese jobseeking websites was found in an insecure database. It included resumes, phone numbers, height, weight, driving license & literacy level.
|
Dec 2018
|
2
|
|
|
Google+
|
2018
|
52,500,000
|
|
web
|
poor security
|
A vulnerability exposed users' personal details to developers, even if their profiles were set to private. As a result, Google shut down the consumer version of the social network 4 months early.
|
Dec 2018
|
2
|
|
|
Quora
|
2018
|
100,000,000
|
100m
|
web
|
hacked
|
Login details and private messages were compromised by "a malicious third party".
|
Dec 2018
|
1
|
|
|
Marriott International
|
2018
|
383,000,000
|
383m
|
retail
|
hacked
|
Hackers breached the reservation system of all Starwood hotels, including Sheraton, Westin and Le Meridien. Personal information, credit card details and passport info dating back to 2014 was stolen.
|
Nov 2018
|
3
|
| Belgian national railway operator
|
NMBS
|
2018
|
700,000
|
|
transport
|
oops!
|
Customer names, gender, birth dates, email and postal address data were left on a publicly searchable server belonging to the Belgian rail authority. Caused by a data worker “clicking on the wrong button”.
|
Dec 2018
|
2
|
|
|
Facebook
|
2018
|
50,000,000
|
50m
|
web
|
hacked
|
Cambridge Analytica, headed at the time by Steve Bannon, harvested profiles in early 2014 to build a system that could profile US voters and target them with political adverts.
|
Mar 2018
|
1
|
|
|
Panerabread
|
2018
|
37,000,000
|
|
retail
|
poor security
|
Customer records, including loyalty card numbers, were available via the bakery chain's website for at least 8 months. The firm claims 10k records were leaked. Security researchers put the figure at over 37 million.
|
Apr 2018
|
2
|
|
|
Dixons Carphone
|
2018
|
10,000,000
|
|
telecoms
|
hacked
|
The firm admitted that hackers were able to access the details of 10m customers and 6m payment cards.
|
Jun 2018
|
1
|
|
|
MyHeritage
|
2018
|
92,283,889
|
|
web
|
hacked
|
The genealogy site received a message from a researcher who had discovered over 92m email addresses and encrypted passwords on an external server.
|
Jun 2018
|
1
|
| Both owned by Hudson's Bay Company
|
Saks and Lord & Taylor
|
2018
|
5,000,000
|
|
retail
|
hacked
|
A known ring of cybercriminals implanted software into store cash registers, siphoning off credit card details from readers.
|
Apr 2018
|
3
|
| Dubai-born ride hailing service
|
Careem
|
2018
|
14,000,000
|
|
app
|
hacked
|
The Dubai-based ride hailing service admitted that names, email addresses, phone numbers and trip data had been accessed in what it called a "cyber incident".
|
Apr 2018
|
2
|
|
|
Texas voter records
|
2018
|
14,800,000
|
|
web
|
poor security
|
A single file containing 14.8 million voter records was found on an unsecured server. It was thought to have been originally compiled by Data Trust, a Republican-focused data analytics firm.
|
Aug 2018
|
2
|
|
|
British Airways
|
2018
|
380,000
|
|
transport
|
hacked
|
The personal and financial details of customers who booked flights in a two-week period over the summer were compromised.
|
Sep 2018
|
4
|
|
|
T-Mobile
|
2018
|
2,000,000
|
|
telecoms
|
hacked
|
Personal data along with passwords encrypted by a notoriously weak algorithm (MD5) were stolen. The firm initially failed to disclose the password breach, "because they were encrypted".
|
Aug 2018
|
1
|
| UnderArmour
|
MyFitnessPal
|
2018
|
150,000,000
|
150m
|
app
|
hacked
|
A breach of usernames, email addresses, and hashed passwords belonging to users of the fitness app.
|
Mar 2018
|
1
|
| Health authority responsible for 10 Norwegian counties.
|
Helse Sør-Øst RHF
|
2018
|
3,000,000
|
|
health
|
hacked
|
Patient records of more than half of Norway's population were stolen. The hack is thought to have happened via old computers running Windows XP.
|
Feb 2018
|
4
|
| Facebook quiz app owned by Social Sweethearts
|
Nametests
|
2018
|
120,000,000
|
120m
|
app
|
poor security
|
A security failure in a "personality test" app on Facebook left millions of people’s data publicly exposed for almost two years – even after they had deleted the app.
|
Jun 2018
|
1
|
|
|
Ticketmaster
|
2018
|
40,000
|
|
web
|
hacked
|
The data was stolen via an attack on a third-party customer support firm. It was likely to have affected UK customers who bought tickets between Feb and Jun 2018.
|
Jun 2018
|
3
|
| A service from Google
|
Firebase
|
2018
|
100,000,000
|
100m
|
app
|
poor security
|
Misconfigured databases used by app developers were found to be exposing 113GB of personal data, accumulated by thousands of iOS and Android mobile apps.
|
Jun 2018
|
5
|
| India's national, biometric government ID database
|
Aadhaar
|
2018
|
550,000,000
|
1.1bn
|
government
|
poor security
|
India's biometric database was breached via a leak at a state-owned utility company. All registered Indian citizens were affected; their names, identity numbers and bank details were exposed. Data later found for sale on WhatsApp for less than £6.
|
Mar 2018
|
4
|
|
|
Grindr
|
2018
|
3,000,000
|
|
app
|
poor security
|
A third-party tool that allows users to see who had blocked them was able to access non-public personal info, including locations of users who had opted out of location sharing.
|
Mar 2018
|
3
|
|
|
Orbitz
|
2018
|
880,000
|
|
web
|
hacked
|
An legacy version of the travel website was hacked, exposing personal details and payment card info of people who'd made purchases in 2016 and 2017. Orbitz is now owned by Expedia.
|
Mar 2018
|
3
|
| Limogés Jewellery
|
MBM Company
|
2018
|
1,300,000
|
|
retail
|
poor security
|
An insecure customer database belonging to the jewellery firm exposed postal addresses, email addresses, IP addresses and plain-text passwords.
|
Mar 2018
|
4
|
| datasearch service
|
LocalBlox
|
2018
|
48,000,000
|
|
web
|
poor security
|
A cloud storage repository was left publically accessible. Data included names, addresses, DOBs, and other information scraped from social media websites including Facebook.
|
May 2018
|
2
|
|
|
Twitter
|
2018
|
330,000,000
|
330m
|
tech
|
poor security
|
A glitch caused some passwords to be stored in readable text that was visible on Twitter's internal computer system.
|
May 2018
|
1
|
| South African traffic fines database
|
ViewFines
|
2018
|
934,000
|
|
transport
|
oops!
|
Data originating with a South African traffic fine payment firm was leaked online. It included names, national ID numbers, cell numbers, email addresses and plain text passwords.
|
May 2018
|
4
|
|
|
TicketFly
|
2018
|
27,000,000
|
|
web
|
hacked
|
Names, addresses, email addresses and phone numbers were stolen from the ticketing firm. Ransom demands were made. The FBI indicted a suspect in February 2020.
|
May 2018
|
2
|
|
|
Amazon
|
2018
|
5,000,000
|
|
retail
|
oops!
|
A "technical issue" inadvertently caused customer names & email addresses to be posted to the Amazon website just prior to Black Friday.
|
Nov 2018
|
1
|
| Home massage app
|
Urban Massage
|
2018
|
309,000
|
|
app
|
poor security
|
An online database with no password protection contained thousands of customer records, including names, email addresses, phone numbers and sexual misconduct complaints.
|
Nov 2018
|
2
|
|
|
Dell
|
2018
|
100,000
|
|
tech
|
hacked
|
Dell detected and disrupted unauthorized attempts to extract customer names, email addresses & hashed passwords. The number of affected customers was not disclosed.
|
Nov 2018
|
1
|
| erotic role-playing site
|
High Tail Hall
|
2018
|
411,000
|
|
web
|
hacked
|
Hackers obtained email addresses, names, order histories, hashed passwords, physical and IP addresses for users of an "erotic role-playing game".
|
Nov 2018
|
2
|
|
|
SKY Brasil
|
2018
|
32,000,000
|
|
telecoms
|
poor security
|
Poorly configured servers exposed customer details – including payment methods – for long enough to make their theft "likely".
|
Nov 2018
|
1
|
| UK opticians
|
Vision Direct
|
2018
|
16,300
|
|
retail
|
hacked
|
A 5-day data breach saw attackers steal personal information, passwords and CVV security codes.
|
Nov 2018
|
4
|
| Centers for Medicare & Medicaid Services
|
Medicare & Medicaid
|
2018
|
93,689
|
|
health
|
hacked
|
"Sensitive" information on applicants for US healthcare plans was hacked. It included names, birth dates, addresses, expected income & health insurance status.
|
Nov 2018
|
2
|
|
|
Facebook
|
2018
|
29,000,000
|
|
web
|
hacked
|
The biggest hack in Facebook's history to date. Names, birth dates, phone numbers, search history and location data was stolen by hackers masquerading as a digital marketing company.
|
Oct 2018
|
2
|
|
|
Newegg
|
2018
|
45,000,000
|
|
retail
|
hacked
|
Hackers injected 15 lines of card skimming code on the online retailer's payments page. It remained online for more than a month.
|
Sep 2018
|
3
|
| mortgage lender
|
Mount Olympus
|
2016
|
1,100
|
188K
|
finance
|
inside job
|
An employee stole client information and loan files and took them with him when he went to work for a competitor. Mount Olympus later awarded $25m in damages.
|
Mar 2016
|
5
|
| intelligence firm
|
Apollo
|
2018
|
200,000,000
|
200m
|
tech
|
poor security
|
Data scraping company left a database exposed online, revealing 200 million contacts, 10 million companies and 9 billion "data points".
|
May 2018
|
1
|
|
|
Disqus
|
2017
|
17,500,000
|
|
web
|
hacked
|
Hackers stole 17.5m email addresses in 2012. About a third of those records included passwords hashed using a weak algorithm.
|
Dec 2017
|
4
|
|
|
RootsWeb
|
2017
|
300,000
|
|
web
|
poor security
|
Data on a "leaky server" belonging to Ancestry.com's community-driven site RootsWeb was exposed. Passwords, email addresses and usernames were leaked.
|
Dec 2017
|
4
|
|
|
Yahoo
|
2017
|
32,000,000
|
|
web
|
hacked
|
For two years, hackers used forged cookies to log into millions of Yahoo accounts without a password.
|
Mar 2017
|
4
|
|
|
Uber
|
2017
|
57,000,000
|
57m
|
app
|
hacked
|
Uber concealed an October 2016 leak of personal information for more than a year. They paid hackers $100,000 to delete the stolen data. The chief security officer resigned.
|
Nov 2017
|
1
|
|
|
Wonga
|
2017
|
270,000
|
|
finance
|
hacked
|
The firm reported unauthorised access to names, addresses, phone numbers and bank account details relating to British and Polish customers.
|
Apr 2017
|
4
|
|
|
Snapchat
|
2017
|
1,700,000
|
|
app
|
hacked
|
Indian hackers leaked records after taking umbrage at comments made by Snapchat's CEO about their country.
|
Apr 2017
|
1
|
|
|
Spambot
|
2017
|
520,000,000
|
711m
|
web
|
poor security
|
A misconfigured spambot leaked email addresses and passwords. "Almost one address for every single man, woman and child in all of Europe." The set included some fake or repeated accounts.
|
Aug 2017
|
4
|
|
|
CEX
|
2017
|
2,000,000
|
|
retail
|
oops!
|
The second-hand games seller fell victim to a security breach. An 'unauthorised third party' accessed systems holding personal information.
|
Aug 2017
|
3
|
|
|
Al.type
|
2017
|
31,000,000
|
|
app
|
poor security
|
The developer of the customisable keyboard app failed to secure its database server. 577GB of user records were exposed.
|
Dec 2017
|
4
|
|
|
Cellebrite
|
2017
|
3,000,000
|
|
tech
|
hacked
|
Cellebrite's main product is a device that rips data from mobile phones. 900GB of data was stolen from Cellebrite. The hackers got hacked. The number of records taken is unknown.
|
Jan 2017
|
2
|
| App for paying water bills
|
Waterly
|
2017
|
1,000,000
|
|
app
|
poor security
|
An app which allows Israelis to pay water bills contained a vulnerability in the sign-in process. It could reveal payment history, personal ID information and credit card details.
|
Jan 2017
|
3
|
|
|
Swedish Transport Agency
|
2017
|
3,000,000
|
|
government
|
poor security
|
All Swedish driving license data was made available to Czech IT workers. The question of whether national security was harmed was censored in the official report.
|
Jul 2017
|
5
|
|
|
Hong Kong Registration & Electoral Office
|
2017
|
3,700,000
|
|
government
|
lost device
|
Two laptop computers were stolen at the backup venue for the election of the leader of Hong Kong. The names of electors and personal information of the city's voters was compromised.
|
Mar 2017
|
2
|
| Spam operator
|
River City Media
|
2017
|
340,000,000
|
340m
|
web
|
oops!
|
One of the world's largest spam operations accidentally leaked a backup of its database of over a billion email addresses, along with real names, IP and physical addresses.
|
Mar 2017
|
2
|
| Font sharing site
|
DaFont
|
2017
|
700,000
|
|
web
|
hacked
|
The font site's database was targeted by a hacker who had seen it being traded elsewhere. The flaw was "easy to find". Usernames, email addresses and passwords were stolen.
|
May 2017
|
4
|
|
|
Bell
|
2017
|
1,900,000
|
|
telecoms
|
hacked
|
Email addresses and information about customers and contractors was leaked after being stolen from an insecure database. The company was threatened with further leaks.
|
May 2017
|
1
|
| Restaurants & events
|
Zomato
|
2017
|
17,000,000
|
|
web
|
hacked
|
Stolen email addresses and hashed passwords were being sold on the dark web for just over $1000.
|
May 2017
|
4
|
|
|
Imgur
|
2017
|
1,700,000
|
|
app
|
hacked
|
Stolen email addresses and hashed passwords were being sold on the dark web for just over $1000.
|
May 2017
|
4
|
| Owned by Paypal
|
TIO Networks
|
2017
|
1,600,000
|
|
finance
|
hacked
|
A Paypal subsidiary providing bill payment services suffered a "security incident". Personal information and financial details were likely to have been breached.
|
Dec 2017
|
4
|
|
|
Malaysian telcos & MVNOs
|
2017
|
46,200,000
|
|
telecoms
|
hacked
|
Phone numbers, customer details, addresses and SIM card information from over a dozen Malaysian mobile providers was discovered online after being stolen in 2014.
|
Oct 2017
|
4
|
|
|
Malaysian medical practitioners
|
2017
|
81,309
|
|
health
|
hacked
|
Databases belonging to the Malaysian Medical Council, the Malaysian Medical Association and the Malaysian Dental Association were discovered online after being stolen in 2014.
|
Oct 2017
|
4
|
|
|
Instagram
|
2017
|
6,000,000
|
|
web
|
hacked
|
A bug in Instagram's API exposed users' contact details. The data was placed online in a searchable database, with a charge of $10 per search.
|
Sep 2017
|
1
|
|
|
Viacom
|
2017
|
3,000,000
|
|
web
|
hacked
|
A misconfigured server exposed 1Gb of Viacom's credentials – enough, say researchers, to take down the firm's internal IT infrastructure.
|
Sep 2017
|
4
|
|
|
Equifax
|
2017
|
143,000,000
|
143m
|
finance
|
hacked
|
A breach of the health insurance firm's database exposed the names, social security numbers, birth dates, addresses, driver's license numbers and credit card information of US, UK and Canadian citizens.
|
Sep 2017
|
4
|
| Vehicle tracking
|
SVR Tracking
|
2017
|
540,000
|
|
app
|
poor security
|
Personal data and vehicle details were exposed. Customer passwords were stored using an easily-crackable algorithm.
|
Sep 2017
|
4
|
|
|
LinkedIn
|
2016
|
117,000,000
|
117m
|
web
|
hacked
|
A massive batch of login credentials was discovered on the black market after being stolen by hackers. The breach dated from 2012, when the firm's password security policies were weak.
|
May 2016
|
1
|
|
|
Tumblr
|
2016
|
65,000,000
|
|
web
|
hacked
|
A three year old data breach came to light. Millions of email addresses and hashed passwords had been stolen.
|
May 2016
|
1
|
|
|
Yahoo
|
2016
|
500,000,000
|
500m
|
web
|
hacked
|
At the time, the largest ever data breach from a single website. It was stolen, according to Yahoo, by a "state-sponsored actor". It included names, dates of birth and security information.
|
Sep 2016
|
2
|
| Panamanian law firm
|
Mossack Fonseca
|
2016
|
11,500,000
|
|
misc
|
hacked
|
A hacker took 2.6TB of data from the Panamanian law firm. It included emails, contracts, scanned documents, transcripts and sensitive information relating to many politicians and public figures.
|
Apr 2016
|
5
|
| COMELEC
|
Philippines’ Commission on Elections
|
2016
|
55,000,000
|
|
government
|
hacked
|
After a message was posted on the COMELEC website by hackers from Anonymous, warning the government of its weak election security, the entire database of voters was stolen and posted online.
|
Apr 2016
|
5
|
|
|
Syrian government
|
2016
|
274,477
|
|
government
|
hacked
|
Hacking outfit calling itself 'Cyber Justice Team' leaked 10GB of data from multiple Syrian government and private websites. Much of it was duplicated from previously known hacks.
|
Apr 2016
|
1
|
| Lifeboat' community
|
Minecraft
|
2016
|
7,000,000
|
|
gaming
|
hacked
|
Players using Minecraft's Lifeboat service had their email addresses and passwords leaked. The passwords were very weakly hashed.
|
Apr 2016
|
1
|
|
|
Turkish citizenship database
|
2016
|
49,611,709
|
|
government
|
hacked
|
An entire database of voter records, originally stolen back in 2008, was leaked online.
|
Apr 2016
|
2
|
|
|
Banner Health
|
2016
|
3,700,000
|
|
health
|
hacked
|
Hackers gained access to payment card data that was used to buy food and drink at Banner Health outlets. In 2019, Banner agreed to a $6m settlement over the breach.
|
Aug 2016
|
3
|
| Game-related forums
|
Mail. ru
|
2016
|
25,000,000
|
|
web
|
hacked
|
Two hackers attacked three game-related forums hosted by the Russian company Mail.ru. They stole email addresses, scrambled passwords and birthdates.
|
Aug 2016
|
2
|
|
|
PayAsUGym
|
2016
|
300,000
|
|
web
|
hacked
|
The fitness website was hacked. Email addresses and passwords were published online.
|
Dec 2016
|
1
|
| owned by LinkedIn
|
Lynda.com
|
2016
|
9,500,000
|
|
web
|
hacked
|
Hackers breached a database holding contact information and interest in online courses. Lynda's owners, LinkedIn, said that 55,000 user passwords were also breached.
|
Dec 2016
|
1
|
|
|
Linux Ubuntu forums
|
2016
|
2,000,000
|
|
web
|
hacked
|
2 million usernames, email addresses, and IP addresses were compromised via a vulnerability in the forum software.
|
Jul 2016
|
1
|
| Restaurant chain
|
Wendy's
|
2016
|
1,025
|
|
retail
|
hacked
|
Malware installed in 1025 point of sale systems was used to steal credit card data from customers. It's not known how many individuals were impacted.
|
Jul 2016
|
3
|
|
|
Clinton campaign
|
2016
|
5,000,000
|
|
government
|
hacked
|
The computer network used by Hillary Clinton's campaign team was hacked as part of a broader cyber attack on Democratic political organizations.
|
Jul 2016
|
2
|
|
|
uTorrent
|
2016
|
35,000
|
|
web
|
hacked
|
Access to user data was gained via a third party. Uncertain as to what exactly had been stolen, the firm advised its users to change their passwords.
|
Jun 2016
|
1
|
| Run by Thompson Reuters
|
World Check
|
2016
|
2,200,000
|
|
misc
|
poor security
|
A database of suspected terrorists and criminals used by global banks and intelligence agencies was leaked online. Access is normally granted via a strict vetting process.
|
Jun 2016
|
3
|
| French police health insurance
|
Mutuelle Generale de la Police
|
2016
|
112,000
|
|
health
|
inside job
|
Personal details of French police officers were uploaded to Google Drive by an employee. The leak came two weeks after a gendarme was murdered in an ISIS-inspired attack.
|
Jun 2016
|
5
|
| Russia's Facebook
|
VK
|
2016
|
171,000,000
|
100m
|
web
|
hacked
|
A database stolen in 2013 from the Russian social network, containing full names, email addresses and passwords, was offered for sale online.
|
Jun 2016
|
4
|
| News site and email provider/Videogame maker
|
KM.ru & Nival
|
2016
|
1,500,000
|
|
web
|
hacked
|
A hacker targeted several Russian websites in revenge for the shooting down of flight MH17 over Ukraine. They included videogame firm Nival and email provider KM.ru.
|
Mar 2016
|
4
|
| Dating site
|
Fling
|
2016
|
40,000,000
|
|
web
|
hacked
|
Data allegedly stolen in 2011 was put up for sale on the dark web. The stash included email addresses, plain text passwords and information on sexual desires & preferences.
|
May 2016
|
4
|
|
|
MySpace
|
2016
|
164,000,000
|
164m
|
web
|
hacked
|
In one of the largest password breaches ever, 360 million MySpace logins were stolen and put on sale for $2,800.
|
May 2016
|
1
|
| Three mobile company in the UK
|
Three
|
2016
|
130,000
|
|
telecoms
|
hacked
|
Fraudsters compromised the mobile network's handset upgrade system and ordered new handsets to sell online. Customer details were accessed as part of the breach.
|
Nov 2016
|
2
|
|
|
Red Cross Blood Service
|
2016
|
550,000
|
|
health
|
oops!
|
Australian donor information was accessed via an unsecured database posted online by a contractor. Information included that of "at-risk sexual behaviour".
|
Oct 2016
|
4
|
| Instant messaging service
|
Telegram
|
2016
|
15,000,000
|
|
app
|
hacked
|
An Iranian hacking group called Rocket Kitten stole millions of phone numbers from Telegram, an instant messaging service which prides itself on strong security.
|
Aug 2016
|
1
|
| video sharing site
|
Dailymotion
|
2016
|
85,200,000
|
|
web
|
hacked
|
Users of the video sharing site had their email addresses and usernames stolen. One in five also had their passwords compromised.
|
Dec 2016
|
1
|
|
|
Weebly
|
2016
|
43,000,000
|
|
web
|
hacked
|
IP addresses, usernames and hashed passwords were stolen from the web design platform.
|
Oct 2016
|
4
|
|
|
Interpark
|
2016
|
10,000,000
|
|
web
|
hacked
|
South Korean police blamed North Korea for stealing personal customer data from a shopping mall's server in an attempt to obtain foreign currency.
|
Jul 2016
|
2
|
|
|
Quest Diagnostics
|
2016
|
34,000
|
|
health
|
hacked
|
Healthcare data accessed by an unauthorised third party contained names, dates of birth and lab results.
|
Dec 2016
|
4
|
| Parent company of Adult Friend Finder , Cams.com and Penthouse.com
|
Friend Finder Network
|
2016
|
412,000,000
|
412m
|
web
|
hacked
|
Almost every password used on Adult Friend Finder, Cams.com and Penthouse.com was breached. Those passwords were encrypted, but easily crackable.
|
Nov 2016
|
1
|
| Porn site
|
Brazzers
|
2016
|
790,724
|
|
web
|
hacked
|
A vulnerability in the pornsite's forum software compromised millions of accounts, many of which had identical login details for the site itself.
|
Sep 2016
|
4
|
|
|
ClixSense
|
2016
|
6,600,000
|
|
web
|
hacked
|
A service which pays people to view adverts and take surveys was hacked. Stolen information included addresses, banking details and social security numbers.
|
Sep 2016
|
5
|
| Blue Cross, Blue Shield US medical insurer
|
Carefirst
|
2015
|
1,100,000
|
|
health
|
hacked
|
Hackers gained access to a database belonging to the healthcare insurer, stealing names, birth dates, email addresses and insurance ID numbers.
|
May 2015
|
1
|
| Gaming site
|
Twitch
|
2015
|
10,000,000
|
|
health
|
hacked
|
All users were forced to reset their passwords after unauthorised access to a number of accounts.
|
Mar 2015
|
1
|
| US healthcare provider
|
Premera
|
2015
|
11,000,000
|
|
health
|
hacked
|
The health insurance firm revealed that its IT systems had been breached, exposing financial and medical records.
|
Mar 2015
|
5
|
|
|
Uber
|
2015
|
50,000
|
|
tech, app
|
poor security
|
The breach, which occurred in Sep 2014, revealed the names & license plates of 50,000 drivers across the USA.
|
Feb 2015
|
1
|
|
|
Deep Root Analytics
|
2015
|
198,000,000
|
198m
|
web
|
poor security
|
A insecure database containing US voter information was discovered by a researcher. It contained names, addresses, contact details and party affiliations.
|
Dec 2015
|
2
|
| MacKeeper software
|
Kromtech
|
2015
|
13,000,000
|
|
web
|
hacked
|
A security researcher stumbled on an insecure database belonging to the Mac software provider, containing usernames, email addresses and passwords.
|
Dec 2015
|
1
|
| United Arab Emirates bank
|
Invest Bank
|
2015
|
40,000
|
|
finance
|
hacked
|
A hacker breached the systems of a UAE bank. They demanded a ransom of $3m in bitcoin to stop tweeting data, relating mainly to corporate accounts.
|
Dec 2015
|
4
|
| Hello Kitty and other franchises
|
Sanrio
|
2015
|
3,300,000
|
|
web
|
poor security
|
A researcher accessed a database containing login information, password hints and birthdates of fans of the Hello Kitty brand, including many children.
|
Dec 2015
|
2
|
| Toymaker company
|
VTech
|
2015
|
6,400,000
|
|
web
|
hacked
|
The toy maker was targeted by a hacker who stole the private data of millions of children, including names, email addresses and birth dates.
|
Dec 2015
|
5
|
|
|
Hacking Team
|
2015
|
500,000
|
|
web
|
hacked
|
An Italian hacking firm which sells digital surveillance software to national security organisations – including those of repressive regimes – was itself hacked, and the data put on BitTorrent.
|
Jul 2015
|
5
|
| US ex-marital affairs site
|
AshleyMadison.com
|
2015
|
37,000,000
|
|
web
|
hacked
|
The online hookup site for extra-marital affairs was severely breached. Personal details and company financial records were threatened with release.
|
Jul 2015
|
1
|
|
|
US Office of Personnel Management (2nd Breach)
|
2015
|
21,500,000
|
|
government
|
hacked
|
Hackers with suspected links to China accessed sensitive data on US intelligence and military personnel, leading to concerns about potential blackmail attempts.
|
Jul 2015
|
5
|
|
|
US Office of Personnel Management
|
2015
|
4,000,000
|
|
government
|
hacked
|
Hackers gained access to federal employees’ Social Security numbers, job assignments, performance ratings and training information.
|
Jun 2015
|
2
|
|
|
Australian Immigration Department
|
2015
|
30
|
|
government
|
oops!
|
An agency employee inadvertently sent the passport numbers and visa details of all world leaders attending the G20 Brisbane summit to the organisers of the Asian Cup football tournament.
|
Mar 2015
|
4
|
| US Tax service
|
IRS
|
2015
|
100,000
|
|
government
|
hacked
|
An organized crime syndicate used the IRS website to steal taxpayers' personal financial information. 15,000 of them were used to claim refunds in other people's names.
|
May 2015
|
1
|
| kid & partner tracking service
|
MSpy
|
2015
|
400,000
|
|
app
|
hacked
|
A service that claims to help people spy on mobile devices was hacked, exposing emails, text messages, payment and location data.
|
May 2015
|
2
|
| Internet dating & hookup site
|
Adult Friend Finder
|
2015
|
3,900,000
|
|
web
|
hacked
|
Data found on the dark web included sexual preferences, names, email addresses, usernames, dates of birth and postal codes. It included information of former as well as current users.
|
May 2015
|
1
|
| Prison phone service provider
|
Securus Technologies
|
2015
|
70,000,000
|
70m
|
web
|
hacked
|
An anonymous hacker leaked records of over 70m prisoner phone calls, plus links to recordings, potentially violating constitutional protections.
|
Nov 2015
|
5
|
| Telecoms provider
|
TalkTalk
|
2015
|
157,000
|
|
telecoms
|
hacked
|
Shares in the telecoms firm plunged by a third after the hack, which exposed the banking details of more than 15,000 people.
|
Nov 2015
|
2
|
|
|
Experian / T-mobile
|
2015
|
15,000,000
|
|
telecoms
|
hacked
|
The world's biggest data monitoring firm disclosed a massive data breach. It had exposed the details of T-Mobile customers applying for credit checks.
|
Oct 2015
|
3
|
| software for remote working
|
Slack
|
2015
|
500,000
|
|
app
|
hacked
|
Sometime in February 2015, hackers were able to peruse Slack’s central database for up to four days. That database included usernames, email addresses and encrypted passwords.
|
Mar 2015
|
1
|
| UK mobile phone supplier
|
CarPhone Warehouse
|
2015
|
2,400,000
|
|
telecoms
|
hacked
|
The breach exposed names, addresses, birth date and bank details. Around 480,000 were TalkTalk Mobile customers; 1.9m were customers of Carphone Warehouse directly.
|
Aug 2015
|
3
|
| Frequent flyer accounts
|
British Airways
|
2015
|
10,000
|
|
transport
|
hacked
|
Hackers accessed tens of thousands of British Airways frequent-flyer accounts. The airline froze the affected accounts while it resolved the issue.
|
Mar 2015
|
1
|
| Second-largest health insurer in the US
|
Anthem
|
2015
|
80,000,000
|
80m
|
health
|
hacked
|
A "sophisticated cyberattack" on one of the USA's largest health insurers uncovered names, dates of birth, social security numbers, addresses and employment information.
|
Feb 2015
|
2
|
|
|
UCLA Health
|
2015
|
4,500,000
|
4.5m
|
health
|
hacked
|
Patient information was exposed in a hack on the network. In 2019, the firm reached a $2 million class-action lawsuit settlement.
|
May 2015
|
4
|
| US retailer
|
Neiman Marcus
|
2014
|
1,100,000
|
|
retail
|
hacked
|
Malware in the firm's IT system leaked customer payment data for several months.
|
Jan 2014
|
2
|
|
|
AOL
|
2014
|
2,400,000
|
|
web
|
hacked
|
User accounts were compromised in order to send out spam messages.
|
Apr 2014
|
1
|
|
|
Community Health Systems
|
2014
|
4,500,000
|
|
health
|
hacked
|
The US hospital operator suffered a system breach, leaking 5 years worth of data. Details included names, addresses, social security numbers. The goal: identity theft.
|
Aug 2014
|
2
|
|
|
Privatization Agency of the Republic of Serbia
|
2014
|
5,190,396
|
|
government
|
oops!
|
A text file containing personal data and financial documents relating to almost all adult Serbian citizens was made publically available.
|
Dec 2014
|
2
|
|
|
Sony Pictures
|
2014
|
10,000,000
|
|
misc
|
hacked
|
Potentially every piece of data held by the company was hacked, including unreleased films, employee social security numbers and sensitive internal documents. North Korea suspected.
|
Dec 2014
|
2
|
|
|
Indiana University
|
2014
|
146,000
|
|
academic
|
poor security
|
Students who attended the university between 2011 and 2014 may have had their data accessed by three automated computer data mining applications.
|
Feb 2014
|
2
|
|
|
Ebay
|
2014
|
145,000,000
|
145m
|
web
|
hacked
|
Hackers attacked between late February and early March, using the login credentials of three corporate employees. They then accessed a database containing all user records.
|
May 2014
|
1
|
|
|
UPS
|
2014
|
4,000,000
|
|
retail
|
hacked
|
Malware was discovered in the credit & debit card processing systems of 51 UPS branches in 24 states. It was leaking data for as long as eight months.
|
Aug 2014
|
3
|
|
|
European Central Bank
|
2014
|
4,000,000
|
|
finance
|
hacked
|
The ECB received an anonymous call requesting money in return for the stolen data. The bank didn't say how much the blackmailer asked for, but did say that it refused to pay anything.
|
Jul 2014
|
1
|
|
|
JP Morgan Chase
|
2014
|
76,000,000
|
76m
|
finance
|
hacked
|
A hack of the USA's largest bank began in June, but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege for dozens of servers.
|
Oct 2014
|
3
|
|
|
New York Taxis
|
2014
|
52,000
|
|
transport
|
poor security
|
A freedom of information request resulted in the release of data on all 173 million journeys undertaken by New York taxis in one year. Unfortunately, the data was not properly anonymised.
|
Jun 2014
|
1
|
|
|
HSBC Turkey
|
2014
|
2,700,000
|
|
finance
|
hacked
|
An attack on credit and debit card systems left numbers, account numbers, expiry dates and customer names compromised.
|
Nov 2014
|
4
|
|
|
Japan Airlines
|
2014
|
750,000
|
|
transport
|
hacked
|
Japan Airlines confirmed the possible theft of information from up to 750,000 frequent-flier programme members, including names, birth dates, addresses and places of work.
|
Sep 2014
|
2
|
|
|
Staples
|
2014
|
1,160,000
|
|
retail
|
hacked
|
Point of sale systems were infected with malware. Thieves may have used it to steal customer names, payment card numbers, expiration dates and card verification codes.
|
Dec 2014
|
3
|
|
|
GMail
|
2014
|
5,000,000
|
|
web
|
hacked
|
Account details and passwords were posted on a Russian Bitcoin forum. Close inspection revealed the user details to be old (3+ years). Gmail itself was not hacked.
|
Sep 2014
|
1
|
|
|
Home Depot
|
2014
|
56,000,000
|
|
retail
|
hacked
|
Malware installed on cash register systems at 2,200 stores syphoned credit card details of up to 56 million customers, which were then sold online.
|
Sep 2014
|
3
|
|
|
Korea Credit Bureau
|
2014
|
20,000,000
|
|
finance
|
inside job
|
An employee was accused of of stealing data from customers of three credit card firms while working as a temporary consultant.
|
Jan 2014
|
5
|
|
|
Dominios Pizzas (France)
|
2014
|
600,000
|
|
retail
|
hacked
|
Hackers demanded a ransom of €30,000 (£24,000) from Domino's Pizza after stealing personal data on more than 600,000 of its French and Belgian customers.
|
Jun 2014
|
1
|
|
|
Mozilla
|
2014
|
76,000
|
|
web
|
poor security
|
After the failure of a "data sanitation" process, Mozilla’s developer community was alerted to an accidental leak of email addresses and encrypted passwords.
|
Aug 2014
|
2
|
| 7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard
|
Massive American business hack
|
2013
|
160,000,000
|
160m
|
finance
|
hacked
|
For more than seven years a hacking ring targeted banks, payment processors and chain stores to steal more than 160 million credit and debit card numbers.
|
Jul 2013
|
5
|
|
|
Affinity Health Plan, Inc.
|
2013
|
344,579
|
|
health
|
lost device
|
A rented photocopier used to copy health records did not have its hard-drive wiped before its return, exposing personal data.
|
Aug 2013
|
4
|
|
|
Citigroup
|
2013
|
150,000
|
|
finance
|
oops!
|
The bank failed to redact court records before they were placed on a publicly accessible system. The personal information of customers entering bankruptcy between 2007-2011 was exposed.
|
Jul 2013
|
2
|
| Usernames, clear tect passwords and email addresses hacked.
|
Tianya
|
2013
|
40,000,000
|
|
web
|
hacked
|
China's biggest online forum confirmed that private information for 40 million users had been breached back in 2011.
|
Jul 2013
|
1
|
| "world's largest online library"
|
Scribd
|
2013
|
500,000
|
|
web
|
hacked
|
A website billing itself as the "world's largest online library" was hacked. 1% of its users had passwords compromised.
|
Apr 2013
|
1
|
| special offers website
|
Living Social
|
2013
|
50,000,000
|
|
web
|
hacked
|
Hackers gained access to names, e-mail addresses, dates of birth & encrypted passwords for 50 million users of an online offers site part-owned by Amazon.
|
Apr 2013
|
1
|
|
|
Yahoo
|
2013
|
550,000,000
|
1bn
|
web
|
hacked
|
A 2013 attack was eventually disclosed in 2016. Stolen data included names, telephone numbers, birth dates, passwords and security questions.
|
Dec 2016
|
2
|
|
|
SnapChat
|
2013
|
4,600,000
|
|
web, tech
|
hacked
|
Hackers abused an exploit to siphon off usernames and phone numbers, which were then posted online.
|
Jan 2014
|
2
|
|
|
University of Delaware
|
2013
|
74,000
|
|
academic
|
hacked
|
Confidential personal information on past and current employees of the University of Delaware was stolen when a software vulnerability was exploited.
|
Aug 2013
|
2
|
|
|
Central Hudson Gas & Electric
|
2013
|
110,000
|
|
misc
|
hacked
|
Customer banking information and other personal information may have been accessed when systems belonging to the energy supplier were hacked.
|
Feb 2013
|
3
|
|
|
Twitter
|
2013
|
250,000
|
|
web
|
hacked
|
A Java vulnerability gave hackers access to some user information including usernames, email addresses, session tokens and encrypted/salted versions of passwords.
|
Feb 2013
|
1
|
|
|
Crescent Health Inc., Walgreens
|
2013
|
100,000
|
|
health
|
lost device
|
A stolen laptop exposed private data including names, social security numbers, health insurance information, birth dates, diagnoses and other medical information.
|
Feb 2013
|
4
|
|
|
Florida Department of Juvenile Justice
|
2013
|
100,000
|
|
government
|
lost device
|
The theft of a mobile device containing youth and employment records exposed 100,000 young people to potential identity theft.
|
Jan 2013
|
2
|
|
|
Advocate Medical Group
|
2013
|
4,000,000
|
|
health
|
lost device
|
Four unencrypted computers were stolen from an office belonging to the healthcare provider. 4,000,000 patient names, addresses, dates of birth and Social Security numbers were exposed.
|
Aug 2013
|
2
|
| French Internet host
|
OVH
|
2013
|
200,000
|
|
web
|
hacked
|
A hacker gained access to an email account, from where they were able to compromise the firm's internal systems. The European customer database was exposed.
|
Jul 2013
|
2
|
|
|
Apple
|
2013
|
275,000
|
|
tech, web
|
hacked
|
Apple's developer portal was hacked. "Some" information about 275,000 3rd-party developers was potentially stolen.
|
Jul 2013
|
1
|
| Nasdaq OMX Group
|
NASDAQ
|
2013
|
500,000
|
|
finance
|
hacked
|
Cybercriminals targeted the Nasdaq online forum, stealing email addresses and passwords.
|
Jul 2013
|
1
|
| games company
|
UbiSoft
|
2013
|
58,000,000
|
|
gaming
|
hacked
|
The video games publisher revealed that user names, email addresses and encrypted passwords had been "illegally accessed".
|
Jul 2013
|
2
|
| The discussion forum for the popular alternative, open-source operating system
|
Ubuntu
|
2013
|
2,000,000
|
|
tech, web
|
hacked
|
The discussion forum for the operating system was hacked, exposing personal details and weakly-hashed passwords.
|
Jul 2013
|
3
|
| Japan's Club Nintendo service
|
Nintendo
|
2013
|
4,000,000
|
|
gaming
|
hacked
|
Names, phone numbers, home and email addresses of Japanese members of Club Nintendo were stolen after a website breach.
|
Jun 2013
|
2
|
|
|
National Security Agency
|
2013
|
1,500,000
|
|
government
|
inside job
|
Edward Snowden, an intelligence contractor in Hawaii, downloaded up to 1.5 million files. He then flew to Hong Kong to meet journalists Glenn Greenwald and Laura Poitras before fleeing to Moscow.
|
Jun 2013
|
5
|
|
|
Facebook
|
2013
|
6,000,000
|
|
web
|
oops!
|
By using the network's "Download Your Information" tool, some Facebook members were able to access phone numbers and email addresses of strangers.
|
Jun 2013
|
1
|
| online note-taking site
|
Evernote
|
2013
|
50,000,000
|
|
web
|
hacked
|
Evernote asked all its users to reset their passwords, following the discovery of unauthorised access of personal details.
|
Mar 2013
|
1
|
| Hacked online database
|
Kirkwood Community College
|
2013
|
125,000
|
|
academic
|
hacked
|
Hackers accessed data relating to applications made between February 2006 and March 2013, including names, birth dates, race, contact information and Social Security numbers.
|
Apr 2013
|
2
|
|
|
Yahoo Japan
|
2013
|
22,000,000
|
|
tech, web
|
hacked
|
22 million Yahoo user IDs may have been leaked after Yahoo detected an unauthorized attempt to access the administrative system of its Yahoo Japan portal.
|
May 2013
|
1
|
| open-source content management platform
|
Drupal
|
2013
|
1,000,000
|
|
web
|
hacked
|
Malicious files were placed on the servers of the content management platform. They exposed usernames, e-mail addresses and cryptographically hashed passwords.
|
May 2013
|
1
|
|
|
TerraCom & YourTel
|
2013
|
170,000
|
|
telecoms
|
oops!
|
Journalists discovered the personal data of over 170,000 customers on a publicly accessible server. Hilariously, the firms branded the journalists "hackers".
|
May 2013
|
2
|
| Administrative offices
|
Washington State court system
|
2013
|
160,000
|
|
government
|
hacked
|
Social Security numbers and a million driver's license numbers may have been accessed by hackers exploiting weaknesses in old server software.
|
May 2013
|
2
|
|
|
MacRumours.com
|
2013
|
860,000
|
|
web
|
hacked
|
A moderator account on the forum was logged into by the hacker, who then was able to escalate privileges. All users were advised to change their passwords.
|
Nov 2013
|
1
|
| Experian
|
Court Ventures
|
2013
|
200,000,000
|
200m
|
finance
|
inside job
|
A 24 year old Vietnamese national, Hieu Minh Ngo, ran an identity theft service from his bedroom. A deal he struck with Experian gave him access to the personal and financial data of American citizens.
|
Oct 2013
|
2
|
|
|
Vodafone
|
2013
|
2,000,000
|
|
telecoms
|
inside job
|
An IT contractor for the firm used his access to the telecom giant's system to steal customer details, including bank account numbers and sort codes.
|
Sep 2013
|
3
|
|
|
Adobe
|
2013
|
38,000,000
|
38m
|
tech
|
hacked
|
Hackers obtained access to a swathe of Adobe customer IDs, encrypted passwords & sensitive information including encrypted credit and debit card numbers. Plus source code.
|
Oct 2013
|
3
|
|
|
D&B, Altegrity
|
2013
|
1,000,000
|
|
tech
|
hacked
|
Hackers stole millions of social security numbers from a number of large US data brokers, intending to steal identities.
|
Sep 2013
|
3
|
|
|
ssndob.ms
|
2013
|
4,000,000
|
|
web
|
hacked
|
Teenage hackers collected data for exposed.su, a site that charged people to search for the social security numbers, birthdays, phone numbers and addresses of celebrities.
|
Sep 2013
|
2
|
|
|
Target
|
2013
|
70,000,000
|
|
retail
|
hacked
|
Investigators believe that personal data was obtained via software installed on card-swiping machines at Target stores.
|
Dec 2013
|
3
|
|
|
China Software Developer Network
|
2012
|
6,000,000
|
|
web
|
hacked
|
A man surnamed Zeng was arrested on suspicion of leaking personal information belonging to users of the China Software Developer Network (CSDN).
|
Mar 2012
|
1
|
| Credit, debit and check processing for merchants (Visa, Mastercard, etc)
|
Global Payments
|
2012
|
1,500,000
|
|
finance
|
hacked
|
Hackers gained unauthorised access to systems of the payment processing firm, exposing over a million credit card numbers.
|
Apr 2012
|
3
|
| South Carolina Department of Health and Human Services
|
South Carolina Government
|
2012
|
228,000
|
|
health
|
inside job
|
A man was arrested for sending confidential information on Medicaid beneficiaries to his personal email address.
|
Apr 2012
|
4
|
| Saderat, Eghtesad Novin, & Saman
|
Three Iranian banks
|
2012
|
3,000,000
|
|
finance
|
hacked
|
After finding a security flaw in Iran's banking system, Khosrow Zarefarid sent a formal report to the CEOs of all affected banks. When they ignored him, he hacked 3m bank accounts to prove his point.
|
Apr 2012
|
5
|
|
|
California Department of Child Support Services
|
2012
|
800,000
|
|
government
|
lost device
|
California child support records were lost in transit during a "disaster preparedness" exercise.
|
Apr 2012
|
2
|
| hospital system in Atlanta
|
Emory Healthcare
|
2012
|
315,000
|
|
health
|
lost device
|
The company 'misplaced' 10 backup discs containing sensitive patient information, including social security numbers.
|
Apr 2012
|
4
|
|
|
Office of the Texas Attorney General
|
2012
|
6,500,000
|
|
government
|
oops!
|
The office of Texas Attorney General Greg Abbott mistakenly gave attorneys access to a database containing millions of Social Security numbers.
|
Apr 2012
|
2
|
| US health program for low income people and families
|
Medicaid
|
2012
|
780,000
|
|
government, health
|
hacked
|
Hackers operating out of Eastern Europe circumvented server security at the Utah Health Department, stealing the Social Security numbers of Medicaid claimants.
|
Apr 2012
|
5
|
| Activision, Battle.net
|
Blizzard
|
2012
|
14,000,000
|
|
gaming
|
hacked
|
Scrambled passwords, e-mail addresses, and personal security answers were stolen from Blizzard's internal network. Blizzard would not elaborate on the size of the hack ("millions").
|
Aug 2012
|
2
|
|
|
New York State Electric & Gas
|
2012
|
1,800,000
|
|
misc
|
inside job
|
An employee from a software consulting firm was able to grant unauthorized access to the energy supplier's database.
|
Jan 2012
|
2
|
| Florida
|
Memorial Healthcare System
|
2012
|
102,153
|
|
health
|
lost device
|
For more than a year, an employee of an affiliated physician’s office accessed patient information through a web portal: names, dates of birth and Social Security numbers.
|
Apr 2012
|
2
|
|
|
Zappos
|
2012
|
24,000,000
|
|
web
|
hacked
|
The Amazon-owned e-commerce firm was the target of a cyber attack on its internal network, exposing names, e-mail addresses, phone numbers,addresses, and encrypted passwords.
|
Jan 2012
|
2
|
| Interest-based social Q&A website
|
Formspring
|
2012
|
420,000
|
|
web
|
hacked
|
420,000 hashed passwords were posted to a security forum. Formspring immediately forced users to reset their passwords.
|
Jul 2012
|
1
|
| Korean mobile carrier
|
KT Corp.
|
2012
|
8,700,000
|
|
telecoms
|
hacked
|
Two suspects earned an estimated $877,000 by selling the contact information and plan details of 8.7 million subscribers to Korea's second largest mobile phone network.
|
Jul 2012
|
2
|
|
|
Yahoo Voices
|
2012
|
450,000
|
|
tech, web
|
hacked
|
Usernames and passwords thought to be related to Yahoo's Voice service were dumped online, after being accessed in a database hack.
|
Jul 2012
|
1
|
| Owned by CBS
|
Last.fm
|
2012
|
43,500,000
|
|
web
|
hacked
|
Usernames, email addresses and other internal records, such as newsletter sign-ups and ad-related data, were stolen in a 2012 hack.
|
Sep 2016
|
1
|
|
|
LinkedIn, eHarmony, Last.fm
|
2012
|
8,000,000
|
|
web
|
hacked
|
Hacker 'dwdm' uploaded a file containing 6.5 million passwords to a Russian hacker forum. Soon after, another 1.5 million passwords were discovered in another file on the forum.
|
Jun 2012
|
1
|
|
|
Gamigo
|
2012
|
8,000,000
|
|
web
|
hacked
|
4 months after the gaming site Gamigo warned users about a hacker intrusion, more than 8 million usernames, emails & encrypted passwords from the site were published on the web.
|
Jul 2012
|
1
|
| Online dating network for, you guessed it, military singles
|
Militarysingles.com
|
2012
|
163,792
|
|
web, military
|
hacked
|
Hacking group LulzSec released a database of 163,792 names, usernames, e-mail addresses, IP addresses, and passwords of "single" military personnel.
|
Mar 2012
|
1
|
|
|
"Apple"
|
2012
|
12,367,232
|
|
tech, retail
|
oops!
|
Millions of Apple Unique Device Identifiers (UDIDs) were leaked online. A hacking group claimed it had hacked an FBI laptop, but a software firm called BlueToad was found to be the source.
|
Mar 2012
|
2
|
|
|
Greek government
|
2012
|
9,000,000
|
|
government
|
hacked
|
A computer programmer was arrested in Greece for allegedly stealing the identity information of 83% of the country's population. The 35-year-old was suspected of trying to sell it on.
|
Nov 2012
|
2
|
|
|
South Carolina State Dept. of Revenue
|
2012
|
3,600,000
|
|
government
|
hacked
|
A server containing social security numbers and credit card data was breached by an international hacker.
|
Oct 2012
|
1
|
|
|
Dropbox
|
2012
|
68,700,000
|
68.7m
|
web
|
hacked
|
User credentials were stolen in a 2012 hack, but the number affected only came to light four years later. Dropbox reset any passwords that had been unchanged since 2012.
|
Aug 2016
|
1
|
| New York City Health & Hospitals Corporation's North Bronx Healthcare Network
|
New York City Health & Hospitals Corp.
|
2011
|
1,700,000
|
|
health
|
lost device
|
Computer backup tapes from the New York provider were stolen from a truck that was transporting them to a secure storage location.
|
Feb 2011
|
4
|
|
|
Seacoast Radiology, PA
|
2011
|
231,400
|
|
health
|
hacked
|
Computer gamers hacked a server in search of more bandwidth to play Call of Duty. In the process they gained access to personal records of more than 230,000 patients.
|
Jan 2011
|
2
|
|
|
South Shore Hospital, Massachusetts
|
2011
|
800,000
|
|
health
|
lost device
|
South Shore Hospital hired a contractor to destroy files no longer in use. The firm lost the shipment. It contained social security numbers, medical records and banking details.
|
Sep 2011
|
5
|
| UK gambling site
|
Betfair
|
2011
|
2,300,000
|
|
web
|
hacked
|
Betfair waited 18 months to report the breach of their online gambling site, alarming banking institutions and security experts. The breach involved user names, addresses and account details.
|
May 2011
|
3
|
|
|
Ankle & foot Center of Tampa Bay, Inc.
|
2011
|
156,000
|
|
health
|
hacked
|
Names, social security numbers, date of birth, home addressees, account numbers, healthcare services and diagnostics were hacked.
|
Jan 2011
|
4
|
|
|
Yale University
|
2011
|
43,000
|
|
academic
|
oops!
|
The names and Social Security numbers of 43,000 people affiliated with the university were publicly viewable on Google for 10 months.
|
Aug 2011
|
2
|
|
|
Morgan Stanley Smith Barney
|
2011
|
34,000
|
|
finance
|
lost device
|
Morgan Stanley mailed two CDRs containing sensitive data about investors to the New York State Department of Taxation and Finance. When it arrived at the relevant desk, the CDs were missing.
|
Jul 2011
|
3
|
|
|
State of Texas
|
2011
|
3,500,000
|
|
government
|
oops!
|
3.5 million records were accidentally published online including people's names, mailing addresses and social security numbers. They were there for a year.
|
Apr 2011
|
2
|
| Marketing email provider
|
Epsilon
|
2011
|
3,000,000
|
|
web
|
hacked
|
Names & email addresses of customers of Barclaycard US, Capital One, JP Morgan, Citigroup & other firms were stolen via a breach in an email system.
|
Apr 2011
|
1
|
|
|
Sony PSN
|
2011
|
77,000,000
|
|
gaming
|
hacked
|
Rounding off a thoroughly unhappy year for Sony, their third breach saw a breach of 76,000,000 Sony PSN and Qriocity user accounts. They were offline for 23 days.
|
Apr 2011
|
1
|
|
|
US Law Enforcement
|
2011
|
123,461
|
|
government
|
hacked
|
"AntiSec" hackers published a huge trove of personal information from 70 different US law enforcement agencies.
|
Aug 2011
|
3
|
|
|
University of Wisconsin - Milwaukee
|
2011
|
73,000
|
|
academic
|
hacked
|
A malware attack on a database server exposed the names and social security numbers of students and staff, past and present.
|
Aug 2011
|
2
|
| geopolitical intelligence firm
|
Stratfor
|
2011
|
935,000
|
|
military
|
hacked
|
Hacking collective Anonymous published what they claimed was Stratfor's confidential client list, along with credit card details and passwords. In fact, it was a list of subscribers to Stratfor's online publication.
|
Dec 2011
|
3
|
|
|
Chinese gaming sites
|
2011
|
10,000,000
|
|
web
|
hacked
|
Several major Chinese gaming sites were hacked, breaching millions of user records.
|
Dec 2011
|
1
|
|
|
Southern California Medical-Legal Consultants
|
2011
|
300,000
|
|
health
|
hacked
|
Electronic files containing names and social security numbers of approximately 300,000 individuals who have applied for workers’ compensation benefits were left unsecured.
|
Jun 2011
|
2
|
| Website design and hosting for writers
|
Writerspace.com
|
2011
|
62,000
|
|
web
|
hacked
|
Hacker group LulzSec released a stash of e-mails and passwords, 12,000 of which were confirmed to originate from Writerspace.com.
|
Jun 2011
|
1
|
| US video game company (Elder Scrolls, Fallout 3)
|
Bethesda Game Studios
|
2011
|
200,000
|
|
gaming
|
hacked
|
Hacking collective Lulzsec claimed to have stolen the account information of 200,000 users.
|
Jun 2011
|
1
|
|
|
Sega
|
2011
|
1,290,755
|
|
gaming
|
hacked
|
Information registered as part of the Sega Pass system was stolen, including names, birth dates, e-mail addresses and passwords.
|
Jun 2011
|
2
|
|
|
Citigroup
|
2011
|
210,000
|
|
finance
|
hacked
|
A breach of the bank's online web portal compromised the information of around 1% of Citbank card holders.
|
Jun 2011
|
3
|
|
|
Sony Pictures
|
2011
|
1,000,000
|
|
web
|
hacked
|
The LulzSec hacking collective accessed unencrypted user information. They claimed that they didn't have the resources to steal everything they were able to access.
|
Jun 2011
|
1
|
|
|
Accendo Insurance Co.
|
2011
|
175,350
|
|
health
|
poor security
|
Mismailed letters allowed some lines of sensitive information (medication name, date of birth, and member ID) to be visible through the envelope window.
|
Jun 2011
|
2
|
|
|
Washington Post
|
2011
|
1,270,000
|
|
misc
|
hacked
|
Unknown hackers broke into The Washington Post's jobs website, stealing user IDs and email addresses.
|
Jul 2011
|
2
|
| Data lost from HN servers managed by IBM
|
Health Net - IBM
|
2011
|
1,900,000
|
|
health
|
lost device
|
As many as nine server drives containing personal information of former and current employees went missing from an IBM data center in California.
|
Mar 2011
|
3
|
| California hospital
|
Eisenhower Medical Center
|
2011
|
514,330
|
|
health
|
lost device
|
A computer stolen from the hospital contained patients' names, ages, dates of birth, medical record numbers and the last four digits of their social security numbers.
|
Apr 2011
|
4
|
|
|
Spartanburg Regional Healthcare System
|
2011
|
400,000
|
|
health
|
lost device
|
A computer stolen from an employee's car contained a password-protected file with Social Security numbers as well as names, addresses, dates of birth and medical billing codes.
|
May 2011
|
4
|
| UK's national health service, govt funded
|
NHS
|
2011
|
8,600,000
|
|
health
|
lost device
|
A laptop holding the unencrypted records of eight million patients went missing from an NHS store room and wasn't reported until 3 weeks later.
|
Jun 2011
|
4
|
|
|
San Francisco Public Utilities Commission
|
2011
|
180,000
|
|
government
|
hacked
|
A server storing customer data was found to be a) unsecured, and b) infected with viruses.
|
Jun 2011
|
1
|
|
|
Sony Online Entertainment
|
2011
|
24,600,000
|
|
gaming
|
hacked
|
Hackers may have taken personal information from accounts in Austria, Germany, The Netherlands and Spain, including over 12,000 credit card accounts and 10,000 bank accounts.
|
May 2011
|
3
|
|
|
Honda Canada
|
2011
|
283,000
|
|
retail
|
hacked
|
Names, addresses and vehicle identification numbers were taken from two of the firms' eCommerce websites, myHonda and myAcura
|
May 2011
|
2
|
| Massachusetts Executive Office of Labor and Workforce
|
Massachusetts Government
|
2011
|
210,000
|
|
government
|
hacked
|
Over 1,500 departmental computers were infected with malware which “downloads additional files, steals information and opens a back door on the compromised computer”.
|
May 2011
|
5
|
|
|
Oregon Department of Motor Vehicles
|
2011
|
1,000,000
|
|
government
|
hacked
|
Detectives arrested Tim Nuss for accessing an old Oregon Department of Motor Vehicles database, including names, addresses, birth dates, gender and ages of people who registered.
|
May 2011
|
2
|
| gaming portal
|
Steam
|
2011
|
35,000,000
|
|
web
|
hacked
|
Attackers used login details from a forum hack to gain access to a database containing user names, encrypted passwords and credit card info, game purchases and billing addresses.
|
Nov 2011
|
3
|
| food, equipment, and supplies for restaurants
|
Restaurant Depot
|
2011
|
200,000
|
|
retail
|
hacked
|
Nov 2011. Cybercrooks presumed to be operating from Russia hacked into the Restaurant Depot database and accessed credit and debit card details.
|
Nov 2011
|
3
|
| game developer
|
Nexon Korea Corp
|
2011
|
13,200,000
|
|
web
|
hacked
|
Personal data of subscribers to the online game Maple Story was breached and subsequently leaked.
|
Nov 2011
|
2
|
| US children's hospitals
|
Nemours Foundation
|
2011
|
1,600,000
|
|
health
|
lost device
|
A Florida health care provider responsible for running children’s hospitals lost three data backup tapes, containing 10 years worth of information.
|
Oct 2011
|
4
|
|
|
Sutter Medical Foundation
|
2011
|
4,243,434
|
|
health
|
lost device
|
A stolen laptop contained a database with names, addresses, dates of birth, phone numbers, email addresses, medical record numbers and health insurance plans.
|
Nov 2011
|
2
|
| Healthcare service for US Military
|
Tricare
|
2011
|
4,901,432
|
|
military, health
|
lost device
|
Backup tapes containing information for some 4.6 million active and retired military personnel, as well as their families, was stolen from a data contractor's car in San Antonio.
|
Sep 2011
|
4
|
|
|
AvMed, Inc.
|
2010
|
1,220,000
|
|
health
|
lost device
|
Two company laptops containing names, addresses, dates of birth, Social Security numbers and health-related information were stolen from an AvMed facility in Gainesville.
|
Feb 2010
|
2
|
| US health insurance organization
|
Blue Cross Blue Shield of Tennessee
|
2010
|
1,023,209
|
|
health
|
lost device
|
A thief stole 57 unencrypted hard drives from the closet of a BlueCross call center in Chattanooga.
|
May 2010
|
2
|
| Wikileaks / Bradley Manning/Cablegate.
|
US Military
|
2010
|
260,000
|
|
military
|
inside job
|
The Wikileaks Embassy Cables, containing over 1/4 of a million dispatches from more than 250 worldwide embassies and consulates.
|
Nov 2010
|
5
|
| US news and gossip blog network including Gawker.com Gizmodo.com Lifehacker.com
|
Gawker.com
|
2010
|
1,500,000
|
|
web
|
hacked
|
The notorious website was hacked. The source code was stolen, along with 1.5 million usernames, emails and passwords.
|
Dec 2010
|
2
|
| Puerto-Rican health insurance company
|
Triple-S Salud, Inc.
|
2010
|
398,000
|
|
health
|
lost device
|
A competitor accessed restricted areas of the healthcare firm's website without authorisation, compromising client information.
|
Nov 2010
|
4
|
|
|
Ohio State University
|
2010
|
760,000
|
|
academic
|
hacked
|
The breach affected current and former students. It cost the university $4m in expenses related to investigative consulting, breach notification and credit security.
|
Dec 2010
|
2
|
| A Chicago emergency physician group
|
Emergency Healthcare Physicians, Ltd.
|
2010
|
180,111
|
|
health
|
lost device
|
A stolen portable hard drive contained records from 2003 to 2006, including patient names, addressees, phone numbers, birth dates and Social Security numbers.
|
May 2010
|
4
|
| Department of Health Care Policy & Financing
|
Colorado government
|
2010
|
105,470
|
|
health
|
lost device
|
State officials discovered the unauthorized removal of a computer hard drive housed at Colorado's Office of Information Technology which contained health insurance information.
|
Jul 2010
|
2
|
| US Telecoms company
|
AT&T
|
2010
|
114,000
|
|
telecoms
|
hacked
|
Details of iPad 3G users, thought to include those of White House chief of staff Rahm Emanuel, was stolen from the AT&T website.
|
Jun 2010
|
1
|
|
|
Lincoln Medical & Mental Health Center
|
2010
|
130,495
|
|
health
|
lost device
|
Protected health information was exposed after seven CDs were lost in transit with FedEx.
|
Jun 2010
|
4
|
| US student loan guarantor
|
Educational Credit Management Corp
|
2010
|
3,300,000
|
|
finance
|
lost device
|
A contractor for the US Department of Education stole a device containing student loan records. The breach affected as many as 5% of all the country's federal student loan borrowers.
|
Mar 2010
|
2
|
|
|
US Federal Reserve Bank of Cleveland
|
2010
|
400,000
|
|
finance
|
hacked
|
Nov 2010. A Malaysian man was charged with hacking into major US corporations and stealing 400,000 credit and debit card account numbers.
|
Nov 2010
|
3
|
|
|
Classified Iraq War documents
|
2010
|
392,000
|
|
government
|
inside job
|
Wikileaks posted classified Iraq War documents on its website.
|
Oct 2010
|
2
|
| Independent payment processor
|
Heartland
|
2009
|
130,000,000
|
130m
|
finance
|
hacked
|
Keylogging malware caused a massive data breach. Heartland eventually paid more than $110 million to Visa, MasterCard, American Express and other card associations to settle claims.
|
Jan 2009
|
3
|
|
|
US National Guard
|
2009
|
131,000
|
|
military
|
lost device
|
A personal laptop owned by an Army Guard contractor was stolen. It contained a database including names, Social Security Numbers, incentive payment amounts and payment dates.
|
Dec 2009
|
2
|
| Developer of online games (Zoo World/Zoo World 2) and advertising products
|
RockYou!
|
2009
|
32,000,000
|
|
web, gaming
|
hacked
|
The site did not allow users to use special characters or punctuation in their passwords and e-mailed user passwords in plain text. Hackers took advantage of these security lapses.
|
Dec 2009
|
1
|
| Provider of online banking, online bill payment and electronic bill payment services for the financial services industry
|
CheckFree Corporation
|
2009
|
5,000,000
|
|
finance
|
hacked
|
Criminals took control of the payment service's domains. They redirected traffic to a Ukrainian Web server that used malware to install a password-stealing program on the victim's computer.
|
Jan 2009
|
1
|
| Domain name registration business
|
Network Solutions
|
2009
|
573,000
|
|
web
|
hacked
|
A large-scale infection of e-commerce sites with malicious code led to the compromise of thousands of debit and credit cards.
|
Jul 2009
|
3
|
|
|
Virginia Prescription Monitoring Program
|
2009
|
531,400
|
|
health
|
hacked
|
A prescriptions website with a database containing 8m patient records and 35m prescription records was hacked. The hacker demanded a $10 million ransom for the breach.
|
May 2009
|
2
|
| details on students, alumni and others
|
University of California Berkeley
|
2009
|
160,000
|
|
academic
|
hacked
|
The attackers accessed a computer belonging to the university's health centre. The personal information of current students and alumni was stolen.
|
May 2009
|
3
|
| Largest US publicly traded managed health care company
|
Health Net
|
2009
|
1,500,000
|
|
health
|
lost device
|
A portable hard drive with seven years worth of personal and medical information was lost for six months before being reported.
|
Nov 2009
|
4
|
|
|
US Military
|
2009
|
76,000,000
|
|
military
|
lost device
|
The National Archives And Records Administration sent a defective, unencrypted hard drive for repair and recycling. It held detailed records on 76 million veterans dating back to 1972.
|
Oct 2009
|
2
|
|
|
Compass Bank
|
2008
|
1,000,000
|
|
finance
|
inside job
|
A former employee stole a hard drive containing 1m account details between May & July 2007, then used it to defraud cutomers of nearly $32,000.
|
Mar 2008
|
3
|
| Delhaize Group: Hannaford Bros, Sweetbay, Food Lion, Bloom, Bottom Dollar, Harveys, Kash n' Karry
|
Hannaford Brothers Supermarket Chain
|
2008
|
4,200,000
|
|
retail
|
hacked
|
An estimated 4.2 million credit and debit card numbers were stolen when payment data was intercepted by hackers.
|
Mar 2008
|
3
|
|
|
University of Miami
|
2008
|
2,100,000
|
|
academic
|
lost device
|
Six backup tapes from the medical school containing more than 2 million medical records were stolen from a van that was transporting the data to an off-site facility.
|
Apr 2008
|
3
|
| Wealth management
|
BNY Mellon Shareowner Services
|
2008
|
4,500,000
|
|
finance
|
lost device
|
An archiving vendor lost a box full of data storage tapes containing sensitive information.
|
May 2008
|
1
|
| Employee convicted of downloading millions of borrower files and selling the information to other loan officers.
|
Countrywide Financial Corp
|
2008
|
2,500,000
|
|
finance
|
inside job
|
A senior financial analyst was sentenced to eight months in prison after pleading guilty to downloading millions of borrower files onto thumb drives & selling the information.
|
Aug 2008
|
2
|
|
|
UK Home Office
|
2008
|
84,000
|
|
government
|
lost device
|
PA Consulting lost an unencrypted memory stick containing details of high risk, prolific and other offenders. It had its contract terminated after an enquiry.
|
Aug 2008
|
2
|
| the U.S. payment processing arm of The Royal Bank of Scotland Group
|
RBS Worldpay
|
2008
|
1,500,000
|
|
finance
|
hacked
|
A hack compromised RBS Worldpay prepay and gift cards. Actual fraud has been committed on approximately 100 cards. The personal information of over 1m people was exposed.
|
Dec 2008
|
5
|
| South Korea's largest online shopping site
|
Auction.co.kr
|
2008
|
18,000,000
|
|
web
|
hacked
|
South Korea’s largest online shopping site was attacked by a Chinese hacker who made off with user information and a large amount of financial data.
|
Feb 2008
|
3
|
| Private oil company
|
GS Caltex
|
2008
|
11,100,000
|
|
misc
|
inside job
|
Two multimedia discs containing personal data of Korean customers was found by an office worker in a trash pile in Seoul. Likely to have been stolen by an employee.
|
Sep 2008
|
2
|
|
|
AT&T
|
2008
|
113,000
|
|
telecoms
|
lost device
|
A laptop containing unencrypted Social Security numbers and bonus/salary info of AT&T employees was stolen from a car.
|
Jun 2008
|
1
|
|
|
Stanford University
|
2008
|
72,000
|
|
academic
|
lost device
|
A laptop containing information on tens of thousands of past and current Stanford University employees was stolen.
|
Jun 2008
|
2
|
| stolen data tapes
|
University of Utah Hospitals & Clinics
|
2008
|
2,200,000
|
|
academic
|
lost device
|
Petty thieves stole backup data tapes containing billing records from an employee's car. According to police reports the thieves tried - and failed - to view the tapes using a VHS player.
|
Jun 2008
|
4
|
|
|
Chile Ministry Of Education
|
2008
|
6,000,000
|
|
government
|
hacked
|
A computer hacker in Chile published confidential records belonging to six million people to illustrate the weakness of government security.
|
May 2008
|
1
|
|
|
Texas Lottery
|
2008
|
89,000
|
|
government
|
inside job
|
Data on more than 89,000 lottery winners (including names, Social Security numbers, addresses and prize amounts) were taken from the agency without permission by a former employee.
|
Nov 2008
|
2
|
|
|
Starbucks
|
2008
|
97,000
|
|
retail
|
lost device
|
A laptop containing private information on 97,000 employees was stolen. Employees won a case against the firm before losing in the federal court as they were unable to prove any cognizable harm.
|
Nov 2008
|
2
|
|
|
UK Ministry of Defence
|
2008
|
1,700,000
|
|
government
|
lost device
|
A hard drive containing sensitive details of Armed Forces personnel - passport & national insurance numbers, bank details etc - went missing. The loss was revealed during National Identity Fraud Prevention Week.
|
Oct 2008
|
5
|
|
|
T-Mobile, Deutsche Telecom
|
2008
|
17,000,000
|
|
telecoms
|
lost device
|
Thieves stole a device containing names, addresses, cell phone numbers, and some birth dates and e-mail addresses for high-profile German citizens.
|
Oct 2008
|
1
|
|
|
Norwegian Tax Authorities
|
2008
|
3,950,000
|
|
government
|
oops!
|
Tax authorities accidentally sent CD-ROMs filled with the 2006 tax returns of 4m Norwegian citizens to editorial staff at national newspapers, radios and television stations.
|
Sep 2008
|
2
|
|
|
Service Personnel and Veterans Agency (UK)
|
2008
|
50,500
|
|
government
|
lost device
|
Hard drives containing personal information of employees were stolen from a high-security facility.
|
Sep 2008
|
2
|
| Jobs website
|
Monster.com
|
2007
|
1,600,000
|
|
web
|
hacked
|
A trojan virus harvested user names, e-mail addresses, home addresses and phone numbers. Soon after, phishing e-mails encouraged users to download a Monster Job Seeker Tool, which was in fact malware.
|
Aug 2007
|
2
|
|
|
Driving Standards Agency
|
2007
|
3,000,000
|
|
government
|
lost device
|
A hard disk with details of UK driving theory test candidates was lost by a contractor while they were in Iowa, USA.
|
Dec 2007
|
2
|
|
|
Fidelity National Information Services
|
2007
|
8,500,000
|
|
finance
|
inside job
|
An employee sold customer information to a data broker, including names, addresses, birth dates, bank account and credit card information.
|
Jul 2007
|
3
|
|
|
City and Hackney Teaching Primary Care Trust
|
2007
|
160,000
|
|
government
|
lost device
|
Disks containing children's personal details were lost by couriers. It prompted the agency to introduce disk encryption.
|
Dec 2007
|
2
|
|
|
Gap Inc
|
2007
|
800,000
|
|
retail
|
lost device
|
A laptop containing data on people who applied for positions at Gap stores between July 2006 and June 2007 was stolen.
|
Sep 2007
|
2
|
| Japanese printing company
|
Dai Nippon Printing
|
2007
|
8,637,405
|
|
retail
|
inside job
|
A former contractor of the firm stole 8.6 million records containing the personal data of customers.
|
Mar 2007
|
1
|
| Largest retail breach to date
|
TK / TJ Maxx
|
2007
|
94,000,000
|
94m
|
retail
|
hacked
|
A Minnesota store wifi network was hacked. Data from the credit and debit cards of shoppers was stolen.
|
Mar 2007
|
3
|
|
|
JP Morgan Chase
|
2007
|
2,600,000
|
|
finance
|
lost device
|
Personal information was mistakenly identified as trash and thrown out in garbage bags outside five branch offices in New York.
|
May 2007
|
3
|
| HMRC
|
UK Revenue & Customs
|
2007
|
25,000,000
|
|
government
|
lost device
|
A set of discs containing confidential details of 25 million child benefit recipients was lost.
|
Nov 2007
|
1
|
| US online broker
|
TD Ameritrade
|
2007
|
6,300,000
|
|
finance
|
hacked
|
The firm settled a class action lawsuit to compensate as many as 6.3 million customers whose data was stolen by hackers.
|
Sep 2007
|
1
|
| American Online
|
AOL
|
2006
|
20,000,000
|
|
web
|
oops!
|
AOL released search data for roughly 20 million web queries from 658,000 anonymized users of the service. No one is quite sure why.
|
Aug 2006
|
1
|
|
|
US Dept of Vet Affairs
|
2006
|
26,500,000
|
|
government, military
|
lost device
|
The Veterans Affairs Department agreed to pay $20 million to settle a class action lawsuit over the loss of a laptop.
|
Jul 2006
|
2
|
| Business outsourcing, payrolls, benefits
|
Automatic Data Processing
|
2006
|
125,000
|
|
finance
|
poor security
|
Automatic Data Processing, one of the world's largest payroll service companies, confirmed that it was swindled by a data thief looking for information on investors.
|
Jul 2006
|
2
|
| Japanese telecommunications operator
|
KDDI
|
2006
|
4,000,000
|
|
telecoms
|
hacked
|
Tokyo police arrested two men for trying to extort nearly US$90,000. The pair allegedly threatened to disclose the existence of storage media containing personal data.
|
Jun 2006
|
1
|
|
|
Hewlett Packard
|
2006
|
200,000
|
|
tech, retail
|
lost device
|
A laptop containing employee data was either lost or stolen. It included names, addresses, Social Security numbers, dates of birth and other employment-related information.
|
Mar 2006
|
2
|
| online broker
|
Ameritrade Inc.
|
2005
|
200,000
|
|
finance
|
lost device
|
A computer backup tape containing the personal information of customers between 2000 and 2003 was lost.
|
Apr 2005
|
2
|
|
|
Citigroup
|
2005
|
3,900,000
|
|
finance
|
lost device
|
A box of computer tapes containing information on 3.9 million customers was lost in transit to a credit reporting agency.
|
Jun 2005
|
3
|
| Third-party payment processor for Visa, Mastercard, Amex, and Discover
|
Cardsystems Solutions Inc.
|
2005
|
40,000,000
|
|
finance
|
hacked
|
An unauthorized entity enabled access to cusomer credit card data. It's not clear how many of the 40 million accounts were stolen.
|
Jun 2005
|
3
|
| American Online
|
AOL
|
2004
|
92,000,000
|
92m
|
web
|
inside job
|
A former America Online software engineer stole 92 million screen names and e-mail addresses and sold them to spammers who sent out up to 7 billion unsolicited e-mails.
|
Jun 2004
|
1
|
