Saltar al contenido principal

🏛️ Data Leaks Hall of Shame

Información y créditos

La siguiente tabla de brechas de seguridad es gentileza de information is beautiful. Iremos actualizándolo períodicamente en la medida en que el archivo original reciba actualizaciones.

Ojo a las 🍪

Toma en cuenta que se han facilitado un hipervínculo a la fuente original. Este link puede conducir a un sitio web que eventualmente podría contener cookies, trackers y otras tecnologías invasivas de la privacidad.

organisationalternative namerecords lostyeardatestorysectormethodinteresting storydata sensitivitydisplayed recordsFIELD12source name1st source link2nd source linkID
Visualización aquí(use 3m, 4m, 5m or 10m to approximate unknown figures)year story brokepoor security hacked oops! lost device inside job1. Just email address/Online information 2 SSN/Personal details 3 Credit card information 4 Health & other personal records 5 Full details
Quantas5,700,0002025Jul 25The records of nearly 6 million customers on the platform and Qantas expects a "significant" proportion of the data has been stolen.transporthacked2ABChttps://www.abc.net.au/news/2025-07-02/qantas-cyber-attack-significant-data-stolen/105484720524
GiveSendGo92,0002022Feb 22Crowdfunding site that raised funds for the anti-vax “freedom convoy” in Canada was hacked exposing the names and personal details of over 92,000 donorswebhackedy2Vicehttps://www.vice.com/en/article/freedom-convoy-givesendgo-donors-leaked/523
Tea72,0002025Jul 25Web service providing safety for women online dating was breached, exposing over 13K photos of IDs used for account vertification, alongside 56K other images. ID photos were likely geotagged, worsening the severity of the leakwebhackedy4Tech Crunchhttps://techcrunch.com/2025/07/26/dating-safety-app-tea-breached-exposing-72000-user-images/522
Lee Enterprises39,0002025Feb 25Attackers behind a ransomware attack in Feb also stole documents and information on ~40K individualsmischacked2Beeping Computerhttps://www.bleepingcomputer.com/news/security/media-giant-lee-enterprises-says-data-breach-affects-39-000-people/521
Cartier100,0002025Jun 25Luxury fashion brand Cartier warned customers of a data breach that exposed customers' personal information.retailhacked1Beeping Computerhttps://www.bleepingcomputer.com/news/security/cartier-discloses-data-breach-amid-fashion-brand-cyberattacks/520
The North Face100,0002025Apr 25The North Face is warning customers that their personal information was stolen in credential stuffing attacks.retailhacked2Beeping Computerhttps://www.bleepingcomputer.com/news/security/the-north-face-warns-customers-of-april-credential-stuffing-attack/519
LexisNexis364,0002024Dec 24Data broker giant LexisNexis Risk Solutions states attackers stole personal information of over 364k individuals in Dec.techpoor security2Beeping Computerhttps://www.bleepingcomputer.com/news/security/data-broker-lexisnexis-discloses-data-breach-affecting-364-000-people/518
Adidas100,0002025May 25German sportswear giant Adidas disclosed attackers hacked a customer service provider and stole some user data.retailhacked1Beeping Computerhttps://www.bleepingcomputer.com/news/security/adidas-warns-of-data-breach-after-customer-service-provider-hack/517
Coinbase69,4612025May 25Coinbase said, "individuals performing services at our overseas support locations, improperly accessed customer information."financeinside job3Beeping Computerhttps://www.bleepingcomputer.com/news/security/coinbase-says-recent-data-breach-impacts-69-461-customers/516
UK's Legal Aid AgencyLAA2,100,0002025May 25Criminal records dating back to 2010, as well as personal data was stolen for up to two million peoplegovernmenthackedy3Beeping Computerhttps://www.bleepingcomputer.com/news/security/uk-legal-aid-agency-confirms-applicant-data-stolen-in-data-breach/515
Nova Scotia Power100,0002025May 25Nova Scotia Power confirms hackers stole sensitive data. The company serves over 500k customers.mischacked4Beeping Computerhttps://www.bleepingcomputer.com/news/security/nova-scotia-power-confirms-hackers-stole-customer-data-in-cyberattack/514
ColoCrossing7,2002025May 25Breach impacted users of ColoCloud virtual server although was isolated to their cloud/VPS platform. 7k emails exposed.web, techhacked2Have I Been Pwnedhttps://haveibeenpwned.com/Breach/ColoCrossing513
Free13,900,0002024Oct 24French ISP "Free" suffered a breach which was posted for sale and later, leaked. 14m email, names, addresses etc. exposed.webhacked3Have I Been Pwnedhttps://haveibeenpwned.com/Breach/FreeMobile512
Fédération Francaise de Rugby282,0002023Jul 23The French Rugby Federation had a breach and attempted ransom. 282k emails, names, dates of birth and phone numbers.governmenthacked1Have I Been Pwnedhttps://haveibeenpwned.com/Breach/FFR511
TehetségKapu54,4002025Mar 2555k records breached from the Hungarian education office TehetségKapu. Data was subsequently published to a hacking forum.governmenthacked1Have I Been Pwnedhttps://haveibeenpwned.com/Breach/TehetsegKapu510
Krispy Kreme161,6762024Nov 24U.S. doughnut chain confirmed attackers stole the personal info of over 160k individuals in a cyberattack.retailhacked3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/krispy-kreme-says-november-data-breach-impacts-over-160-000-people/509
Episource5,418,8662025Feb 25An investigation revealed that hackers accessed and exfiltrated 5.4m records stored on these systems.healthhacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/episource-says-data-breach-impacts-54-million-patients/508
Cock.li1,023,8002025Jun 25Email hosting provider confirmed exploited flaws in its retired Roundcube webmail platform exposed over 1m records.webpoor security1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/hacker-steals-1-million-cockli-user-records-in-webmail-data-breach/507
UnitedHealth190,000,0002024Oct 24190m Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack.healthhacked4190mBleeping Computerhttps://www.bleepingcomputer.com/news/security/unitedhealth-now-says-190-million-impacted-by-2024-data-breach/506
Internet Archive33,000,0002024Oct 24The Archive was hit by two different attacks, a data breach exposing 33m users data and a DDoS attack.webhacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/505
National Public Data1,000,000,0002024Aug 242.7bn records of US citizens used for background checks leaked on a hacking forum, names, social security, physical addresses, and aliases.governmenthacked22.7bnBleeping Computerhttps://www.bleepingcomputer.com/news/security/hackers-leak-27-billion-data-records-with-social-security-numbers/504
VeriSource4,000,0002024Feb 24Employee benefits administration firm exposed the personal information of 4m people.financehacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/verisource-now-says-february-data-breach-impacts-4-million-people/503
Baltimore Public Schools31,0002025Feb 25Tens of thousands of employees and students exposed in a breach incident when attackers hacked into its network.academiahacked3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/baltimore-city-public-schools-data-breach-affects-over-31-000-people/502
Robinsons195,6002024Jun 24Philippine shopping-mall operator suffered a breach via mobile app exposing 195k emails, names, numbers, DOB, genders.retailpoor security2Have I Been Pwnedhttps://haveibeenpwned.com/Breach/RobinsonsMalls501
Have Fun Teaching27,1002021Aug 21Teaching resources site suffered a breach leaking 80k WooCommerce transactions, and posted to a hacking forum.academiahacked3Have I Been Pwnedhttps://haveibeenpwned.com/Breach/HaveFunTeaching500
Ualabee472,3002025May 25South American mobility services platform had 472k records scraped from an interface on their platform.transporthacked2Have I Been Pwnedhttps://haveibeenpwned.com/Breach/Ualabee499
Wiredbucks918,5002022May 22Social media influencer platform suffered a data breach exposing over 900k emails, IP addresses, names, usernames, etc.webhacked2Have I Been Pwnedhttps://haveibeenpwned.com/Breach/WiredBucks498
Disk Union690,7002022Jun 22Japanese record chain store exposed 690k email, names, postcodes, phone numbers and passwords.retailhacked2Have I Been Pwnedhttps://haveibeenpwned.com/Breach/DiskUnion497
Spectos216,3002025Mar 25Data breach of logistics provider, Spectos: 216k emails, names, physical addresses, and purchases.telecomshacked2Have I Been Pwnedhttps://haveibeenpwned.com/Breach/SamsungGermany496
German Doner Kebab162,4002025Mar 25Breched food company leaked 162k unique emails, names, phone numbers and physical addresses.retailhacked2Have I Been Pwnedhttps://haveibeenpwned.com/Breach/GermanDonerKebab495
Orange Romania556,6002025Feb 25Published to a hacking forum: 556k emails, phone, subscription, partial credit card data.telecomshacked2Have I Been Pwnedhttps://haveibeenpwned.com/Breach/OrangeRomania494
Thermomix Recipe World Forum3,100,0002025Jan 25Forum for users of the popular food processer was breached, exposing 3.1m records inc. emails, physical address, and DOB.webhacked2Have I Been Pwnedhttps://haveibeenpwned.com/Breach/Thermomix493
Kaiser Permanente13,400,0002024Apr 24A leading U.S. healthcare organization transmitted personal information to third-party vendors, including Google, Microsoft Bing, and X (formerly Twitter), including search terms entered in Kaiser's health encyclopedia.healthoops!3Bleeping Computerhttps://restoreprivacy.com/data-breach-at-kaiser-permanente-affects-13-4-million-people/492
Ticketmaster560,000,0002024Jun 24Hacker group ShinyHunters say it stole names, addresses, phone numbers and partial credit cards details from hundreds of millions of Ticketmaster customers around the world.mischackedy3560mBBChttps://www.bbc.co.uk/news/articles/cw99ql0239wo491
Stanford University27,0002023May 23The Akira ransomware group claims to have stolen 430 GB of data, including names and social security numbers. The breach went unnoticed for four months, suggesting a possible prolonged attacker presenceacademiahacked2Slashdothttps://yro.slashdot.org/story/24/03/13/2053224/stanford-university-failed-to-detect-ransomware-intruders-for-4-months?utm_source=feedly1.0mainlinkanon&utm_medium=feed490
Cooler Master500,0002024May 24Threat actor 'Ghostr' hacked the company's Fanzone website, stealing 103 GB of data. Compromised info includes names, emails, phone numbers, birth dates, addresses, product details, employee info, and vendor correspondence.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/cooler-master-confirms-customer-info-stolen-in-data-breach/489
Financial Business and Consumer SolutionsFBCS3,200,0002024Feb 24A U.S. debt collection agency reported a breach Initially affecting 1.9m people but the number has since increased significantly. Stolen data includes names, SSNs, birthdates, account info, and driver's license numbers.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/collection-agency-fbcs-ups-data-breach-tally-to-32-million-people/488
Santander30,000,0002024May 24Threat actor 'ShinyHunters' claim to be selling Santander bank data on 30m customers from Chile, Spain and Uruguay.financehacked3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/banco-santander-warns-of-a-data-breach-exposing-customer-info/487
Everbridge5,600,0002024May 24The American crisis management software company, serving the U.S. Army, Atlanta Airport, and Norway and Australia, suffered a major data breach. Both business and user data compromised.techhacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/everbridge-warns-of-corporate-systems-breach-exposing-business-data/486
BBC25,0002024May 24Personal information of BBC Pension Scheme members, including current and former employees, was compromised. Data types include names, National Insurance numbers, birthdates, and home addresses.mischacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/bbc-suffers-data-breach-impacting-current-former-employees/485
First American44,0002023Dec 23The second largest title insurance company in the US did not reveal which personal information was compromissed.financehacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/first-american-december-data-breach-impacts-44-000-people/484
Christie's500,0002024May 24Famous auction house Christie's lost sensitive information on 500,000 clients to the RansomHub extortion gang. This includes full names, physical addresses, and ID details. Ironically, the cybercriminals also auction these stolen files to the highest bidder.retailhackedy2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/christies-confirms-breach-after-ransomhub-threatens-to-leak-data/483
Sav-Rx2,800,0002023Oct 23Prescription management company Sav-Rx warned over 2.8m people in the US of a data breach. Compromised data includes full names, birthdates, SSNs, emails, addresses, phone numbers, eligibility data, and insurance IDs.healthhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/sav-rx-discloses-data-breach-impacting-28-million-americans/482
Cencora100,0002024Feb 24Major drug companies, including Novartis and Bayer, disclosed data breaches after a February 2024 cyberattack at Cencora, their pharmaceutical services partner. Compromised data includes names, addresses, diagnoses, medications, and prescriptions.healthhacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/cencora-data-breach-exposes-us-patient-info-from-11-drug-companies/481
WebTPA2,400,002023Apr 23The breach at this employer service compromised names, contact info, birth/death dates, SSNs, and insurance details. Impacted individuals include customers of The Hartford, Transamerica, and Gerber Life Insurance.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/webtpa-data-breach-impacts-24-million-insurance-policyholders/480
NissanNissan North America53;0002023Nov 23This breach of the car manufacturer exposed personal data (including Social Security numbers) belonging to current and former employees.transporthacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-impacts-over-53-000-employees/479
Singing RiverSinging River Health System895,0002023Aug 23A healthcare provider in the Gulf Coast region was breached by the Rhysida ransomware gang. Compromised data includes names, birthdates, addresses, SSNs, and medical info.healthhacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/singing-river-health-system-data-of-895-000-stolen-in-ransomware-attack/478
City of HelsinkiHelsinki80,0002024Apr 24A data breach in Helsinki's education division affected tens of thousands of students, guardians, and personnel. Compromised data includes usernames, emails, IDs, addresses, fee details, education info, welfare requests, and medical certificates.governmenthacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/helsinki-suffers-data-breach-after-hackers-exploit-unpatched-flaw/https://poliisi.fi/en/-/police-investigate-extensive-data-breach-in-helsinki-city-s-computer-network477
Firstmac100,0002024Apr 24Australia's largest non-bank lender had 500GB of data stolen by the Embargo cyber-extortion group. Stolen data includes names, addresses, emails, phone numbers, birthdates, bank account info, and driver's license numbers.financehacked3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/largest-non-bank-lender-in-australia-warns-of-a-data-breach/https://www.cyberdaily.au/security/10487-exclusive-aussie-lender-firstmac-falls-victim-to-embargo-ransomware-gang476
The Post Millennial26,000,0002024May 24A conservative Canadian news magazine was breached leaking data on mailing lists, subscriber info, and details of writers and editors: names, emails, usernames, passwords, IPs, phone numbers, addresses, and genders.mischacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/the-post-millennial-hack-leaked-data-impacting-26-million-people/https://www.mediaite.com/politics/conservative-news-websites-hacked-replaced-with-page-leaking-private-information/475
Dell49,000,0002024Apr 24The Dell data breach by a threat actor scraped 49m customer records via a partner portal API accessed as a fake company. Data includes customer names, order info, warranty details, service tags, and locations.techoops!2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/474
UK Ministry of Defense270,0002024May 24A threat actor breached the Ministry of Defence, accessing the Armed Forces payment network. Compromised data includes personal and banking details and a few addresses of active, reserve, and some retired personnel.governmenthacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/uk-confirms-ministry-of-defence-payroll-data-exposed-in-data-breach/https://www.theguardian.com/technology/article/2024/may/06/uk-military-personnels-data-hacked-in-mod-payroll-breach473
DropboxDropbox Sign100,0002024Apr 24A Dropbox service which allows online document signatures, was breached. Hackers accessed authentication tokens, MFA keys, hashed passwords, and customer information.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/dropbox-says-hackers-stole-customer-data-auth-secrets-from-esignature-service/472
Panda Restaurants47,0002024Mar 24Information exposed includes names or other personal identifiers and their driver's license numbers or ID card numbers for an undisclosed cohort.retailhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/panda-restaurants-discloses-a-data-breach-after-corporate-systems-hack/471
Philadelphia Inquirer25,0002023May 23A breach at this daily newspaper exposed names, personal identifiers, and financial account or credit/debit card numbers with security codes, passwords, or PINs. The Cuba ransomware gang claimed responsibility.mischacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/philadelphia-inquirer-data-of-over-25-000-people-stolen-in-2023-breach/470
French government43,000,0002024Feb 24A breach in a French government department - responsible for registering and assisting unemployed people - exposed 20 years of personal data, including names, birthdates, Social Security numbers, travel IDs, emails, postal addresses, and phone numbers.governmenthacked243mThe Registerhttps://www.theregister.com/2024/03/14/mega_data_breach_at_french/469
USGUniversity System of Georgia800,0002023May 24USG, operating 26 public colleges and universities in Georgia, was compromised in the 2023 Clop MOVEit attacks, which impacted thousands of organizations worldwide. Data included full/partial SSNs, birthdates, bank account numbers, and tax documents with Tax IDs.governmenthacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/university-system-of-georgia-800k-exposed-in-2023-moveit-attack/https://www.usg.edu/news/release/notice_of_data_breach468
Ohio Lottery538,0002023Dec 24The DragonForce ransomware gang claimed responsibility for the Christmas Eve attack on the Ohio Lottery. They accessed names, SSNs, and other personal identifiers of affected individuals.gaminghacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/ohio-lottery-ransomware-attack-impacts-over-538-000-individuals/467
OmniVision100,0002023Sep 24The Cactus ransomware gang claimed an attack, leaking passport scans, NDAs, contracts, and confidential documents from OmniVision, a subsidiary of Will Semiconductor, designs imaging sensors for various devices.techhacked3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/omnivision-discloses-data-breach-after-2023-ransomware-attack/466
Western Sydney University7,5002023May 24Hackers had accessed the University's Microsoft Office 365 environment, including email accounts and SharePoint files.academiahacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/western-sydney-university-data-breach-exposed-student-data/465
AT&T73,000,0002024Apr 24Sensitive 2019 data from 7.6m current AT&T account holders and approximately 65.4m former account holders. Emails, passcodes, social security numbers.telecomshacked473mArs Technicahttps://arstechnica.com/tech-policy/2024/04/att-acknowledges-data-leak-that-hit-73-million-current-and-former-users/464
Irish towing company512,0002023Oct 23The driving licences and payment card etails of thousands of motorists who had vehicles towed on behalf of the Irish policetransportpoor security3Irish independenthttps://www.independent.ie/irish-news/thousands-of-drivers-have-sensitive-data-exposed-to-hackers-in-major-it-breach/a1379036136.html463
Maine Government1,300,0002023May 23Russian ransomware group Clop stole names, dates of birth, Social Security numbers, driver’s license and other state or taxpayer identification numbers. Some individuals had medical and health insurance information taken.governmenthacked4Tech Crunchhttps://techcrunch.com/2023/11/09/maine-government-data-breach-clop-ransomware/462
Welltok8,500,0002023Nov 23Patient data was exposed during the breach, including full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information.healthhacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/welltok-data-breach-exposes-data-of-85-million-us-patients/461
Maximus10,000,0002023Jul 23Exploit of a zero-day flaw in the MOVEit file transfer application. Data stolen included social security numbers, protected health information.governmenthacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/8-million-people-hit-by-data-breach-at-us-govt-contractor-maximus/460
Okta1342023Nov 23Names and email addresses of customers of the identity security company. 134 of the company's 18,400 clients were impacted, but that only five instances of successful session hijacking were loggedtechhacked1Oktahttps://sec.okta.com/harfiles459
Delta Dental7,000,0002023May 23The dental insurance company suffered unauthorized access by threat actors through the MOVEit file transfer software application exposing full credit card details of customershealthhacked3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/delta-dental-of-california-data-breach-exposed-info-of-7-million-people/458
Xfinity36,000,0002023Oct 23Hackers using the CitrixBleed vulnerability accessed acocunt details like name, last four digits of social security numbers and hashed passwordstelecomshacked2Tech Crunchhttps://techcrunch.com/2023/12/19/comcast-xfinity-hackers-36-million-customers/457
Atlassian13,2002023Feb 23SiegedSec hacked Atlassian, the owner of Trello and other apps, via a third party office app, leaking employee details and office floor plans after an employee publicly shared credentials.techoops!y1Cyberscoophttps://cyberscoop.com/atlassian-hack-employee-data-seigedsec/456
Reddit100,0002023Feb 23A phishing attack granted access to Reddit's internal documents and systems, but without breaching main production systems, user passwords, or accounts.webhackedy1Forbeshttps://www.forbes.com/sites/daveywinder/2023/02/10/reddit-confirms-it-was-hacked-recommends-users-set-up-2fa/455
Go Daddy1,228,0002022Dec 23GoDaddy faced a multi-year breach (2020-2022) by a single intruder, resulting in stolen source code, user credentials, malware installation, and user redirects to malicious sites. WordPress customers’ email addresses, usernames, passwords, and even their SSL private keys were stolen.webhackedy3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/454
MGM10,600,0002023Sept 23AlphV and Scattered Spider's cyberattack on MGM caused slot machine errors and hotel queues in Las Vegas, stealing pre-March 2019 customer data and inflicting a $100m loss on the company's Q3 results. MGM declined to say if any ransom was paid.retailhackedy3Reutershttps://www.reuters.com/business/mgm-expects-cybersecurity-issue-negatively-impact-third-quarter-earnings-2023-10-05/453
Uber20,000,0002022Dec 22Data on 77,000 Uber employees and internal reports were leaked on forums. While Uber denied ownership of the implicated source code, the breach stemmed from their third-party vendor, Teqtivity, which had a security incident earlier that year.transporthackedy1Restore Privacyhttps://restoreprivacy.com/uber-data-leak-breach-third-party-vendor-hacked/452
X (Twitter)200,000,0002023Jan 23From Nov 2022 to Jan 2023, over 200 million Twitter users' data, including emails and names, was exposed due to repeated security flaw exploitations and posted on hacker forums. But no highly sensitive data was revealed.webpoor security1200mFirewall Timeshttps://firewalltimes.com/twitter-data-breach-timeline/451
CommuteAir1,500,0002023Jan 23Swiss hacker Maia Arson Crimew, stumbled upon a misconfigured AWS server containing TSA's No Fly list and exposed ~250,000 'selectees' (selectees are automatically chosen for additional screening each time they fly) to a hacker forum.transporthackedy2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/us-no-fly-list-shared-on-a-hacking-forum-government-investigating/450
Yum!10,000,0002023Jan 23The brand owner of KFC, Pizza Hut, and Taco Bell fast food chains saw an undisclosed amount of personal user information stolen during a ransomware attack: names, driver's license numbers, and other ID card numbers. ~300 restaurants were shut down in the UK due to IT system disruptions caused by the attack.retailhackedy2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/kfc-pizza-hut-owner-discloses-data-breach-after-ransomware-attack/449
PharMerica5,800,0002023May 23Full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people.healthhacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-of-58-million-pharmerica-patients/448
NATO8,0002023Jul 23Hacktivist group, SiegedSec, claimed to have broken into six NATO web portals and stolen >3,000 files and 9GB of data. Threat intel biz CloudSEK analysis revealed 20 unclassified documents and 8,000 personnel records with names, job titles, email addresses, home addresses, and photos.governmenthackedy4The Registerhttps://www.theregister.com/2023/10/04/nato_data_attack/#:~:text=On%20Sunday%2C%20the%20SiegedSec%20crew,)%3B%20the%20Communities%20of%20Interest447
Topgolf Callaway1,114,9542023Aug 23Only full names, shipping and email addresses, phone numbers, order histories, account passwords and answers to security questions were exposed.retailhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/golf-gear-giant-callaway-data-breach-exposes-info-of-11-million/446
Sony6,8002023Oct 23Personal information belonging to current and former employees and their family members was stolen by Clop in a ransomware attack. Details unrevealed by Sony.techhacked2The Vergehttps://www.theverge.com/2023/10/5/23905370/sony-interactive-entertainment-security-breach-confirmationhttps://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/445
23andMe6,900,0002023Oct 23Hackers accessed the genetic site's user data via login guesses and information from DNA relatives (users opt into sharing info through DNA relatives for others to see). Stolen data included personal and some genetic ancestry and health details. After two breaches, one unverified, 23andMe now faces legal action.healthhackedy46.9mTech Crunchhttps://arstechnica.com/tech-policy/2023/12/hackers-stole-ancestry-data-of-6-9-million-users-23andme-finally-confirmed/https://www.bleepingcomputer.com/news/security/23andme-hit-with-lawsuits-after-hacker-leaks-stolen-genetics-data/444
Optus9,700,0002022Sept 2022The telecom company faced a 'sophisticated attack' exposing ~10 million accounts including personal details (passport, driver’s licence & Medicare numbers). Hacker demanded $1m ransom but later apologized and claimed data deletion, unverified.telecomshacked4The Guardianhttps://www.theguardian.com/business/2022/sep/29/optus-data-breach-everything-we-know-so-far-about-what-happenedhttps://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack443
PayPal349422023Dec 22PayPal's breach involved unauthorized account access using credential stuffing (exploiting users reusing the same password for multiple accounts). It wasn't from a direct security lapse and hackers couldn't transact. PayPal reset passwords.financehacked2Office of the Maine Attorney Generalhttps://apps.web.maine.gov/online/aeviewer/ME/40/766753f1-f9c7-4dc5-9a5c-fe0f3ff51c06.shtmlhttps://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/442
Acer10,000,0002023Mar 23Acer suffered a data breach when a server was hacked, with threat actors selling 160GB of stolen data. The company said the incident hadn't impacted customer info.techhacked1Slashdothttps://it.slashdot.org/story/23/03/07/1459230/acer-confirms-breach-after-hacker-offers-to-sell-stolen-data?utm_source=feedly1.0mainlinkanon&utm_medium=feedhttps://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/441
MSI10,000,0002023Apr 23Money Message ransomware group claims to have stolen MSI's source code, demanding $4 million to prevent leaks. MSI downplays impact and hasn't confirmed paying ransom, assuring no user data was affected but advises software downloads only from official sources.techhacked1Slashdothttps://it.slashdot.org/story/23/04/07/152242/msi-confirms-breach-as-ransomware-gang-claims-responsibility?utm_source=feedly1.0mainlinkanon&utm_medium=feedhttps://uk.pcmag.com/security/146322/msi-confirms-breach-as-ransomware-gang-claims-responsibility440
T-Mobile37,000,0002023Jan 23T-Mobile's system was exploited by 'bad actors' from November 2022 to January 2023, exposing customer data. It's their ninth hack since 2018, with a 2021 breach affecting 49 million customers.telecomshacked2Ars Technicahttps://arstechnica.com/information-technology/2023/05/t-mobile-discloses-2nd-data-breach-of-2023-this-one-leaking-account-pins-and-more/439
T-Mobile8362023Mar 23T-Mobile faced its second 2023 data breach, exposing PINs and data from Feb to Mar. Though way smaller than the first 2023 breach (only affecting 836 customers), it adds to the $350mil 2021 settlement and erodes customer trust.telecomshacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/t-mobile-discloses-second-data-breach-since-the-start-of-2023/438
ChatGPT101,0002023Mar 23Over 101,000 ChatGPT accounts were stolen by malware last year. Breakdown: Asia-Pacific 40,999, Middle-East/Africa 24,925, Europe 16,951, Latin America 12,314, North America 4,737. Malware extracts browser credentials from SQLite databases, using CryptProtectData function to decrypt stored data.techhackedy2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/over-100-000-chatgpt-accounts-stolen-via-info-stealing-malware/437
TIAAThe Teachers Insurance and Annuity Association of America2,300,0002023May 23This US retirement fund for teachers faced a data breach exposing client details. A former teacher-client is suing for inadequate cybersecurity and leaving data unencrypted on a vulnerable platform.financehacked, poor security2ClassActionhttps://www.classaction.org/news/teachers-insurance-and-annuity-association-of-america-hit-with-class-action-over-may-2023-data-breach#:~:text=Teachers%20Insurance%20and%20Annuity%20Association%20of%20America%20faces%20a%20class,of%20approximately%202.3%20million%20individuals.https://news.slashdot.org/story/23/06/30/2038234/schools-say-us-teachers-retirement-fund-was-breached-by-moveit-hackers?utm_source=feedly1.0mainlinkanon&utm_medium=feed436
Microsoft30,000,0002023Jun 23Anonymous Sudan hacked Microsoft, accessed customer data, and caused outages. They offered the database for $50,000. But Microsoft claims no evidence of compromised customer data.webhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/microsoft-denies-data-breach-theft-of-30-million-customer-accounts/435
Microsoft10,000,0002023May 23China-backed hackers stole a cryptographic key from Microsoft, undetected for a month, accessing 25 organizations, including government. Microsoft's postmortem cites past system vulnerabilities.webhacked3unknownNYThttps://www.nytimes.com/2023/07/11/us/politics/china-hack-us-government-microsoft.html?smid=nytcore-ios-sharehttps://www.wired.com/story/china-backed-hackers-steal-microsofts-signing-key-post-mortem/434
Roblox4,0002020Dec 20Data identifying Roblox creators was breached at a developers' conference, undisclosed for 2 years due to a third-party security issue.gamingpoor security2The Vergehttps://www.theverge.com/2023/7/21/23802742/roblox-data-breach-leak-developer-personal-information-exposed433
Discord.io760,0002023Aug 23Unidentified person listed user data for sale on darknet. Discord.io enables custom Discord invites.gaminghacked1Stackdiaryhttps://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet//432
Clorox10,000,0002023Aug 23Clorox detected unauthorized IT activity in August 2023. By September, the contained hack led to slower production and a 2% stock drop. Specific affected files undisclosedretailhacked1unknownSlashdothttps://it.slashdot.org/story/23/10/04/1917217/clorox-security-breach-linked-to-group-behind-casino-hacks?utm_source=feedly1.0mainlinkanon&utm_medium=feed431
Latitude Financial14,000,0002023Apr 2314 million customer records, including driver's licence numbers, passport numbers and financial statements, stolen in a cyber-attack that was worse than the company initially reported.financehacked2Privacy Commissionerhttps://www.privacy.org.nz/publications/statements-media-releases/new-zealands-biggest-data-breach-shows-retention-is-the-sleeping-giant-of-data-security/430
Toyota296,0192022Oct 22An access key to a data server storing customer email addresses and management numbers was mistakenly published publically on GitHub for five years.transportpoor security2Slashdothttps://yro.slashdot.org/story/22/10/10/2032250/toyota-discloses-data-leak-after-access-key-exposed-on-github?utm_source=feedly1.0mainlinkanon&utm_medium=feed429
Shein39,000,0002022Oct 22Online fast fashion retailer suffered a breach of its login credentials in 2018 but failed to notify its customersretailhacked2Tech Crunchhttps://techcrunch.com/2022/10/13/shein-zoetop-fined-1-9m-data-breach/?guccounter=1428
Indonesia's health agencyBPJS Kesehatan279,000,0002022May 21The ID numbers, salary and phone numbers of every single man, woman and child in the country was stolen.governmenthackedy3Kr Asiahttps://kr-asia.com/shoddy-data-protection-in-indonesia-threatens-personal-security-of-citizens427
CoinSquare50,0002022Nov 22Major Canadian Crypto Exchange. company claims customer assets are “secure in cold storage and are not at risk.”techhacked1Coin Deskhttps://www.coindesk.com/tech/2022/11/26/major-canadian-crypto-exchange-coinsquare-says-client-data-breached/426
Indian Railways30,000,0002022Dec 22Stolen data includes usernames, emails, phone numbers, gender, city, state, invoicestransporthacked2Techlo Mediahttps://techlomedia.in/2022/12/data-of-30-million-indian-railways-users-is-up-for-sale-on-a-dark-forum-96589/425
Indonesian SIM cards1,000,000,0002022Oct 22A vast data hack of 1.3 bn SIM registrations evealing national identity numbers, phone numbers, and more.telecomshacked31.3bnRest of Worldhttps://restofworld.org/2022/indonesia-hacked-sim-bjorka/424
LastPass33,000,0002022Aug 22Popular password manager breached; basic account info exposed. Sensitive vault data like usernames and passwords remained safely encrypted.webhacked2Tech Crunchhttps://techcrunch.com/2022/12/14/parsing-lastpass-august-data-breach-notice/https://www.forbes.com/sites/daveywinder/2023/03/03/why-you-should-stop-using-lastpass-after-new-hack-method-update/423
Twitter200,000,0002022Dec 22Over 200 million Twitter emails were stolen and posted online, possibly before Musk's 2022 takeover.webhacked1Wiredhttps://www.wired.com/story/twitter-leak-200-million-user-email-addresses/422
City of Amagasaki, Japan500,0002022Jun 2022An unnamed government official lost his bag after a night's drinking. It contained a USB stick with sensitive data of the entire city's residents. USB stick was encrypted and passworded.governmentoops!3BBChttps://www.bbc.co.uk/news/world-asia-61921222421
Shanghai Police500,000,0002022Jul 2022A database containing records of over a billion Chinese civilians – allegedly stolen from the Shanghai Police. Addresses, police records and national ID numbers. Potentially one of the largest data breaches in history. Details repressed and censored by Chinese media.governmenthacked5"one billion"The Registerhttps://www.theregister.com/2022/07/05/shanghai_police_database_for_sell/420
Twitter5,400,0002021Dec 2021Zero day vulnerability allowed a threat actor to create profiles of 5.4 million Twitter users inc. a verified phone number or email address, and scraped public information, such as follower counts, screen name, login name, etcwebhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/twitter-confirms-zero-day-used-to-expose-data-of-54-million-accounts/419
Plex15,000,0002022Aug 2022Intruders access password data, usernames, and emails for at least half of its 30 million users.webhacked1Ars technicahttps://arstechnica.com/information-technology/2022/08/plex-imposes-password-reset-after-hackers-steal-data-for-15-million-users/418
Dubai Real Estate Leak800,0002022May 2022Data leak exposes how criminals, officials, and sanctioned politicians poured money into Dubai real estate including more than 100 members of Russia's political elite, public officials, or businesspeople close to the Kremlin, as well as dozens of Europeans implicated in money laundering and corruptionfinanceinside joby1E24https://e24.no/internasjonal-oekonomi/i/Bj97B0/dubai-uncovered-data-leak-exposes-how-criminals-officials-and-sanctioned-politicians-poured-money-into-dubai-real-estate417
Heroku50,0002022Apr 2022A compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." on the Salesforce-owned cloud platform.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/heroku-admits-that-customer-credentials-were-stolen-in-cyberattack/416
Mailchimp106,5862022Apr 2022Hackers gained access to internal customer support and account management tools of the email marketing company to steal audience data and conduct phishing attacks.techhacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/415
PayHere1,580,2492022Mar 2022Sri Lankan payment gateway PayHere suffered a data breach exposing more than 65GB of payment records including over 1.5M unique email addresses. (IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date).financehacked3Pay Herehttps://blog.payhere.lk/ensuring-integrity-on-payhere-cybersecurity-incident/414
CDEK18,218,2032022Mar 2022UNVERIFIED. Russian courier service CDEK was hacked by Ukrainian hacker group "IT Army" - including 19M unique email addresses along with names and phone numbers.retailhacked319mHave I Been Pwnedhttps://twitter.com/haveibeenpwned/status/1504343470072549377?lang=en413
Washington State Dpt of Licensing257,0002022Feb 2022The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system.governmenthacked3Seattle Timeshttps://www.seattletimes.com/business/breach-at-state-licensing-agency-may-have-exposed-data-from-1000s-of-professionals/412
Red Cross500,0002022Jan 2022A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.mischacked4Arsetechniahttps://arstechnica.com/information-technology/2022/01/red-cross-hack-compromises-the-personal-data-of-515k-highly-vulnerable-people/411
Open Subtitles100,0002022Jan 2022webhacked1Open Subtitleshttps://forum.opensubtitles.org/viewtopic.php?t=17685410
FlexBooker3,700,0002022Jan 2022appointment scheduling servicewebhacked33.7mBleeping Computerhttps://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/409
LINE Pay133,0002021Dec 2021financepoor security2The Registerhttps://www.theregister.com/2021/12/07/line_pay_leaks_around_133000/408
Robinhood5,000,9372021Nov 2021a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers.financehacked25mTech Crunchhttps://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1407
GoDaddy1,200,0002021Nov 2021Security Incident Affecting Managed WordPress Servicwebhacked1SEChttps://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1406
Travelio471,3762021Nov 2021The Indonesian real estate website Travelio suffered a data breach of over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens.mischacked2470KHaveIBeenPwnedhttps://www.riskbasedsecurity.com/2021/12/14/dark-web-roundup-november-2021/405
Acer3,000,0002021Oct 2021techhacked1Hot Hardwarehttps://hothardware.com/news/acer-confirms-hacked-again-60gb-stolen-customer-data404
Brewdog200,0002021Oct 2021BrewDog, one of the world's largest craft beer brewers, has exposed personally identifiable information (PII) belonging to more than 200,000 of its shareholders and customers,retailpoor security1Tech Radarhttps://www.techradar.com/news/brewdog-exposes-data-of-200000-customers-and-shareholders403
Experian SASouth Africa24,000,0002020Jul 2020Handed over personal information of their South African customers to a fraudulent client.weboops!3Uni of Hawaiihttps://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/experian-security-breach-in-south-africa/#:~:text=Experian%20disclosed%20the%20data%20breach,local%20businesses%20(Cimpanu%202020).402
Nvidia100,0002021Mar 2021techhacked2CNN Businesshttps://edition.cnn.com/2022/03/01/tech/nvidia-information-leak/https://it.slashdot.org/story/22/03/01/1523248/nvidia-says-employee-company-information-leaked-online-after-cyber-attack?utm_source=feedly1.0mainlinkanon&utm_medium=feed401
Okta100,0002021Jan 2021Identity and access management provider Oktatechhacked1The Vergehttps://www.theverge.com/2022/4/20/23034360/okta-lapsus-hack-investigation-breach-25-minuteshttps://twitter.com/BillDemirkapi/status/1508527487655067660/399
Royal Enfield420,8732020Jan 2020Motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. (Email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information)transportpoor security3The Quinthttps://www.thequint.com/news/india/royal-enfield-exposed-database-containing-450000-customer-data-cyber-security-expert398
Avvo4,101,1012019Dec 2019A data breach of the lawyer directory service released 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords.mischacked14.1mHaveIBeenPwnedhttps://www.troyhunt.com/breach-disclosure-blow-by-blow-heres-why-its-so-hard/397
Aimware305,4702019May 2019Video game cheats website "Aimware" suffered a data breach of subscribers' personal information (email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes)gaminghacked3HaveIBeenPwned396
Twitch10,000,0002021Oct 2021Full source code breach of the streaming gaming site revealed a trove of internal data & documents including core config packages, devtools, and payments to top streamers.gaminghackedy4unknownBBChttps://www.bbc.co.uk/news/technology-58817658395
Syniverse500,000,0002021Sep 2021"A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide."telecomshacked4unknownVicehttps://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked394
Pandora Papers11,900,0002021Oct 2021Millions of documents reveal offshore deals and assets of more than 100 billionaires, 30 world leaders and 300 public officialsgovernmenthackedy4Guardianhttps://www.theguardian.com/news/2021/oct/03/pandora-papers-biggest-ever-leak-of-offshore-data-exposes-financial-secrets-of-rich-and-powerful393
Neiman Marcus4,600,0002021Sep 2021Occurred sometime in May 2020 after "an unauthorized party" obtained the personal information of some Neiman Marcus customers from their online accounts.retailhacked3Ars Technicahttps://arstechnica.com/information-technology/2021/10/neiman-marcus-data-breach-impacts-4-6-million-customers/392
Epik15,000,0002021Sep 2021An Internet-services company for concealing online identities, popular with the far rightretailhackedy5Ars Technicahttps://arstechnica.com/information-technology/2021/09/epik-data-breach-impacts-15-million-users-including-non-customers/391
Thailand visitors100,000,0002021Sep 2021Any foreigner who has travelled to Thailand in the last decade ‘might have had their information exposed’governmentpoor security2100mSouth China Morning Posthttps://www.scmp.com/news/asia/southeast-asia/article/3149475/details-some-100-million-visitors-thailand-exposed-online390
T-Mobile76,000,0002021Aug 2021Exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. T-mobile paid a $500m settlement.telecomshacked3Krebson Securityhttps://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/389
Contact tracing data38,000,0002021Aug 2021A thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases.telecomshacked338mWiredhttps://www.wired.com/story/microsoft-power-apps-data-exposed/388
Estonian gov280,0002021Jul 2021A hacker was able to obtain over 280,000 personal identity photos following an attack on the state information system last Friday.governmenthacked4News ERRhttps://news.err.ee/1608291072/hacker-downloads-close-to-300-000-personal-id-photos387
GuntraderUK firearms sales website111,0002021Jul 2021Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords used by gun shops across the UK.retailhacked2The Registerhttps://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/386
Linkedin700,000,0002021Jul 2021The hacker appears to have misused the official LinkedIn API to scrape the data, the same method used in a similar breach back in April. User details, but no passwords.webhacked1700m9 to 5 machttps://9to5mac.com/2021/06/29/linkedin-breach/385
VW3,300,0002021Jun 2021Phone numbers, email addresses and some sensitive credit data. Nearly all those impacted were current or potential customers of Audi, one of the German automaker's luxury brandstransporthacked2Reutershttps://www.reuters.com/business/autos-transportation/vw-says-data-breach-vendor-impacted-33-million-people-north-america-2021-06-11/384
MacDonalds10,000,0002021Jun 2021Unknown detailretailhacked2unknownWall St Journalhttps://www.wsj.com/articles/mcdonalds-hit-by-data-breach-in-south-korea-taiwan-11623412800383
Air India4,500,0002021May 2021Passenger’s name, date of birth, contact information, passport information, ticket information, frequent flyer data and credit card information.transporthacked2Indian Expresshttps://indianexpress.com/article/explained/air-india-sita-data-breach-explained-7325501/382
Omiai dating appJapanese dating app1,710,0002021May 2021Addresses and dates of birth from identification, including passports, drivers’ licenses and health insurance cards, provided to the company.webhacked2Japan Timeshttps://www.japantimes.co.jp/news/2021/05/22/business/tech/omiai-dating-app-hack-japan/381
Amazon Reviews13,124,9622021May 2021Database exposing an organized fake reviews scam affecting Amazon. The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free productswebpoor securityy2Safety Detectiveshttps://www.safetydetectives.com/blog/amazon-reviews-leak-report/380
Peloton3,000,0002021May 2021techpoor security2Ars Technicahttps://arstechnica.com/gadgets/2021/05/peloton-takes-3-months-to-fix-flaw-that-exposed-users-private-information/#p3379
Digital Ocean10,000,0002021Apr 2021techpoor securityunknownTech Crunchhttps://techcrunch.com/2021/04/28/digitalocean-customer-billing-data-breach/378
Park Mobilemobile parking app21,000,0002021Apr 2021Customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.transporthacked2Krebson Securityhttps://krebsonsecurity.com/2021/04/parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users/377
Ubiquiti16,000,0002021Feb 2021Unknown amount of user data breachedtechhacked2ZDNethttps://www.zdnet.com/article/ubiquiti-tells-customers-to-change-passwords-after-security-breach/376
Meet Mindful2,240,0002021Feb 2021Dating site user data includes real names, phone numbers, Facebook account codes, latitude & longtitude. Thankfully private messages were not leaked.techhacked4ZDnethttps://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/375
Experian Brazil220,000,0002021Feb 2021Details hazyfinancehacked2220mZDNethttps://www.zdnet.com/article/experian-challenged-over-massive-data-leak-in-brazil/374
Gab4,000,0002021Mar 2021Over 70GB of data from the far-right social media site was hacked. Alll posts, messages, passwords from all users were breached.techhackedy3100KWiredhttps://www.wired.com/story/gab-hack-data-breach-ddosecrets/373
Star Alliance16,000,0002021Mar 2021The Star Alliance of airlines including Singapore Airlines, Lufthansa and United, said on Thursday it had been the victim of a cyber attack leading to a breach of passenger data. Lufthansa, Cathay Pacific and Air New Zealand were also affected. Breached data was limited to "name, tier status and membership number”transporthacked1The Guardianhttps://www.theguardian.com/world/2021/mar/05/airline-data-hack-hundreds-of-thousands-of-star-alliance-passengers-details-stolen372
Facebook533,000,0002021Mar 2021Phone numbers, full names, locations, email addresses, and biographical information on 533 million users from 106 countries. Scraped due to a vulnerability "patched in 2019".techhackedy1533mBusiness Insiderhttps://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T371
Ledger270,0002020Dec 2020A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free.financehacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum/370
T-mobile200,0002020Dec 2020The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.telecomshacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/369
The Hospital Group1,000,0002020Dec 2020Hackers compromised the plastic surgery firm and threatened to release over 900 gigabytes of private surgery photographs.healthhackedy4BBChttps://www.bbc.co.uk/news/technology-55439190368
SolarWinds50,000,0002020Dec 2020Suspected Russian hackers compromised network monitoring software used by the Pentagon, intelligence agencies, nuclear labs and many Fortune 500 companies. A tainted software update acted as a trojan horse. An unknown number of companies and individuals might be affected.webhackedy3New York Timeshttps://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html367
Ho Mobile2,500,0002020Dec 2020Italian mobile operator owned by Vodaphone is now taking the rare step of offering to replace the SIM cards of all affected customers. Data hacked full names, telephone numbers, social security numbers, email addresses, dates and places of birth, nationality, and home addresses.telecomshacked2ZD Nethttps://www.zdnet.com/article/italian-mobile-operator-offers-to-replace-sim-cards-after-massive-data-breach/366
Spotify500,0002020Dec 2020Undisclosed number of users had their email addresses and passwords left open online. Spotify said the vulnerability existed as far back as April 9 but wasn’t discovered until November 12.weboops!1Tech Crunchhttps://techcrunch.com/2020/12/10/spotify-resets-user-passwords-after-a-bug-exposed-private-account-information/?guccounter=1&guce_referrer=aHR0cHM6Ly9pdC5zbGFzaGRvdC5vcmcv&guce_referrer_sig=AQAAAMGNMpm00iWQgE4Zhw1q6_5FoeBsJUbWyKEniavHxaZR-X1oBrnXuFtvr9B4IYBK1C6x9AfEqEZwzfJaZhhINvaBZltXd-DF036LVwwnAhWAMQpD98Lahw3sni-Z2bS6qEIjPgodPdZHV3DRJWLrNt0bOoohuh_DWM8-IngVnCl6365
Drizly2,400,0002020Sep 2020Alcohol delivery service hacked with email addresses, DOB, hashed passwords and some home addresses leaked.webhacked2Tech Crunchhttps://techcrunch.com/2020/07/28/drizly-data-breach/364
GEDmatch1,400,0002020Sep 2020DNA data on up to 1.4m users of this geneaology site may have been hacked.misc, healthhackedy5New York Timeshttps://www.nytimes.com/2020/08/01/technology/gedmatch-breach-privacy.html?referringSource=articleShare363
Call of Duty / Activision500,0002020Sep 2020Login data for users of the popular video games may have compromised. Activision refutes the claim.gaminghacked1Forbeshttps://www.forbes.com/sites/daveywinder/2020/09/21/activision-accounts-hacked-500000-call-of-duty-players-could-be-affected-report/?sh=7ca04e0f7bbe362
Zhenhua2,400,0002020Sep 2020Personal details of millions of notable people around the world found in a leaked database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks. Mostly compiled from social media profiles.miscoops!y1The Guardianhttps://www.theguardian.com/world/2020/sep/14/zhenhua-data-full-list-leak-database-personal-details-millions-china-tech-company361
Cense AI2,500,0002020Aug 2020Medical records from an artificial intelligence company were left open online.tech, healthpoor security4PC Maghttps://uk.pcmag.com/encryption/128228/report-ai-company-leaks-over-25m-medical-records360
Nintendo300,0002020Apr 2020Unauthorised access to thousands of Nintendo Switch accounts. Hackers were able to use saved payment details to make purchases.gaminghacked3300KTech Crunchhttps://techcrunch.com/2020/06/09/nintendo-accounts-affected-breach/?guccounter=1&guce_referrer=aHR0cHM6Ly9nYW1lcy5zbGFzaGRvdC5vcmcvc3RvcnkvMjAvMDYvMDkvMTg0MjIzNy9uaW50ZW5kby1ub3ctc2F5cy0zMDAwMDAtYWNjb3VudHMtYnJlYWNoZWQtYnktaGFja2Vycz91dG1fc291cmNlPXJzczEuMG1haW5saW5rYW5vbiZ1dG1fbWVkaXVtPWZlZWQ&guce_referrer_sig=AQAAAIXC8IvaFgPdt5t-CUm7yPEhKblsmme4097SUtEWdSkjyrdsxVYiQBfbdpekm_Y29T7evb-5zNNl2-ZHfNSmVkKFnE5vClvpvsaPYykOO8WtAX76dZoL2EUkVL8XfmMQBVlNF43T5MATGNeSnwn6Ta6ELVBXnf_ZTsmVaemjk1Vf359
Pakistani mobile operators115,000,0002020Apr 2020Personal details stolen from Jazz and other mobile networks were put up for sale for $2.1m in bitcoin.telecomshacked2115mZDNethttps://www.zdnet.com/article/details-of-44m-pakistani-mobile-users-leaked-online-part-of-bigger-115m-cache/358
US Marshals Service387,0002020May 2020Prisoners had sensitive personal data stolen in December 2019. They were notified five months later.governmenthacked2287KNextGovhttps://www.nextgov.com/cybersecurity/2020/05/us-marshals-service-breach-exposed-personal-data-387000-prisoners/165305/357
db8151dd"mystery breach"22,000,0002020May 2020Aggregated data from multiple websites was discovered in an open database. It included addresses, job titles, phone numbers and social media profiles. The breach was dubbed 'db8151dd'.webhacked222m9 to 5 Machttps://9to5mac.com/2020/05/15/db8151dd/356
EasyJet9,000,0002020May 2020The airline became aware of a hack in January, but didn't notify customers until April. Email addresses, travel details and credit card details were stolen.transporthacked39mBBChttps://www.bbc.co.uk/news/technology-52722626355
Microsoft250,000,0002020Jan 2020Customer support records spanning 14 years were left online without password protection.webpoor security1250mForbeshttps://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/#91076484d1b3354
Dutch Government6,900,0002020Mar 2020Two hard drives with data from 6.9m registered organ donors went missing. They contained contact details, ID numbers & signatures.governmentlost device46.9mZDNethttps://www.zdnet.com/article/dutch-government-loses-hard-drives-with-data-of-6-9-million-registered-donors/353
Virgin Media900,0002020Mar 2020A poorly-configured database left names, email addresses and phone numbers exposed for 10 months.retailpoor security1900KBBChttps://www.bbc.co.uk/news/business-51760510352
Boots Advantage Card150,0002020Mar 2020Hackers accessed Advantage Card records, but no financial data was stolen. Payment using points was suspended.retailhacked1150KWhichhttps://www.which.co.uk/news/2020/03/boots-advantage-card-tesco-clubcard-both-suffer-data-breaches-in-same-week/351
Tesco Clubcard600,0002020Mar 2020Details of accrued loyalty points were accessed, but financial details weren't exposed.retailhacked1600KTech Radarhttps://www.techradar.com/uk/news/tesco-clubcard-holders-warned-of-major-security-issue350
Marriott Hotels5,200,0002020Mar 2020Guest records were accessed using the logins of two employees between mid-Jan and end of Feb.retailinside job25.2mMarriotthttps://news.marriott.com/news/2020/03/31/marriott-international-notifies-guests-of-property-system-incident349
Zoom500,0002020Apr 2020Email addresses, passwords and personal meeting URLs were sold on the dark web. It led to a host of zoom-bombing pranks.webhacked1500KWe Live Securityhttps://www.welivesecurity.com/2020/04/16/half-million-zoom-accounts-sale-dark-web/348
Israeli government6,500,0002020Feb 2020Names, addresses, and ID card numbers of every Israeli voter were found on an insecure website belonging to Elector, a political communications app.governmentpoor security26.5mNYTimeshttps://www.nytimes.com/2020/02/10/world/middleeast/israeli-voters-leak.html?action=click&module=News&pgtype=Homepage347
MGM Hotels10,600,0002020Feb 2020Data stolen during an 2019 hack of an MGM server was published on a hacking forum.retailhacked210.6mZDNethttps://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/346
Buchbinder Car Rentals5,000,0002020Jan 2020Correspondence, invoices and contracts containing personal details were left exposed on an unsecured company server.transportpoor security25mTeller Reporthttps://www.tellerreport.com/news/2020-01-22---big-data-leak--media--at-buchbinder-car-rental-company--customer-data-was-open-.BJ-S5Jk8Z8.html345
Wawafuel & convenience store chain30,000,0002019Dec 2019Card-stealing malware was installed, and remained undiscovered for nine months.retailhacked330mKrebs on Securityhttps://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/344
Desjardins Group4,200,0002019Jun 2019An employee of the Canadian financial firm leaked customer information outside the organisation: names, addresses, birthdates, social insurance numbers & transaction habits.financeinside job2CBChttps://www.cbc.ca/news/canada/montreal/desjardins-data-breach-1.5344216343
US Customs and Border Protection100,0002019Jun 2019Photos of faces and license plates taken at an US border crossing were stolen in a cyberattack on a surveillance contractor.governmenthackedy2Washington Posthttps://www.washingtonpost.com/technology/2019/06/10/us-customs-border-protection-says-photos-travelers-into-out-country-were-recently-taken-data-breach/?utm_term=.69c66aaf152f342
Quest Diagnostics20,000,0002019Jun 2019For an 8 month period, a hacker group stole personal and payment information from a firm providing billing services for the US healthcare sector.healthpoor security4ZDNethttps://www.zdnet.com/article/amca-data-breach-has-now-gone-over-the-20-million-mark/341
Australian National University200,0002019Jun 2019A hacker accessed personal information including addresses, bank account details, payroll information and academic records. Staff, students and visitors were affected.academiahacked4Guardianhttps://www.theguardian.com/australia-news/2019/jun/04/australian-national-university-hit-by-huge-data-breach340
Canva139,000,0002019May 2019Names, email addresses and location data belonging to users of an Australian graphic design service were stolen by a hacker.webhacked2139mZDNethttps://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/339
ChtrboxInstagram Influencers49,000,0002019May 2019Contact details for millions of Instagram influencers, celebrities and brand accounts was left exposed in an online database for at least six days.miscpoor securityy1Techcrunchhttps://techcrunch.com/2019/05/20/instagram-influencer-celebrity-accounts-scraped/337
WiFi FinderA hotspot finder app2,000,0002019Apr 2019An Android app for finding local WiFi passwords inadvertently provided access to the entire database, including domestic WiFi points.webpoor security1Techcrunchhttps://techcrunch.com/2019/04/22/hotspot-password-leak/336
Toyota3,100,0002019Apr 2019A security breach of Toyota subsidiaries' IT systems may have leaked personal customer information.transporthacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/toyota-security-breach-exposes-personal-info-of-31-million-clients/https://global.toyota/jp/newsroom/corporate/27465617.html335
UnknownOpen database in China1,800,0002019Mar 2019A Dutch researcher found women's personal information in an open Chinese database. It included phone numbers, addressed and their "BreedReady" status, whatever that might be.webpoor securityy4The Guardianhttps://www.theguardian.com/world/2019/mar/11/china-database-lists-breedready-status-of-18-million-women334
VårdguidenSweden's healthcare hotline2,700,0002019Feb 2019170,000 hours of sensitive calls to Sweden's healthcare hotline were stored on an open web server with no encryption or authentication. The breach was blamed on subcontractor Medicall.healthpoor securityy5ComputerSwedenhttps://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internethttps://thenextweb.com/eu/2019/02/18/2-7-million-patient-calls-to-swedish-healthcare-hotline-left-unprotected-online/#333
Dubsmash162,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1162mThe Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/332
ShareThis41,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/331
HauteLook28,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.retailhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/330
Animoto25,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/329
EyeEm22,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/328
8fit20,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/327
Whitepages18,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/326
Fotolog16,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/325
Armor Games11,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.gaminghacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/324
BookMate8,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/323
CoffeeMeetsBagel6,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/322
Artsy1,000,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/321
DataCamp700,0002019Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/320
Ixigo18,000,0002019Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.transportpoor security1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/319
YouNow40,000,0002019Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.webhacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/318
Houzz57,000,0002019Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.retailhacked2Techcrunchhttps://techcrunch.com/2019/01/31/houzz-data-breach/317
Ge.tt1,800,0002019Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.webhacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/316
Coinmama450,0002019Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.financehacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/315
Roll204,000,0002019Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.gaminghacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/314
Stronghold Kingdoms5,000,0002019Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.gaminghacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/313
Petflow1,000,0002019Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.retailpoor security1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/312
500px14,800,0002019Feb 2019A July 2018 hack exposed the personal information of all 500px users, including names, usernames, email addresses, encrypted passwords, location, birth date, and gender.webhacked2PetaPixelhttps://petapixel.com/2019/02/13/500px-hacked-personal-data-stolen-from-all-14-8-million-users/311
Blurpassword manager2,400,0002019Jan 2019A server belonging to the password manager service contained a freely accessible file with users' email addresses, names and encrypted passwords.techoops!1ZDNethttps://www.zdnet.com/article/data-of-2-4-million-blur-password-manager-users-left-exposed-online/310
Blank Media Games7,600,0002019Jan 2019A hacker stole usernames, email addresses and encrypted passwords belonging to players of the game "Town of Salem" from an insecure server.gaminghacked1ZDNethttps://www.zdnet.com/article/town-of-salem-game-suffers-data-breach-exposing-7-6-million-user-details/309
Indian citizens275,265,2982019May 2019The discovery of a huge, unprotected MongoDB database containing personal information of Indian citizens, including their education, resume and current salary.webpoor security2275mBleeping Computerhttps://www.bleepingcomputer.com/news/security/over-275-million-records-exposed-by-unsecured-mongodb-database/308
Bulgarian National Revenue Agency5,000,0002019Jul 2019A hacker stole personal details of Bulgarian citizens from 110 government databases. 5m records, out of a total population of 7m.governmenthacked2ZDNethttps://www.zdnet.com/article/hacker-steals-data-of-millions-of-bulgarians-emails-it-to-local-media/307
Capital One100,000,0002019Jul 2019The massive data breach included personal information from credit card applications over a 14-year period. A former Amazon employee, Paige Thompson, 36, was found guilty of wire fraud.financehacked3100mForbeshttps://www.forbes.com/sites/rachelsandler/2019/07/29/capital-one-says-hacker-breached-accounts-of-100-million-people-ex-amazon-employee-arrested/#2a5cb36b41d2306
Supremabiometrics security company27,800,0002019Aug 2019A biometric security company stored unencrypted usernames and passwords, fingerprints and facial recognition information on a publicly accessible database.techpoor security5Guardianhttps://www.theguardian.com/technology/2019/aug/14/major-breach-found-in-biometrics-system-used-by-banks-uk-police-and-defence-firms305
Facebook419,000,0002019Sep 2019Several unprotected databases were found to contain the phone numbers of around 20% of all Facebook users, with (in some cases) names and locations.webpoor security2420mFast Companyhttps://www.fastcompany.com/90399734/the-phone-numbers-of-419-million-facebook-accounts-have-been-leaked304
DoorDashfood delivery company4,900,0002019Sep 2019Users who joined the platform before April 2018 had their names, email addresses, order history, phone numbers and encrypted passwords stolen in a hack.transporthacked24.9mTechcrunchhttps://techcrunch.com/2019/09/26/doordash-data-breach/303
BriansClubsite selling stolen card data26,000,0002019Oct 2019A site selling stolen payment card data was hacked and 26 million records were leaked. Banks were able to invalidate those cards, taking around 1/3 of the world's stolen cards out of circulation.webhacked326mArs Technicahttps://arstechnica.com/information-technology/2019/10/data-for-a-whopping-26-million-stolen-payment-cards-leaked-in-hack-of-fraud-bazaar/302
OxyData380,000,0002019Nov 2019Information compiled by a data aggregation firm were found on an insecure server. It included complete scrapes of LinkedIn data, including recruiter information.techpoor security2380mDataviperhttps://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/300
Click2Gov300,0002018Dec 2018Vulnerabilities in government payment software allowed hackers to access financial records and personal data across 46 US cities.financehacked3Fortunehttp://fortune.com/2018/12/18/click2gov-local-government-portals-hackers-credit-card-breach/299
SingHealth1,500,0002018Jul 2018Hackers stole personal details of 1.5 million patients, as well as the prescription details of 160,000 people, including prime minister Lee Hesien Loong.healthhacked4Straits Timeshttps://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most298
GovPayNow.comGovernment Payment Service Inc14,000,0002018Sep 2018A company used by US government agencies to accept online payments exposed personal records via a standard web browser, including addresses, phone numbers and credit card digits.financepoor security2Krebs on Securityhttps://krebsonsecurity.com/2018/09/govpaynow-com-leaks-14m-records/297
Cathay Pacific Airways94,000,0002018Oct 2018Stolen data included names, nationalities, birth dates, phone numbers, addresses, passport & identity card numbers & expired credit card numbers.transporthacked3ABC Newshttps://www.abc.net.au/news/2018-10-25/cathay-pacific-data-breach-affects-9.4-million-customers/10429878296
Chinese resume leak202,000,0002018Dec 2018Information thought to have been scraped from Chinese jobseeking websites was found in an insecure database. It included resumes, phone numbers, height, weight, driving license & literacy level.webpoor security2202mHackenProofhttps://blog.hackenproof.com/industry-news/202-million-private-resumes-exposed295
Google+52,500,0002018Dec 2018A vulnerability exposed users' personal details to developers, even if their profiles were set to private. As a result, Google shut down the consumer version of the social network 4 months early.webpoor security2The Vergehttps://www.theverge.com/2018/12/10/18134541/google-plus-privacy-api-data-leak-developers294
Quora100,000,0002018Dec 2018Login details and private messages were compromised by "a malicious third party".webhacked1100mNY Timeshttps://www.nytimes.com/2018/12/04/technology/quora-hack-data-breach.html293
Marriott International383,000,0002018Nov 2018Hackers breached the reservation system of all Starwood hotels, including Sheraton, Westin and Le Meridien. Personal information, credit card details and passport info dating back to 2014 was stolen.retailhacked3383mNY Times, CNEThttps://www.nytimes.com/2018/11/30/business/marriott-data-breach.htmlhttps://www.cnet.com/news/marriott-says-hackers-stole-more-than-5-million-passport-numbers/292
NMBSBelgian national railway operator700,0002018Dec 2018Customer names, gender, birth dates, email and postal address data were left on a publicly searchable server belonging to the Belgian rail authority. Caused by a data worker “clicking on the wrong button”.transportoops!y2Flanders Todayhttp://www.flanderstoday.eu/business/nmbs-data-leak-was-breach-privacy291
Facebook50,000,0002018Mar 2018Cambridge Analytica, headed at the time by Steve Bannon, harvested profiles in early 2014 to build a system that could profile US voters and target them with political adverts.webhackedy150mGuardianhttps://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election?CMP=twt_gu290
Panerabread37,000,0002018Apr 2018Customer records, including loyalty card numbers, were available via the bakery chain's website for at least 8 months. The firm claims 10k records were leaked. Security researchers put the figure at over 37 million.retailpoor security2Krebsonsecurity, Mediumhttps://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/https://medium.com/@djhoulihan/no-panera-bread-doesnt-take-security-seriously-bf078027f815289
Dixons Carphone10,000,0002018Jun 2018The firm admitted that hackers were able to access the details of 10m customers and 6m payment cards.telecomshacked1BBChttps://www.bbc.co.uk/news/business-45016906288
MyHeritage92,283,8892018Jun 2018The genealogy site received a message from a researcher who had discovered over 92m email addresses and encrypted passwords on an external server.webhacked1Bloomberghttps://www.bloombergquint.com/technology/hack-of-dna-website-exposes-data-from-92-million-user-accounts287
Saks and Lord & TaylorBoth owned by Hudson's Bay Company5,000,0002018Apr 2018A known ring of cybercriminals implanted software into store cash registers, siphoning off credit card details from readers.retailhackedy3NYTimeshttps://www.nytimes.com/2018/04/01/technology/saks-lord-taylor-credit-cards.html286
CareemDubai-born ride hailing service14,000,0002018Apr 2018The Dubai-based ride hailing service admitted that names, email addresses, phone numbers and trip data had been accessed in what it called a "cyber incident".webhacked2Khaleej Timeshttps://www.khaleejtimes.com/nation/dubai//dubais-careem-admits-to-data-breach-of-14-million-users285
Texas voter records14,800,0002018Aug 2018A single file containing 14.8 million voter records was found on an unsecured server. It was thought to have been originally compiled by Data Trust, a Republican-focused data analytics firm.webpoor security2TechCrunchhttps://techcrunch.com/2018/08/23/millions-of-texas-voter-records-exposed-online/284
British Airways380,0002018Sep 2018The personal and financial details of customers who booked flights in a two-week period over the summer were compromised.transporthacked4Guardianhttps://www.theguardian.com/business/2018/sep/06/british-airways-customer-data-stolen-from-its-website283
T-Mobile2,000,0002018Aug 2018Personal data along with passwords encrypted by a notoriously weak algorithm (MD5) were stolen. The firm initially failed to disclose the password breach, "because they were encrypted".telecomshacked1Motherboardhttps://motherboard.vice.com/en_us/article/a3qpk5/t-mobile-hack-data-breach-api-customer-data282
MyFitnessPalUnderArmour150,000,0002018Mar 2018A breach of usernames, email addresses, and hashed passwords belonging to users of the fitness app.webhacked1150mGuardianhttps://www.theguardian.com/technology/2018/mar/30/hackers-steal-data-150m-myfitnesspal-app-users-under-armour281
Helse Sør-Øst RHFHealth authority responsible for 10 Norwegian counties.3,000,0002018Feb 2018Patient records of more than half of Norway's population were stolen. The hack is thought to have happened via old computers running Windows XP.healthhacked4It Governancehttps://www.itgovernance.eu/blog/en/breach-at-norways-largest-healthcare-authority-was-a-disaster-waiting-to-happen280
NametestsFacebook quiz app owned by Social Sweethearts120,000,0002018Jun 2018A security failure in a "personality test" app on Facebook left millions of people’s data publicly exposed for almost two years – even after they had deleted the app.webpoor securityy1120mMediumhttps://medium.com/@intideceukelaire/this-popular-facebook-app-publicly-exposed-your-data-for-years-12483418eff8279
Ticketmaster40,0002018Jun 2018The data was stolen via an attack on a third-party customer support firm. It was likely to have affected UK customers who bought tickets between Feb and Jun 2018.webhacked3BBC Newshttps://www.bbc.co.uk/news/technology-44628874278
FirebaseA service from Google100,000,0002018Jun 2018Misconfigured databases used by app developers were found to be exposing 113GB of personal data, accumulated by thousands of iOS and Android mobile apps.webpoor security5100mBleeping Computerhttps://www.bleepingcomputer.com/news/security/thousands-of-apps-leak-sensitive-data-via-misconfigured-firebase-backends/277
AadhaarIndia's national, biometric government ID database550,000,0002018Mar 2018India's biometric database was breached via a leak at a state-owned utility company. All registered Indian citizens were affected; their names, identity numbers and bank details were exposed. Data later found for sale on WhatsApp for less than £6.governmentpoor security41.1bnZDNethttp://www.zdnet.com/article/another-data-leak-hits-india-aadhaar-biometric-database/276
Grindr3,000,0002018Mar 2018A third-party tool that allows users to see who had blocked them was able to access non-public personal info, including locations of users who had opted out of location sharing.webpoor security3NBC Newshttps://www.nbcnews.com/feature/nbc-out/security-flaws-gay-dating-app-grindr-expose-users-location-data-n858446275
Orbitz880,0002018Mar 2018An legacy version of the travel website was hacked, exposing personal details and payment card info of people who'd made purchases in 2016 and 2017. Orbitz is now owned by Expedia.webhacked3US Newshttps://www.usnews.com/news/business/articles/2018-03-20/orbitz-legacy-travel-booking-platform-likely-hacked274
MBM CompanyLimogés Jewellery1,300,0002018Mar 2018An insecure customer database belonging to the jewellery firm exposed postal addresses, email addresses, IP addresses and plain-text passwords.retailpoor security4NextWebhttps://thenextweb.com/security/2018/03/14/jewelry-site-accidentally-leaks-personal-details-plaintext-passwords-1-3m-users/273
LocalBloxdatasearch service48,000,0002018May 2018A cloud storage repository was left publically accessible. Data included names, addresses, DOBs, and other information scraped from social media websites including Facebook.webpoor security2UpGuardhttps://www.upguard.com/breaches/s3-localblox272
Twitter330,000,0002018May 2018A glitch caused some passwords to be stored in readable text that was visible on Twitter's internal computer system.techpoor security1330mReutershttps://www.reuters.com/article/us-twitter-passwords/twitter-urges-all-users-to-change-passwords-after-glitch-idUSKBN1I42JG271
ViewFinesSouth African traffic fines database934,0002018May 2018Data originating with a South African traffic fine payment firm was leaked online. It included names, national ID numbers, cell numbers, email addresses and plain text passwords.transportoops!4iAfrikanhttps://www.iafrikan.com/2018/05/23/just-under-1-million-personal-records-of-south-africans-leaked-online/270
TicketFly27,000,0002018May 2018Names, addresses, email addresses and phone numbers were stolen from the ticketing firm. Ransom demands were made. The FBI indicted a suspect in February 2020.webhacked2The Vergehttps://www.theverge.com/2018/6/7/17438516/ticketfly-hack-personal-information-26-million-customers-leaked269
Amazon5,000,0002018Nov 2018A "technical issue" inadvertently caused customer names & email addresses to be posted to the Amazon website just prior to Black Friday.retailoops!1Guardianhttps://www.theguardian.com/technology/2018/nov/21/amazon-hit-with-major-data-breach-days-before-black-friday268
Urban MassageHome massage app309,0002018Nov 2018An online database with no password protection contained thousands of customer records, including names, email addresses, phone numbers and sexual misconduct complaints.webpoor security2Tech Crunchhttps://techcrunch.com/2018/11/27/urban-massage-data-exposed-customers-creepy-clients/?guccounter=1267
Dell100,0002018Nov 2018Dell detected and disrupted unauthorized attempts to extract customer names, email addresses & hashed passwords. The number of affected customers was not disclosed.techhacked1ZD Nethttps://www.zdnet.com/article/dell-announces-security-breach/266
High Tail Hallerotic role-playing site411,0002018Nov 2018Hackers obtained email addresses, names, order histories, hashed passwords, physical and IP addresses for users of an "erotic role-playing game".webhacked2Daily Mailhttps://www.dailymail.co.uk/sciencetech/article-6415441/Furry-erotica-site-hit-data-breach-exposed-hundreds-thousands-users-information.html265
SKY Brasil32,000,0002018Nov 2018Poorly configured servers exposed customer details – including payment methods – for long enough to make their theft "likely".telecomspoor security1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/sky-brasil-exposes-32-million-customer-records/264
Vision DirectUK opticians16,3002018Nov 2018A 5-day data breach saw attackers steal personal information, passwords and CVV security codes.retailhacked4BBChttps://www.bbc.co.uk/news/technology-46261209263
Medicare & MedicaidCenters for Medicare & Medicaid Services93,6892018Nov 2018"Sensitive" information on applicants for US healthcare plans was hacked. It included names, birth dates, addresses, expected income & health insurance status.healthhacked2HCA Newshttps://www.hcanews.com/news/update-94k-hit-in-cms-data-breach262
Facebook29,000,0002018Oct 2018The biggest hack in Facebook's history to date. Names, birth dates, phone numbers, search history and location data was stolen by hackers masquerading as a digital marketing company.webhacked2Business Insider, Facebookhttps://www.businessinsider.com.au/facebook-thinks-spammers-responsible-hack-stole-info-from-29-million-users-2018-10?r=US&IR=Thttps://newsroom.fb.com/news/2018/10/update-on-security-issue/261
Newegg45,000,0002018Sep 2018Hackers injected 15 lines of card skimming code on the online retailer's payments page. It remained online for more than a month.retailhackedy3TechCrunchhttps://techcrunch.com/2018/09/19/newegg-credit-card-data-breach/260
Mount Olympusmortgage lender1,1002016Mar 2016An employee stole client information and loan files and took them with him when he went to work for a competitor. Mount Olympus later awarded $25m in damages.financeinside job5188KHousing Wirehttps://www.housingwire.com/articles/36597-guaranteed-rate-ordered-to-pay-25m-to-mount-olympus-mortgage-for-data-theft/259
Apollointelligence firm200,000,0002018May 2018Data scraping company left a database exposed online, revealing 200 million contacts, 10 million companies and 9 billion "data points".techpoor security1200mWiredhttps://www.wired.com/story/apollo-breach-linkedin-salesforce-data/258
Disqus17,500,0002017Dec 2017Hackers stole 17.5m email addresses in 2012. About a third of those records included passwords hashed using a weak algorithm.webhacked4ZD Nethttp://www.zdnet.com/article/disqus-confirms-comments-tool-hacked/257
RootsWeb300,0002017Dec 2017Data on a "leaky server" belonging to Ancestry.com's community-driven site RootsWeb was exposed. Passwords, email addresses and usernames were leaked.webpoor securityy4Threat Posthttps://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/256
Yahoo32,000,0002017Mar 2017For two years, hackers used forged cookies to log into millions of Yahoo accounts without a password.webhacked4CNethttps://www.cnet.com/news/yahoo-says-forged-cookie-attack-accessed-about-32m-accounts/255
Uber57,000,0002017Nov 2017Uber concealed an October 2016 leak of personal information for more than a year. They paid hackers $100,000 to delete the stolen data. The chief security officer resigned.webhackedy157mBloomberghttps://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data254
Wonga270,0002017Apr 2017The firm reported unauthorised access to names, addresses, phone numbers and bank account details relating to British and Polish customers.financehacked4The Guardianhttps://www.theguardian.com/business/2017/apr/09/wonga-data-breach-could-affect-250000-uk-customers?CMP=Share_iOSApp_Other253
Snapchat1,700,0002017Apr 2017Indian hackers leaked records after taking umbrage at comments made by Snapchat's CEO about their country.webhackedy1BGRhttp://www.bgr.in/news/indian-hacker-group-leaks-data-of-1-7-million-snapchat-users-after-ceos-poor-country-comments-report/252
Spambot520,000,0002017Aug 2017A misconfigured spambot leaked email addresses and passwords. "Almost one address for every single man, woman and child in all of Europe." The set included some fake or repeated accounts.webpoor security4711mThe Guardianhttps://www.theguardian.com/technology/2017/aug/30/spambot-leaks-700m-email-addresses-huge-data-breach-passwords251
CEX2,000,0002017Aug 2017The second-hand games seller fell victim to a security breach. An 'unauthorised third party' accessed systems holding personal information.retailoops!3PC Maghttps://uk.pcmag.com/cex/90937/cex-hack-up-to-2m-customers-potentially-affected250
Al.type31,000,0002017Dec 2017The developer of the customisable keyboard app failed to secure its database server. 577GB of user records were exposed.webpoor security4ZDNethttp://www.zdnet.com/article/popular-virtual-keyboard-leaks-31-million-user-data/249
Cellebrite3,000,0002017Jan 2017Cellebrite's main product is a device that rips data from mobile phones. 900GB of data was stolen from Cellebrite. The hackers got hacked. The number of records taken is unknown.techhackedy2Vicehttps://www.vice.com/en_us/article/3daywj/hacker-steals-900-gb-of-cellebrite-data248
WaterlyApp for paying water bills1,000,0002017Jan 2017An app which allows Israelis to pay water bills contained a vulnerability in the sign-in process. It could reveal payment history, personal ID information and credit card details.webpoor security3Data Breacheshttps://www.databreaches.net/waterly-app-potentially-exposed-up-to-1-million-israelis-details-researcher/247
Swedish Transport Agency3,000,0002017Jul 2017All Swedish driving license data was made available to Czech IT workers. The question of whether national security was harmed was censored in the official report.governmentpoor securityy5The Localhttps://www.thelocal.se/20170717/swedish-authority-handed-over-keys-to-the-kingdom-in-it-security-slip-up246
Hong Kong Registration & Electoral Office3,700,0002017Mar 2017Two laptop computers were stolen at the backup venue for the election of the leader of Hong Kong. The names of electors and personal information of the city's voters was compromised.governmentlost device2SCMPhttp://www.scmp.com/news/hong-kong/politics/article/2082566/laptops-containing-37-million-hong-kong-voters-data-stolen245
River City MediaSpam operator340,000,0002017Mar 2017One of the world's largest spam operations accidentally leaked a backup of its database of over a billion email addresses, along with real names, IP and physical addresses.weboops!2340mGuardianhttps://www.theguardian.com/technology/2017/mar/06/email-addresses-spam-leak-river-city-media244
DaFontFont sharing site700,0002017May 2017The font site's database was targeted by a hacker who had seen it being traded elsewhere. The flaw was "easy to find". Usernames, email addresses and passwords were stolen.webhacked4ZD Nethttp://www.zdnet.com/article/font-sharing-site-dafont-hacked-thousands-of-accounts-stolen/243
Bell1,900,0002017May 2017Email addresses and information about customers and contractors was leaked after being stolen from an insecure database. The company was threatened with further leaks.telecomshacked1CBChttp://www.cbc.ca/beta/news/technology/bell-data-breach-customer-names-phone-numbers-emails-leak-1.4116608242
ZomatoRestaurants & events17,000,0002017May 2017Stolen email addresses and hashed passwords were being sold on the dark web for just over $1000.webhacked4HackReadhttps://www.hackread.com/zomato-hacked-17-million-accounts-sold-on-dark-web/241
Imgur1,700,0002017May 2017Stolen email addresses and hashed passwords were being sold on the dark web for just over $1000.webhacked4Imgurhttps://blog.imgur.com/2017/11/24/notice-of-data-breach/240
TIO NetworksOwned by Paypal1,600,0002017Dec 2017A Paypal subsidiary providing bill payment services suffered a "security incident". Personal information and financial details were likely to have been breached.financehacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/paypal-says-1-6-million-customer-details-stolen-in-breach-at-canadian-subsidiary/239
Malaysian telcos & MVNOs46,200,0002017Oct 2017Phone numbers, customer details, addresses and SIM card information from over a dozen Malaysian mobile providers was discovered online after being stolen in 2014.telecomshacked4LowYathttps://www.lowyat.net/2017/146339/46-2-million-mobile-phone-numbers-leaked-from-2014-data-breach/238
Malaysian medical practitioners81,3092017Oct 2017Databases belonging to the Malaysian Medical Council, the Malaysian Medical Association and the Malaysian Dental Association were discovered online after being stolen in 2014.healthhacked4Siliconhttps://www.silicon.co.uk/cloud/data-breach-mobile-numbers-malaysia-224079237
Instagram6,000,0002017Sep 2017A bug in Instagram's API exposed users' contact details. The data was placed online in a searchable database, with a charge of $10 per search.webhacked1The Vergehttps://www.theverge.com/2017/9/1/16244304/instagram-hack-api-bug-doxagram-selena-gomez236
Viacom3,000,0002017Sep 2017A misconfigured server exposed 1Gb of Viacom's credentials – enough, say researchers, to take down the firm's internal IT infrastructure.webhacked4The Hacker Newshttps://thehackernews.com/2017/09/viacom-amazon-server.html235
Equifax143,000,0002017Sep 2017A breach of the health insurance firm's database exposed the names, social security numbers, birth dates, addresses, driver's license numbers and credit card information of US, UK and Canadian citizens.finance, healthhackedy4143mUK Govhttps://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do234
SVR TrackingVehicle tracking540,0002017Sep 2017Personal data and vehicle details were exposed. Customer passwords were stored using an easily-crackable algorithm.webpoor security4The Hacker Newshttps://thehackernews.com/2017/09/hacker-track-car.html233
LinkedIn117,000,0002016May 2016A massive batch of login credentials was discovered on the black market after being stolen by hackers. The breach dated from 2012, when the firm's password security policies were weak.webhacked1117mCNNhttp://money.cnn.com/2016/05/19/technology/linkedin-hack/https://money.cnn.com/2012/06/06/technology/linkedin-password-hack/?iid=EL232
Tumblr65,000,0002016May 2016A three year old data breach came to light. Millions of email addresses and hashed passwords had been stolen.webhacked1Vicehttps://www.vice.com/en_us/article/8q88k5/hackers-stole-68-million-passwords-from-tumblr-new-analysis-reveals231
Yahoo500,000,0002016Sep 2016At the time, the largest ever data breach from a single website. It was stolen, according to Yahoo, by a "state-sponsored actor". It included names, dates of birth and security information.webhacked2500mCNBChttps://www.cnbc.com/2016/09/22/yahoo-data-breach-is-among-the-biggest-in-history.html230
Mossack FonsecaPanamanian law firm11,500,0002016Apr 2016A hacker took 2.6TB of data from the Panamanian law firm. It included emails, contracts, scanned documents, transcripts and sensitive information relating to many politicians and public figures.mischackedy5PanamaPapershttp://panamapapers.sueddeutsche.de/articles/56febff0a1bb8d3c3495adf4/229
Philippines’ Commission on ElectionsCOMELEC55,000,0002016Apr 2016After a message was posted on the COMELEC website by hackers from Anonymous, warning the government of its weak election security, the entire database of voters was stolen and posted online.governmenthacked5Trend Microhttp://blog.trendmicro.com/trendlabs-security-intelligence/55m-registered-voters-risk-philippine-commission-elections-hacked/228
Syrian government274,4772016Apr 2016Hacking outfit calling itself 'Cyber Justice Team' leaked 10GB of data from multiple Syrian government and private websites. Much of it was duplicated from previously known hacks.governmenthacked1Softpediahttp://news.softpedia.com/news/syrian-government-hacked-43-gb-of-data-spilled-online-by-hacktivists-502765.shtml227
MinecraftLifeboat' community7,000,0002016Apr 2016Players using Minecraft's Lifeboat service had their email addresses and passwords leaked. The passwords were very weakly hashed.gaminghacked1BBChttps://www.bbc.co.uk/news/technology-36168860226
Turkish citizenship database49,611,7092016Apr 2016An entire database of voter records, originally stolen back in 2008, was leaked online.governmenthacked2Business Insiderhttp://www.businessinsider.com/turkish-citizenship-database-allegedly-hacked-and-leaked-2016-4?r=UK&IR=T225
Banner Health3,700,0002016Aug 2016Hackers gained access to payment card data that was used to buy food and drink at Banner Health outlets. In 2019, Banner agreed to a $6m settlement over the breach.healthhacked3Healthcare Informaticshttps://www.healthcare-informatics.com/news-item/cybersecurity/breaking-massive-cyber-attack-banner-health-affects-37m-individuals224
Mail. ruGame-related forums25,000,0002016Aug 2016Two hackers attacked three game-related forums hosted by the Russian company Mail.ru. They stole email addresses, scrambled passwords and birthdates.webhacked2ZD Nethttp://www.zdnet.com/article/over-25-million-accounts-stolen-after-mail-ru-forums-raided-by-hackers/223
PayAsUGym300,0002016Dec 2016The fitness website was hacked. Email addresses and passwords were published online.webhacked1BBC Newshttp://www.bbc.co.uk/news/technology-38350987222
Lynda.comowned by LinkedIn9,500,0002016Dec 2016Hackers breached a database holding contact information and interest in online courses. Lynda's owners, LinkedIn, said that 55,000 user passwords were also breached.webhacked1Neowinhttps://www.neowin.net/news/microsoft-owned-linkedin-is-sending-emails-to-users-about-a-lyndacom-data-breach221
Linux Ubuntu forums2,000,0002016Jul 20162 million usernames, email addresses, and IP addresses were compromised via a vulnerability in the forum software.webhacked1ZDnethttps://www.zdnet.com/article/ubuntu-forums-hack-exposes-two-million-users/220
Wendy'sRestaurant chain1,0252016Jul 2016Malware installed in 1025 point of sale systems was used to steal credit card data from customers. It's not known how many individuals were impacted.retailhackedy3Forbeshttps://www.forbes.com/sites/moneybuilder/2016/07/08/this-week-in-credit-card-news-wendys-data-breach-affects-1000-stores-card-fraud-dropping/#260a2f727bab219
Clinton campaign5,000,0002016Jul 2016The computer network used by Hillary Clinton's campaign team was hacked as part of a broader cyber attack on Democratic political organizations.governmenthacked2Reutershttp://news.trust.org/item/20160729204542-r98dj218
uTorrent35,0002016Jun 2016Access to user data was gained via a third party. Uncertain as to what exactly had been stolen, the firm advised its users to change their passwords.webhacked1Torrent Freakhttps://torrentfreak.com/utorrent-forums-hacked-passwords-compromised-160608/217
World CheckRun by Thompson Reuters2,200,0002016Jun 2016A database of suspected terrorists and criminals used by global banks and intelligence agencies was leaked online. Access is normally granted via a strict vetting process.miscpoor security3The Stackhttps://thestack.com/security/2016/06/29/2-million-person-terror-database-leaked-online/216
Mutuelle Generale de la PoliceFrench police health insurance112,0002016Jun 2016Personal details of French police officers were uploaded to Google Drive by an employee. The leak came two weeks after a gendarme was murdered in an ISIS-inspired attack.healthinside job5BBC Newshttp://www.bbc.co.uk/news/world-europe-36645519215
VKRussia's Facebook171,000,0002016Jun 2016A database stolen in 2013 from the Russian social network, containing full names, email addresses and passwords, was offered for sale online.webhacked4100mMotherboardhttp://motherboard.vice.com/read/another-day-another-hack-100-million-accounts-for-vk-russias-facebook214
KM.ru & NivalNews site and email provider/Videogame maker1,500,0002016Mar 2016A hacker targeted several Russian websites in revenge for the shooting down of flight MH17 over Ukraine. They included videogame firm Nival and email provider KM.ru.webhacked4Motherboardhttps://motherboard.vice.com/en_us/article/pgkp57/a-teen-hacker-is-targeting-russian-sites-as-revenge-for-the-mh17-crash213
FlingDating site40,000,0002016May 2016Data allegedly stolen in 2011 was put up for sale on the dark web. The stash included email addresses, plain text passwords and information on sexual desires & preferences.webhacked4IBTimeshttps://www.ibtimes.co.uk/fling-com-breach-passwords-sexual-preferences-40-million-users-sale-dark-web-1558711212
MySpace164,000,0002016May 2016In one of the largest password breaches ever, 360 million MySpace logins were stolen and put on sale for $2,800.webhacked1164mVicehttps://www.vice.com/en_us/article/pgkk8v/427-million-myspace-passwords-emails-data-breach211
ThreeThree mobile company in the UK130,0002016Nov 2016Fraudsters compromised the mobile network's handset upgrade system and ordered new handsets to sell online. Customer details were accessed as part of the breach.telecomshacked2Threehttp://www.threemediacentre.co.uk/news/2017/handsetfraud-update.aspx210
Red Cross Blood Service550,0002016Oct 2016Australian donor information was accessed via an unsecured database posted online by a contractor. Information included that of "at-risk sexual behaviour".healthoops!4ABC Newshttp://www.abc.net.au/news/2016-10-28/red-cross-blood-service-admits-to-data-breach/7974036209
TelegramInstant messaging service15,000,0002016Aug 2016An Iranian hacking group called Rocket Kitten stole millions of phone numbers from Telegram, an instant messaging service which prides itself on strong security.webhacked1Venture Beathttp://venturebeat.com/2016/08/02/hackers-break-into-telegram-revealing-15-million-users-phone-numbers/208
Dailymotionvideo sharing site85,200,0002016Dec 2016Users of the video sharing site had their email addresses and usernames stolen. One in five also had their passwords compromised.webhacked1ZDNethttp://www.zdnet.com/article/dailymotion-hack-exposes-millions-of-accounts/207
Weebly43,000,0002016Oct 2016IP addresses, usernames and hashed passwords were stolen from the web design platform.webhacked4Tech Crunchhttps://techcrunch.com/2016/10/20/weebly-hacked-43-million-credentials-stolen/206
Interpark10,000,0002016Jul 2016South Korean police blamed North Korea for stealing personal customer data from a shopping mall's server in an attempt to obtain foreign currency.webhacked2NY timeshttp://www.nytimes.com/2016/07/29/world/asia/north-korea-hacking-interpark.html205
Quest Diagnostics34,0002016Dec 2016Healthcare data accessed by an unauthorised third party contained names, dates of birth and lab results.healthhacked4Newsroomhttp://newsroom.questdiagnostics.com/2016-12-12-Quest-Diagnostics-Provides-Notice-of-Data-Security-Incident#assets_129204
Friend Finder NetworkParent company of Adult Friend Finder , Cams.com and Penthouse.com412,000,0002016Nov 2016Almost every password used on Adult Friend Finder, Cams.com and Penthouse.com was breached. Those passwords were encrypted, but easily crackable.webhacked1412mZDNethttp://www.zdnet.com/article/adultfriendfinder-network-hack-exposes-secrets-of-412-million-users/203
BrazzersPorn site790,7242016Sep 2016A vulnerability in the pornsite's forum software compromised millions of accounts, many of which had identical login details for the site itself.webhacked4Vicehttps://www.vice.com/en_us/article/vv7pgd/nearly-800000-brazzers-porn-site-accounts-exposed-in-forum-hack202
ClixSense6,600,0002016Sep 2016A service which pays people to view adverts and take surveys was hacked. Stolen information included addresses, banking details and social security numbers.webhacked5Digital trendshttp://www.digitaltrends.com/computing/clixsense-hacked/201
CarefirstBlue Cross, Blue Shield US medical insurer1,100,0002015May 2015Hackers gained access to a database belonging to the healthcare insurer, stealing names, birth dates, email addresses and insurance ID numbers.healthhacked1Krebs on Securityhttps://krebsonsecurity.com/2015/05/carefirst-blue-cross-breach-hits-1-1m/200
TwitchGaming site10,000,0002015Mar 2015All users were forced to reset their passwords after unauthorised access to a number of accounts.healthhacked1Twitchhttp://blog.twitch.tv/2015/03/important-notice-about-your-twitch-account/199
PremeraUS healthcare provider11,000,0002015Mar 2015The health insurance firm revealed that its IT systems had been breached, exposing financial and medical records.healthhacked5Computer Weeklyhttps://www.computerweekly.com/news/2240242508/Premera-hack-exposes-11-million-financial-and-medical-records198
Uber50,0002015Feb 2015The breach, which occurred in Sep 2014, revealed the names & license plates of 50,000 drivers across the USA.tech, webpoor security1TechCrunchhttps://techcrunch.com/2015/02/27/uber-database-breach-exposed-information-of-50000-drivers-company-confirms/197
Deep Root Analytics198,000,0002015Dec 2015A insecure database containing US voter information was discovered by a researcher. It contained names, addresses, contact details and party affiliations.webpoor security2198mReuters, UpGuardhttp://uk.reuters.com/article/us-usa-voters-breach-idUKKBN0UB1E020151229https://www.upguard.com/breaches/the-rnc-files196
KromtechMacKeeper software13,000,0002015Dec 2015A security researcher stumbled on an insecure database belonging to the Mac software provider, containing usernames, email addresses and passwords.webhacked1BBChttps://www.bbc.co.uk/news/technology-35100330https://www.reddit.com/r/apple/comments/3wq9fc/massive_data_breach/195
Invest BankUnited Arab Emirates bank40,0002015Dec 2015A hacker breached the systems of a UAE bank. They demanded a ransom of $3m in bitcoin to stop tweeting data, relating mainly to corporate accounts.financehacked4Daily Dothttps://www.dailydot.com/debug/invest-bank-hacker-buba/194
SanrioHello Kitty and other franchises3,300,0002015Dec 2015A researcher accessed a database containing login information, password hints and birthdates of fans of the Hello Kitty brand, including many children.webpoor security2CSO Onlinehttps://www.csoonline.com/article/3017171/database-leak-exposes-3-3-million-hello-kitty-fans.html193
VTechToymaker company6,400,0002015Dec 2015The toy maker was targeted by a hacker who stole the private data of millions of children, including names, email addresses and birth dates.webhacked5The Guardianhttp://www.theguardian.com/technology/2015/dec/02/vtech-hack-us-hong-kong-investigate-children-exposedhttp://www.troyhunt.com/2015/11/when-children-are-breached-inside.html192
Hacking Team500,0002015Jul 2015An Italian hacking firm which sells digital surveillance software to national security organisations – including those of repressive regimes – was itself hacked, and the data put on BitTorrent.webhackedy5The Guardianhttp://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim191
AshleyMadison.comUS ex-marital affairs site37,000,0002015Jul 2015The online hookup site for extra-marital affairs was severely breached. Personal details and company financial records were threatened with release.webhacked1Krebs on Securityhttp://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/190
US Office of Personnel Management (2nd Breach)21,500,0002015Jul 2015Hackers with suspected links to China accessed sensitive data on US intelligence and military personnel, leading to concerns about potential blackmail attempts.governmenthacked5BBC Newshttp://www.bbc.co.uk/news/world-us-canada-33120405http://www.reuters.com/article/2015/07/09/us-cybersecurity-usa-idUSKCN0PJ2M420150709?feedType=RSS&feedName=topNews&utm_source=twitter189
US Office of Personnel Management4,000,0002015Jun 2015Hackers gained access to federal employees’ Social Security numbers, job assignments, performance ratings and training information.governmenthacked2Washington Posthttp://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-governments-personnel-office/2015/06/04/889c0e52-0af7-11e5-95fd-d580f1c5d44e_story.html?tid=hpModule_04941f10-8a79-11e2-98d9-3012c1cd8d1e188
Australian Immigration Department302015Mar 2015An agency employee inadvertently sent the passport numbers and visa details of all world leaders attending the G20 Brisbane summit to the organisers of the Asian Cup football tournament.governmentoops!y4The Guardianhttp://www.theguardian.com/world/2015/mar/30/personal-details-of-world-leaders-accidentally-revealed-by-g20-organisers187
IRSUS Tax service100,0002015May 2015An organized crime syndicate used the IRS website to steal taxpayers' personal financial information. 15,000 of them were used to claim refunds in other people's names.governmenthacked1CNNhttp://money.cnn.com/2015/05/26/pf/taxes/irs-website-data-hack/index.html186
MSpykid & partner tracking service400,0002015May 2015A service that claims to help people spy on mobile devices was hacked, exposing emails, text messages, payment and location data.webhacked2Krebs on Securityhttp://krebsonsecurity.com/2015/05/mobile-spy-software-maker-mspy-hacked-customer-data-leaked/185
Adult Friend FinderInternet dating & hookup site3,900,0002015May 2015Data found on the dark web included sexual preferences, names, email addresses, usernames, dates of birth and postal codes. It included information of former as well as current users.webhacked1Channel 4http://www.channel4.com/news/adult-friendfinder-dating-hack-internet-dark-web184
Securus TechnologiesPrison phone service provider70,000,0002015Nov 2015An anonymous hacker leaked records of over 70m prisoner phone calls, plus links to recordings, potentially violating constitutional protections.webhackedy570mThe Intercepthttps://theintercept.com/2015/11/11/securus-hack-prison-phone-company-exposes-thousands-of-calls-lawyers-and-clients/183
TalkTalkTelecoms provider157,0002015Nov 2015Shares in the telecoms firm plunged by a third after the hack, which exposed the banking details of more than 15,000 people.telecomshacked2BBC Newshttps://www.bbc.co.uk/news/business-34743185http://www.bbc.co.uk/news/uk-34611857182
Experian / T-mobile15,000,0002015Oct 2015The world's biggest data monitoring firm disclosed a massive data breach. It had exposed the details of T-Mobile customers applying for credit checks.telecomshacked3Reutershttp://www.reuters.com/article/2015/10/02/us-tmobile-dataprotection-idUSKCN0RV5PL20151002181
Slacksoftware for remote working500,0002015Mar 2015Sometime in February 2015, hackers were able to peruse Slack’s central database for up to four days. That database included usernames, email addresses and encrypted passwords.webhacked1Tech Crunchhttp://techcrunch.com/2015/03/27/slack-got-hacked/180
CarPhone WarehouseUK mobile phone supplier2,400,0002015Aug 2015The breach exposed names, addresses, birth date and bank details. Around 480,000 were TalkTalk Mobile customers; 1.9m were customers of Carphone Warehouse directly.telecomshacked3The Guardianhttp://www.theguardian.com/technology/2015/aug/10/carphone-warehouse-uk-data-watchdog-investigating-customer-hack179
British AirwaysFrequent flyer accounts10,0002015Mar 2015Hackers accessed tens of thousands of British Airways frequent-flyer accounts. The airline froze the affected accounts while it resolved the issue.transporthacked1The Guardianhttp://www.theguardian.com/business/2015/mar/29/british-airways-frequent-flyer-accounts-hacked178
AnthemSecond-largest health insurer in the US80,000,0002015Feb 2015A "sophisticated cyberattack" on one of the USA's largest health insurers uncovered names, dates of birth, social security numbers, addresses and employment information.healthhackedy280mNYTimeshttps://www.nytimes.com/2015/02/05/business/hackers-breached-data-of-millions-insurer-says.html177
UCLA Health4,500,0002015May 2015Patient information was exposed in a hack on the network. In 2019, the firm reached a $2 million class-action lawsuit settlement.healthhacked44.5mHealth IT Securityhttps://healthitsecurity.com/news/ucla-health-reaches-7.5m-settlement-over-2015-breach-of-4.5m176
Neiman MarcusUS retailer1,100,0002014Jan 2014Malware in the firm's IT system leaked customer payment data for several months.retailhacked2NY Timeshttp://www.nytimes.com/2014/01/24/business/neiman-marcus-breach-affected-1-1-million-cards.htmlhttp://krebsonsecurity.com/2014/08/stealthy-razor-thin-atm-insert-skimmers/175
AOL2,400,0002014Apr 2014User accounts were compromised in order to send out spam messages.webhacked1NBC Newshttps://www.nbcnews.com/tech/security/youve-got-hacked-aol-confirms-significant-number-mail-users-hit-n91701174
Community Health Systems4,500,0002014Aug 2014The US hospital operator suffered a system breach, leaking 5 years worth of data. Details included names, addresses, social security numbers. The goal: identity theft.healthhackedy2CNNhttp://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/173
Privatization Agency of the Republic of Serbia5,190,3962014Dec 2014A text file containing personal data and financial documents relating to almost all adult Serbian citizens was made publically available.governmentoops!2Poverenikhttps://www.poverenik.rs/en/press-releases/1953-povreda-prava-na-zastitu-podataka-o-licnosti-skoro-svih-punoletnih-gradjana-srbije.html172
Sony Pictures10,000,0002014Dec 2014Potentially every piece of data held by the company was hacked, including unreleased films, employee social security numbers and sensitive internal documents. North Korea suspected.mischacked2Buzzfeedhttp://www.buzzfeed.com/tomgara/sony-hack171
Indiana University146,0002014Feb 2014Students who attended the university between 2011 and 2014 may have had their data accessed by three automated computer data mining applications.academiapoor security2Indiana Universityhttp://news.iu.edu/releases/iu/2014/02/data-exposure-disclosure.shtmlhttp://www.usatoday.com/story/news/nation/2014/02/26/indiana-university-data-breach/5830685/170
Ebay145,000,0002014May 2014Hackers attacked between late February and early March, using the login credentials of three corporate employees. They then accessed a database containing all user records.webhackedy1145mBusiness Insiderhttps://www.businessinsider.com/cyber-thieves-took-data-on-145-million-ebay-customers-by-hacking-3-corporate-employees-2014-5?r=US&IR=T169
UPS4,000,0002014Aug 2014Malware was discovered in the credit & debit card processing systems of 51 UPS branches in 24 states. It was leaking data for as long as eight months.retailhacked3Timehttp://time.com/3151681/ups-hack/168
European Central Bank4,000,0002014Jul 2014The ECB received an anonymous call requesting money in return for the stolen data. The bank didn't say how much the blackmailer asked for, but did say that it refused to pay anything.financehacked1City amhttp://www.cityam.com/1406190300/ecb-website-hacked167
JP Morgan Chase76,000,0002014Oct 2014A hack of the USA's largest bank began in June, but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege for dozens of servers.financehackedy376mDeal Bookhttp://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/?_php=true&_type=blogs&_r=0166
New York Taxis52,0002014Jun 2014A freedom of information request resulted in the release of data on all 173 million journeys undertaken by New York taxis in one year. Unfortunately, the data was not properly anonymised.transportpoor securityy1Mediumhttps://medium.com/@vijayp/f6bc289679a1165
HSBC Turkey2,700,0002014Nov 2014An attack on credit and debit card systems left numbers, account numbers, expiry dates and customer names compromised.financehacked4Reutershttp://www.reuters.com/article/us-hsbc-turkey-cybersecurity/hsbc-turkey-says-customer-credit-card-data-stolen-idUSKCN0IW1RR20141112164
Japan Airlines750,0002014Sep 2014Japan Airlines confirmed the possible theft of information from up to 750,000 frequent-flier programme members, including names, birth dates, addresses and places of work.transporthacked2WSJ, Japan Airlineshttp://online.wsj.com/articles/japan-airlines-reports-hacker-attack-1412053828http://www.jal.co.jp/en/info/other/140924.html163
Staples1,160,0002014Dec 2014Point of sale systems were infected with malware. Thieves may have used it to steal customer names, payment card numbers, expiration dates and card verification codes.retailhacked3Fortunehttp://fortune.com/2014/12/19/staples-cards-affected-breach/162
GMail5,000,0002014Sep 2014Account details and passwords were posted on a Russian Bitcoin forum. Close inspection revealed the user details to be old (3+ years). Gmail itself was not hacked.webhackedy1The Next Webhttp://thenextweb.com/google/2014/09/10/4-93-million-gmail-usernames-passwords-published-google-says-evidence-systems-compromised/161
Home Depot56,000,0002014Sep 2014Malware installed on cash register systems at 2,200 stores syphoned credit card details of up to 56 million customers, which were then sold online.retailhackedy3Krebs on Securityhttp://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/160
Korea Credit Bureau20,000,0002014Jan 2014An employee was accused of of stealing data from customers of three credit card firms while working as a temporary consultant.financeinside job5Security Weekhttp://www.securityweek.com/20-million-people-fall-victim-south-korea-data-leak159
Dominios Pizzas (France)600,0002014Jun 2014Hackers demanded a ransom of €30,000 (£24,000) from Domino's Pizza after stealing personal data on more than 600,000 of its French and Belgian customers.retailhacked1The Guardianhttp://www.theguardian.com/technology/2014/jun/16/dominos-pizza-ransom-hack-data158
Mozilla76,0002014Aug 2014After the failure of a "data sanitation" process, Mozilla’s developer community was alerted to an accidental leak of email addresses and encrypted passwords.webpoor security2The Guardianhttp://www.theguardian.com/technology/2014/aug/05/mozilla-leak-developer-email-addresses-passwords-firefox157
Massive American business hack7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard160,000,0002013Jul 2013For more than seven years a hacking ring targeted banks, payment processors and chain stores to steal more than 160 million credit and debit card numbers.financehackedy5160mTechnology Reviewhttps://www.technologyreview.com/s/517551/prosecutors-describe-massive-breach-of-credit-card-data/156
Affinity Health Plan, Inc.344,5792013Aug 2013A rented photocopier used to copy health records did not have its hard-drive wiped before its return, exposing personal data.healthlost devicey4Proskauerhttps://privacylaw.proskauer.com/2013/08/articles/identity-theft/a-1-2-million-photocopier-mistake-health-plan-settles-with-hhs-in-hipaa-breach-case/155
Citigroup150,0002013Jul 2013The bank failed to redact court records before they were placed on a publicly accessible system. The personal information of customers entering bankruptcy between 2007-2011 was exposed.financeoops!y2Softpediahttp://news.softpedia.com/news/Citi-Exposes-Details-of-150-000-Individuals-Who-Went-into-Bankruptcy-369979.shtml154
TianyaUsernames, clear tect passwords and email addresses hacked.40,000,0002013Jul 2013China's biggest online forum confirmed that private information for 40 million users had been breached back in 2011.webhacked1Computer World, Hacker Newshttp://www.scmagazine.com.au/News/349585,28-million-clear-text-passwords-found-after-tianya65279-hack.aspxhttps://thehackernews.com/2011/12/tianya-chinas-biggest-online-forum-40.html153
Scribd"world's largest online library"500,0002013Apr 2013A website billing itself as the "world's largest online library" was hacked. 1% of its users had passwords compromised.webhacked1Naked Security, NBC Newshttp://nakedsecurity.sophos.com/2013/04/05/scribd-worlds-largest-online-library-admits-to-network-intrusion-password-breach/http://www.nbcnews.com/technology/scribd-hack-exposes-thousands-users-1B9239618152
Living Socialspecial offers website50,000,0002013Apr 2013Hackers gained access to names, e-mail addresses, dates of birth & encrypted passwords for 50 million users of an online offers site part-owned by Amazon.webhacked1Naked Security, New York Timeshttp://nakedsecurity.sophos.com/2013/04/27/livingsocial-hacked-50-million-affected/http://bits.blogs.nytimes.com/2013/04/26/living-social-hack-exposes-data-for-50-million-customers/151
Yahoo550,000,0002013Dec 2016A 2013 attack was eventually disclosed in 2016. Stolen data included names, telephone numbers, birth dates, passwords and security questions.webhacked21bnNY Times, BBChttp://www.nytimes.com/2016/12/14/technology/yahoo-hack.html?action=Click&contentCollection=BreakingNews&contentID=64651831&pgtype=Homepage&_r=0https://www.bbc.co.uk/news/business-41493494150
SnapChat4,600,0002013Jan 2014Hackers abused an exploit to siphon off usernames and phone numbers, which were then posted online.web, techhacked2BBC Newshttps://www.bbc.co.uk/news/technology-25572661149
University of Delaware74,0002013Aug 2013Confidential personal information on past and current employees of the University of Delaware was stolen when a software vulnerability was exploited.academiahacked2University of Delawarehttp://www1.udel.edu/udaily/2014/jul/resources073013.html148
Central Hudson Gas & Electric110,0002013Feb 2013Customer banking information and other personal information may have been accessed when systems belonging to the energy supplier were hacked.mischacked3eSecurity Planethttps://www.esecurityplanet.com/network-security/central-hudson-gas-and-electric-hacked.html147
Twitter250,0002013Feb 2013A Java vulnerability gave hackers access to some user information including usernames, email addresses, session tokens and encrypted/salted versions of passwords.webhacked1CNNhttps://edition.cnn.com/2013/02/01/tech/social-media/twitter-hacked/index.html146
Crescent Health Inc., Walgreens100,0002013Feb 2013A stolen laptop exposed private data including names, social security numbers, health insurance information, birth dates, diagnoses and other medical information.healthlost device4Healthcare IT Newshttps://www.healthcareitnews.com/news/walgreens-company-announces-data-breach145
Florida Department of Juvenile Justice100,0002013Jan 2013The theft of a mobile device containing youth and employment records exposed 100,000 young people to potential identity theft.governmentlost device2Data Breacheshttps://www.databreaches.net/stolen-florida-dept-of-juvenile-justice-device-contained-records-of-more-than-100000-youth-and-employees/144
Advocate Medical Group4,000,0002013Aug 2013Four unencrypted computers were stolen from an office belonging to the healthcare provider. 4,000,000 patient names, addresses, dates of birth and Social Security numbers were exposed.healthlost devicey2Health IT Securityhttp://healthitsecurity.com/2013/08/27/advocate-medical-group-endures-massive-data-breach/143
OVHFrench Internet host200,0002013Jul 2013A hacker gained access to an email account, from where they were able to compromise the firm's internal systems. The European customer database was exposed.webhacked2OVHhttp://status.ovh.net/?do=details&id=5070142
Apple275,0002013Jul 2013Apple's developer portal was hacked. "Some" information about 275,000 3rd-party developers was potentially stolen.tech, webhacked1The Guardianhttp://www.guardian.co.uk/technology/2013/jul/22/apple-developer-site-hacked141
NASDAQNasdaq OMX Group500,0002013Jul 2013Cybercriminals targeted the Nasdaq online forum, stealing email addresses and passwords.financehackedy1Reutershttps://uk.reuters.com/article/net-us-nasdaq-cybercrime-website/nasdaq-forum-website-hacked-passwords-compromised-idUSBRE96H1F520130718140
UbiSoftgames company58,000,0002013Jul 2013The video games publisher revealed that user names, email addresses and encrypted passwords had been "illegally accessed".gaminghacked2BBC Newshttps://www.bbc.co.uk/news/technology-23159997139
UbuntuThe discussion forum for the popular alternative, open-source operating system2,000,0002013Jul 2013The discussion forum for the operating system was hacked, exposing personal details and weakly-hashed passwords.tech, webhackedy3Ars Technicahttp://arstechnica.com/security/2013/07/hack-exposes-e-mail-addresses-password-data-for-2-million-ubuntu-forum-users/138
NintendoJapan's Club Nintendo service4,000,0002013Jun 2013Names, phone numbers, home and email addresses of Japanese members of Club Nintendo were stolen after a website breach.gaminghacked2ZDNethttps://www.zdnet.com/article/club-nintendo-site-hacked-customer-data-exposed/137
National Security Agency1,500,0002013Jun 2013Edward Snowden, an intelligence contractor in Hawaii, downloaded up to 1.5 million files. He then flew to Hong Kong to meet journalists Glenn Greenwald and Laura Poitras before fleeing to Moscow.governmentinside joby5Business Insiderhttp://uk.businessinsider.com/snowden-leaks-timeline-2016-9136
Facebook6,000,0002013Jun 2013By using the network's "Download Your Information" tool, some Facebook members were able to access phone numbers and email addresses of strangers.weboops!1Facebookhttps://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766135
Evernoteonline note-taking site50,000,0002013Mar 2013Evernote asked all its users to reset their passwords, following the discovery of unauthorised access of personal details.webhacked1Wired, Digital Trendshttp://www.wired.co.uk/news/archive/2013-03/04/evernote-hackedhttp://www.digitaltrends.com/mobile/evernote-hack-50-million-users-forced-to-reset-passwords/134
Kirkwood Community CollegeHacked online database125,0002013Apr 2013Hackers accessed data relating to applications made between February 2006 and March 2013, including names, birth dates, race, contact information and Social Security numbers.academiahacked2eSecurity Planethttps://www.esecurityplanet.com/hackers/kirkwood-community-college-hacked.html133
Yahoo Japan22,000,0002013May 201322 million Yahoo user IDs may have been leaked after Yahoo detected an unauthorized attempt to access the administrative system of its Yahoo Japan portal.tech, webhacked1Reutershttps://www.reuters.com/article/us-yahoojapan/yahoo-japan-suspects-22-million-user-ids-leaked-kyodo-idUSBRE94G0P620130517132
Drupalopen-source content management platform1,000,0002013May 2013Malicious files were placed on the servers of the content management platform. They exposed usernames, e-mail addresses and cryptographically hashed passwords.webhacked1Ars Technicahttp://arstechnica.com/security/2013/05/drupal-org-resets-login-credentials-after-hack-exposes-password-data/131
TerraCom & YourTel170,0002013May 2013Journalists discovered the personal data of over 170,000 customers on a publicly accessible server. Hilariously, the firms branded the journalists "hackers".telecomsoops!y2Boing Boing, Wiredhttp://boingboing.net/2013/05/23/terracom-and-yourtel-threaten.htmlhttp://www.wired.co.uk/news/archive/2013-05/23/reporter-google-breach-hacker130
Washington State court systemAdministrative offices160,0002013May 2013Social Security numbers and a million driver's license numbers may have been accessed by hackers exploiting weaknesses in old server software.governmenthacked2Reuters, Privacy Rightshttps://www.reuters.com/article/us-usa-hack-washingtonstate-idUSBRE9480YY20130509http://www.privacyrights.org/data-breach129
MacRumours.com860,0002013Nov 2013A moderator account on the forum was logged into by the hacker, who then was able to escalate privileges. All users were advised to change their passwords.webhacked1Wiredhttp://www.wired.co.uk/news/archive/2013-11/13/mac-rumours-forums-hacked128
Court VenturesExperian200,000,0002013Oct 2013A 24 year old Vietnamese national, Hieu Minh Ngo, ran an identity theft service from his bedroom. A deal he struck with Experian gave him access to the personal and financial data of American citizens.financeinside job2200mNY Times, Gov Techhttps://krebsonsecurity.com/2014/03/experian-lapse-allowed-id-theft-service-to-access-200-million-consumer-records/http://www.govtech.com/security/San-Diego-Sues-Experian-Over-Alleged-2010-Breach.html127
Vodafone2,000,0002013Sep 2013An IT contractor for the firm used his access to the telecom giant's system to steal customer details, including bank account numbers and sort codes.telecomsinside joby3Security Weekhttp://www.securityweek.com/attacker-steals-data-2-million-vodafone-germany-customers126
Adobe38,000,0002013Oct 2013Hackers obtained access to a swathe of Adobe customer IDs, encrypted passwords & sensitive information including encrypted credit and debit card numbers. Plus source code.techhackedy338mAdobehttps://www.bbc.co.uk/news/technology-24740873125
D&B, Altegrity1,000,0002013Sep 2013Hackers stole millions of social security numbers from a number of large US data brokers, intending to steal identities.techhacked3USA Today; Reutershttp://www.usatoday.com/story/cybertruth/2013/09/26/lexisnexis-dunn--bradstreet-altegrity-hacked/2878769/http://www.reuters.com/article/2013/09/26/us-cyberattacks-databrokers-idUSBRE98P03220130926124
ssndob.ms4,000,0002013Sep 2013Teenage hackers collected data for exposed.su, a site that charged people to search for the social security numbers, birthdays, phone numbers and addresses of celebrities.webhackedy2Krebs on Securityhttp://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/123
Target70,000,0002013Dec 2013Investigators believe that personal data was obtained via software installed on card-swiping machines at Target stores.retailhackedy3Huffington Posthttp://www.huffingtonpost.com/2013/12/19/target-hacked-customer-credit-card-data-accessed_n_4471672.html?utm_hp_ref=mostpopular122
China Software Developer Network6,000,0002012Mar 2012A man surnamed Zeng was arrested on suspicion of leaking personal information belonging to users of the China Software Developer Network (CSDN).webhacked1ZDNethttp://www.zdnet.com/blog/security/chinese-hacker-arrested-for-leaking-6-million-logins/11064121
Global PaymentsCredit, debit and check processing for merchants (Visa, Mastercard, etc)1,500,0002012Apr 2012Hackers gained unauthorised access to systems of the payment processing firm, exposing over a million credit card numbers.financehacked3Washington Posthttp://www.washingtonpost.com/business/technology/faq-the-global-payments-hack/2012/04/02/gIQAIHLLrS_story.html120
South Carolina GovernmentSouth Carolina Department of Health and Human Services228,0002012Apr 2012A man was arrested for sending confidential information on Medicaid beneficiaries to his personal email address.healthinside job4The Statehttps://www.infosecurity-magazine.com/news/data-breach-hits-228000-south-carolina-medicaid/119
Three Iranian banksSaderat, Eghtesad Novin, & Saman3,000,0002012Apr 2012After finding a security flaw in Iran's banking system, Khosrow Zarefarid sent a formal report to the CEOs of all affected banks. When they ignored him, he hacked 3m bank accounts to prove his point.financehackedy5ZD Nethttp://www.zdnet.com/blog/security/3-million-bank-accounts-hacked-in-iran/11577118
California Department of Child Support Services800,0002012Apr 2012California child support records were lost in transit during a "disaster preparedness" exercise.governmentlost device2Business Insiderhttps://www.businessinsider.com/california-child-support-data-breach-2012-4?IR=T117
Emory Healthcarehospital system in Atlanta315,0002012Apr 2012The company 'misplaced' 10 backup discs containing sensitive patient information, including social security numbers.healthlost device4Emoryhttp://news.emory.edu/stories/2012/04/ehc_missing_data/campus.html116
Office of the Texas Attorney General6,500,0002012Apr 2012The office of Texas Attorney General Greg Abbott mistakenly gave attorneys access to a database containing millions of Social Security numbers.governmentoops!2Raw Storyhttp://www.rawstory.com/rs/2012/04/26/texas-attorney-general-exposes-millions-of-voters-social-security-numbers/115
MedicaidUS health program for low income people and families780,0002012Apr 2012Hackers operating out of Eastern Europe circumvented server security at the Utah Health Department, stealing the Social Security numbers of Medicaid claimants.government, healthhackedy5Reutershttps://www.reuters.com/article/us-usa-hackers-utah/european-hackers-suspected-in-utah-medicaid-files-breach-idUSBRE83404G20120405114
BlizzardActivision, Battle.net14,000,0002012Aug 2012Scrambled passwords, e-mail addresses, and personal security answers were stolen from Blizzard's internal network. Blizzard would not elaborate on the size of the hack ("millions").gaminghacked2Forbeshttps://www.forbes.com/sites/erikkain/2012/08/09/its-official-blizzard-hacked-account-information-stolen/#6dfbcdc355d1113
New York State Electric & Gas1,800,0002012Jan 2012An employee from a software consulting firm was able to grant unauthorized access to the energy supplier's database.miscinside job2Data Breacheshttps://www.databreaches.net/nyseg-and-rge-notify-customers-of-unauthorized-access-to-customer-data/112
Memorial Healthcare SystemFlorida102,1532012Apr 2012For more than a year, an employee of an affiliated physician’s office accessed patient information through a web portal: names, dates of birth and Social Security numbers.healthlost device2Modern Healthcarehttps://www.databreaches.net/more-breaches-you-may-not-have-known-about/111
Zappos24,000,0002012Jan 2012The Amazon-owned e-commerce firm was the target of a cyber attack on its internal network, exposing names, e-mail addresses, phone numbers,addresses, and encrypted passwords.webhacked2Forbeshttp://www.forbes.com/sites/andygreenberg/2012/01/15/zappos-says-hackers-accessed-24-million-customers-account-details/110
FormspringInterest-based social Q&A website420,0002012Jul 2012420,000 hashed passwords were posted to a security forum. Formspring immediately forced users to reset their passwords.webhackedy1CNethttp://news.cnet.com/8301-1009_3-57469944-83/formspring-disables-user-passwords-in-security-breach/?tag=mncol;txt109
KT Corp.Korean mobile carrier8,700,0002012Jul 2012Two suspects earned an estimated $877,000 by selling the contact information and plan details of 8.7 million subscribers to Korea's second largest mobile phone network.telecomshacked2Korea Times, CNethttp://www.koreatimes.co.kr/www/news/biz/2012/07/113_116143.htmlhttp://news.cnet.com/8301-1009_3-57482215-83/hackers-accused-of-stealing-data-from-9m-korean-mobile-users/108
Yahoo Voices450,0002012Jul 2012Usernames and passwords thought to be related to Yahoo's Voice service were dumped online, after being accessed in a database hack.tech, webhacked1Slashdothttps://www.helpnetsecurity.com/2012/07/12/nearly-half-a-million-yahoo-passwords-leaked-following-hack/107
Last.fmOwned by CBS43,500,0002012Sep 2016Usernames, email addresses and other internal records, such as newsletter sign-ups and ad-related data, were stolen in a 2012 hack.webhacked1ZD Nethttp://www.zdnet.com/article/hackers-stole-43-million-last-fm-account-details-in-2012-breach/https://www.zdnet.com/article/last-fm-investigating-security-issue-passwords-leaked/106
LinkedIn, eHarmony, Last.fm8,000,0002012Jun 2012Hacker 'dwdm' uploaded a file containing 6.5 million passwords to a Russian hacker forum. Soon after, another 1.5 million passwords were discovered in another file on the forum.webhacked1Cnethttp://news.cnet.com/8301-1009_3-57449325-83/what-the-password-leaks-mean-to-you-faq/?tag=mncol;txt105
Gamigo8,000,0002012Jul 20124 months after the gaming site Gamigo warned users about a hacker intrusion, more than 8 million usernames, emails & encrypted passwords from the site were published on the web.webhacked1Forbeshttp://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passwords-spilled-from-gaming-site-gamigo-months-after-breach/104
Militarysingles.comOnline dating network for, you guessed it, military singles163,7922012Mar 2012Hacking group LulzSec released a database of 163,792 names, usernames, e-mail addresses, IP addresses, and passwords of "single" military personnel.web, militaryhacked1PC Worldhttp://www.pcworld.com/article/252647/reborn_lulzsec_claims_hack_of_dating_site_for_military_personnel.html103
"Apple"12,367,2322012Mar 2012Millions of Apple Unique Device Identifiers (UDIDs) were leaked online. A hacking group claimed it had hacked an FBI laptop, but a software firm called BlueToad was found to be the source.tech, retailoops!y2CNEThttp://news.cnet.com/8301-1009_3-57505330-83/antisec-claims-to-have-snatched-12m-apple-device-ids-from-fbi/http://news.cnet.com/8301-1009_3-57509595-83/udid-leak-source-idd-bluetoad-mobile-firm-says-it-was-hacked/102
Greek government9,000,0002012Nov 2012A computer programmer was arrested in Greece for allegedly stealing the identity information of 83% of the country's population. The 35-year-old was suspected of trying to sell it on.governmenthacked2Wiredhttp://www.wired.co.uk/news/archive/2012-11/22/greece-id-theft101
South Carolina State Dept. of Revenue3,600,0002012Oct 2012A server containing social security numbers and credit card data was breached by an international hacker.governmenthacked1Information Weekhttp://www.infoworld.com/article/2615754/cyber-crime/south-carolina-reveals-massive-data-breach-of-social-security-numbers--credit-cards.html100
Dropbox68,700,0002012Aug 2016User credentials were stolen in a 2012 hack, but the number affected only came to light four years later. Dropbox reset any passwords that had been unchanged since 2012.webhacked168.7mThe Telegraphhttps://www.bbc.co.uk/news/technology-3723263599
New York City Health & Hospitals Corp.New York City Health & Hospitals Corporation's North Bronx Healthcare Network1,700,0002011Feb 2011Computer backup tapes from the New York provider were stolen from a truck that was transporting them to a secure storage location.healthlost device4InfoRiskhttps://www.inforisktoday.com/new-york-breach-affects-17-million-a-334998
Seacoast Radiology, PA231,4002011Jan 2011Computer gamers hacked a server in search of more bandwidth to play Call of Duty. In the process they gained access to personal records of more than 230,000 patients.healthhackedy2Fostershttp://www.fosters.com/apps/pbcs.dll/article?AID=/20110120/GJNEWS_01/70120974497
South Shore Hospital, Massachusetts800,0002011Sep 2011South Shore Hospital hired a contractor to destroy files no longer in use. The firm lost the shipment. It contained social security numbers, medical records and banking details.healthlost device5Boston Globehttps://www.infosecurity-magazine.com/news/south-shore-hospital-data-breach-may-affect-up-to/96
BetfairUK gambling site2,300,0002011May 2011Betfair waited 18 months to report the breach of their online gambling site, alarming banking institutions and security experts. The breach involved user names, addresses and account details.webhacked3FThttps://www-ft-com.libezproxy.open.ac.uk/content/819f5b1c-eb80-11e0-a576-00144feab49a95
Ankle & foot Center of Tampa Bay, Inc.156,0002011Jan 2011Names, social security numbers, date of birth, home addressees, account numbers, healthcare services and diagnostics were hacked.healthhacked4Phi Privacyhttps://www.databreaches.net/ankle-foot-center-of-tampa-bay-breach-affecting-156000-included-social-security-numbers-as-well-as-phi/94
Yale University43,0002011Aug 2011The names and Social Security numbers of 43,000 people affiliated with the university were publicly viewable on Google for 10 months.academiaoops!2NBC Newshttp://www.nbcnews.com/id/44235153/ns/technology_and_science-security/t/data-breach-hits-yale-university/93
Morgan Stanley Smith Barney34,0002011Jul 2011Morgan Stanley mailed two CDRs containing sensitive data about investors to the New York State Department of Taxation and Finance. When it arrived at the relevant desk, the CDs were missing.financelost devicey3ABC Newshttps://abcnews.go.com/Business/morgan-stanley-smith-barney-breach-losing-client-data/story?id=1400863292
State of Texas3,500,0002011Apr 20113.5 million records were accidentally published online including people's names, mailing addresses and social security numbers. They were there for a year.governmentoops!2Dallas Newshttps://uk.pcmag.com/news/105457/texas-security-breach-exposes-35m-records91
EpsilonMarketing email provider3,000,0002011Apr 2011Names & email addresses of customers of Barclaycard US, Capital One, JP Morgan, Citigroup & other firms were stolen via a breach in an email system.webhacked1Guardianhttps://www.theguardian.com/technology/2011/apr/04/epsilon-email-hack90
Sony PSN77,000,0002011Apr 2011Rounding off a thoroughly unhappy year for Sony, their third breach saw a breach of 76,000,000 Sony PSN and Qriocity user accounts. They were offline for 23 days.gaminghackedy1Mashablehttps://blog.playstation.com/archive/2011/04/28/playstation-network-and-qriocity-outage-faq/89
US Law Enforcement123,4612011Aug 2011"AntiSec" hackers published a huge trove of personal information from 70 different US law enforcement agencies.governmenthacked3PC Worldhttp://www.pcmag.com/article2/0,2817,2390683,00.asp88
University of Wisconsin - Milwaukee73,0002011Aug 2011A malware attack on a database server exposed the names and social security numbers of students and staff, past and present.academiahacked2ZDNethttps://www.zdnet.com/article/university-of-wisconsin-hacked-75000-social-security-numbers-student-names-exposed/87
Stratforgeopolitical intelligence firm935,0002011Dec 2011Hacking collective Anonymous published what they claimed was Stratfor's confidential client list, along with credit card details and passwords. In fact, it was a list of subscribers to Stratfor's online publication.militaryhacked3NYTimeshttps://https://en.wikipedia.org/wiki/Stratfor_email_leak86
Chinese gaming sites10,000,0002011Dec 2011Several major Chinese gaming sites were hacked, breaching millions of user records.webhacked1eHacking Newshttp://www.ehackingnews.com/2011/12/hackers-compromised-38-million-chinese.html85
Southern California Medical-Legal Consultants300,0002011Jun 2011Electronic files containing names and social security numbers of approximately 300,000 individuals who have applied for workers’ compensation benefits were left unsecured.healthhacked2Data Breacheshttps://www.databreaches.net/southern-california-medical-legal-consultants-reveals-that-300000-workers-compensation-applicants-names-and-social-security-numbers-were-exposed-on-internet/84
Writerspace.comWebsite design and hosting for writers62,0002011Jun 2011Hacker group LulzSec released a stash of e-mails and passwords, 12,000 of which were confirmed to originate from Writerspace.com.webhacked1PC Maghttp://www.pcmag.com/article2/0,2817,2387186,00.asp83
Bethesda Game StudiosUS video game company (Elder Scrolls, Fallout 3)200,0002011Jun 2011Hacking collective Lulzsec claimed to have stolen the account information of 200,000 users.gaminghacked1PC Worldhttps://venturebeat.com/2011/06/13/lulzsec-bethesda-hack/82
Sega1,290,7552011Jun 2011Information registered as part of the Sega Pass system was stolen, including names, birth dates, e-mail addresses and passwords.gaminghacked2ZDNethttp://www.zdnet.com/blog/gamification/sega-1-3-million-customer-records-hacked-lulzsec-promises-retribution/48181
Citigroup210,0002011Jun 2011A breach of the bank's online web portal compromised the information of around 1% of Citbank card holders.financehacked3PC Worldhttp://www.pcworld.com/article/229891/Citigroup_Hack_Nets_Over_200k_in_Stolen_Customer_Details.html80
Sony Pictures1,000,0002011Jun 2011The LulzSec hacking collective accessed unencrypted user information. They claimed that they didn't have the resources to steal everything they were able to access.webhackedy1Mashablehttp://mashable.com/2011/06/02/sony-pictures-hacked/79
Accendo Insurance Co.175,3502011Jun 2011Mismailed letters allowed some lines of sensitive information (medication name, date of birth, and member ID) to be visible through the envelope window.healthpoor security2Data Breacheshttp://www.databreaches.net/?p=1919878
Washington Post1,270,0002011Jul 2011Unknown hackers broke into The Washington Post's jobs website, stealing user IDs and email addresses.mischacked2PC Maghttp://www.pcmag.com/article2/0,2817,2388200,00.asp77
Health Net - IBMData lost from HN servers managed by IBM1,900,0002011Mar 2011As many as nine server drives containing personal information of former and current employees went missing from an IBM data center in California.healthlost device3IEEE Spectrumhttps://spectrum.ieee.org/riskfactor/computing/it/health-net-data-breaches-affects-19-million-people76
Eisenhower Medical CenterCalifornia hospital514,3302011Apr 2011A computer stolen from the hospital contained patients' names, ages, dates of birth, medical record numbers and the last four digits of their social security numbers.healthlost device4Data Breach Infohttp://databreachinvestigation.blogspot.com/2011/04/thief-gets-away-with-eisenhower-medical.html75
Spartanburg Regional Healthcare System400,0002011May 2011A computer stolen from an employee's car contained a password-protected file with Social Security numbers as well as names, addresses, dates of birth and medical billing codes.healthlost device4GoUpstatehttps://www.inforisktoday.com/400000-affected-by-stolen-pc-a-385374
NHSUK's national health service, govt funded8,600,0002011Jun 2011A laptop holding the unencrypted records of eight million patients went missing from an NHS store room and wasn't reported until 3 weeks later.healthlost devicey4Alphrhttps://www.alphr.com/news/security/368062/nhs-loses-laptop-holding-8m-patient-records73
San Francisco Public Utilities Commission180,0002011Jun 2011A server storing customer data was found to be a) unsecured, and b) infected with viruses.governmenthacked1CNEThttp://news.cnet.com/8301-27080_3-20068386-245/sf-utilities-agency-warns-of-potential-breach/72
Sony Online Entertainment24,600,0002011May 2011Hackers may have taken personal information from accounts in Austria, Germany, The Netherlands and Spain, including over 12,000 credit card accounts and 10,000 bank accounts.gaminghacked3Computer Weeklyhttps://privacyrights.org/data-breaches/sony-playstation-network-psn-sony-online-entertainment-soe71
Honda Canada283,0002011May 2011Names, addresses and vehicle identification numbers were taken from two of the firms' eCommerce websites, myHonda and myAcuraretailhackedy2Guelph Mercuryhttp://www.guelphmercury.com/news-story/2200845-honda-canada-hit-by-online-security-breach-283-000-car-owners-personal-data-stolen/70
Massachusetts GovernmentMassachusetts Executive Office of Labor and Workforce210,0002011May 2011Over 1,500 departmental computers were infected with malware which “downloads additional files, steals information and opens a back door on the compromised computer”.governmenthackedy5NBC Newshttp://www.nbcnews.com/id/43086769/ns/technology_and_science-security/t/huge-data-breach-puts-risk/#.XAfhPhP7TUI69
Oregon Department of Motor Vehicles1,000,0002011May 2011Detectives arrested Tim Nuss for accessing an old Oregon Department of Motor Vehicles database, including names, addresses, birth dates, gender and ages of people who registered.governmenthacked2Data Breacheshttps://www.databreaches.net/or-deputies-man-used-dmv-database-in-id-theft/68
Steamgaming portal35,000,0002011Nov 2011Attackers used login details from a forum hack to gain access to a database containing user names, encrypted passwords and credit card info, game purchases and billing addresses.webhacked3SC Maghttp://www.bbc.co.uk/news/technology-1569018767
Restaurant Depotfood, equipment, and supplies for restaurants200,0002011Nov 2011Nov 2011. Cybercrooks presumed to be operating from Russia hacked into the Restaurant Depot database and accessed credit and debit card details.retailhacked3NBC Newshttps://www.finextra.com/newsarticle/23243/restaurant-depot-hacked-by-russian-cyber-criminals66
Nexon Korea Corpgame developer13,200,0002011Nov 2011Personal data of subscribers to the online game Maple Story was breached and subsequently leaked.webhacked2Reutershttps://uk.reuters.com/article/us-korea-hacking-nexon/data-of-13-million-south-korean-online-game-subscribers-hacked-idUSTRE7AP09H2011112665
Nemours FoundationUS children's hospitals1,600,0002011Oct 2011A Florida health care provider responsible for running children’s hospitals lost three data backup tapes, containing 10 years worth of information.healthlost device4Law360https://www.law360.com/articles/277961/nemours-says-data-breach-affected-1-6m-patients64
Sutter Medical Foundation4,243,4342011Nov 2011A stolen laptop contained a database with names, addresses, dates of birth, phone numbers, email addresses, medical record numbers and health insurance plans.healthlost device2Trend Microhttps://blog.trendmicro.com/sutter-health-sued-for-1-billion-following-data-breach/63
TricareHealthcare service for US Military4,901,4322011Sep 2011Backup tapes containing information for some 4.6 million active and retired military personnel, as well as their families, was stolen from a data contractor's car in San Antonio.military, healthlost device4Reutershttp://www.reuters.com/article/us-data-breach-texas-idUSTRE78S5JG2011092962
AvMed, Inc.1,220,0002010Feb 2010Two company laptops containing names, addresses, dates of birth, Social Security numbers and health-related information were stolen from an AvMed facility in Gainesville.healthlost device2Hack Noticehttps://www.databreachtoday.com/avmed-sued-over-laptop-breach-a-311161
Blue Cross Blue Shield of TennesseeUS health insurance organization1,023,2092010May 2010A thief stole 57 unencrypted hard drives from the closet of a BlueCross call center in Chattanooga.healthlost devicey2Data Breacheshttps://www.databreaches.net/bcbs-of-tenn-breach-lessons-learned/60
US MilitaryWikileaks / Bradley Manning/Cablegate.260,0002010Nov 2010The Wikileaks Embassy Cables, containing over 1/4 of a million dispatches from more than 250 worldwide embassies and consulates.militaryinside joby5Guardianhttp://www.guardian.co.uk/news/datablog/2010/nov/29/wikileaks-cables-data59
Gawker.comUS news and gossip blog network including Gawker.com Gizmodo.com Lifehacker.com1,500,0002010Dec 2010The notorious website was hacked. The source code was stolen, along with 1.5 million usernames, emails and passwords.webhacked2Guardianhttp://www.guardian.co.uk/technology/2010/dec/13/gawker-hackers-passwords-twitter-wikileaks?INTCMP=SRCHhttp://www.mediaite.com/online/gawker-medias-entire-commenter-database-appears-to-have-been-hacked/58
Triple-S Salud, Inc.Puerto-Rican health insurance company398,0002010Nov 2010A competitor accessed restricted areas of the healthcare firm's website without authorisation, compromising client information.healthlost device4Data Breacheshttps://www.databreaches.net/puerto-rico-dept-of-health-reports-breach-affecting-400000-triple-s-salud-fined-100k/57
Ohio State University760,0002010Dec 2010The breach affected current and former students. It cost the university $4m in expenses related to investigative consulting, breach notification and credit security.academiahacked2The Lanternhttps://www.thelantern.com/2010/12/hacked-data-breach-costly-for-ohio-state-victims-of-compromised-info/56
Emergency Healthcare Physicians, Ltd.A Chicago emergency physician group180,1112010May 2010A stolen portable hard drive contained records from 2003 to 2006, including patient names, addressees, phone numbers, birth dates and Social Security numbers.healthlost device4Healthcare Info Securityhttp://www.healthcareinfosecurity.com/chicago-breach-affects-180000-a-249655
Colorado governmentDepartment of Health Care Policy & Financing105,4702010Jul 2010State officials discovered the unauthorized removal of a computer hard drive housed at Colorado's Office of Information Technology which contained health insurance information.healthlost device2Data Breacheshttp://www.databreaches.net/?p=1261154
AT&TUS Telecoms company114,0002010Jun 2010Details of iPad 3G users, thought to include those of White House chief of staff Rahm Emanuel, was stolen from the AT&T website.telecomshackedy1Guardianhttp://www.guardian.co.uk/technology/2010/jun/10/apple-ipad-security-leak?INTCMP=SRCH53
Lincoln Medical & Mental Health Center130,4952010Jun 2010Protected health information was exposed after seven CDs were lost in transit with FedEx.healthlost device4Alert Boothttps://www.pcworld.idg.com.au/article/351659/new_york_hospital_loses_data_130_000_via_fedex/52
Educational Credit Management CorpUS student loan guarantor3,300,0002010Mar 2010A contractor for the US Department of Education stole a device containing student loan records. The breach affected as many as 5% of all the country's federal student loan borrowers.financelost devicey2Wall Street Journalhttps://www.wsj.com/articles/SB1000142405270230443440457515002417410295451
US Federal Reserve Bank of Cleveland400,0002010Nov 2010Nov 2010. A Malaysian man was charged with hacking into major US corporations and stealing 400,000 credit and debit card account numbers.financehacked3Bank Info Securityhttps://www.bankinfosecurity.com/cleveland-federal-reserve-hacked-a-311550
Classified Iraq War documents392,0002010Oct 2010Wikileaks posted classified Iraq War documents on its website.governmentinside job2Forbeshttp://www.forbes.com/sites/andygreenberg/2010/10/22/wikileaks-reveals-the-biggest-classified-data-breach-in-history/49
HeartlandIndependent payment processor130,000,0002009Jan 2009Keylogging malware caused a massive data breach. Heartland eventually paid more than $110 million to Visa, MasterCard, American Express and other card associations to settle claims.financehackedy3130mDark Readinghttps://www.darkreading.com/attacks-and-breaches/heartland-payment-systems-hit-by-data-security-breach/d/d-id/107577048
US National Guard131,0002009Dec 2009A personal laptop owned by an Army Guard contractor was stolen. It contained a database including names, Social Security Numbers, incentive payment amounts and payment dates.militarylost devicey2CNNhttp://edition.cnn.com/2009/US/12/17/theft.security.breach/index.html47
RockYou!Developer of online games (Zoo World/Zoo World 2) and advertising products32,000,0002009Dec 2009The site did not allow users to use special characters or punctuation in their passwords and e-mailed user passwords in plain text. Hackers took advantage of these security lapses.web, gaminghackedy1Tech Crunchhttp://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/46
CheckFree CorporationProvider of online banking, online bill payment and electronic bill payment services for the financial services industry5,000,0002009Jan 2009Criminals took control of the payment service's domains. They redirected traffic to a Ukrainian Web server that used malware to install a password-stealing program on the victim's computer.financehackedy1Computer Worldhttps://www.computerworld.com/article/2530152/checkfree-warns-5-million-customers-after-hack.html45
Network SolutionsDomain name registration business573,0002009Jul 2009A large-scale infection of e-commerce sites with malicious code led to the compromise of thousands of debit and credit cards.webhacked3Washington Posthttp://voices.washingtonpost.com/securityfix/2009/07/network_solutions_hack_comprom.html44
Virginia Prescription Monitoring Program531,4002009May 2009A prescriptions website with a database containing 8m patient records and 35m prescription records was hacked. The hacker demanded a $10 million ransom for the breach.healthhackedy2Digital Healthhttps://www.digitalhealth.net/2009/05/virginia-department-of-health-hacked/43
University of California Berkeleydetails on students, alumni and others160,0002009May 2009The attackers accessed a computer belonging to the university's health centre. The personal information of current students and alumni was stolen.academiahacked3Cnethttps://www.cnet.com/news/uc-berkeley-computers-hacked-160000-at-risk/42
Health NetLargest US publicly traded managed health care company1,500,0002009Nov 2009A portable hard drive with seven years worth of personal and medical information was lost for six months before being reported.healthlost devicey4Computer Worldhttps://www.computerworld.com/article/2521838/security0/health-net-says-1-5m-medical-records-lost-in-data-breach.html41
US Military76,000,0002009Oct 2009The National Archives And Records Administration sent a defective, unencrypted hard drive for repair and recycling. It held detailed records on 76 million veterans dating back to 1972.militarylost devicey2Wiredhttp://www.wired.com/threatlevel/2009/10/probe-targets-archives-handling-of-data-on-70-million-vets/40
Compass Bank1,000,0002008Mar 2008A former employee stole a hard drive containing 1m account details between May & July 2007, then used it to defraud cutomers of nearly $32,000.financeinside joby3Computer Weeklyhttps://www.computerworld.com/article/2536195/programmer-who-stole-drive-containing-1-million-bank-records-gets-42-months.html39
Hannaford Brothers Supermarket ChainDelhaize Group: Hannaford Bros, Sweetbay, Food Lion, Bloom, Bottom Dollar, Harveys, Kash n' Karry4,200,0002008Mar 2008An estimated 4.2 million credit and debit card numbers were stolen when payment data was intercepted by hackers.retailhacked3NetworkWorldhttps://www.networkworld.com/article/2284998/lan-wan/details-emerging-on-hannaford-data-breach.html38
University of Miami2,100,0002008Apr 2008Six backup tapes from the medical school containing more than 2 million medical records were stolen from a van that was transporting the data to an off-site facility.academialost device3Identity Thefthttps://www.computerworld.com/article/2536837/thieves-pilfer-backup-tapes-holding-2m-medical-records.html37
BNY Mellon Shareowner ServicesWealth management4,500,0002008May 2008An archiving vendor lost a box full of data storage tapes containing sensitive information.financelost device1Reutershttps://www.reuters.com/article/us-mellon-breach-idUSN214334382008052136
Countrywide Financial CorpEmployee convicted of downloading millions of borrower files and selling the information to other loan officers.2,500,0002008Aug 2008A senior financial analyst was sentenced to eight months in prison after pleading guilty to downloading millions of borrower files onto thumb drives & selling the information.financeinside job2LATimeshttps://www.networkworld.com/article/2274502/security-oversight-may-have-enabled-countrywide-breach.html35
UK Home Office84,0002008Aug 2008PA Consulting lost an unencrypted memory stick containing details of high risk, prolific and other offenders. It had its contract terminated after an enquiry.governmentlost device2Wikipediahttp://news.bbc.co.uk/1/hi/uk_politics/7608155.stm34
RBS Worldpaythe U.S. payment processing arm of The Royal Bank of Scotland Group1,500,0002008Dec 2008A hack compromised RBS Worldpay prepay and gift cards. Actual fraud has been committed on approximately 100 cards. The personal information of over 1m people was exposed.financehacked5The Registerhttp://www.theregister.co.uk/2008/12/29/rbs_worldpay_breach/33
Auction.co.krSouth Korea's largest online shopping site18,000,0002008Feb 2008South Korea’s largest online shopping site was attacked by a Chinese hacker who made off with user information and a large amount of financial data.webhacked3Dark Readinghttps://www.darkreading.com/attacks-breaches/hacker-steals-data-on-18m-auction-customers-in-south-korea/d/d-id/112932532
GS CaltexPrivate oil company11,100,0002008Sep 2008Two multimedia discs containing personal data of Korean customers was found by an office worker in a trash pile in Seoul. Likely to have been stolen by an employee.miscinside job2The Dong-a Ilbohttp://english.donga.com/srv/service.php3?biid=200809063108831
AT&T113,0002008Jun 2008A laptop containing unencrypted Social Security numbers and bonus/salary info of AT&T employees was stolen from a car.telecomslost devicey1NetworkWorldhttps://www.networkworld.com/article/2344552/security/latest--lost--laptop-holds-treasure-trove-of-unencrypted-at-t-payroll-data.html30
Stanford University72,0002008Jun 2008A laptop containing information on tens of thousands of past and current Stanford University employees was stolen.academialost device2SFGatehttp://www.sfgate.com/bayarea/article/Stanford-employees-data-on-stolen-laptop-3281185.php29
University of Utah Hospitals & Clinicsstolen data tapes2,200,0002008Jun 2008Petty thieves stole backup data tapes containing billing records from an employee's car. According to police reports the thieves tried - and failed - to view the tapes using a VHS player.academialost devicey4Salt Lake Tribunehttp://archive.sltrib.com/story.php?ref=/ci_954021028
Chile Ministry Of Education6,000,0002008May 2008A computer hacker in Chile published confidential records belonging to six million people to illustrate the weakness of government security.governmenthacked1BBC Newshttp://news.bbc.co.uk/2/hi/americas/7395295.stmhttp://www.geek.com/articles/news/government-servers-in-chile-hacked-6-million-personal-records-made-public-20080514/27
Texas Lottery89,0002008Nov 2008Data on more than 89,000 lottery winners (including names, Social Security numbers, addresses and prize amounts) were taken from the agency without permission by a former employee.governmentinside job2Houston Chroniclehttps://www.chron.com/news/houston-texas/article/89-000-lottery-winners-affected-by-security-breach-1603025.php26
Starbucks97,0002008Nov 2008A laptop containing private information on 97,000 employees was stolen. Employees won a case against the firm before losing in the federal court as they were unable to prove any cognizable harm.retaillost devicey2Info Watchhttps://infowatch.com/analytics/leaks_monitoring/130425
UK Ministry of Defence1,700,0002008Oct 2008A hard drive containing sensitive details of Armed Forces personnel - passport & national insurance numbers, bank details etc - went missing. The loss was revealed during National Identity Fraud Prevention Week.governmentlost devicey5BBC Newshttp://news.bbc.co.uk/1/hi/uk_politics/7667507.stm24
T-Mobile, Deutsche Telecom17,000,0002008Oct 2008Thieves stole a device containing names, addresses, cell phone numbers, and some birth dates and e-mail addresses for high-profile German citizens.telecomslost device1FThttps://www.dw.com/en/telekom-says-data-from-17-million-customers-was-stolen/a-369013223
Norwegian Tax Authorities3,950,0002008Sep 2008Tax authorities accidentally sent CD-ROMs filled with the 2006 tax returns of 4m Norwegian citizens to editorial staff at national newspapers, radios and television stations.governmentoops!y2Info Watchhttp://infowatch.com/node/128922
Service Personnel and Veterans Agency (UK)50,5002008Sep 2008Hard drives containing personal information of employees were stolen from a high-security facility.governmentlost device2BBC Newshttp://news.bbc.co.uk/1/hi/england/gloucestershire/7639006.stm21
Monster.comJobs website1,600,0002007Aug 2007A trojan virus harvested user names, e-mail addresses, home addresses and phone numbers. Soon after, phishing e-mails encouraged users to download a Monster Job Seeker Tool, which was in fact malware.webhackedy2BBC Newshttp://news.bbc.co.uk/1/hi/6956349.stm20
Driving Standards Agency3,000,0002007Dec 2007A hard disk with details of UK driving theory test candidates was lost by a contractor while they were in Iowa, USA.governmentlost device2BBC Newshttp://news.bbc.co.uk/1/hi/uk_politics/7147715.stm19
Fidelity National Information Services8,500,0002007Jul 2007An employee sold customer information to a data broker, including names, addresses, birth dates, bank account and credit card information.financeinside job3PCWorldhttp://www.pcworld.com/article/135117/article.html18
City and Hackney Teaching Primary Care Trust160,0002007Dec 2007Disks containing children's personal details were lost by couriers. It prompted the agency to introduce disk encryption.governmentlost device2Computer Weeklyhttps://www.computerweekly.com/news/2240104003/Hackney-NHS-trust-encrypts-IT-equipment-following-loss-of-child-data17
Gap Inc800,0002007Sep 2007A laptop containing data on people who applied for positions at Gap stores between July 2006 and June 2007 was stolen.retaillost device2PC Worldhttp://www.pcworld.com/article/137865/article.html16
Dai Nippon PrintingJapanese printing company8,637,4052007Mar 2007A former contractor of the firm stole 8.6 million records containing the personal data of customers.retailinside job1Compare Business Productshttps://www.comparebusinessproducts.com/fyi/15-most-massive-data-breaches-history15
TK / TJ MaxxLargest retail breach to date94,000,0002007Mar 2007A Minnesota store wifi network was hacked. Data from the credit and debit cards of shoppers was stolen.retailhacked394mZD Nethttp://www.zdnet.com/wi-fi-hack-caused-tk-maxx-security-breach-3039286991/14
JP Morgan Chase2,600,0002007May 2007Personal information was mistakenly identified as trash and thrown out in garbage bags outside five branch offices in New York.financelost devicey3PC Worldhttp://www.pcworld.com/article/131453/article.html13
UK Revenue & CustomsHMRC25,000,0002007Nov 2007A set of discs containing confidential details of 25 million child benefit recipients was lost.governmentlost device1BBC Newshttp://news.bbc.co.uk/2/hi/uk_news/7103911.stm12
TD AmeritradeUS online broker6,300,0002007Sep 2007The firm settled a class action lawsuit to compensate as many as 6.3 million customers whose data was stolen by hackers.financehacked1Wired, CBNChttp://www.wired.com/threatlevel/2008/07/ameritrade-hack/https://www.cnbc.com/id/2077525711
AOLAmerican Online20,000,0002006Aug 2006AOL released search data for roughly 20 million web queries from 658,000 anonymized users of the service. No one is quite sure why.weboops!y1Tech Crunchhttp://techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data/10
US Dept of Vet Affairs26,500,0002006Jul 2006The Veterans Affairs Department agreed to pay $20 million to settle a class action lawsuit over the loss of a laptop.government, militarylost device2GCN, US Govhttp://gcn.com/Articles/2009/02/02/VA-data-breach-suit-settlement.aspxhttps://www.va.gov/oig/pubs/VAOIG-06-02238-163.pdf9
Automatic Data ProcessingBusiness outsourcing, payrolls, benefits125,0002006Jul 2006Automatic Data Processing, one of the world's largest payroll service companies, confirmed that it was swindled by a data thief looking for information on investors.financepoor security2ABC Newshttp://abcnews.go.com/Technology/story?id=2160425&page=1#.UFcROxgUwaA8
KDDIJapanese telecommunications operator4,000,0002006Jun 2006Tokyo police arrested two men for trying to extort nearly US$90,000. The pair allegedly threatened to disclose the existence of storage media containing personal data.telecomshackedy1Computer Worldhttp://www.computerworld.com/s/article/9001150/KDDI_suffers_massive_data_breach7
Hewlett Packard200,0002006Mar 2006A laptop containing employee data was either lost or stolen. It included names, addresses, Social Security numbers, dates of birth and other employment-related information.tech, retaillost devicey2Computer Weeklyhttps://www.computerweekly.com/news/2240076956/Personal-data-on-200000-HP-employees-stolen6
Ameritrade Inc.online broker200,0002005Apr 2005A computer backup tape containing the personal information of customers between 2000 and 2003 was lost.financelost device2NBChttp://www.nbcnews.com/id/7561268/5
Citigroup3,900,0002005Jun 2005A box of computer tapes containing information on 3.9 million customers was lost in transit to a credit reporting agency.financelost devicey3NY Timeshttp://www.nytimes.com/2005/06/07/business/07data.html?pagewanted=all&_moc.semityn.www4
Cardsystems Solutions Inc.Third-party payment processor for Visa, Mastercard, Amex, and Discover40,000,0002005Jun 2005An unauthorized entity enabled access to cusomer credit card data. It's not clear how many of the 40 million accounts were stolen.financehackedy3Wiredhttps://www.wired.com/2005/06/cardsystems-data-left-unsecured/3
AOLAmerican Online92,000,0002004Jun 2004A former America Online software engineer stole 92 million screen names and e-mail addresses and sold them to spammers who sent out up to 7 billion unsolicited e-mails.webinside job192mCNNhttp://money.cnn.com/2004/06/23/technology/aol_spam/2