17 Biggest Data Breaches of All Time

Nowadays, we hear about hackers getting into systems that were previously thought to be secure more and more often for a great many reasons, which made us really interested in seeing what the 17 biggest data breaches of all time are.

So what is a data breach? Well, a data breach is a security incident that involves the public release of secure or confidential information, usually in untrusted environments like the dark web. There are several types of data breaches, such as unintentional disclosures, data leaks or data spills. They differ in who the perpetrator was and how the data was released into the wild, as well as the reasons for it. Some are, of course, accidental, while others are intentional.

Data breach statistics indicate that such problems are more and more frequent due to a lack of rigor when it comes to securing networks of all kinds, whether we’re talking about email providers, financial institutions or telcos. Not only do these data breaches affect a company’s image, but they almost always result in a drop in revenue and stock prices, and often end in people filing lawsuits against them, which they have to pay off with tens of millions of dollars.

Although we’re not nearly done with this year just yet, the 2017 data breaches list is still extensive, with a lot of prominent companies on it, from Snapchat, to VKontake, to the Red Cross and now Uber.

The number of companies hacked in 2016, however, doesn’t “seem” to be very large, although the number of records that landed online due to them is. Although MySpace is far from what it used to be, some hacker claimed that it had over 360 million records of users. The list of the biggest data breaches of 2016 continues with VK, the Russian version of Facebook, where a hacker put up for sale data on over 100 million users.

So, in order to create our list of recent data breaches, we scoured the net for a proper database that holds all the info we need, which is otherwise scattered in a million news reports all over the internet. We found an infographic from informationisbeautiful that’s updated frequently and includes all types of breaches, from hacks to data that’s accidentally published.

In our list you’ll find the data ranked by the number of records that were exposed in the breach, regardless of how the data got out. The financial impact of these breaches is difficult to assess because companies lose money on the stock market, they lose money in advertising, and they lose money in justice courts when paying off those suing them. Yahoo, for instance, lost about $350 million in its sale to Verizon following the disclosure of its data breaches from 2013 and 2014 back in November and December of 2016, but there are also fines and lawsuits going on, plus all the people dropping the company’s services, which also translates into lost revenue, so the issue is extremely complicated. Therefore, you’ll notice our list is ranked by the number of records affected by the breach. For an alternative look at this topic, don’t miss our list of the 10 Biggest Data Breaches of All Time.

Now then, check out the 17 biggest data breaches of all time, beginning on the next page.

17. DailyMotion

No. of records: 85.2 million
Year: 2016

In December 2016, it was revealed that popular video sharing platform DailyMotion had suffered a data breach, which appeared to have taken place in late-October. The data trove included 85.2 million unique email addresses, usernames and about 18 million hashed passwords.

16. AOL

No. of records: 92 million
Year: 2004

One of the largest early data breaches of this magnitude, the AOL case taught the world that companies not only have to protect themselves from outside threats, but also from inside ones. The person who stole the AOL customer list and sold it to spammers was one of the company’s software engineers. It is estimated that spammers sent about 7 billion emails to their victims.

15. TK/TJ Maxx

No. of records: 94 million
Year: 2007

Company networks had abysmal security in place a decade ago, so it’s not a surprise that hackers got into the TK Maxx wireless LAN and stole what was originally thought to be some 45 million records, before the number doubled. What did the poor security practices of the company reveal? Credit card numbers (the worst kind).

14. VK

No. of records: 100.5 million
Year: 2016

Russia’s VKontakte is a version of Facebook that is locally-owned, most recently by people close to the government. The data trove that resulted from its hack included over 100 million records including full names, email addresses, plain-text passwords, location info, phone numbers, and secondary email addresses. Perhaps the worst part of this is that the passwords weren’t even encrypted. Experts believe the data was actually stolen in late-2012, or early-2013.

13. Heartland

No. of records: 130 million
Year: 2009

It’s not just online services that get hacked, but also payment processors. In what was believed to be the largest credit card scam in history, hackers got away with over 130 million credit card details after they broke into Heartland’s systems and planted malicious software to steal the data going through its internal network.

12. Equifax Inc. (NYSE:EFX)

No. of records: 143 million
Year: 2017

In one of the most recent major hacks, we have Equifax Inc. (NYSE:EFX), a credit reporting behemoth. Due to failure to heed security warnings and install basic software fixes, the data breach was possible, exposing names, social security numbers, birth dates, addresses, and driver license numbers. For some, even credit card numbers were exposed.

11. eBay Inc (NASDAQ:EBAY)

No. of records: 145 million
Year: 2014

A few years ago, another one of the biggest data breaches in history was revealed; eBay Inc (NASDAQ:EBAY), the trusted online marketplace, had suffered a breach that allowed hackers to get their hands on 145 million records, which included names, email addresses, physical addresses, phone numbers, and dates of birth.

10. American businesses

No. of records: 160 million
Year: 2012

This next data breach was generically titled “American businesses” simply because it involves a lot of companies: 7-Eleven, J C Penney Company Inc (NYSE:JCP), Hannaford, Heartland, JetBlue Airways Corporation (NASDAQ:JBLU), Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore, and Ingenicard. While the announcement about the breach came in 2012, it was actually an operation that spread over seven years. It was discovered that five Russians and a Ukrainian managed to hack their way into a massive trove of credit and debit card numbers – 160 million of them. They also targeted more than 800,000 bank accounts and broke into the servers of the Nasdaq stock exchange.

9. Microsoft Corporation (NASDAQ:MSFT)’s LinkedIn

No. of records: 164 million
Year: 2012

Back in 2012, Microsoft Corporation (NASDAQ:MSFT)‘s LinkedIn (Microsoft did not own it at the time) suffered a data breach that was initially thought to contain 6.5 million encrypted passwords from the site. Not much, right? Well, it seems that the amount of data that was stolen was much, much bigger. Subsequent reports indicated 117 million email and password combos were nabbed, before the number rose further, to 164 million. Everything was being sold on a dark web marketplace by a Russian hacker in the spring of 2016.

8. Deep Root Analytics

No. of records: 198 million
Year: 2016

Unlike most of the cases on our list of the 17 biggest data breaches of all time, this one happened due to poor security of marketing firm Deep Root Analytics, which gathered data on more than 198 million U.S citizens. The leak included home addresses, birthdates, and phone numbers, as well as sentiment analyses predicting how an individual feels about important political issues like gun ownership, abortion, and more. It also included data on religious affiliation and ethnicity. All of this data, some 1.1 TB-worth of information, was placed on an unprotected cloud server.

7. Court Ventures

No. of records: 200 million
Year: 2012

As the name suggests, Court Ventures, which was bought by credit reporting agency Experian, is a company that collects court records. Before the acquisition, it seems the company was reselling data from a US Info Search database to a third party, including one from Vietnam that was apparently involved in identity theft. Some 200 million records were endangered, including social security numbers, credit card data, and bank account info.

6. MySpace

No. of records: 360 million
Year: 2016

You might not think much of MySpace nowadays, with Facebook being used by a third of the world’s population. But one particularly bad MySpace data breach left 360 million users exposed. Paid hacked data search engine LeakedSource said that the database that was being sold on the dark web contains over 360.2 million emails, but only 111 million had a username attached to it, while nearly 68.5 million also had a secondary password attached.

5. Friend Finder Network

No. of records: 412 million
Year: 2017

Perhaps one of the things we’re all most afraid of having exposed is related to our intimate life. Therefore, it was quite chilling when the AdultFriendFinder network was hacked and the information of 412 million people was exposed. The adult dating and entertainment company had poor security practices, so 412 million people were exposed, and even though the passwords were encrypted, the hacker said it managed to crack most of them.

4. Yahoo

No. of records: 500 million
Year: 2014

What is believed to be a Chinese State-sponsored hack targeted Yahoo and its massive database in 2014, affecting some 500 million users, with the leaked data including names, email addresses, phone numbers, birth dates, encrypted passwords, and security questions and answers. The breach was announced in November 2016, but a following security filing revealed the company’s information security team and senior execs knew of the situation after it happened, though they didn’t properly comprehend what had happened so their response to the situation was poor.

3. Spambot

No. of records: 711 million
Year: 2017

This isn’t exactly a data breach, per se, but it’s still a massive data leak. Due to a misconfigured spambot, over 711 million records were exposed, all containing email addresses. The fact that your email address is stored somewhere, somehow, by a spambot should come as no surprise, as these endlessly scrape the internet for data.

2. River City Media

No. of records: 1.37 billion
Year: 2017

Another example of poor security comes from River City Media, an email marketing organization which failed to safeguard backups of its records. How many of them? Well, about 1.37 billion! Email addresses, full names, IP addresses, and even physical addresses were included in the data trove.

1. Yahoo

No. of records: 3 billion
Year: 2013

Because Yahoo’s situation couldn’t possibly be any worse, the company announced that the data breach which it officially believed had affected 1 billion of its accounts actually affected them all – 3 billion in total. That’s pretty much the number of people who use the Internet at a global level. That’s not to say each account pertains to a single individual, since there are many people who have multiple accounts, but it’s still a massive number. The original breach announcement, made in December 2016, caused Verizon to cut down its acquisition price of Yahoo’s internet assets by $350 million.

These have been the 17 biggest data breaches of all time and it shows that we need to learn to protect our data by properly securing our accounts so that even if hackers get into a company’s servers, at least they won’t also get their hands on all of our private data.

Disclosure: None