List of data breaches
Collection of data compromise reports / From Wikipedia, the free encyclopedia
This is a list of reports about data breaches, using data compiled from various sources, including press reports, government news releases, and mainstream news articles. The list includes those involving the theft or compromise of 30,000 or more records, although many smaller breaches occur continually. Breaches of large organizations where the number of records is still unknown are also listed. In addition, the various methods used in the breaches are listed, with hacking being the most common.
Most reported breaches are in North America, at least in part because of relatively strict disclosure laws in North American countries.[citation needed] 95% of data breaches come from government, retail, or technology industries.[1] It is estimated that the average cost of a data breach will be over $150 million by 2020, with the global annual cost forecast to be $2.1 trillion.[2][3] As a result of data breaches, it is estimated that in first half of 2018 alone, about 4.5 billion records were exposed.[4] In 2019, a collection of 2.7 billion identity records, consisting of 774 million unique email addresses and 21 million unique passwords, was posted on the web for sale.[5] In January 2024, a data breach dubbed the "mother of all breaches" was uncovered.[6] Over 26 billion records, including some from Twitter, Adobe, Canva, LinkedIn, and Dropbox, were found in the database.[7][8] No organization immediately claimed responsibility.[9]
Entity | Year | Records | Organization type | Method | Sources |
---|---|---|---|---|---|
21st Century Oncology | 2016 | 2,200,000 | healthcare | hacked | [10][11] |
500px | 2020 | 14,870,304 | social networking | hacked | [12] |
Accendo Insurance Co. | 2020 | 175,350 | healthcare | poor security | [13][14] |
Accenture | 2007 | ||||
Adobe Systems Incorporated | 2013 | 152,000,000 | tech | hacked | [15][16] |
Adobe Inc. | 2019 | 7,500,000 | tech | poor security | [17][18] |
Advocate Medical Group | 2017 | 4,000,000 | healthcare | lost / stolen media | [19][20] |
AerServ (subsidiary of InMobi) | 2018 | 75,000 | advertising | hacked | [21] |
Affinity Health Plan, Inc. | 2013 | 344,579 | healthcare | lost / stolen media | [22][23] |
Airtel | 2019 | 320,000,000 | telecommunications | poor security | [24] |
Aadhar data breach | 2023 | 810,000,000+ | government | data leak due to security vulnerabilities | [25] |
Air Canada | 2018 | 20,000 | transport | hacked | [26] |
Amazon Japan G.K. | 2019 | unknown | web | accidentally published | [27][28] |
TD Ameritrade | 2005 | 200,000 | financial | lost / stolen media | [29] |
Ameriprise Financial | 2005 | 260,000 customer records | stolen laptop | [30] | |
Ancestry.com | 2021 | 300,000 | web | poor security | [31] |
Animal Jam | 2020 | 46,000,000 | gaming | hacked | [32][33] |
Ankle & Foot Center of Tampa Bay, Inc. | 2021 | 156,000 | healthcare | hacked | [34] |
Anthem Inc. | 2015 | 80,000,000 | healthcare | hacked | [35][36][37] |
AOL | 2004 | 92,000,000 | web | inside job, hacked | [38][39] |
AOL | 2006 | 20,000,000 | web | accidentally published, (sometimes referred to as a "Data Valdez",[40][41][42] due to its size) | [43] |
AOL | 2014 | 2,400,000 | web | hacked | [44] |
Apple iCloud | 2014 | photographs of celebrities | [45][46] | ||
Apple, Inc./BlueToad | 2021 | 12,367,232 | tech, retail | accidentally published | [47] |
Apple | 2013 | 275,000 | tech | hacked | [48] |
Apple Health Medicaid | 2021 | 91,000 | healthcare | poor security | [49] |
Ashley Madison | 2015 | 32,000,000 | web | hacked | [50][51] |
AT&T | 2008 | 113,000 | telecoms | lost / stolen computer | [52] |
AT&T | 2010 | 114,000 | telecoms | hacked | [53] |
AT&T | 2021 | 72,000,000 | telecoms | unknown | [54] |
Atraf | 2021 | unknown | dating | hacked | [55] |
Auction.co.kr | 2008 | 18,000,000 | web | hacked | [56] |
Australian Immigration Department | 2015 | G20 world leaders | government | accidentally published | [57] |
Australian National University | 2019 | 19 years of data | academic | hacked | [58] |
Automatic Data Processing | 2005 | 125,000 | financial | poor security | [59] |
AvMed, Inc. | 2009 | 1,220,000 | healthcare | lost / stolen computer | [60] |
Bailey's Inc. | 2015 | 250,000 | retail | hacked | [61] |
The Bank of New York Mellon | 2008 | 12,500,000 | financial | lost / stolen media | [62] |
Bangladesh Government website data breach | 2023 | 50,000,000+ | government | data leak due to security vulnerabilities | [63] |
Bank of America | 2005 | 1,200,000 | financial | lost / stolen media | [64] |
Barnes & Noble | 2012 | 63 stores | retail | hacked | [65][66] |
Bell Canada | 2017 | 1,900,000 | telecoms | poor security | [67] |
Bell Canada | 2018 | 100,000 | telecoms | hacked | [68] |
Benesse | 2014 | 35,040,000 | educational services | hacked | [69] |
Betfair | 2010 | 2,300,000 | web | hacked | [52] |
Bethesda Game Studios | 2011 | 200,000 | gaming | hacked | [70] |
Bethesda Game Studios | 2018 | gaming | accidentally published | [71] | |
Betsson Group | 2020 | unknown | gambling | unknown | [72] |
Blank Media Games | 2018 | 7,633,234 | gaming | hacked | [73][74] |
Blizzard Entertainment | 2012 | 14,000,000 | gaming | hacked | [75][76] |
BlueCross BlueShield of Tennessee | 2009 | 1,023,209 | healthcare | lost / stolen media | [77] |
BMO and Simplii | 2018 | 90,000 | banking | poor security | [78] |
2018 British Airways cyberattack | 2018 | 500,000 | transport | hacked | [79][80][81][82][83] |
British Airways | 2015 | tens of thousands | retail | hacked | [84] |
British National Party | 2008 | Records | Politics | [85] | |
2019 Bulgarian revenue agency hack | 2019 | over 5,000,000 | government | hacked | [86][87] |
California Department of Child Support Services | 2012 | 800,000 | government | lost / stolen media | [52][88] |
Canva | 2019 | 140,000,000 | web | hacked | [89][90][91][92][93] |
Capcom | 2020 | 350,000 | game | hacked | [94] |
Capital One | 2019 | 106,000,000 | financial | unsecured S3 bucket | [95][96][97] |
CardSystems Solutions Inc.
(MasterCard, Visa, Discover Financial Services and American Express) |
2005 | 40,000,000 | financial | hacked | [98][99] |
Cathay Pacific Airways | 2018 | 9,400,000 | transport | hacked | [100] |
CareFirst BlueCross Blue Shield - Maryland | 2015 | 1,100,000 | healthcare | hacked | [101] |
Central Coast Credit Union | 2016 | 60,000 | financial | hacked | [102] |
Central Hudson Gas & Electric | 2013 | 110,000 | energy | hacked | [103] |
CheckFree Corporation | 2009 | 5,000,000 | financial | hacked | [104] |
Central Intelligence Agency | 2017 | 91 | malware tools | Internal job]] | [105][106][107][108][109] |
CGI Group | 2007 | 283,000 | [30] | ||
CheckPeople | 2020 | 56,000,000 | background check | unknown | [110] |
China Software Developer Network | 2011 | 6,000,000 | web | hacked | [111] |
Chinese gaming websites (three: Duowan, 7K7K, 178.com) | 2011 | 10,000,000 | web | hacked | [112] |
ChoicePoint | 2005 | 163,000 consumer records | [113] | ||
Citigroup | 2005 | 3,900,000 | financial | lost / stolen media | [114] |
Citigroup | 2011 | 360,083 | financial | hacked | [115][116] |
Citigroup | 2013 | 150,000 | financial | poor security | [117] |
City and Hackney Teaching Primary Care Trust | 2007 | 160,000 | healthcare | lost / stolen media | [118] |
Clearview AI | 2020 | unknown (client list) | information technology | hacked | [119][120][121] |
Collection No. 1 | 2019 | 773,000,000 | various | compilation of multiple data breaches | [122] |
Colorado state government | 2010 | 105,470 | healthcare | lost / stolen computer | [123] |
Community Health Systems | 2014 | 4,500,000 | healthcare | hacked | [124] |
Philippines Commission on Elections | 2016 | 55,000,000 | government | hacked | |
Compass Bank | 2007 | 1,000,000 | financial | inside job | [52][125] |
Countrywide Financial Corp | 2006 | 2,600,000 | financial | inside job | [52] |
Countrywide Financial Corp | 2011 | 2,500,000 | financial | inside job | [126] |
Boeing | 2006 | 382,000 employees (after similar losses of data on 3,600 employees in April and 161,000 employees in November, 2005) | [30] | ||
Centers for Medicare & Medicaid Services | 2018 | 75,000 | healthcare | hacked | [127] |
Countrywide Financial | 2008 | Records | Finance | insider theft | [128][129][130] |
Cox Communications | 2016 | 40,000 | telecoms | hacked | [131] |
Crescent Health Inc., Walgreens | 2013 | 100,000 | healthcare | lost / stolen computer | [103][132] |
Cutout.Pro | 2024 | 19,972,829 | web | hacked | [133] |
CVS | 2015 | millions | retail | hacked | [134] |
CyberServe | 2021 | 1,107,034 | hosting provider | hacked | [135][136] |
D. A. Davidson & Co. | 2007 | 192,000 clients' names, customer account and social security numbers, addresses and dates of birth | [137] | ||
Dai Nippon Printing | 2007 | 8,637,405 | retail | inside job | [138] |
Data Processors International (MasterCard, Visa, Discover Financial Services and American Express) | 2008 | 8,000,000 | financial | hacked | [139] |
Defense Integrated Data Center (South Korea) | 2017 | 235 GB | military | hacked | [140] |
Dedalus Biologie (a division of Dedalus Global) | 2021 | 500,000 | health | poor security | [141][142] |
Deloitte | 2017 | 350 clients emails | consulting, accounting | poor security | [143][144] |
Democratic National Committee | 2016 | 19,252 | political | hacked | [145] |
US Department of Homeland Security | 2016 | 30,000 | government | poor security | [146][147] |
Desjardins | 2019 | 9,700,000 | financial | inside job | [148] |
Domino's Pizza (France) | 2014 | 600,000 | web | hacked | [149] |
DonorView | 2023 | 948,029 | charity | poor security | [150] |
DoorDash | 2019 | 4,900,000 | web | hacked | [151] |
UK Driving Standards Agency | 2007 | 3,000,000 | government | lost / stolen media | [152] |
Dropbox | 2012 | 68,648,009 | web | hacked | [153] |
Drupal | 2013 | 1,000,000 | web | hacked | [154] |
DSW Inc. | 2005 | 1,400,000 | retail | hacked | [155] |
Dubsmash | 2018 | 162,000,000 | messaging app | hacked | [156][12] |
Dun & Bradstreet | 2013 | 1,000,000 | tech | hacked | [157][158] |
Duolingo | 2023 | 2,676,696 | educational services | web scraping | [15][159] |
Earl Enterprises (Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy, Mixology, Tequila Taqueria) | 2018-2019 | 2,000,000 | restaurant | hacked | [160] |
EasyJet | 2019-2020 | 9,000,000 (approx) - basic booking, 2208 (credit card details) | transport | hacked | [161][162] |
eBay | 2014 | 145,000,000 | web | hacked | [163] |
Ecuador | 2019 | [164] | |||
Educational Credit Management Corporation | 2010 | 3,300,000 | financial | lost / stolen media | [165] |
Eisenhower Medical Center | 2011 | 514,330 | healthcare | lost / stolen computer | [166] |
ElasticSearch | 2019 | 108,000,000 | tech | poor security | [167] |
Embassy Cables | 2010 | 251,000 | government | inside job | [168] |
Emergency Healthcare Physicians, Ltd. | 2010 | 180,111 | healthcare | lost / stolen media | [166][169] |
Emory Healthcare | 2012 | 315,000 | healthcare | poor security | [166] |
England and Wales Cricket Board | 2024 | 43,299 | government | unknown | [170] |
Epic Games Fortnite | 2018 | vulnerability | [171][172][173] | ||
Epik | 2021 | ||||
Ernst & Young | 2006 | 234,000 customers of Hotels.com (after a similar loss of data on 38,000 employees of Ernst & Young clients in February) | [30] | ||
Equifax | 2017 | 163,119,000 | financial, credit reporting | poor security | [174][175][176][177][178][179] |
EssilorLuxottica | 2021 | 77,093,812 | healthcare, retail | hacked | [180][181] |
European Central Bank | 2014 | unknown | financial | hacked | [182][183] |
Evernote | 2013 | 50,000,000 | web | hacked | [184][185] |
Evide data breach | 2023 | 1,000 | computer services for charities | ransomware hacked | [186][187][188][189][190] |
Exactis | 2018 | 340,000,000 | data broker | poor security | [191] |
Excellus BlueCross BlueShield | 2015 | 10,000,000 | healthcare | hacked | [192] |
Experian - T-Mobile US | 2015 | 15,000,000 | telecoms | hacked | [193][194] |
EyeWire | 2016 | unknown | tech | lost / stolen computer | [195] |
2013 | 6,000,000 | social network | accidentally published | [196] | |
2018 | 50,000,000 | social network | poor security | [197][198][199][200][201][202][203] | |
2019 | 540,000,000 | social network | poor security | [204][205] | |
2019 | 1,500,000 | social network | accidentally uploaded | [206] | |
2019 | 267,000,000 | social network | poor security | [207][208] | |
Facebook Marketplace | 2023 | 200,000 | social network | unknown | [209] |
Fast Retailing | 2019 | 461,091 | retail | hacked | [210] |
FBI | 2016 | Records | law enforcement | hack | [211][212][213] |
Federal Reserve Bank of Cleveland | 2010 | 400,000 | financial | hacked | [52] |
Fidelity National Information Services | 2007 | 8,500,000 | financial | inside job | [214] |
First American Corporation | 2019 | 885,000,000 | financial service company | poor security | [215] |
FireEye | 2020 | Unknown | Information Security | hacked | [216][217][218] |
Florida Department of Juvenile Justice | 2013 | 100,000 | government | lost / stolen computer | [103] |
Friend Finder Networks | 2016 | 412,214,295 | web | poor security / hacked | [219][220] |
Funimation | 2016 | 2,500,000 | web | hacked | [221][222] |
Formspring | 2012 | 420,000 | web | accidentally published | [223] |
Unknown | 2020 | 201,000,000 | personal and demographic data about residents and their properties of US | Poor security | [224] |
Gamigo | 2012 | 8,000,000 | web | hacked | [225] |
Gap Inc. | 2007 | 800,000 | retail | lost / stolen computer | [226][30] |
Gawker | 2010 | 1,500,000 | web | hacked | [227][228] |
GE Money | 2008 | social security numbers and in-store credit card information from retail customers | magnetic tape missing from an Iron Mountain Incorporated storage facility | [229] | |
Global Payments | 2012 | 7,000,000 | financial | hacked | [230] |
Gmail | 2014 | 5,000,000 | web | hacked | [231] |
Google Plus | 2018 | 500,000 | social network | poor security | [232][233][234][235] |
goregrish.com | 2021 | 300,000 | web | hacked | [236] |
Greek government | 2012 | 9,000,000 | government | hacked | [237] |
Grozio Chirurgija | 2017 | 25,000 | healthcare | hacked | [238][239][240] |
GS Caltex | 2008 | 11,100,000 | energy | inside job | [241][242] |
Gyft | 2016 | unknown | web | hacked | [243][244] |
Hannaford Brothers Supermarket Chain | 2007 | 4,200,000 | retail | hacked | [245] |
HauteLook | 2018 | 28,517,244 | retail | hacked | [246][247][248] |
Health Net | 2009 | 500,000 | healthcare | lost / stolen media | [249] |
HCA Healthcare | 2023 | 11,270,000 | healthcare | hacked | [250] |
Health Net — IBM | 2011 | 1,900,000 | healthcare | lost / stolen media | [251] |
Health Sciences Authority (Singapore) | 2019 | 808,000 | healthcare | poor security | [252] |
Health Service Executive | 2021 | unknown | healthcare | unknown | [253] |
Heartland Payment Systems | 2009 | 130,000,000 | financial | hacked | [254][255][256][257] |
Heathrow Airport | 2017 | 2.5GB | transport | lost / stolen media | [258][259][260] |
Hewlett Packard | 2006 | 200,000 | tech, retail | lost / stolen media | [261] |
Hilton Hotels | 2014 and 2015 | 363,000 | hotel | hacked | [262][263] |
Home Depot | 2014 | 56,000,000 | retail | hacked | [264][265] |
Honda Canada | 2011 | 283,000 | retail | poor security | [266] |
Hyatt Hotels | 2015 | 250 locations | hotel | hacked | [267][268] |
Iberdrola | 2022 | 1,300,000 | energy | poor security | [269] |
Insomniac Games | 2023 | Software | hack | [270] | |
2020 | 200,000,000 | social network | poor security | [271] | |
Ititan Hosting Solutions | 2024 | unknown | hosting provider | hacked / poor security | [272] |
Internal Revenue Service | 2015 | 720,000 | financial | hacked | [273][274] |
International Committee of the Red Cross | 2022 | 515,000 | humanitarian | unknown | [275][276][277] |
Inuvik hospital | 2016 | 6,700 | healthcare | inside job | [278] |
Iranian banks (three: Saderat, Eghtesad Novin, and Saman) | 2012 | 3,000,000 | financial | hacked | [279] |
Japan Pension Service | 2015 | 1,250,000 | special public corporation | hacked | [280] |
Japanet Takata | 2004 | 510,000 | shopping | inside job | [281] |
Jefferson County, West Virginia | 2008 | 1,600,000 | government | accidentally published | [52][282] |
JP Morgan Chase | 2010 | 2,600,000 | financial | lost / stolen media | [283] |
JP Morgan Chase | 2014 | 76,000,000 | financial | hacked | [284] |
Justdial | 2019 | 100,000,000 | local search | unprotected api | [285] |
KDDI | 2006 | 4,000,000 | telecoms | hacked | [286] |
Kirkwood Community College | 2013 | 125,000 | academic | hacked | [103][287] |
KM.RU | 2016 | 1,500,000 | web | hacked | [288] |
Koodo Mobile | 2020 | unknown | mobile carrier | hacked | [289] |
Korea Credit Bureau | 2014 | 20,000,000 | financial | inside job | [290] |
Kroll Background America | 2013 | 1,000,000 | tech | hacked | [157][158] |
KT Corporation | 2012 | 8,700,000 | telecoms | hacked | [291][292] |
LexisNexis | 2014 | 1,000,000 | tech | hacked | [157][158] |
Landry's, Inc. | 2015 | 500 locations | restaurant | hacked | [293][294] |
Les Éditions Protégez-vous | 2020 | 380,000 | publisher (magazine) | unknown | [295] |
LifeLabs | 2019 | 15,000,000 | healthcare | hacked | [296] |
Lincoln Medical & Mental Health Center | 2010 | 130,495 | healthcare | lost / stolen media | [166][297] |
LinkedIn, eHarmony, Last.fm | 2012 | 8,000,000 | web | accidentally published | [298][299] |
Living Social | 2013 | 50,000,000 | web | hacked | [300][301] |
Lyca Mobile | 2023 | 16,000,000 | telecommunications | hacked | [302][303] |
MacRumors.com | 2014 | 860,000 | web | hacked | [304] |
Mandarin Oriental Hotels | 2014 | 10 locations | hotel | hacked | [305][306] |
Manipulated Caiman | 2023 | 40,000,000 | financial | hacked | [307][181] |
Marriott International | 2018 | 500,000,000 | hotel | hacked | [308] |
Marriott International | 2020 | 5,200,000 | hotel | poor security/inside job | [309] |
Massachusetts Government | 2011 | 210,000 | government | poor security | [52] |
Massive American business hack including 7-Eleven and Nasdaq | 2012 | 160,000,000 | financial | hacked | [310] |
MediaWorks New Zealand | 2023 | 162,710 | entertainment | hacked | [311] |
Medibank & AHM | 2022 | 9,700,000 | healthcare | hacked | [11][14][17][18] |
US Medicaid | 2012 | 780,000 | government, healthcare | hacked | [52] |
Medical Informatics Engineering | 2015 | 3,900,000 | healthcare | hacked | [312] |
Memorial Healthcare System | 2011 | 102,153 | healthcare | lost / stolen media | [313][166] |
MGM Resorts | 2019 | 10,600,000 | hotel/casino | hacked | [314] |
Michaels | 2014 | 3,000,000 | retail | hacked | [315] |
Microsoft | 2019 | 250,000,000 | tech | data exposed by misconfiguration | [316] |
Microsoft Exchange servers | 2021 | unknown | software | zero-day vulnerabilities | [317][318] |
Militarysingles.com | 2012 | 163,792 | web, military | accidentally published | [319] |
Ministry of Education (Chile) | 2008 | 6,000,000 | government | accidentally published | [320][321] |
Ministry of Health (Singapore) | 2019 | 14,200 | healthcare | poor security/inside job | [322][323] |
Mitsubishi Tokyo UFJ Bank | 2006 | 960,000 | financial | intentionally lost | [210] |
MongoDB | 2019 | 202,000,000 | tech | poor security | [324] |
MongoDB | 2019 | 275,000,000 | tech | poor security | [325] |
Mossack Fonseca | 2016 | Panama Papers | [326][327][328][329][330][331] | ||
Mobile TeleSystems (MTS) | 2019 | 100,000,000 | telecommunications | misconfiguration/poor security | [332] |
Monster.com | 2007 | 1,600,000 | web | hacked | [333] |
Morgan Stanley Smith Barney | 2011 | 34,000 | financial | lost / stolen media | [52] |
Morinaga Confectionery | 2022 | 1,648,922 | online shopping | ransomware hacked | [334] |
Mozilla | 2014 | 76,000 | web | poor security | [335] |
MyHeritage | 2018 | 92,283,889 | genealogy | unknown | [336] |
NASDAQ | 2014 | unknown | financial | hacked | [337] |
Natural Grocers | 2015 | 93 stores | retail | hacked | [338] |
NEC Networks, LLC | 2021 | 1,600,000 | healthcare | hacked | [339] |
Neiman Marcus | 2014 | 1,100,000 | retail | hacked | [340][341] |
Nemours Foundation | 2011 | 1,055,489 | healthcare | lost / stolen media | [166][342] |
Network Solutions | 2009 | 573,000 | tech | hacked | [343][344] |
New York City Health & Hospitals Corp. | 2010 | 1,700,000 | healthcare | lost / stolen media | [166] |
New York State Electric & Gas | 2012 | 1,800,000 | energy | inside job | [52] |
New York Taxis | 2014 | 52,000 | transport | poor security | [345] |
Nexon Korea Corp | 2011 | 13,200,000 | web | hacked | [346] |
NHS | 2011 | 8,300,000 | healthcare | lost / stolen media | [347] |
Nintendo (Club Nintendo) | 2013 | 240,000 | gaming | hacked | [348] |
Nintendo (Nintendo Account) | 2020 | 160,000 | gaming | hacked | [349] |
Nippon Television | 2016 | 430,000 | media | hacked | [94] |
Nival Networks | 2016 | 1,500,000 | gaming | hacked | [350] |
Norwegian Tax Administration | 2008 | 3,950,000 | government | accidentally published | [351] |
Now:Pensions | 2020 | 30,000 | financial | rogue contractor | [352] |
NTT Business Solutions | 2023 | 9,000,000 | telecoms | hacked | [353] |
NTT Docomo | 2023 | 5,960,000 | telecoms | hacked | [354] |
Ofcom | 2016 | unknown | telecom | inside job | [355] |
US Office of Personnel Management | 2015 | 21,500,000 | government | hacked | [356][357][358] |
Office of the Texas Attorney General | 2012 | 6,500,000 | government | accidentally published | [359] |
OGUsers | 2022 | 529,000 | web | hacked | [360] |
Optus | 2022 | 9,800,000 | telecommunications | hacked | [3] |
Orbitz | 2018 | 880,000 | web | hacked | [361] |
Ohio State University | 2010 | 760,000 | academic | hacked | [52] |
Oregon Department of Transportation | 2011 | unknown | government | poor security | [52] |
OVH | 2013 | undisclosed | web | hacked | [362] |
Paradise Papers | 2017 | Records | [363] | ||
Patreon | 2015 | 2,300,000 | web | hacked | [364] |
PayPay | 2020 | 20,076,016 | QR code payment | improper setting, hacked | [365] |
Philippine Commission on Elections | 2016 | Records | hack | [366] | |
Philippine law enforcement agencies (Philippine National Police, National Bureau of Investigation, Bureau of Internal Revenue) | 2023 | 1,279,437 | government | poor security | [367] |
Popsugar | 2018 | 123,857 | fashion | hacked | [368] |
Premera | 2015 | 11,000,000 | healthcare | hacked | [369] |
Puerto Rico Department of Health | 2010 | 515,000 | healthcare | hacked | [166] |
Quest Diagnostics | 2019 | 11,900,000 | Clinical Laboratory | poor security | [370] |
Quora | 2018 | 100,000,000 | Question & Answer | hacked | [371][372] |
Rakuten | 2020 | 1,381,735 | web | improper setting, hacked | [365] |
Rambler.ru | 2012 | 98,167,935 | web | hacked | [373][374] |
RBS Worldpay | 2008 | 1,500,000 | financial | hacked | [375] |
RENAPER (Argentina) | 2018 | 45,000,000 | government | poor security | [376][377] |
2018 | website | [378] | |||
2021 | unknown | web | hacked | [379][378] | |
Restaurant Depot | 2011 | 200,000 | retail | hacked | [52] |
RockYou! | 2009 | 32,000,000 | web, gaming | hacked | [380] |
Roscosmos | 2022 | Records | [381] | ||
Rosen Hotels | 2016 | unknown | hotel | hacked | [382] |
Sakai City, Japan | 2015 | 680,000 | government | inside job | [383] |
Saks Fifth Avenue / Lord & Taylor | 2018 | credit card records | retail | [384] | |
San Francisco Public Utilities Commission | 2011 | 180,000 | government | hacked | [385] |
Scottrade | 2015 | 4,600,000 | financial | hacked | [386] |
Scribd | 2013 | 500,000 | web | hacked | [387][388] |
Seacoast Radiology, PA | 2010 | 231,400 | healthcare | hacked | [166][389] |
Sega | 2011 | 1,290,755 | gaming | hacked | [390] |
Service NSW (New South Wales) | 2020 | 104,000 | government | hacked | [4] |
Service Personnel and Veterans Agency (UK) | 2008 | 50,500 | government | lost / stolen media | [391] |
ShopBack | 2020 | unknown | tech | hacked | [392] |
SingHealth | 2018 | 1,500,000 | government, database | hacked | [393][394][395] |
Slack | 2015 | 500,000 | tech | poor security | [396] |
SlickWraps | 2020 | 377,428 | phone accessories | poor security | [397] |
Snapchat | 2013 | 4,700,000 | web, tech | hacked | [398] |
SolarWinds | 2020 | Source Code Compromised | Network Monitoring | hacked | [399] |
Sony Online Entertainment | 2011 | 24,600,000 | gaming | hacked | [400][401] |
Sony Pictures | 2011 | 1,000,000 | web | hacked | [402] |
Sony Pictures | 2014 | 100 terabytes | media | hacked | [403][404] |
Sony PlayStation Network | 2011 | 77,000,000 | gaming | hacked | [405] |
South Africa police | 2013 | 16,000 | government | hacked | [406] |
South Carolina Government | 2012 | 6,400,000 | healthcare | inside job | [166][407][408][409] |
South Shore Hospital, Massachusetts | 2010 | 800,000 | healthcare | lost / stolen media | [52] |
Southern California Medical-Legal Consultants | 2011 | 300,000 | healthcare | hacked | [52] |
Spartanburg Regional Healthcare System | 2011 | 400,000 | healthcare | lost / stolen computer | [166][410] |
Spoutible | 2024 | 207,114 | social media | misconfigured API | [411] |
Stanford University | 2008 | 72,000 | academic | lost / stolen computer | [52][412] |
Staples | 2014 | customer payment cards | retail | [413] | |
Starbucks | 2008 | 97,000 | retail | lost / stolen computer | [52] |
Starwood including Westin Hotels & Resorts and Sheraton Hotels and Resorts | 2015 | 54 locations | hotel | hacked | [414][415] |
State of Texas | 2011 | 3,500,000 | government | accidentally published | [416] |
Steam | 2011 | 35,000,000 | web | hacked | [417] |
StockX | 2019 | 6,800,000 | retail | hacked | [418] |
Stratfor | 2011 | 935,000 | military | accidentally published | [419] |
Supervalu | 2014 | 200 stores | retail | hacked | [420] |
Sutter Medical Center | 2011 | 4,243,434 | healthcare | lost / stolen computer | [166][421] |
Syrian government (Syria Files) | 2012 | 2,434,899 | government | hacked | [422][423] |
Taobao | 2016 | 20,000,000 | retail | hacked | [424] |
TalkTalk | 2015 | Records | telecom | hack | [425] |
Tangerine Telecom | 2024 | 243,462 | telecom | compromised credentials | [426] |
Taringa! | 2017 | 28,722,877 | web | hacked | [427] |
Target Corporation | 2013 | 110,000,000 | retail | hacked | [428][429][430] |
TaxSlayer.com | 2016 | 8,800 | web | hacked | [431][432][433] |
TD Ameritrade | 2007 | 6,300,000 | financial | hacked | [434] |
TD Bank | 2012 | 260,000 | financial | hacked | [435][436] |
TerraCom & YourTel | 2013 | 170,000 | telecoms | accidentally published | [437][438] |
Tesla | 2023 | 75,000 | transport | inside job | [439] |
Tetrad | 2020 | 120,000,000 | market analysis | poor security | [440] |
Texas Lottery | 2007 | 89,000 | government | inside job | [52] |
Ticketfly (subsidiary of Eventbrite) | 2018 | 26,151,608 | ticket distribution | hacked | [441] |
Tic Hosting Solutions (known as Torchbyte) | 2023 | unknown | hosting provider | hacked / poor security | [442][272][443] |
Tianya Club | 2011 | 28,000,000 | web | hacked | [444] |
TikTok | 2020 | 42,000,000 | social media | poor security | [271] |
TK / TJ Maxx | 2007 | 94,000,000 | retail | hacked | [445][446] |
T-Mobile, Deutsche Telekom | 2006 | 17,000,000 | telecoms | lost / stolen media | [447][448] |
T-Mobile | 2021 | 45,000,000 | telecom | hacked | [449] |
T-Mobile | 2023 | 37,000,000 | telecom | hacked | [450] |
Tokopedia | 2020 | 91,000,000 | online shopping | hacked | [451] |
Trello | 2024 | 15,111,945 | tech | misconfigured API | [452] |
Tricare | 2011 | 4,901,432 | military, healthcare | lost / stolen computer | [52] |
Triple-S Salud, Inc. | 2010 | 398,000 | healthcare | lost / stolen media | [166] |
Truecaller | 2019 | 299,055,000 | Telephone directory | unknown | [453][454] |
Trump Hotels | 2014 | 8 locations | hotel | hacked | [455][456] |
Tumblr | 2013 | 65,469,298 | web | hacked | [457] |
Twitch | 2015 | unknown | tech | hacked | [458] |
Twitch | 2021 | unknown | tech | hacked/misconfiguration | [459] |
2013 | 250,000 | web | hacked | [460] | |
Typeform | 2018 | unknown | tech | poor security | [100] |
Uber | 2014 | 50,000 | tech | poor security | [461] |
Uber | 2017 | 57,000,000 | transport | hacked | [462] |
Ubisoft | 2013 | unknown | gaming | hacked | [463] |
Ubuntu | 2013 | 2,000,000 | tech | hacked | [464] |
UCLA Medical Center, Santa Monica | 2015 | 4,500,000 | healthcare | hacked | [465] |
UK Home Office | 2008 | 84,000 | government | lost / stolen media | [466] |
UK Ministry of Defence | 2008 | 1,700,000 | government | lost / stolen media | [467] |
United Kingdom parliamentary expenses scandal | 2009 | Records | government | [citation needed] | |
UK Revenue & Customs | 2007 | 25,000,000 | government | lost / stolen media | [468] |
MyFitnessPal (Under Armour subsidiary | 2018 | 150,000,000 | Consumer Goods | hacked | [469][470] |
United Nations | 2019 | unknown | international | hacked | [471] |
United Nations | 2021 | unknown | international | hacked | [472] |
University of California, Berkeley | 2009 | 160,000 | academic | hacked | [473] |
University of California, Berkeley | 2016 | 80,000 | academic | hacked | [474] |
University of Maryland, College Park | 2014 | 300,000 | academic | hacked | [475] |
University of Central Florida | 2016 | 63,000 | academic | hacked | [476] |
University of Miami | 2008 | 2,100,000 | academic | lost / stolen computer | [52] |
University of Utah Hospital & Clinics | 2008 | 2,200,000 | academic | lost / stolen media | [52] |
University of Wisconsin–Milwaukee | 2011 | 73,000 | academic | hacked | [52] |
Universiti Teknologi MARA | 2019 | 1,164,540 | academic | hacked | [477] |
United States Postal Service | 2018 | 60,000,000 | government | poor security | [478] |
UPS | 2014 | 51 locations | retail | hacked | [479] |
U.S. Army | 2011 | 50,000 | military | accidentally published | [52] |
U.S. Army (classified Iraq War documents) | 2010 | 392,000 | government | inside job | [480] |
U.S. Department of Defense | 2009 | 72,000 | military | lost / stolen media | [52] |
U.S. Department of Veteran Affairs | 2006 | 28,600,000 | government, military | lost / stolen computer | [481][482] |
U.S. federal government | 2013 | Insider | |||
U.S. federal government (2020 United States federal government data breach) | 2020 | TBC | government, military | hacked | [483][484][485][486] |
U.S. law enforcement (70 different agencies) | 2011 | 123,461 | government | accidentally published | [487] |
National Archives and Records Administration (U.S. military veterans records) | 2009 | 76,000,000 | military | lost / stolen media | [488] |
U.S. government (United States diplomatic cables leak) | 2010 | 260,000 | military | inside job | [489] |
National Guard of the United States | 2009 | 131,000 | military | lost / stolen computer | [52] |
Vastaamo | 2020 | 130,000 | healthcare | hacked | [490] |
Verifications.io (first leak) | 2019 | 809,000,000 | online marketing | poor security | [491] |
Verifications.io (total leaks) | 2019 | 2,000,000,000 | online marketing | poor security | [492] |
Verizon Communications | 2016 | 1,500,000 | telecoms | hacked | [493] |
View Media | 2020 | 38,000,000 | online marketing | publicly accessible Amazon Web Services (AWS) server | [494] |
Virgin Media | 2020 | 900,000 | mobile carrier | accidentally exposed | [495][496] |
Virginia Department of Health | 2009 | 8,257,378 | government, healthcare | hacked | [52] |
Virginia Prescription Monitoring Program | 2009 | 531,400 | healthcare | hacked | [52] |
Vodafone | 2013 | 2,000,000 | telecoms | inside job | [497] |
VTech | 2015 | 5,000,000 | retail | hacked | [498] |
Walmart | 2015 | 1,300,000 | retail | hacked | [134] |
Washington Post | 2011 | 1,270,000 | media | hacked | [499] |
Washington State court system | 2013 | 160,000 | government | hacked | [500][501] |
Wattpad | 2020 | 270,000,000 | web | hacked | [502] |
Wawa (company) | 2020 | 30,000,000 | retail | hacked | [503] |
Weebly | 2016 | 43,430,316 | web | hacked | [504][505] |
Wendy's | 2015 | unknown | restaurant | hacked | [506][507] |
Westpac | 2019 | 98,000 | financial | hacked | [508] |
Woodruff Arts Center | 2019 | unknown | arts group | poor security | [509] |
WordPress | 2018 | web service | hacked | [510] | |
Writerspace.com | 2011 | 62,000 | web | hacked | [511] |
Xat.com | 2015 | 6,054,459 | web | social engineering | [512] |
Yahoo | 2013 | 3,000,000,000 | web | hacked | [513][514] |
Yahoo | 2014 | 500,000,000 | web | hacked | [515][516][517][518][519] |
Yahoo! | 2016 | apparent "state-sponsored" data breach | |||
Yahoo Japan | 2013 | 22,000,000 | tech, web | hacked | [520] |
Yahoo! Voices | 2012 | 450,000 | web | hacked | [521][522] |
Yale University | 2010 | 43,000 | academic | accidentally published | [52] |
YouTube | 2020 | 4,000,000 | social media | poor security | [271] |
Zappos | 2012 | 24,000,000 | web | hacked | [523] |
Zynga | 2019 | 173,000,000 | social network | hacked | [524][525] |
Unknown agency (believed to be tied to United States Census Bureau) | 2020 | 200,000,000 | financial | accidentally published | [526] |
National Health Information Center (NCZI) of Slovakia | 2020 | 391,250 | healthcare | poor security | [527] |
50 companies and government institutions | 2022 | 6,400,000 | various | poor security | [528][529] |
IKEA | 2022 | 95,000 | retail | accidentally published | [530] |
Consumer Financial Protection Bureau | 2023 | 256,000 | bureau | poor security | [531] |
Directorate General of Immigration of Indonesia | 2023 | 34,900,867 | Government | hacked and published | [532] |
Directorate General of Population and Civil Registration (Dukcapil) | 2023 | 337.225.463 | Government | leaked and published | [533] |
23andMe data leak | 2023 | 6,900,000 | consumer genetics | credential stuffing | [534] |
British Library | 2023 | unknown | government | ransomware | [535] |
Chess.com | 2023 | 800,000 | game | web scraping | [536][537] |
DC Health Link | 2023 | 56,000 | healthcare | misconfigured website | [538] |
KitchenPal (iCuisto) | 2023 | 100,000 | web | hacking | [539] |
Pandora Papers | 2021 | [540] | |||