The Worst Data Breaches of the Last 10 Years
February 07, 2018
Have you noticed more and more headlines about data breaches lately? You aren’t imagining it—they’ve been on the rise in recent years. In fact, there was a 40% increase in data breaches between 2015 and 2016. The numbers aren’t all in on 2017 yet, but the trend seems to be continuing—Equifax, Instagram, and HBO are just three high-profile companies that have been breached this year.
We dug into the data from previous years to find some of the biggest and most high-profile data breaches of the last ten years. Many of these data breaches targeted social media sites, government institutions, medical organizations, and retailers, so there’s a good chance at least one of them affected you.
Check out the timeline below for the highlights or jump down to the rest of our article for a more in-depth look at each year.
2017
Now millions of Americans are worried about ID theft—and they’re probably right to worry.
Equifax
The highlights
- This data breach affected at least 143 million Americans.
- Hackers stole SSNs, credit card info, names, addresses, and more.
Other high-profile data breaches in 2017: HBO, Instagram, River City Media
2016
The 2016 presidential election was tumultuous, to say the least.
Democratic National Committee
The highlights
- Hackers stole information about Democratic party candidates, including Hillary Clinton—but they also stole opposition research on Trump.
Other high-profile data breaches in 2016: FriendFinder
2015
No one really felt sorry for the victims of this hack.
Ashley Madison
The highlights
- Hackers stole account details for customers looking online for extramarital affairs.
- The 37 million records breached included credit card numbers, addresses, and phone numbers.
Other high-profile data breaches in 2015: Anthem, Office of Personnel Management
2014
The data breach was small, but the consequences weren’t.
Sony Pictures Entertainment
The highlights
- A smaller breach than others (only about 47,000 records), but it had a big impact on Sony’s finances and reputation.
- Hackers got embarrassing internal emails, unreleased films, and celebrities’ contact information.
Other high-profile data breaches in 2014: JPMorgan Chase
2013
Sometimes data breaches aren’t discovered until long after they’ve occurred.
Yahoo
The highlights
- 3 billion records were breached.
- This breach wasn’t discovered until the tail end of 2016, but it actually happened three years earlier—hackers got email addresses, birthdays, and answers to security questions.
Other high-profile data breaches in 2013: Target
2012
Professional networking isn’t always easy.
The highlights
- 167 million records were breached—most of these records were email addresses and passwords.
Other high-profile data breaches in 2012: Dropbox
2011
Years before Sony’s entertainment division got hacked, their gaming division took a heavy hit.
Sony PlayStation Network
The highlights
- 1.6 million records were breached, including credit card numbers, addresses, birthdays, passwords, and answers to security questions.
2010
Netflix didn’t consider this a data breach, but the people who sued them sure did.
Netflix
The highlights
- Netflix gave contest participants access to anonymized data that tied back to 480,000 subscribers. Researchers, however, successfully tied the information back to specific subscribers, so the data wasn’t quite as anonymous as Netflix thought.
2009
A few dishonest employees can do a lot of damage.
T-Mobile
The highlights
- Employees stole proprietary information about customer contracts and sold that data to T-Mobile competitors.
- They sold data for over 500,000 customers, including contract renewal dates, names, addresses, and phone numbers.
2008
This breach spanned most of a decade but hit hard during the economic downturn in 2008.
American Business Hack
The highlights
- Hackers were scraping data from 2005 to 2012. They got at least 160 million credit and debit card numbers.
- Estimates suggest this breach cost companies and individuals at least $300 million.
Throwback hack: 1984
Hacking was easier in the ’80s.
Sears
The highlights
- One stolen password led to 90 million records, including names, SSNs, birthdays, and addresses.
Biggest: Yahoo!
Until recently, the biggest data breach on record was the breach of River City Media (a company known for sending spam emails). That breach involved 1.37 billion records, which sounds like a lot—until you put it in context of the Yahoo data breach that seems to get worse and worse every time we hear about it. The Yahoo data breach occurred in 2013, but it wasn’t discovered until late 2016. Originally, Yahoo reported that one billion records were breached. New reports show that this breach actually hit EVERY SINGLE YAHOO ACCOUNT—all three billion of them. That equates to roughly 40% of the global population.
Most serious: Equifax
The recent Equifax data breach may be one of the most serious data breaches to date. Hackers got ahold of birthdates, names, Social Security numbers, driver’s licence numbers, addresses, and credit card numbers. Current estimates suggest that this hack has affected 143 million Americans—nearly half of the population. The combination of banking information and personal identifying data makes this breach a treasure trove for identity thieves. If you’re one of the millions whose information was stolen, it might be time to look into identity theft protection. (Just know that signing up through Equifax means you may be waiving your right to participate in a class action lawsuit later.)
Most embarrassing: River City Media
One of the most embarrassing data breaches is one we already mentioned: River City Media. This record-breaking data breach was not the work of hackers—it was an accident. Backup databases that should have been secured were simply left available online. Oops.
Most financially damaging: American business
The most financially damaging data breach may have been the American business hack. We don’t have hard numbers on exactly how much data breaches cost companies, but we know that this particular hack resulted in at least $300 million in losses. This hack affected not only banks and big businesses, but also individuals whose accounts were accessed after credit and debit account numbers were stolen.
Biggest data breaches and hacks of 2017
2017 isn’t over yet, but SpaceX has successfully launched and recovered rockets, people in Japan have stood in lines spanning city blocks to get a chance at purchasing the Nintendo Switch, and people in the US drove for hours to watch the moon go in front of the sun for a few minutes.
We’ve also seen some significant data breaches. A few already stand out: Equifax, HBO, Instagram, and River City Media.
Equifax
Details are still emerging, but this looks to be one of the most sensitive and serious data breaches of the year. The hackers who hit the credit-reporting agency got Social Security numbers, banking information, and tons of other personal details.
- Data sensitivity: 🔒🔒🔒🔒🔒
- Breach made public: September 7, 2017
- Number of records breached: 143 million
- Type of records accessed: Social Security numbers, names, addresses, credit card numbers, and driver’s license numbers.
- Type of breach: Hack
- Company location: Atlanta, Georgia
HBO
The popular network is home to dragons approximately the size of aircraft carriers, but even impressive imaginary dragons couldn’t protect the network from real-world threats like hackers. So far the hack doesn’t seem to be quite as dire as the Sony hack a few years earlier, but details are still emerging.
- Data sensitivity: 🔒🔒
- Breach made public: July 31, 2017
- Number of records breached: Unknown
- Type of records accessed: Upcoming episodes of TV shows, executive emails, scripts for Game of Thrones
- Type of breach: Hack
- Company location: New York, New York
A bug left Instagram vulnerable to a hack that targeted celebrities—but it also affected normal users. The good news is that if you were one of those six million users, you now have something in common with Beyoncé, Leonardo DiCaprio, and Zac Efron. Congrats!
- Data sensitivity: 🔒🔒
- Breach made public: August 30, 2017
- Number of records breached: Data for over 6 million users
- Type of records accessed: Email addresses and phone numbers
- Type of breach: Hack
- Company location: Menlo Park, California
River City Media
Most embarrassing
This was one of the largest data breaches we’d ever seen. And it was an accident. We aren’t particularly rooting for a company known for sending annoying emails that clog up your inbox, but the scale of the breach is a bit alarming.
- Data sensitivity:🔒🔒
- Breach made public: March 8, 2017
- Number of records breached: 1.37 billion
- Type of records accessed: Email addresses and information connected with those addresses (names of users, IP addresses, physical addresses of users)
- Type of breach: Unintentional—backup databases were left accessible online
- Company location: Portland, Oregon
Biggest data breaches and hacks of 2016
Google finally entered the smartphone market in 2016 with the Google Pixel. And drones got much more portable and consumer friendly when DJI released the foldable Mavic Pro with a 4K stabilized camera.
Sports were also a big deal in 2016. Many of us took a break from the incessant election coverage to watch the feats of athletes in the Rio Summer Olympics. Later that year the Chicago Cubs defied the odds to finally win the World Series for the first time in over 100 years. While sports may have been a nice distraction, the presidential election certainly dominated during 2016. And the year’s most notable data breach also revolved around the election.
Democratic National Committee
Coverage of the 2016 election was exhaustive, so we’re not going to say much here.
- Data sensitivity: 🔒🔒
- Breach made public: June 14, 2016
- Number of records breached: Unknown
- Type of records accessed: Information about Democratic candidates (including presidential candidate Hillary Clinton), opposition research about presidential candidate Donald Trump
- Type of breach: Hack
- Company location: Washington, DC
FriendFinder
While the DNC hack was a big deal, it wasn’t the only big data breach in 2016. The hack of FriendFinder involved 412 million records and information that went back 20 years. While finding friends sounds benign, the FriendFinder network is also home to adult content on Adult FriendFinder, Penthouse, Cams.com, and other similar websites with more sensitive—and potentially embarrassing—content.
- Data sensitivity: 🔒
- Breach made public: November 16, 2016
- Number of records breached: 412 million
- Type of records accessed: 20 years of account information such as passwords, emails, usernames, and dates of website visits
- Type of breach: Hack
- Company location: Sunnyvale, California
Biggest data breaches and hacks of 2015
In 2015 the world fell in love with exploding hoverboards and Pluto’s icy heart. But 2015 was also a big year for data breaches—and love may have gotten some people in trouble.
Ashley Madison
Data breaches can cause a lot of damage—but to be honest it was a bit difficult to feel sorry for those affected in this case since Ashley Madison caters to people looking online for extramarital affairs.
- Data sensitivity:🔒
- Breach made public: July 19, 2015
- Number of records breached: 37 million
- Type of records accessed: Account details and login information for users, credit card details, addresses, and phone numbers
- Type of breach: Hack
- Company location: Canada
Anthem
While this data breach was perhaps less flashy than the Ashley Madison breach, it was just as damaging. The hackers who targeted this insurance company got a hold of sensitive data that could be used for identity theft—including things like Social Security numbers and street addresses.
- Data sensitivity: 🔒🔒
- Breach made public: February 5, 2015
- Number of records breached: 80 million
- Type of records accessed: Social Security numbers, email addresses, names, birthdays, street addresses, and income information
- Type of breach: Hack
- Company location: Indianapolis, Indiana
Office of Personnel Management
If you’re a government employee with a security clearance, it seems fair to expect that when you keep government information secret, the government will return the favor. Unfortunately, the OPM hack meant these employees had their own information exposed—including, in some cases, fingerprints. The breach affected at least 18 million individuals.
- Data sensitivity: 🔒🔒🔒
- Breach made public: June 4, 2015
- Number of records breached: 21.5 million
- Type of records accessed: Social Security numbers, fingerprints, information about employee job assignments and training
- Type of breach: Hack
- Company location: Washington, DC
Biggest data breaches and hacks of 2014
Apple made its way into the wearable market with the Apple Watch in 2014, while Amazon took our Internet of Things obsession to the next level with Amazon Alexa.
People also spent time watching the Sochi Olympics and reading the fascinating emails about the inner workings of Sony.
Sony Pictures Entertainment
This breach was a lot smaller than companies that had millions of records stolen, but it had a huge impact because it exposed the messy inner workings of Sony Pictures Entertainment. The hack highlighted a lot of embarrassing issues within the company, but there was a bright spot in the bureaucratic murk: we found out that Channing Tatum’s emails are hilarious.- Data sensitivity:🔒🔒
- Breach made public: November 24, 2014
- Number of records breached: 47,000
- Type of records accessed: Internal emails, private messages, unreleased films, financial data, and contact information for actors
- Type of breach: Hack
- Company location: New York, New York
JPMorgan Chase
This hack affected 76 million households, which made it even worse than previous hacks that hit retailers like Target and Home Depot. It was also more damaging because banks have more sensitive information about customers than retailers do.
Biggest data breaches and hacks of 2013
In 2013 Sony released the long-awaited PlayStation 4, Edward Snowden became a household name, and Fitbit released its first fitness tracker that could be worn on the wrist.
While Snowden’s leaks were monumental, there were quite a few other significant data breaches during 2013—and the biggest one wasn’t even made public until 2016.
Yahoo
Biggest data breachyahoo hack
This colossal breach occurred in 2013 but wasn’t discovered until the end of 2016. And this wasn’t the only huge Yahoo data breach—another 500 million records were breached in 2014.
- Data sensitivity: 🔒🔒
- Breach made public: December 14, 2016
- Number of records breached: 3 billion
- Type of records accessed: Email addresses, birthdays, and answers to security questions, codes that allow hackers to access accounts without a password
- Type of breach: Hack
- Company location: Sunnyvale, California
Target
This breach hit just in time for the holiday shopping season. Ouch. Even many years later, this is still one of the biggest hacks people think of when you mention data breaches.
- Data sensitivity: 🔒🔒
- Breach made public: December 13, 2013
- Number of records breached: 40 million
- Type of records accessed: Credit and debit account information including customer name, card number, security code, and expiration date
- Type of breach: Hack
- Company location: Minneapolis, Minnesota
Biggest data breaches and hacks of 2012
The Mayan calendar ended in 2012, but the world is still here. Those who weren’t anticipating the end of days spent 2012 watching the London Olympics, swiping right (or left) with the new, addictive dating app Tinder, and obsessing over the K-pop song “Gangnam Style.”
2012’s data breaches were a little less glamorous and exciting than the other things going on in 2012, but if you used LinkedIn or Dropbox, these data breaches may have caught your attention.
If you were using LinkedIn in 2012, you probably had to reset your password. The professional networking site was the victim of a hack that breached millions or records. LinkedIn responded to the hack the day after it happened and enforced a mandatory password reset for the accounts that they knew were affected.
- Data sensitivity: 🔒
- Breach made public: June 6, 2012
- Number of records breached: 167 million
- Type of records accessed: Encrypted passwords and email addresses
- Type of breach: Hack
- Company location: Mountain View, California
Dropbox
One of the accounts accessed in this hack was an employee account. This account contained a document with user email addresses. Oops.
- Data sensitivity: 🔒
- Breach made public: July 17, 2012
- Number of records breached: 68 million
- Type of records accessed: Email addresses and passwords
- Type of breach: Unknown, but likely hackers
- Company location: San Francisco, California
Biggest data breaches and hacks of 2011
Artificial intelligence conquered humans in 2011—on the long-running game show Jeopardy! Many of the humans who weren’t losing trivia games to computers used their time counting down the days until a British prince married a woman with infuriatingly flawless hair.
There weren’t a lot of notable data breaches in 2011, but if you’re a gamer you might remember the Sony PlayStation hack.
While Snowden’s leaks were monumental, there were quite a few other significant data breaches during 2013—and the biggest one wasn’t even made public until 2016.
Sony PlayStation Network
Sony’s data breach problems started before the high-profile 2014 hack. The hack in 2011 was also incredibly damaging and resulted in quite a few angry customers.
- Data sensitivity: 🔒🔒🔒
- Breach made public: April 27, 20011
- Number of records breached: 101.6 million
- Type of records accessed: 12 million unencrypted credit card numbers, names, physical addresses, birthdays, passwords, answers to security questions, and email addresses
- Type of breach: Hack
- Company location: New York, New York
Biggest data breaches and hacks of 2010
2010 was the year Apple released the first iPad, Toy Story 3 won at the box office, and a new species of toad was discovered in Colombia. Exciting stuff.
There weren’t a lot of notable data breaches in 2010, but your true best friend, Netflix, did run into a few problems that year.
Netflix
In an effort to improve its movie recommendation system, Netflix held a contest that provided participants with data sets including subscriber movie ratings and preferences. Netflix did not consider this a data breach. However, consumers weren’t so sure. Plaintiffs filed a class action lawsuit citing the fact that many researchers were able to use the anonymized data set to identify individual subscribers.
- Data sensitivity:🔒
- Breach made public: January 1, 2010
- Number of records breached: 100 million records tying back to 480,000 subscribers
- Type of records accessed: Anonymized subscriber information about movie preferences
- Type of breach: Voluntary—Netflix does not consider it a breach.
- Company location: Los Gatos, California
Biggest data breaches and hacks of 2009
2009 was year of big discoveries—scientists found water on the moon, and Usher introduced the world to your little sister’s worst obsession—Justin Bieber.
On the tech front, Motorola’s Droid finally gave the iPhone some real competition, and the Canon 1D Mark IV was at the top of the pack with 16 megapixels and the ability to shoot HD video.
While 2009 was a pretty good year for companies making smartphones, one of the major carriers had a rough patch thanks to some greedy employees in England.
T-Mobile
Data breaches aren’t always caused by sophisticated hackers. Sometimes one or two bad employees with access to sensitive information can do just as much damage as a larger organization.
- Data sensitivity: 🔒🔒
- Breach made public: November 2009
- Number of records breached: Exact number is unknown, but it was in the millions and included data from over 500,000 customers
- Type of records accessed: names, addresses, phone numbers, and contract renewal dates
- Type of breach: Employees stole the data and sold it to competitors
- Company location: England
Biggest data breaches and hacks of 2008
2008 was the year Barack Obama was elected as president of the United States and the Hadron Collider was switched on for the first time. It was also a pretty rough year in the US and across the world financially speaking. And while the financial downturn hurt individuals, banks and other large companies also sustained significant losses thanks to huge data breaches.
Heartland Payment Systems
The theft occurred from late 2006 to 2008 and resulted in significant financial losses.- Data sensitivity:🔒🔒🔒
- Breach made public: January 20, 2009
- Number of records breached: Over 130 million
- Type of records accessed: Credit and debit card numbers
- Type of breach: Hack
- Company location: Princeton, New Jersey
American Business Hack
Most financially damaging
This data breach affected multiple companies, including Nasdaq and 7-Eleven. Like the Heartland data breach, this one spanned multiple years—data was actually being stolen from 2005 to 2012. We placed it in 2008 because a large portion of the records were stolen between 2008 and 2009 during the economic downturn.
- Data sensitivity:🔒🔒🔒🔒🔒
- Breach took place: From 2005 to 2012
- Number of records breached: Unknown—at least 160 million credit and debit card numbers. It resulted in at least $300 million in losses to companies and individuals.
- Type of records accessed: Credit and debit card numbers, usernames, passwords
- Type of breach: Hack
Throwback hack: 1984
Data breaches aren’t exclusive to this century. If you were alive in 1984, you may remember the first Apple Macintosh or Michael Jordan being drafted by the Chicago Bulls at the very beginning of his career.
1984 was also the year when a stolen password led to one of the first data breaches on record.
Sears/TRW Information Systems
Looking back, it’s hard to imagine that one password could lead to 90 million records. Yikes.
- Data sensitivity:🔒🔒🔒🔒🔒
- Breach made public: June 1984
- Number of records breached: 90 million
- Type of records accessed: A password that permitted access to names, Social Security numbers, birthdates, and addresses
- Type of breach: Stolen password
- Company location: Chicago, Illinois
Should you be worried about data breaches?
If you aren’t running a major corporation, you probably haven’t suffered huge losses at the hands of hackers, but data breaches can still affect you—particularly if one of the companies targeted in an attack has your personal information. That information could easily end up in the hands of identity thieves, which could cause real problems for you down the road.
If you’re worried about your information being exposed during a data breach, we suggest investing in credit monitoring and identity theft protection. We also recommend creating strong passwords, keeping your information close to the vest, and giving it out only when absolutely necessary.
Have you been affected by a data breach? Share your experience in the comment section below.
