The Worst Data Breaches of the Last 10 Years

• This data breach affected at least 143 million Americans.
• Hackers stole SSNs, credit card info, names, addresses, and more.

Other high-profile data breaches in 2017: HBO, Instagram, River City Media

• Hackers stole information about Democratic party candidates, including Hillary Clinton—but they also stole opposition research on Trump.

Other high-profile data breaches in 2016: FriendFinder

• Hackers stole account details for customers looking online for extramarital affairs.
• The 37 million records breached included credit card numbers, addresses, and phone numbers.

Other high-profile data breaches in 2015: Anthem, Office of Personnel Management

• A smaller breach than others (only about 47,000 records), but it had a big impact on Sony’s finances and reputation.
• Hackers got embarrassing internal emails, unreleased films, and celebrities’ contact information.

Other high-profile data breaches in 2014: JPMorgan Chase

• 3 billion records were breached.
• This breach wasn’t discovered until the tail end of 2016, but it actually happened three years earlier—hackers got email addresses, birthdays, and answers to security questions.

Other high-profile data breaches in 2013: Target

• 167 million records were breached—most of these records were email addresses and passwords.

Other high-profile data breaches in 2012: Dropbox

• 1.6 million records were breached, including credit card numbers, addresses, birthdays, passwords, and answers to security questions.

• Netflix gave contest participants access to anonymized data that tied back to 480,000 subscribers. Researchers, however, successfully tied the information back to specific subscribers, so the data wasn’t quite as anonymous as Netflix thought.

• Employees stole proprietary information about customer contracts and sold that data to T-Mobile competitors.
• They sold data for over 500,000 customers, including contract renewal dates, names, addresses, and phone numbers.

• Hackers were scraping data from 2005 to 2012. They got at least 160 million credit and debit card numbers.
• Estimates suggest this breach cost companies and individuals at least $300 million.

• One stolen password led to 90 million records, including names, SSNs, birthdays, and addresses.

Data breach highlights

Biggest: Yahoo!

Biggest data breaches and hacks of 2017

Equifax

Details are still emerging, but this looks to be one of the most sensitive and serious data breaches of the year. The hackers who hit the credit-reporting agency got Social Security numbers, banking information, and tons of other personal details.

• Data sensitivity: 🔒🔒🔒🔒🔒
• Breach made public: September 7, 2017
• Number of records breached: 143 million
• Type of records accessed: Social Security numbers, names, addresses, credit card numbers, and driver’s license numbers.
• Type of breach: Hack
• Company location: Atlanta, Georgia

HBO

The popular network is home to dragons approximately the size of aircraft carriers, but even impressive imaginary dragons couldn’t protect the network from real-world threats like hackers. So far the hack doesn’t seem to be quite as dire as the Sony hack a few years earlier, but details are still emerging.

• Data sensitivity: 🔒🔒
• Breach made public: July 31, 2017
• Number of records breached: Unknown
• Type of records accessed: Upcoming episodes of TV shows, executive emails, scripts for Game of Thrones
• Type of breach: Hack
• Company location: New York, New York

Instagram

A bug left Instagram vulnerable to a hack that targeted celebrities—but it also affected normal users. The good news is that if you were one of those six million users, you now have something in common with Beyoncé, Leonardo DiCaprio, and Zac Efron. Congrats!

• Data sensitivity: 🔒🔒
• Breach made public: August 30, 2017
• Number of records breached: Data for over 6 million users
• Type of records accessed: Email addresses and phone numbers
• Type of breach: Hack
• Company location: Menlo Park, California

This was one of the  largest data breaches we’d ever seen. And it was an accident. We aren’t particularly rooting for a company known for sending annoying emails that clog up your inbox, but the scale of the breach is a bit alarming.

• Data sensitivity:🔒🔒
• Breach made public: March 8, 2017
• Number of records breached: 1.37 billion
• Type of records accessed: Email addresses and information connected with those addresses (names of users, IP addresses, physical addresses of users)
• Type of breach: Unintentional—backup databases were left accessible online
• Company location: Portland, Oregon

Google finally entered the smartphone market in 2016 with the Google Pixel. And drones got much more portable and consumer friendly when DJI released the foldable Mavic Pro with a 4K stabilized camera.

Sports were also a big deal in 2016. Many of us took a break from the incessant election coverage to watch the feats of athletes in the Rio Summer Olympics. Later that year the Chicago Cubs defied the odds to finally win the World Series for the first time in over 100 years. While sports may have been a nice distraction, the presidential election certainly dominated during 2016. And the year’s most notable data breach also revolved around the election.

Democratic National Committee

Coverage of the 2016 election was exhaustive, so we’re not going to say much here.

• Data sensitivity: 🔒🔒
• Breach made public: June 14, 2016
• Number of records breached: Unknown
• Type of records accessed: Information about Democratic candidates (including presidential candidate Hillary Clinton), opposition research about presidential candidate Donald Trump
• Type of breach: Hack
• Company location: Washington, DC

FriendFinder

While the DNC hack was a big deal, it wasn’t the only big data breach in 2016. The hack of FriendFinder involved 412 million records and information that went back 20 years. While finding friends sounds benign, the FriendFinder network is also home to adult content on Adult FriendFinder, Penthouse, Cams.com, and other similar websites with more sensitive—and potentially embarrassing—content.

• Data sensitivity: 🔒
• Breach made public: November 16, 2016
• Number of records breached: 412 million
• Type of records accessed: 20 years of account information such as passwords, emails, usernames, and dates of website visits
• Type of breach: Hack
• Company location: Sunnyvale, California

In 2015 the world fell in love with exploding hoverboards and Pluto’s icy heart. But 2015 was also a big year for data breaches—and love may have gotten some people in trouble.

Ashley Madison

Data breaches can cause a lot of damage—but to be honest it was a bit difficult to feel sorry for those affected in this case since Ashley Madison caters to people looking online for extramarital affairs.

• Data sensitivity:🔒
• Breach made public: July 19, 2015
• Number of records breached: 37 million
• Type of records accessed: Account details and login information for users, credit card details, addresses, and phone numbers
• Type of breach: Hack
• Company location: Canada

Anthem

While this data breach was perhaps less flashy than the Ashley Madison breach, it was just as damaging. The hackers who targeted this insurance company got a hold of sensitive data that could be used for identity theft—including things like Social Security numbers and street addresses.

• Data sensitivity: 🔒🔒
• Breach made public: February 5, 2015
• Number of records breached: 80 million
• Type of records accessed: Social Security numbers, email addresses, names, birthdays, street addresses, and income information
• Type of breach: Hack
• Company location: Indianapolis, Indiana

Office of Personnel Management

If you’re a government employee with a security clearance, it seems fair to expect that when you keep government information secret, the government will return the favor. Unfortunately, the OPM hack meant these employees had their own information exposed—including, in some cases, fingerprints. The breach affected at least 18 million individuals.

• Data sensitivity: 🔒🔒🔒
• Breach made public: June 4, 2015
• Number of records breached: 21.5 million
• Type of records accessed: Social Security numbers, fingerprints, information about employee job assignments and training
• Type of breach: Hack
• Company location: Washington, DC

Apple made its way into the wearable market with the Apple Watch in 2014, while Amazon took our Internet of Things obsession to the next level with Amazon Alexa.

People also spent time watching the Sochi Olympics and reading the fascinating emails about the inner workings of Sony.

Sony Pictures Entertainment

• Data sensitivity:🔒🔒
• Breach made public: November 24, 2014
• Number of records breached: 47,000
• Type of records accessed: Internal emails, private messages, unreleased films, financial data, and contact information for actors
• Type of breach: Hack
• Company location: New York, New York

JPMorgan Chase

This hack affected 76 million households, which made it even worse than previous hacks that hit retailers like Target and Home Depot. It was also more damaging because banks have more sensitive information about customers than retailers do.

• Data sensitivity:🔒🔒🔒
• Breach made public: August 28, 2014
• Number of records breached: 76 million
• Type of records accessed: Bank account information, names, addresses, and phone numbers
• Type of breach: Hack
• Company location: New York, New York

This colossal breach occurred in 2013 but wasn’t discovered until the end of 2016. And this wasn’t the only huge Yahoo data breach—another 500 million records were breached in 2014.

• Data sensitivity: 🔒🔒
• Breach made public: December 14, 2016
• Number of records breached: 3 billion
• Type of records accessed: Email addresses, birthdays, and answers to security questions, codes that allow hackers to access accounts without a password
• Type of breach: Hack
• Company location: Sunnyvale, California

Target

This breach hit just in time for the holiday shopping season. Ouch. Even many years later, this is still one of the biggest hacks people think of when you mention data breaches.

• Data sensitivity: 🔒🔒
• Breach made public: December 13, 2013
• Number of records breached: 40 million
• Type of records accessed: Credit and debit account information including customer name, card number, security code, and expiration date
• Type of breach: Hack
• Company location: Minneapolis, Minnesota

LinkedIn

If you were using LinkedIn in 2012, you probably had to reset your password. The professional networking site was the victim of a hack that breached millions or records. LinkedIn responded to the hack the day after it happened and enforced a mandatory password reset for the accounts that they knew were affected.

• Data sensitivity: 🔒
• Breach made public: June 6, 2012
• Number of records breached: 167 million
• Type of records accessed: Encrypted passwords and email addresses
• Type of breach: Hack
• Company location: Mountain View, California

Dropbox

One of the accounts accessed in this hack was an employee account. This account contained a document with user email addresses. Oops.

• Data sensitivity: 🔒
• Breach made public: July 17, 2012
• Number of records breached: 68 million
• Type of records accessed: Email addresses and passwords
• Type of breach: Unknown, but likely hackers
• Company location: San Francisco, California

Sony PlayStation Network

Sony’s data breach problems started before the high-profile 2014 hack. The hack in 2011 was also incredibly damaging and resulted in quite a few angry customers.

• Data sensitivity: 🔒🔒🔒
• Breach made public: April 27, 20011
• Number of records breached: 101.6 million
• Type of records accessed: 12 million unencrypted credit card numbers, names, physical addresses, birthdays, passwords, answers to security questions, and email addresses
• Type of breach: Hack
• Company location: New York, New York

Netflix

In an effort to improve its movie recommendation system, Netflix held a contest that provided participants with data sets including subscriber movie ratings and preferences. Netflix did not consider this a data breach. However, consumers weren’t so sure. Plaintiffs filed a class action lawsuit citing the fact that many researchers were able to use the anonymized data set to identify individual subscribers.

• Data sensitivity:🔒
• Breach made public: January 1, 2010
• Number of records breached: 100 million records tying back to 480,000 subscribers
• Type of records accessed: Anonymized subscriber information about movie preferences
• Type of breach: Voluntary—Netflix does not consider it a breach.
• Company location: Los Gatos, California

T-Mobile

Data breaches aren’t always caused by sophisticated hackers. Sometimes one or two bad employees with access to sensitive information can do just as much damage as a larger organization.

2008 was the year Barack Obama was elected as president of the United States and the Hadron Collider was switched on for the first time. It was also a pretty rough year in the US and across the world financially speaking. And while the financial downturn hurt individuals, banks and other large companies also sustained significant losses thanks to huge data breaches.

Heartland Payment Systems

• Data sensitivity:🔒🔒🔒
• Breach made public: January 20, 2009
• Number of records breached: Over 130 million
• Type of records accessed: Credit and debit card numbers
• Type of breach: Hack
• Company location: Princeton, New Jersey

• Data sensitivity:🔒🔒🔒🔒🔒
• Breach took place: From 2005 to 2012
• Number of records breached: Unknown—at least 160 million credit and debit card numbers. It resulted in at least $300 million in losses to companies and individuals.
• Type of records accessed: Credit and debit card numbers, usernames, passwords
• Type of breach: Hack

Data breaches aren’t exclusive to this century. If you were alive in 1984, you may remember the first Apple Macintosh or Michael Jordan being drafted by the Chicago Bulls at the very beginning of his career.

1984 was also the year when a stolen password led to one of the first data breaches on record.

Sears/TRW Information Systems

Looking back, it’s hard to imagine that one password could lead to 90 million records. Yikes.

• Data sensitivity:🔒🔒🔒🔒🔒
• Breach made public: June 1984
• Number of records breached: 90 million
• Type of records accessed: A password that permitted access to names, Social Security numbers, birthdates, and addresses
• Type of breach: Stolen password
• Company location: Chicago, Illinois

Should you be worried about data breaches?

If you aren’t running a major corporation, you probably haven’t suffered huge losses at the hands of hackers, but data breaches can still affect you—particularly if one of the companies targeted in an attack has your personal information. That information could easily end up in the hands of identity thieves, which could cause real problems for you down the road.

If you’re worried about your information being exposed during a data breach, we suggest investing in credit monitoring and identity theft protection. We also recommend creating strong passwords, keeping your information close to the vest, and giving it out only when absolutely necessary.

Have you been affected by a data breach? Share your experience in the comment section below.

Click here to download a PDF of the full report.