The Worst Data Breaches of the Last 10 Years
2017
Equifax
The highlights
- This data breach affected at least 143 million Americans.
- Hackers stole SSNs, credit card info, names, addresses, and more.
Other high-profile data breaches in 2017: HBO, Instagram, River City Media
2016

Democratic National Committee
The highlights
- Hackers stole information about Democratic party candidates, including Hillary Clinton—but they also stole opposition research on Trump.
Other high-profile data breaches in 2016: FriendFinder
2015

Ashley Madison
The highlights
- Hackers stole account details for customers looking online for extramarital affairs.
- The 37 million records breached included credit card numbers, addresses, and phone numbers.
Other high-profile data breaches in 2015: Anthem, Office of Personnel Management
2014

Sony Pictures Entertainment
The highlights
- A smaller breach than others (only about 47,000 records), but it had a big impact on Sony’s finances and reputation.
- Hackers got embarrassing internal emails, unreleased films, and celebrities’ contact information.
Other high-profile data breaches in 2014: JPMorgan Chase
2013

Yahoo
The highlights
- 3 billion records were breached.
- This breach wasn’t discovered until the tail end of 2016, but it actually happened three years earlier—hackers got email addresses, birthdays, and answers to security questions.
Other high-profile data breaches in 2013: Target
2012

The highlights
- 167 million records were breached—most of these records were email addresses and passwords.
Other high-profile data breaches in 2012: Dropbox
2011

Sony PlayStation Network
The highlights
- 1.6 million records were breached, including credit card numbers, addresses, birthdays, passwords, and answers to security questions.
2010

Netflix
The highlights
- Netflix gave contest participants access to anonymized data that tied back to 480,000 subscribers. Researchers, however, successfully tied the information back to specific subscribers, so the data wasn’t quite as anonymous as Netflix thought.
2009

T-Mobile
The highlights
- Employees stole proprietary information about customer contracts and sold that data to T-Mobile competitors.
- They sold data for over 500,000 customers, including contract renewal dates, names, addresses, and phone numbers.
2008

American Business Hack
The highlights
- Hackers were scraping data from 2005 to 2012. They got at least 160 million credit and debit card numbers.
- Estimates suggest this breach cost companies and individuals at least $300 million.
Throwback hack: 1984

Sears
The highlights
- One stolen password led to 90 million records, including names, SSNs, birthdays, and addresses.
Biggest: Yahoo!

Most serious: Equifax

Most embarrassing: River City Media

One of the most embarrassing data breaches is one we already mentioned: River City Media. This record-breaking data breach was not the work of hackers—it was an accident. Backup databases that should have been secured were simply left available online. Oops.
Most financially damaging: American business

The most financially damaging data breach may have been the American business hack. We don’t have hard numbers on exactly how much data breaches cost companies, but we know that this particular hack resulted in at least $300 million in losses. This hack affected not only banks and big businesses, but also individuals whose accounts were accessed after credit and debit account numbers were stolen.
Biggest data breaches and hacks of 2017
Equifax
Details are still emerging, but this looks to be one of the most sensitive and serious data breaches of the year. The hackers who hit the credit-reporting agency got Social Security numbers, banking information, and tons of other personal details.
- Data sensitivity: 🔒🔒🔒🔒🔒
- Breach made public: September 7, 2017
- Number of records breached: 143 million
- Type of records accessed: Social Security numbers, names, addresses, credit card numbers, and driver’s license numbers.
- Type of breach: Hack
- Company location: Atlanta, Georgia
HBO
The popular network is home to dragons approximately the size of aircraft carriers, but even impressive imaginary dragons couldn’t protect the network from real-world threats like hackers. So far the hack doesn’t seem to be quite as dire as the Sony hack a few years earlier, but details are still emerging.
- Data sensitivity: 🔒🔒
- Breach made public: July 31, 2017
- Number of records breached: Unknown
- Type of records accessed: Upcoming episodes of TV shows, executive emails, scripts for Game of Thrones
- Type of breach: Hack
- Company location: New York, New York
A bug left Instagram vulnerable to a hack that targeted celebrities—but it also affected normal users. The good news is that if you were one of those six million users, you now have something in common with Beyoncé, Leonardo DiCaprio, and Zac Efron. Congrats!
- Data sensitivity: 🔒🔒
- Breach made public: August 30, 2017
- Number of records breached: Data for over 6 million users
- Type of records accessed: Email addresses and phone numbers
- Type of breach: Hack
- Company location: Menlo Park, California
River City Media
This was one of the largest data breaches we’d ever seen. And it was an accident. We aren’t particularly rooting for a company known for sending annoying emails that clog up your inbox, but the scale of the breach is a bit alarming.
- Data sensitivity:🔒🔒
- Breach made public: March 8, 2017
- Number of records breached: 1.37 billion
- Type of records accessed: Email addresses and information connected with those addresses (names of users, IP addresses, physical addresses of users)
- Type of breach: Unintentional—backup databases were left accessible online
- Company location: Portland, Oregon
Biggest data breaches and hacks of 2016
Google finally entered the smartphone market in 2016 with the Google Pixel. And drones got much more portable and consumer friendly when DJI released the foldable Mavic Pro with a 4K stabilized camera.
Sports were also a big deal in 2016. Many of us took a break from the incessant election coverage to watch the feats of athletes in the Rio Summer Olympics. Later that year the Chicago Cubs defied the odds to finally win the World Series for the first time in over 100 years. While sports may have been a nice distraction, the presidential election certainly dominated during 2016. And the year’s most notable data breach also revolved around the election.
Democratic National Committee
Coverage of the 2016 election was exhaustive, so we’re not going to say much here.
- Data sensitivity: 🔒🔒
- Breach made public: June 14, 2016
- Number of records breached: Unknown
- Type of records accessed: Information about Democratic candidates (including presidential candidate Hillary Clinton), opposition research about presidential candidate Donald Trump
- Type of breach: Hack
- Company location: Washington, DC
FriendFinder
While the DNC hack was a big deal, it wasn’t the only big data breach in 2016. The hack of FriendFinder involved 412 million records and information that went back 20 years. While finding friends sounds benign, the FriendFinder network is also home to adult content on Adult FriendFinder, Penthouse, Cams.com, and other similar websites with more sensitive—and potentially embarrassing—content.
- Data sensitivity: 🔒
- Breach made public: November 16, 2016
- Number of records breached: 412 million
- Type of records accessed: 20 years of account information such as passwords, emails, usernames, and dates of website visits
- Type of breach: Hack
- Company location: Sunnyvale, California
Biggest data breaches and hacks of 2015
In 2015 the world fell in love with exploding hoverboards and Pluto’s icy heart. But 2015 was also a big year for data breaches—and love may have gotten some people in trouble.
Ashley Madison
Data breaches can cause a lot of damage—but to be honest it was a bit difficult to feel sorry for those affected in this case since Ashley Madison caters to people looking online for extramarital affairs.
- Data sensitivity:🔒
- Breach made public: July 19, 2015
- Number of records breached: 37 million
- Type of records accessed: Account details and login information for users, credit card details, addresses, and phone numbers
- Type of breach: Hack
- Company location: Canada
Anthem
While this data breach was perhaps less flashy than the Ashley Madison breach, it was just as damaging. The hackers who targeted this insurance company got a hold of sensitive data that could be used for identity theft—including things like Social Security numbers and street addresses.
- Data sensitivity: 🔒🔒
- Breach made public: February 5, 2015
- Number of records breached: 80 million
- Type of records accessed: Social Security numbers, email addresses, names, birthdays, street addresses, and income information
- Type of breach: Hack
- Company location: Indianapolis, Indiana
Office of Personnel Management
If you’re a government employee with a security clearance, it seems fair to expect that when you keep government information secret, the government will return the favor. Unfortunately, the OPM hack meant these employees had their own information exposed—including, in some cases, fingerprints. The breach affected at least 18 million individuals.
- Data sensitivity: 🔒🔒🔒
- Breach made public: June 4, 2015
- Number of records breached: 21.5 million
- Type of records accessed: Social Security numbers, fingerprints, information about employee job assignments and training
- Type of breach: Hack
- Company location: Washington, DC
Biggest data breaches and hacks of 2014
Apple made its way into the wearable market with the Apple Watch in 2014, while Amazon took our Internet of Things obsession to the next level with Amazon Alexa.
People also spent time watching the Sochi Olympics and reading the fascinating emails about the inner workings of Sony.
Sony Pictures Entertainment
This breach was a lot smaller than companies that had millions of records stolen, but it had a huge impact because it exposed the messy inner workings of Sony Pictures Entertainment. The hack highlighted a lot of embarrassing issues within the company, but there was a bright spot in the bureaucratic murk: we found out that Channing Tatum’s emails are hilarious.- Data sensitivity:🔒🔒
- Breach made public: November 24, 2014
- Number of records breached: 47,000
- Type of records accessed: Internal emails, private messages, unreleased films, financial data, and contact information for actors
- Type of breach: Hack
- Company location: New York, New York
JPMorgan Chase
This hack affected 76 million households, which made it even worse than previous hacks that hit retailers like Target and Home Depot. It was also more damaging because banks have more sensitive information about customers than retailers do.
Biggest data breaches and hacks of 2013
Yahoo
This colossal breach occurred in 2013 but wasn’t discovered until the end of 2016. And this wasn’t the only huge Yahoo data breach—another 500 million records were breached in 2014.
- Data sensitivity: 🔒🔒
- Breach made public: December 14, 2016
- Number of records breached: 3 billion
- Type of records accessed: Email addresses, birthdays, and answers to security questions, codes that allow hackers to access accounts without a password
- Type of breach: Hack
- Company location: Sunnyvale, California
Target
This breach hit just in time for the holiday shopping season. Ouch. Even many years later, this is still one of the biggest hacks people think of when you mention data breaches.
- Data sensitivity: 🔒🔒
- Breach made public: December 13, 2013
- Number of records breached: 40 million
- Type of records accessed: Credit and debit account information including customer name, card number, security code, and expiration date
- Type of breach: Hack
- Company location: Minneapolis, Minnesota
Biggest data breaches and hacks of 2012

If you were using LinkedIn in 2012, you probably had to reset your password. The professional networking site was the victim of a hack that breached millions or records. LinkedIn responded to the hack the day after it happened and enforced a mandatory password reset for the accounts that they knew were affected.
- Data sensitivity: 🔒
- Breach made public: June 6, 2012
- Number of records breached: 167 million
- Type of records accessed: Encrypted passwords and email addresses
- Type of breach: Hack
- Company location: Mountain View, California
Dropbox
One of the accounts accessed in this hack was an employee account. This account contained a document with user email addresses. Oops.
- Data sensitivity: 🔒
- Breach made public: July 17, 2012
- Number of records breached: 68 million
- Type of records accessed: Email addresses and passwords
- Type of breach: Unknown, but likely hackers
- Company location: San Francisco, California
Biggest data breaches and hacks of 2011
Sony PlayStation Network
Sony’s data breach problems started before the high-profile 2014 hack. The hack in 2011 was also incredibly damaging and resulted in quite a few angry customers.
- Data sensitivity: 🔒🔒🔒
- Breach made public: April 27, 20011
- Number of records breached: 101.6 million
- Type of records accessed: 12 million unencrypted credit card numbers, names, physical addresses, birthdays, passwords, answers to security questions, and email addresses
- Type of breach: Hack
- Company location: New York, New York
Biggest data breaches and hacks of 2010
Netflix
In an effort to improve its movie recommendation system, Netflix held a contest that provided participants with data sets including subscriber movie ratings and preferences. Netflix did not consider this a data breach. However, consumers weren’t so sure. Plaintiffs filed a class action lawsuit citing the fact that many researchers were able to use the anonymized data set to identify individual subscribers.
- Data sensitivity:🔒
- Breach made public: January 1, 2010
- Number of records breached: 100 million records tying back to 480,000 subscribers
- Type of records accessed: Anonymized subscriber information about movie preferences
- Type of breach: Voluntary—Netflix does not consider it a breach.
- Company location: Los Gatos, California
Biggest data breaches and hacks of 2009
T-Mobile
Data breaches aren’t always caused by sophisticated hackers. Sometimes one or two bad employees with access to sensitive information can do just as much damage as a larger organization.
- Data sensitivity: 🔒🔒
- Breach made public: November 2009
- Number of records breached: Exact number is unknown, but it was in the millions and included data from over 500,000 customers
- Type of records accessed: names, addresses, phone numbers, and contract renewal dates
- Type of breach: Employees stole the data and sold it to competitors
- Company location: England

Biggest data breaches and hacks of 2008
2008 was the year Barack Obama was elected as president of the United States and the Hadron Collider was switched on for the first time. It was also a pretty rough year in the US and across the world financially speaking. And while the financial downturn hurt individuals, banks and other large companies also sustained significant losses thanks to huge data breaches.
Heartland Payment Systems
The theft occurred from late 2006 to 2008 and resulted in significant financial losses.- Data sensitivity:🔒🔒🔒
- Breach made public: January 20, 2009
- Number of records breached: Over 130 million
- Type of records accessed: Credit and debit card numbers
- Type of breach: Hack
- Company location: Princeton, New Jersey
American Business Hack
- Data sensitivity:🔒🔒🔒🔒🔒
- Breach took place: From 2005 to 2012
- Number of records breached: Unknown—at least 160 million credit and debit card numbers. It resulted in at least $300 million in losses to companies and individuals.
- Type of records accessed: Credit and debit card numbers, usernames, passwords
- Type of breach: Hack
Throwback hack: 1984
Data breaches aren’t exclusive to this century. If you were alive in 1984, you may remember the first Apple Macintosh or Michael Jordan being drafted by the Chicago Bulls at the very beginning of his career.
1984 was also the year when a stolen password led to one of the first data breaches on record.
Sears/TRW Information Systems
Looking back, it’s hard to imagine that one password could lead to 90 million records. Yikes.
- Data sensitivity:🔒🔒🔒🔒🔒
- Breach made public: June 1984
- Number of records breached: 90 million
- Type of records accessed: A password that permitted access to names, Social Security numbers, birthdates, and addresses
- Type of breach: Stolen password
- Company location: Chicago, Illinois
Should you be worried about data breaches?
If you aren’t running a major corporation, you probably haven’t suffered huge losses at the hands of hackers, but data breaches can still affect you—particularly if one of the companies targeted in an attack has your personal information. That information could easily end up in the hands of identity thieves, which could cause real problems for you down the road.
If you’re worried about your information being exposed during a data breach, we suggest investing in credit monitoring and identity theft protection. We also recommend creating strong passwords, keeping your information close to the vest, and giving it out only when absolutely necessary.
Have you been affected by a data breach? Share your experience in the comment section below.