Popular Companies Data Breach List

YEAR-2019

YEAR
COMPANY NAME
AFFECTED
SUMMARY
Sep-19
Deal Leader, LLC.Deal Leader, LLC.
198,000,000

198 million protective car buyers had their personal information exposed due to an unsecured database belonging to Dealer Leader, a digital marketing company for car dealerships. Exposed information included full names, email addresses, phone numbers, home addresses, and IP addresses.

Sep-19
FacebookFacebook
419,000,000

419 million records of Facebook users were accessed by hackers due to an unprotected server, exposing Facebook user's unique ID, phone numbers, gender, user names, and location data.

Sep-19
Providence Health Plan Providence Health Plan
122,000

An unauthorized party accessed personal information of 122,000 members such as their names, addresses, email addresses, dates of birth, Social Security numbers, member identification numbers, group numbers, and subscriber numbers.

Aug-19
FoxitFoxit
328,000

About 328,000 users of Foxit were encouraged to reset their passwords via an email alert after the PDF Reader software company discovered a hacker that gained acess to names, email addresses, passwords, phone numbers, company names, and IP addresses.

Aug-19
HostingerHostinger
14,000,000

The web hosting company, Hostinger, had sent password reset emails to 14 million clients due to a hacked API server which contained data such as first names, usernames, email addresses, IP addresses, and hashed passwords were exposed in a data breach.

Aug-19
MoviePassMoviePass
58,000

58K MoviePass subscribers had their payment information exposed due to a server unprotected by a password. 161M records were on th open database, allowing anyone access to billing information as well as email addresses and full names of subscribers.

Aug-19
BioStar 2BioStar 2
1,000,000

Fingerprint data of 1 million individuals along with the facial recognition information as well as unencrypted usernames and passwords of 27.8 million individuals were exposed in an unsecure database belonging to BioStar 2, a biometric security platform used by organizations worldwide.

Aug-19
Choice HotelsChoice Hotels
700,000

A database containing 700,000 guest records of the hotel franchise, Choice Hotels, was found exposed and left with a ransom note. The hackers requested 0.4 Bitcoin, approximately $4,000, to stop further exposure of the stolen information, including names, addresses, and phone numbers.

Aug-19
State FarmState Farm
undisclosed

US banking and insurance giant, State Farm, stated it suffered a credential stuffing attack during which “a bad actor” was able to confirm valid usernames and passwords for State Farm online accounts. The company’s online accounts allow users to manage insurance claims, pay bills, or wire funds, among many other things.

Aug-19
CafePressCafePress
23,000,000

Over 23.2 million accounts were exposed by CafePress, a custom T-shirt and merchandise company, exposing the names, email addresses, physical addresses, phone numbers and hashed passwords of its customers. CafePress has not disclosed the breach leading back to February 2019, but has sent out a passwords reset claiming it has updated its password policy.

Aug-19
Imperial HealthImperial Health
116,262

Imperial Health in Southwest Louisiana fell victim to a ransomware attack, which potentially breached the data of about 116,262 patients. The affected information varied by patient, but could include names, medical record numbers, Social Security numbers, treatment details, contact information, birth dates, diagnoses, medications, provider names, and related clinical data.

Aug-19
Presbyterian Healthcare Presbyterian Healthcare
183,000

New Mexico-based Presbyterian Healthcare Services is notifying 183,000 patients that their personal and medical information was potentially breached after a month-long phishing attack. Compromised accounts contained patient and health plan member information including names, dates of birth, Social Security numbers, and health plan and or clinical information.

Aug-19
StockXStockX
6,800,000

StockX was hacked! 6.8 million records were obtained, containing full names, email addresses, scrambled passwords, and profile details such as shoe size and trading currency.

Aug-19
PoshmarkPoshmark
undisclosed

Poshmark, a clothing marketplace with 50 million users, has been breached exposing information like names, usernames, gender, location, email addresses, and scrambled passwords.

Jul-19
LAPDLAPD
20,000

A suspected hacker compromised data of approximately 20,000 LAPD police officers such as the officers' names, dates of birth, parts of their social security numbers, and the email addresses and passwords they set up when applying for the job.

Jul-19
EviteEvite
101,000,000

101 million Evite users were exposed when hackers gained unauthorized access to servers, including member's personal data.

Jul-19
SprintSprint
undisclosed

Hackers infiltrated Sprint's website, exposing customer data such as account numbers & billing addresses.

Jul-19
Clinical Pathology LaboratoriesClinical Pathology Laboratories
2,200,000

AMCA's data breach impacted various blood testing labs, now including 2.2 million CLP patients. Compromised information includes their names, addresses, phone numbers, dates of birth, dates of service, balance information, and treatment provider information.

Jul-19
Fieldwork SoftwareFieldwork Software
undisclosed

An unsecured database belonging to Fieldwork Software exposed customer names, credit cards, alarm codes, and other sensitive details.

Jul-19
Essentia HealthEssentia Health
1,000

More than 1,000 patients have been notified by Essentia Health that Nemadji, a former vendor, fell victim to a phishing incident, with possible exposure of personal information.

Jul-19
Los Angeles County Department of Health ServicesLos Angeles County Department of Health Services
14,600

Nemadji, a contractor for the Los Angeles County Department of Health Services, fell victim to a phishing attack, exposing personal information of 14,600 patients.

Jul-19
Maryland Department of Labor BreachMaryland Department of Labor Breach
78,000

Hackers infiltrated Maryland Department of Labor, accessing 78,000 users of the state’s unemployment insurance. Personal information such as social security numbers and record numbers were revealed.

Jul-19
Dominion National Dominion National
95,000

95,000 Delaware residents had their names, addresses, birth dates, Social Security numbers, and banking details exposed.

Jul-19
DesjardinDesjardin
27,000,000

One of the largest breaches among Canadian financial institutions impacted 2.7 million people & 173,000 businesses, exposing full names, addresses, birth dates, social insurance numbers, email addresses, and information about transaction habits.

Jul-19
MedicareSupplement.comMedicareSupplement.com
5,000,000

Medical details such as full names, insurance policies, & addresses were left on an open database without proper security measures in place.

Jun-19
PCM Inc.PCM Inc.
undisclosed

Hackers obtained administrative credentials that PCM uses to manage client accounts within Office 365, accessing emails and shared files.

Jun-19
Department of Human Services of Oregon Department of Human Services of Oregon
645,000 

Employees of the Oregon DHS were targeted in a phishing attack that gave the cybercriminal control over as many as 2 million emails containing personal details such as Social Security numbers, finanical details, and medical information.

Jun-19
US Customs and Border Protection US Customs and Border Protection
~100,000

A US Customs and Border Protection (CBP) of traveler & license plate images were compromised by a malicious cyber-attack. Privacy implications of this breach could be grave for American citizens & visitors.

Jun-19
Shanghai Jiao Tong UniversityShanghai Jiao Tong University
8.4 TB of data

8.4 TB of metadata was exposed such as IP addresses, users sending and receiving emails, and other high-level details from Shanghai Jiao Tong University.

Jun-19
Opko HealthOpko Health
422,600

Another medical company, Opko Health, is added to the impacted companies by the American Medical Certification Association (AMCA) breach, making it the third healthcare company to be affected by the incident. AMCA informed Opko Health that the compromised data may include credit card and bank account information, email addresses and other data such as address, phone number, and balance information.

Jun-19
LabCorpLabCorp
7,700,000

Another major blood testing firm, LabCorp, revealed that 7.7 million patients were potential victims of AMCA’s recent data breach, exposing medical and financial information such as clients’ names, dates of birth, addresses, phone numbers, dates of service, healthcare providers and account balance information.

Jun-19
Australian National UniversityAustralian National University
200,000

Australian National University was attacked by hackers who stole data of 200,000 students and staff stretching back 19 years. Compromised data includes names, addresses, birth dates, phone numbers, personal email addresses, emergency contact details, tax file numbers, payroll information, bank account details, passport details, and student academic records.

Jun-19
Quest Diagnostics Quest Diagnostics
12,000,000

Banking, credit card, and some medical information of 12 million patients were exposed by Quest Diagnostics' payment service, American Medical Certification Association (AMCA), due to a security incident.

May-19
Checkers and Rally'sCheckers and Rally's
102 restaurants

Hackers installed malware on Checkers and Rally's Point-of-Sale systems on 102 drive-in restuarants, stealing details via the credit cards’ magnetic stripes and included cardholders’ full name, card number, card verification code, and expiration date - all the data needed to make purchases online

May-19
G SuiteG Suite
undisclosed

Since 2005 G Suite passwords have been stored incorrectly such that they were encrypted but unhashed, allowing access to Google employees.

May-19
First AmericanFirst American
885, 000,000 records

Without web authentication, mortgage deals dated back to 2003 were found available online, revealing bank account statements, Social Security numbers, drivers license images, and other personally identifiable information.

May-19
Game GolfGame Golf
134,000,000 records

Millions of golfer records from the Game Golf app, including GPS details from courses played, usernames and passwords, and even Facebook login data, were all exposed for anyone with an internet browser to see — a veritable hole-in-one for a cyberattacker looking to build profiles for potential victims, to be used in follow-on social-engineering attacks.

May-19
Instagram Instagram
49,000,000 records

Millions of Instagram influencers, celebrities, and brand accounts had their information such as bio, profile picture, follower count, location by city and country, owner’s email address and phone number stored online in an unknown massive database.

May-19
Inmediata Health GroupInmediata Health Group
1,565,338

Patients impacted by Inmediata Health Group’s web exposure breach are reportedly receiving multiple breach notification letters, some addressed to other patients. Compromised information included patient names, addresses, dates of birth, gender, and medical claims data. For a small group of patients, Social Security numbers were potentially breached.

May-19
ApexSMSApexSMS
80,000,000

SMS scammers left an unsecured database containing personal data on over 80 million people, without a password protecting it. The exposed database included people’s names, locations, phone numbers, IP addresses, cell phone numbers, and their carrier network name.

May-19
WhatsAppWhatsApp
undisclosed

A zero-day vulnerability was discovered allowing hackers remote access to victims' smartphones including private messages, photos, and contacts that affected a "select number" of users.

May-19
AMC NetworksAMC Networks
1,615,360 records

AMC Networks exposed 1.62 million records including data of subscribers' names, emails, and subscription details on the open internet connected to its Sundance Now and Shudder subscription streaming services.

May-19
US HouseholdsUS Households
80,000,000

Americans over the age of 40 years old may have had their information such as their full name, age, address, birthday date, marital status, income bracket, among other details left online on a database without a password securing it.

Apr-19
Steps to RecoverySteps to Recovery
146,316

An unsecure database contained about 4.9 million rows of data was left exposed online allowing anyone access. The researcher estimated about 146,316 unique patients had their information such as medical procedures, dates of service, the amount billed, and the specific facility from which treatment was received.

Apr-19
EmCareEmCare
60,000

An unauthorized individual gained to a number of employee email accounts, potentially exposing personal data of patients, employees, and contractors. Information such as their demographic information, some clinical data, Social Security numbers, and driver’s licenses were leaked.

Apr-19
FacebookFacebook
1,500,000

Since May 2016, Facebook “unintentionally” uploaded email contacts from up to 1.5 million new users on its servers, without their consent or knowledge.

Apr-19
MicrosoftMicrosoft
6% of users

"Microsoft has revealed that one of its support agent's credentials were compromised, enabling unauthorized parties to access information from a "limited subset" of users, including e-mail addresses, folder names, subject lines, and the names of recent recipients, between January 1 and March 28 of 2019."

Apr-19
FBI Agents & Police OfficersFBI Agents & Police Officers
4,000 records

"Hackers infiltrated police and FBI websites, exposing 4,000 records of personal data on the Dark Web, such as member names, personal and government email addresses, job titles, phone numbers and their postal addresses."

Apr-19
Toyota Toyota
3,100,000

"Toyota has suffered yet another cyber-attack, exposing personal information of 3.1 million previous and current car owners, such as their full names, date of birth, and employment information."

Apr-19
Facebook Facebook
540,000,000

"Two sets of Facebook user data was left publicly viewable for months online, indicating how badly Facebook has lost control of your data. The first database, Cultura Colectiva, contained over 540 million Facebook user records, including comments, likes, reactions, account names, Facebook user IDs, and more. The second dataset, At the Pool, contained information about users' friends, likes, groups, and checked-in locations, as well as "names, plaintext passwords, and email addresses for 22,000 people."

Apr-19
Georgia Institute of Technology Georgia Institute of Technology
1,300,000

"Unauthorized access entered Georgia Tech's database which contained names, addresses, social security numbers, and date of bith of current and former students, faculty and staff, and student applicants."

Apr-19
Earl Enterprises Earl Enterprises
2,000,000 credit cards

"Between May 23, 2018 to March 18, 2019, two million credit cards have been compromised after hackers installed malware on point-of-sale systems for Earl Enterprises, a restaurant company that owns national chains like Buca di Beppo, Planet Hollywood, and Earl of Sandwich."

Mar-19
Oregon Depratment of Human Services Oregon Depratment of Human Services
350,000

"Nine Oregon Department of Human Services employees fell victim to a targeted phishing attack campaign, which compromised the data of 350,000 patients in about 2 million compromised emails."

Mar-19
Facebook Facebook
~200-600 million users

"Facebook has been storing its millions of users' passwords in plain text, without any encryption since 2012 for about 200 to 600 million users."

Mar-19
MyPillow & Amerisleep  MyPillow & Amerisleepl
not disclosed

"For MyPillow and Amerisleep, Magecart hackers had been on their websites for several months, though the two companies didn't issue public statements or warnings to their customers that they could have been affected by the hack."

Mar-19
Zoll Medical  Zoll Medical
277,319

"During a recent Zoll Medical server migration, 277,319 patient data was leaked such as email communications, patient names, addresses, dates of birth, and limited medical information."

Mar-19
Wolverine Solutions Group  Wolverine Solutions Group
600,000

"A ransomware attack resulted in a breach, affecting 600,000 Michigan reidents, exposing names, addresses, phone numbers, dates of birth, Social Security numbers, insurance contract information, and medical information."

Mar-19
Verifications IO  Verifications IO
2,069,145,043 records

"Verifications IO stored 2,069,145,043 records online without any protection or security measures, exposing birth dates, gender, email addresses, and phone numbers. The database was open without encryption or a password to prevent access."

Mar-19
Rush University Medical Center  Rush University Medical Center
45,000

"At Rush, an employee improperly disclosed a file to an unauthorized party. Exposed information may include names, addresses, birthdays, Social Security numbers and health insurance information of 45,000 patients."

Mar-19
Dow Jones  Dow Jones
2,418,862

"A database contained 2,418,862 records containing government officials, politicians and people of political influence in every country of the world was open to the public. PEPs, their connections, companies they are linked to, both national & government sanction lists, and individuals either connected to or convicted of crimes were on the list."

Mar-19
University of Connecticut Health  University of Connecticut Health
326,000

"University of Connecticut Health said “an unauthorized third party illegally accessed a limited number of employee email accounts,” which contained the Social Security numbers of about 1,500 people and other personal information of the remaining 324,500 potentially impacted people."

Feb-19
University of Washington Medical Center University of Washington Medical Center
974,000

"Patient data such as full name, medical record numbers, the party who received the data, and a description and purpose of the information was left exposed on the internet for three weeks due to a misconfigured server."

Feb-19
Swedish Healthcare Swedish Healthcare
2,700,000

"170,000 hours of 2.7 million medical calls including conversations about diseases, symptoms, medications, medical questions, and previous treatment sensitive calls going back as far back as 2013 were left open to the public to be listened to or downloaded by anyone, without password protection preventing access."

Feb-19
Dunkin' DonutsDunkin' Donuts
1,200

"This second data breach may be involved in a credential stuffing scheme, where third parties had unauthorized access to about 1,200 username and password combinations along with DD Perk card numbers."

Feb-19
HouzzHouzz
40,000,000

"Home improvement site, Houzz, urged its 40 million users to change their passwords after an unauthorized third party compromised customer data such as usernames, user IDs, location information from their IP addresses, and encrypted passwords."

Feb-19
AirbusAirbus
~10,000

"Employee personal information was compromised by unauthorized access. Airbus has been discrete about the nature of the hack and details of the breach as investigations continue."

Jan-19
Collection #2-5Collection #2-5
2.2 Billion Records

"An unprecedented collection of 2.2 billion unique usernames and their associated passwords are being passed around by hackers in hopes that people reused their old passwords on multiple accounts."

Jan-19
Ministry of HealthMinistry of Health
14,200

"Medical records and contact information belonging to 14,200 HIV-positive patients in Singapore have been illegally accessed and the database containing HIV-positive individuals and is used to monitor the country’s HIV infection status, facilitate contact tracing, and assess disease prevention measures were also compromised and leaked."

Jan-19
OpticsML & AscensionOpticsML & Ascension
24 Million Financial & Banking Documents

"Leaked documents dated as far back as 2008, if not longer, included loan and mortgage records from the major banking institutions such as CitiFinancial (lending finance of Citigroup), HSBC Life Insurance, Wells Fargo, CapitalOne, and U.S. federal agencies including the Department of Housing and Urban Development."

Jan-19
Oklahoma Securities CommissionOklahoma Securities Commission
Millions of FBI Files

"Without a username or password to protect this information, millions of files on many sensitive FBI investigations were exposed such as spreadsheets with agent-filled timelines of interviews related to investigations, emails from parties involved in myriad cases and bank transaction histories."

Jan-19
Collection #1Collection #1
772,904,991 emails

"Troy Hunt discovered a large file of 12,000 separate files deemed as Collection #1, containing 773 million emails along with 22 million passwords in plaintext."

Jan-19
Town of Salem Game PlatformTown of Salem Game Platform
7,600,000

"Town of Salem, an online role-playing game, was hacked exposing 7.6 million user data such as email addresses, usernames, hashed passwords, IP addresses, game and forum activity, full names, billing addresses, and amount paid."

Jan-19
Indiana Medicaid; Managed Health ServicesIndiana Medicaid; Managed Health Services
31,876

"Two separate data breaches involving Indiana Medicaid programs such as Managed health Services exposed protected health information of 31,300 plan members such as full name, addresses, date of birth, dates of service, insurance identification numbers, and descriptions of medical conditions. The second incident involved sending a notification letter about an upcoming pharmacy change to 576 wrong recipients, exposing plan members' names, insurance identification numbers, and medication information."

YEAR-2018

YEAR
COMPANY NAME
AFFECTED
SUMMARY
Dec-18
Blue Cross Blue Shield Blue Cross Blue Shield
15,000

"Due to a stolen employee's laptop, 15,000 Medicare Advantage members had personal information such as full name, address, date of birth, medication, diagnosis, provider information, and enrollee identification numbers compromised. "

Dec-18
Click2Gov Click2Gov
6,000

"6,000 residents of Saint John, Canada endured a data breach on their website through Click2Gov where people paid for parking tickets. Exposed information consisted of names, addresses, and credit card information."

Dec-18
BevMo BevMo
14,579

"BevMo's website was hacked, compromising payment data of 14,579 customers along with their full name, expiration date, security code, address, and phone number."

Dec-18
Bruegger's Bagels DiscountMugs.com
Not Specified

"Customers visiting the restaurant between August 28, 2018 to December 3, 2018 may have their data compromised such as name, credit card number, expiration date, and card security code due to unauthorized access to the point-of-sales system."

Dec-18
San Diego Unified School District San Diego Unified School District
500,000

"More than a half million students and staff had their personal identifiable information such as social security numbers, date of birth, home addresses, full names, phone number and paycheck information."

Dec-18
DiscountMugs.com DiscountMugs.com
Thousands

"Hackers injected a card skimmer code on DiscountMugs.com that went unnoticed in a four month period. They compromised credit card numbers, security codes, expiration dates, full names, addresses, phone numbers, email addresses, and ZIP codes -- everything needed to create fraudulent payments. Although it wasn't disclosed how many customers were impacted, DiscountMugs.com ranked in the top 10,000 sites of the U.S., bringing in thousands of customers every day."

Dec-18
NASA NASA
17300 currently employeed

"NASA underwent a security breach that exposed personal information of current and former employees due to the agency's server hack. The hackers managed to gain access to a server that stored personally identifiable information (PII), such as social security numbers."

Dec-18
Twitter Twitter
minor breach

"A bug exposed Twitter users' country codes of their personal phone numbers as well as whether their accounts had been locked by Twitter in the past. No full numbers were visible and after a day of discovering the bug in the chat support form, the issue was resolved. "

Dec-18
Facebook Facebook
6,800,000

"The latest Facebook exposure was due to a programming bug on their website which allowed 1,500 third-party apps access to unposted Facebook photos of 6.8 million users."

Dec-18
Google+ Google+
50,000,000

"A bug was developed on accident during a software patch allowed third-party developers to access users' profile information. As this is Google+'s second data breach, Google plans on retiring the social network in April instead of August. No financial data, passwords, or other sensitive information was impacted, but it was more access than originally agreed to share."

Dec-18
Quora Quora
100,000,000

"About half of Quora's users had their personal information stolen by hackers including full names, email addresses, encrypted passwords, and messages sent and received on the site."

Nov-18
Dunkin' Donuts Dunkin' Donuts
a small percentage

"Dunkin' Donuts reward program, DD Perks, may have been accessed by a third pary in a credential stuffing scheme, by using the username and password on various online accounts. Reward members were urged to immediately change their passwords."

Nov-18
Marriott Marriott
383,000,000

"Marriott guests that stayed at the Starwood Properties may have fell victim to this data beach which exposed personal information such as name, mailing address, phone number, email, passport number, Starwood Guest account information, birth date, gender, reservation information and communication preferences"

Nov-18
Atrium Health Atrium Health
2,650,000

"Due to AccuDoc Solutions, who handle Atrium Health's billing, had their servers compromised in a hacking incident exposing names, hoime addresses, dates of birth, insurance policy information, service dates, social security numbers, medical record numbers, and account balances."

Nov-18
Amazon Amazon
refused to disclose

"Amazon customers had their full names along with email address exposed due to a technical internal issue. Impacted users received an email from Amazon, but it was so vague that many dismissed it as a phish email scam."

Nov-18
United States Postal Service United States Postal Service
60,000,000

"By using Informed Delivery on the USPS website, users had the ability to view other user's email, username, user ID, account number, street address, phone number, and mailing campaigns due to an API flaw."

Nov-18
LPL Financial LPL Financial
Small number of people

"The small number of impacted clients have been notified that LPL's third party vendor, Capital Forensics, Inc., was attacked by a cyber threat that was contained within six hours of beginning."

Nov-18
Instagram Instagram
Small number of people

"Instagram resolved a vulnerability which revealed passwords of user accounts in plaintext, without any encryption or hash, by using a feature called Download Your Data."

Nov-18
Nordstrom Nordstrom
refused to disclose

"Nordstrom refused to disclose exactly how many employees' data was impacted out of 76,000 on payroll. Victims received a email notification that their full names, social security numbers, birth dates, bank account numbers, and salaries were exposed due to improper data handling by a contract worker (whose access is now revoked)."

Nov-18
Bankers Life Bankers Life
566,000

"566,000 Bankers Life & Medicare supplemental insurance policyholders may have had their personal information exposed such as names, addresses, birth dates, and insurance information."

Nov-18
HSBC HSBC
less than 1 percent ~14,000

"Less than 1 percent , but they manage 1.4 million aaccounts therefore 14,000 costumers had their names, addresses, phone number, email address, date of birth, account details, statement history, and payee account information. "

Nov-18
Radisson Radisson
small percentage

"A small percentage of Radisson Reward members' data was exposed such as their name, address, email address, company name, phone number, member number, and frequent flyer numbers."

Nov-18
Arik Air Arik
600,000 payment transactions

"The leaked data contained 994 CSV files, with files of customers' information collected between December 31, 2017 to March 16, 2018. Within these files disclosed about 54,011 unique names, 41, 304 unique device fingerprint, 65,412 unique emails, and 570, 210 unique card transactions; 437, 457 of those were made using Mastercard and 97, 713 using Visa."

Oct-18
Cathay Pacific Cathay Pacific
9,400,000

"Hackers compromised passenger data of up to 9.4 million people, such as passenger names, nationality, date of birth, phone numbers, email addresses, passport numbers, identity card numbers, frequent flyer membership numbers, customer service remarks, and historical travel information."

Oct-18
HealthCare.gov HealthCare.gov
75,000

"Sensitive data of 75,000 people were compromised including Social Security numbers, income, citizenship, or legal immigration status. The vulnerability was found through the insurance and broker agent portal."

Oct-18
The Pentagon The Pentagon
30,000

"The U.S. Department of Defense has warned that 30,000 military and civilian personnel, personal information and payment card data has been compromised at The Pentagon."

Oct-18
Shopper Approved Shopper approved
unknown

"Under the attack of notorious hacking gang, Magecart, Shopper Approved fell victim to their digital skimmer scheme which intercepted payment details from customers using this third party site."

Oct-18
Google+ Google+
496,951

"496,951 users were impacted by a security vulnerability in one of Google+'s People APIs, which allowed third-party developers access to user data. User information such as usernames, email addresses, occupation, date of birth, profile photos, places lived, and relationship status was exposed."

Sep-18
Facebook Facebook
50,000,000

"Facebook faced a zero-day vulnerability attack, allowing hackers to steal access tokens from 50 million accounts. Although Facebook reset 90 million accounts as a precaution, these access tokens would allow entry to third party apps."

Sep-18
GovPayNet GovPayNet
14,000,000

"This company used by thousands of U.S. state and local governments to accept online payments from traffic citations to bail payments, Government Payment Service Inc., has compromised 14 million customer records dating back six years ago. GovPayNet.com compromise included names, addresses, phone numbers, and the last four digits of the payer’s credit card number."

Sep-18
FreshMenu FreshMenu
110,000

"FreshMenu suffered a data breach and hid it from their 110,000 users. Exposed information included names, email addresses, phone numbers, home addresses, and order histories."

Sep-18
British Airways British Airways
380,000

"British Airways has confirmed a data breach, compromised personal information and credit-card numbers of up to 380,000 customers."

Sep-18
mSpy mSpy
1,000,000

"The app that allows users to spay on the mobile devices of their kids and partners have leaked milllions of sesnitve records online, including passwords, call logs, text messages, contacts, notes, and location data."

Aug-18
Air Canada Air Canada
20,000

"20,000 accounts may have been exposed such as users' passport details, name, birthdate, and country resided in. Air Canada forced reset all users' passwords."

Aug-18
PG&E PG&E
30,000

"Pacific Gas and Electric Company agreed to a $2.7 million settlement after leaving 30,000 records exposed online for 70 days, which consisted of usernames and hashed passwords."

Aug-18
Sitter Sitter
93,000

"Personal data was temporarily disclosed including phone numbers, addresses, transaction details, account holder contacts, partial numbers of credit cards, and encrypted account passwords."

Aug-18
Fiserv Fiserv
1700 banks reported so far

"Personal and financial data of bank clients were exposed for this major provider of technology solutions to financial institutions such as banks, credit unions, and insurance companies."

Aug-18
T-Mobile T-Mobile
2,000,000

"Leaked information included customers' name, billing zip code, phone number, email address, account number, and account type for up to 2 million T-Mobile customers."

Aug-18
Texas Voter Data Exposed Texas Voter Data Exposed
14,800,000

"Texas voter records have been exposed, including name, address, enthnicity, phone number, gender, race, and several years of voting history."

Aug-18
Augusta Health University Augusta Health University
417,000

"A phishing attack resulted in the exposure of medical and personal information of 417,000 individuals such as names, addresses, dates of birth, medical records, treatment information, diagnoses, lab results, medications, dates of service, and insurance information."

Aug-18
TCM BankTCM Bank
10,000

"Credit card applicants between March 2017 and July 2018 may have their names, addresses, dates of birth as well as Social Security numbers exposed due to a website misconfiguration, leaving thousands of people at risk."

Aug-18
RedditReddit
Users from 2007 database backup

“A hacker gained access to several employee accounts, accessing credentials, email addresses, and all content such as private messages.”

Jul-18
UnityPoint HealthUnityPoint Health
1,400,000

“A phish email tricked some of UnityPoint employees into providing their confidential sign-in information which allowed attackers access to data such as addresses, birth dates, medical records, medications, etc. affecting 1.4 million patients.”

Jul-18
Boys Town National Research HospitalBoys Town National Research Hospital
105,309

“The largest ever reported breach by a pediatric care provider or children’s hospital affected 105,309 individuals, employees and patients, stole personal information such as names, birth dates, social security numbers, medical records, among other data.”

Jul-18
ComplyRightComplyRight
662,000

"Cloud-based HR and tax service company, ComplyRight, was impacted by a security breach that jeopardized sensitive consumer information such as names, addresses, phone numbers, email addresses and Social Security numbers."

Jul-18
TicketmasterTicketmaster
40,000

"About 40,000 UK customers were directly involved in the massive credit card skimming operation from e-commerce sites said to be affected by third-party companies and later altered by hackers."

Jul-18
TimehopeTimehope
21,000,000

"Unknown attackers managed to break into Timehop's Cloud Computing Environment and access the data of entire 21 million users -- including their names, email addresses, and phone numbers attached to accounts."

Jun-18
MyHeritage MyHeritage
92,000,000

"The company learned about the breach on June 4, 2018, after an unnamed security researcher discovered a database file named "myheritage" on a private server located outside of the company, and shared it with MyHeritage team. After analyzing the file, the company found that the database, which included the email addresses and hashed passwords of nearly 92.3 million users, are of those customers who signed up for the MyHeritage website before October 27, 2017."

Jun-18
TicketflyTicketfly
26,000,000

"The San Francisco firm's parent company, Eventbrite, said Sunday that the stolen information included customers' names, addresses, emails and phone numbers. It hasn't disclosed other details, but a website that tracks data breaches says the hack affected more than 26 million user accounts."

May-18
TwitterTwitter
330,000,000

"Twitter urged all its users to immediately change their passwords after a bug exposed them in plain text. There was no evidence that any breach or misuse occurred."

May-18
Bank of Montreal / Simplii FinancialBank of Montreal / Simplii Financial
90000

"On Sunday, May 27, fraudsters contacted BMO claiming that they were in possession of certain personal and financial information for a limited number of customers. We believe they originated the attack from outside the country. We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off. We have notified and are working with relevant authorities as we continue to assess the situation."

Apr-18
Saks Fifth Ave / Lord and TaylorSaks Fifth Ave / Lord and Taylor
5,000,000

"A well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor, according to a cybersecurity research firm that specializes in tracking stolen financial data. The data, the firm said, appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers until last month."

March-18
Under Armour (via MyFitnessPal )Under Armour (via MyFitnessPal )
150,000,000

"US sportswear brand Under Armour said user names, email addresses and scrambled passwords were among the stolen data. However, payment card data was not affected. It urged customers to change their passwords immediately."

March-18
OrbitzOrbitz
800000

"According to Expedia, information that was likely accessed could include the customer's full name, payment card information, date of birth, phone number, email address, physical and/or billing address and gender."

Feb-18
Hardware ZoneHardware Zone
685000

"The hacker used the compromised credentials to impersonate the senior moderator to retrieve user profile data which comprised name, email address and user ID, and possible optional data fields," said SPH Magazines. "

Feb-18
SnapchatSnapchat
50000

"According to a person familiar with the matter, the attack relied on a link sent to users through a compromised account that, when clicked, opened a website designed to mimic the Snapchat login screen."

Jan-18
Unique Identification Authority of India (UIDAI)Unique Identification Authority of India (UIDAI)
1 Billion +

"The personal information of more than a billion Indians stored in the world's largest biometric database can be bought online for less than £6, according to an investigation by Indian Chandigarh-based Tribune newspaper. The reported breach is the latest in a series of alleged leaks from the Aadhaar database, which has been collecting the photographs, thumbprints, retina scans and other identifying details of every Indian citizen."

Jan-18
United States NavyUnited States Navy
130000

"A data breach at the US Navy has exposed the social security numbers and names of more than 130,000 current and former sailors."

YEAR-2017

YEAR
COMPANY NAME
AFFECTED
SUMMARY
Jun-17
Canada BellCanada Bell
1,900,000

"The illegally accessed information contains approximately 1.9 million active email addresses and approximately 1,700 names and active phone numbers."

Jun-17
EdmodoEdmodo
77,000,000

"Details of 77 million students, teachers and parents are thought to be up for sale on the web."

Jun-17
ZomatoZomato
170,000

"Food and restaurant search engine Zomato's database has suffered a security breach, with the user records of up to 17 million people having been stolen."

May-17
TD Ameritrade / ScottradeTD Ameritrade / Scottrade
20000

"U.S. discount brokerage firm Scottrade has confirmed that a third-party data breach inadvertently exposed 20,000 of its customers' non-public information."

May-17
Wonga.comWonga.com
270000

"Payday loans company Wonga has suffered a data breach that could affect up to 270,000 customers."

May-17
FAFSA ToolkitFAFSA Toolkit
100000

"Nearly 100,000 taxpayers may have had their personal information compromised by a security breach of an Internal Revenue Service tool that makes it easier to fill out the Free Application for Federal Student Aid, the Fafsa."

Apr-17
Emory HealthcareEmory Healthcare
80000

"Emory Healthcare: Nearly 80,000 patients were potentially impacted by a recent data breach at Georgia-based Emory Clinic."

Apr-17
Joblinkjoblink
4,800,000

"A malicious hacker breached the site, and the breach could impact as many as 4.8 million accounts across the ten states."

Apr-17
Dun & BradstreetDun & Bradstreet
33,600,000

"A Dun & Bradstreet 52GB database containing about 33.6 million records with very specific details about each of the people involved from job title to email address has been exposed."

Apr-17
WishboneWishbone
2,000,000

"The company became aware of the data swipe on March 14. The info may contain more than 2 million email addresses, among other things."

Mar-17
Arby's Fast Food CompanyArby's Fast Food Company
355000

"Hackers gained credit card information for as many as 355,000 customers through POS malware. Arby's says customers should check their accounts for any unauthorized purchases and report to their bank any such instances."

Mar-17
Coachella Valley Music and Arts FestivalCoachella
950000

"An unidentified hacker calling himself Berkut is selling more than 950,000 user accounts for the Coachella music festival, including email addresses, user names and hashed passwords."

Feb-17
ESEA Sports NetworkESEA Sports Network
1,500,000

"More than 1.5m users of e-sports network ESEA have been affected by a major leak after owners refused to pay a $50,000 ransom demand."

YEAR-2016

YEAR
COMPANY NAME
AFFECTED
SUMMARY
Dec-16
Quest DiagnosticsQuest Diagnostics
34000

"Protected health information of roughly 34,000 people who use Quest Diagnostics' online patient portal is now compromised."

Dec-16
EirEir
120000

"The company will contact 130,000 customers to advise them to reset their modems, and have said that at least 2,000 devices were breached. "

Dec-16
Daily MotionDaily Motion
85,000,000

"Over 85 million Dailymotion users' email addresses, usernames and passwords have reportedly been hacked by an unknown hacker. Dailymotion is like France's YouTube."

Dec-16
Madison Square GardenMadison Square Garden
Undisclosed

"Anyone who purchased food, drink, or other merchandise at the company's properties between Nov. 9, 2015 and Oct. 24, 2016 may have had their payment card information filched."

Nov-16
Michigan State UniversityMichigan State University
400000

"Michigan State University has experienced a data breach, which it said took place on November 13th. Their database includes 400,000 people's information."

Nov-16
HUDHUD
425000

"Two separate data incidents, one of which exposed the personal information of more than 425,000 public housing residents."

Nov-16
AU Red CrossAU Red Cross
1,300,000

"1.3 million Red Cross blood donors were leaked online in the form of a single database file. 550,000 of the donors were identified as unique."

Oct-16
WeeblyWeebly
43,400,000

"Web hosting service Weebly has confirmed a major data breach from February 2016 that affected 43.4 million users."

Oct-16
Modern Business SolutionsModern Business Solutions
Undisclosed

"Allegedly, a hacker scanning for unsecured databases was able to compromise at least 58.8 million records, possibly as many as 258 million."

Sep-16
ClixsenseClixsense
6,6000,000

"More than 2.2 Million people have already had their personal and sensitive data posted to PasteBin. The hackers who dumped the data has put another 4.4 Million accounts up for sale."

Sep-16
Eddie BauerEddie Bauer
Undisclosed

"Credit and debit cards used at 350+ North American stores during the first six months of 2016 may have been compromised."

Sep-16
MinecraftMinecraft
6,000,000

"For each user, the data included a username, a hashed password, the registration and last login dates, and a user ID. For the vast majority of users, but not for all, there was also an email address associated with their account."

Sep-16
Bon SecoursBon Secours
650000

"Personal information of patients was left exposed on the internet for four days."

Aug-16
OperaOpera
1,700,000

"The company said it detected and then quickly blocked an attack last week, but some data, including some sync users' passwords and account information, such as login names, may have been compromised."

Aug-16
Athens OrthopedicAthens Orthopedic
300000

"Confirmed that a hacker had gained access to our electronic medical records system earlier in the month, using the log-in credentials of a third-party vendor."

Aug-16
SteamSteam
9,000,000

"A known vulnerability found in older vBulletin discussion board software program, which powers the site's community, allowed the hacker to gain access to the databases."

Aug-16
UbuntuUbuntu
2,000,000

"The breach was a result of known SQL injection vulnerability in the Forumrunner add-on on the forum, which Canonical had neglected to patch."

Aug-16
YahooYahoo
200,000,000

"2012 Data breach finally comes to public light 4 years after the fact."

Aug-16
WarframeWarframe
800000

"Warframe is available on PC, Playstation 4 and Xbox One, and is consistently in thetop 20 played games on Steam. Company confirmed that a list of 775,749 email addresses was acquired through a Drupal SQL exploit."

Jul-16
BadooBadoo
127,000,000

"User accounts for dating site Badoo are being traded in the digital underground, including email address, cracked passwords, names, and dates of birth."

Jul-16
ImeshImesh
51,000,000

"Although the company is no longer around, the data dump included 51 million username/password combos, reconfirming the need for unique and strong passwords."

Jul-16
Vertical ScopeVertical Scope
45,000,000

"Stolen database contains close to 45 million records from 1,100 websites and forums."

Jul-16
MongoDMMongoDM
36,000,000

"More than 36 million accounts/records of internal data from several vulnerable networks."

Jun-16
NeopetsNeopets
70,000,000

"Tens of millions of user accounts from virtual pets community Neopets have allegedly been hacked and traded on the criminal underground."

Jun-16
EquifaxEquifax
431,000

"The breach lasted from mid-May through July. The hackers accessed people's names, Social Security numbers, birth dates, addresses and, in some instances, driver's license numbers, and passports. They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people. And they grabbed personal information of people in the UK and Canada too."

Jun-16
LinkedinLinkedin
117,000,000

"A hacker is trying to sell the account information, including emails and passwords, of 117 million LinkedIn users. The hacker, who goes by the name "Peace," told Motherboard that the data was stolen during the LinkedIn breach of 2012."

Jun-16
MyspaceMyspace
360,000,000

"Myspace may no longer be "hip," but this hacker thinks your stolen account data is still worth something online. A hacker known as Peace is trying to sell the passwords and emails of 360 million Myspace users for six bitcoin."

Jan-16
Time Warner CableTime Warner Cable
320,00

"Up to 320,000 Time Warner Cable customers may have had their email passwords stolen resulting from a variety of hacking methods, company officials confirmed."

YEAR-2015

Logo/Company Name
VICTIMS
SUMMARY
HyattHyatt
Undisclosed

"Hyatt said that it recently discovered malware on its payment-processing systems for Hyatt-managed locations. The company has since hired cybersecurity officials and strengthened the security of its system."

SanrioSanrio
3,300,000

"The database houses 3.3 million accounts and has ties to a number of other Hello Kitty portals. The records exposed include first and last names, birthday, gender, country of origin, email addresses, unsalted SHA-1 password hashes, password hint questions, their corresponding answers, and other data points that appear to be website related."

MacKeeperMacKeeper
13,000,000

"The makers of MacKeeper  have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and users. It's database had been inadvertently exposed as a result of a server misconfiguration."

Elephant BarElephant Bar
Undisclosed

"The Elephant Bar restaurants warned customers who used credit cards at the 29-unit chain between August and December that their data may have been breached.Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software on POS systems."

VtechVtech
4,100,000-6,300,000

"Personal information of about 6.4 million children was exposed in a recent data breach. That is in addition to records for 4.9 million adult customers VTech had previously said were affected by the breach."

Hilton WorldwideHilton Worldwide
Undisclosed

"Hilton Worldwide recently announced that it had discovered and removed malware designed to steal payment card information from restaurants, gift shops and other point-of-sale systems at some of its hotels. Hilton says it determined that the malware specifically targeted cardholder names, payment card numbers, security codes and expiration dates."

Georgia Voter Registry Georgia Voter Registry
6,000,000

"Georgia Secretary of State Brian Kemp acknowledged Wednesday that his office last month illegally disclosed the Social Security numbers and other private information of more than 6 million registered voters. Kemp said the data went to 12 organizations who regularly subscribe to “voter lists” maintained by the state."

VBulletinVBulletin
480,000

"VBulletin Solutions has reset the passwords for over 300,000 accounts on its website following a security breach, and also released emergency security patches. The company's Internet forum software is used on tens of thousands of websites."

TalkTalkTalkTalk
156,959

"Talk Talk said the total number of customers affected by the attack in late October was 156,959, including 15,656 whose bank account numbers and sort codes were hacked.The company said 28,000 credit and debit card numbers, with some digits obscured, stolen by the hackers cannot be used for payment and customers cannot be identified from the data."

ScottradeScottrade
4,600,000

" The company announced on its website that hackers managed to access one of its servers in late 2013 and early 2014, stealing names and street addresses for 4.6 million of their clients. Other sensitive information, including email addresses and Social Security numbers, were also stored in the compromised system, but the company believes that this information has not been compromised."

T-Mobile --> ExperianT-Mobile --> Experian
15,000,000

"In T-Mobile's case, its credit application processor Experian was hacked, potentially exposing highly sensitive details of 15 Million people who applied for its service in the past two years. The stolen data includes home addresses, birth dates, driver's license number, passport number, military I.D. numbers and – most unfortunately – the Social Security numbers, among other information."

PatreonPatreon
2.3 million

"In a post published late Wednesday, Patreon CEO Jack Conte confirmed that the crowdfunding firm had been hacked and that the personal data of its users had been accessed.According to the company, no credit card or debit card numbers were stolen in the data breach, and also the already accessed, "all passwords, social security numbers, and tax form information" were properly encrypted. "

Excellus Blue Cross Blue ShieldExcellus Blue Cross Blue Shield
10.5 million

"The attackers gained access to the details of members, patients and other individuals Excellus does business with. According to the organization, the breach also impacts members of other Blue Cross Blue Shield plans who sought treatment in the 31 county upstate New York service area of Excellus BCBS. It is estimated that roughly 10..5 million individuals are affected."

Web.comWeb.com
93,000

"Domain registrar and web hosting firm Web.com said on Tuesday that hackers made away with credit card and personal information of roughly 93,000 of its customers after breaching a server operated by the company. Web.com said that it discovered the breach of one of its computer systems on August 13, 2015 through its ongoing security monitoring."

SterlingBackcheckSterlingBackcheck
100,000

Background check provider, SterlingBackcheck, recently began notifying 100,000 people that their names, birthdates and Social Security numbers may have been exposed when an unencrypted laptop was stolen from an employee's car on May 29, 2015, CBS46 News reports.

IRS
IRS
334,000

"The Internal Revenue Service (IRS) disclosed today that identity thieves abused a feature on the agency’s Web site to pull sensitive data on more than 330,000 potential victims as part of a scheme to file fraudulent tax refund requests. The new figure is far larger than the number of Americans the IRS said were potentially impacted when it first acknowledged the vulnerability in May 2015."

The Carphone WarehouseThe Carphone Warehouse
2,400,000

"Up to 2.4m Carphone Warehouse customers may have had their personal information and bank details compromised, after the mobile phone retailer said its systems had been breached by a sophisticated cyber attack. The attack hit the division of Carphone Warehouse that operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk, and provides services to TalkTalk Mobile among others. As many as 90,000 customers may also have had their encrypted credit card details accessed by the hackers."

Ashley MadisonAshley Madison
37,000,000

Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information.

CVSPhoto.com, Costco Photo Center, Rite Aid PhotoCVSPhoto.com, Costco Photo Center, Rite Aid Photo
unknown

"Customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised,” CVS said in a statement that replaced the photo website’s normal homepage content. “As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services." *Same message appears on Costco & Rite Aid's websites.

UCLA HealthUCLA Health
4,500,000

The information compromised included names, dates of birth, Social Security numbers, Medicare and health plan identification numbers, patient diagnosis and procedures. It has been reported that UCLA did not take basic steps to encrypt the patient data.

Federal Government's OPM (Office of Personnel Management)Federal Government's OPM (Office of Personnel Management)
4,200,000 - 1st Breach // 21,500,000 - 2nd Breach

A massive cyber breach at the Office of Personnel Management may have exposed the personal and financial information of 21.5 million employees (or more), putting their credit and finances at risk.

Adult FriendFinderAdult FriendFinder
4,000,000

While there’s no concrete evidence that the payments information attached to the accounts were compromised, the online dating site Adult FriendFinder admitted that its database was breached — impacting an estimated 4 million members, according to multiple media reports. However, the scope of the breach hasn’t been fully discovered.

CareFirst Blue CrossCareFirst Blue Cross
1,100,000

Attackers gained access to names, birth dates, email addresses and insurance identification numbers. The company said the database did not include Social Security or credit card numbers, passwords or medical information. Nevertheless, CareFirst is offering credit monitoring and identity theft protection for two years.

Hard Rock Hotel & CasinoHard Rock Hotel & Casino
unknown

“This criminal attack was limited to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant. The attack did not affect transactions at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon.”

Starbucks
Starbucks
unknown

Criminals are using Starbucks accounts to access consumers’ linked credit cards. Taking advantage of the Starbucks auto-reload function, they can steal hundreds of dollars in a matter of minutes. Because the crime is so simple, it can escalate quickly, and the consumer protections controlling the transaction are unclear. Starbucks denied the unauthorized activity was the result of a hack or intrusion into its servers or mobile applications.

Sally Beauty SupplySally Beauty Supply
unknown

Criminals used malware that is believed to have been effectively deployed on some of its point-of-sale systems at varying times between March 6th and April 17th, 2015. Accordingly, the payment card information of customers that used cards at affected U.S. Sally Beauty stores during this time may have been put at risk.

PremeraPremera
11,000,000

Premera Blue Cross said it was hacked and now the private medical and financial data of up to 11 million customers may be exposed. The hackers were actually able to break into customers’ claims and view banking account numbers, Social Security numbers and birth dates, as well as sensitive clinical information.

Sacred HeartSacred Heart
14,000

One of the third-party vendors Sacred Heart Health System uses for its billing operations was recently hacked, compromising the health information of about 14,000 patients. Hackers used a phishing attack to gain access to the email account of an employee of the billing vendor. They were able to access patients’ names, dates of service, dates of birth, diagnoses and procedures, total charges, and physicians’ names. About 40 of the patients also had their Social Security numbers compromised.

SRI Inc.
SRI Inc.
9,000

Indiana-based SRI Incorporated – which conducts tax sales, deed sales and foreclosure sales relating to the recoupment of delinquent tax for local governments – is notifying roughly 9,000 individuals that their personal information may be at risk.

HMSA
HMSA
18,000

The HMSA website says users who received services from Anthem over the last 10 years could have had their information accessed. The information that may have been compromised includes names, dates of birth, cities of residence, and part of the membership number.

Anthem HealthcareAnthem Healthcare
98,600,000

Anthem has updated the total, with non-customers included, and the amount of those affected could reach as high as 98.6 million. Uncertainty in the total is because 14 million of the records are incomplete, making it difficult for Anthem to link all of its members to the correct plans.

Morgan StanleyMorgan Stanley
350,000 Clients

Financial services firm Morgan Stanley publicly admitted on Jan. 5 2015 that it was the victim of an insider data breach.

USPS WorkersUSPS Workers
800,000

The USPS is victim of a cyber attack with Chinese hackers being suspected. Currently the FBI is investigating the breach and it appears that information obtained included names, dates of birth, Social Security numbers, addresses, and dates of employment. According to officials, all postal service employees were affected and they are not yet clear why their information was of interest to these hackers. They are not seeing any evidence of customer information being compromised.

YEAR-2014

Logo/Company Name
VICTIMS
SUMMARY
AliExpressAliExpress
7.7 million

Global threads bazaar AliExpress, an offshoot of global bazaar AliBaba, has patched a URL flaw that allowed attackers to harvest users’ personal details including names, shipping addresses and phone numbers. The insecure direct object reference vulnerability, reported by an unnamed researcher, affected 7.7 million logged-in users for AliExpress, the online retail wing of AliBaba that’s the most visited e-commerce site in Russia.

AT&TAT&T
280,000

The Federal Communications Commission (FCC) recently announced that AT&T has agreed to pay a $25 million fine for privacy violations related to a 2014 data breach that exposed almost 280,000 customers' names, full or partial Social Security numbers, and account-related data, including customer proprietary network information (CPNI).

Xbox Live Xbox Live
48,000,000

Around 48 million Xbox subscribers were interrupted from their gaming. The motive of this hack is unclear.

Sony Pictures
Sony Pictures
47,000

Five Sony films, an early version of a script for the next James Bond movie, Spectre, Brad Pitt's Fury, and a whole host of Sony's private company information has apparently been exposed to the public, including bosses' salaries and employees' social security information.

Texas Health and Human ServicesTexas Health and Human Services
2 million

The Texas Health and Human Services department discovered a data breach, it appears by "chance", after terminating their relationship with Xerox Corporation. The information includes "Medicaid clients' names, birthdates, Medicaid numbers, and medical and billing records related to care provided through Medicaid, such as reports, diagnosis codes and photographs."

Korea Credit Bureau, NH Nonghyup Card, Lotte Card, KB Kookmin CardKorea Credit Bureau, NH Nonghyup Card, Lotte Card, KB Kookmin Card
104 million

Credit card details from almost half of all South Koreans have been stolen and sold to marketing firms. The data was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores. Approximately 104 million credit card accounts were compromised following breaches at three credit card firms in South Korea. Originally, the BBC reported the breaches had affected 20 million cards.

StaplesStaples
1.2 million

"Staples that the investigation revealed that the hackers used malware that provided access to information for transactions at 115 of its stores. The hackers stole cardholder names, payment card numbers, expiration dates and card verification codes. The company is offering free identity theft protection services."

Barney & BarneyBarney & Barney
34,000

According to documents posted by financial news service Credit.com, the company has notified its customers that a pair of CDs containing the names, addresses, social security numbers and account numbers for users had gone missing.

Oregon Employment DepartmentOregon Employment Department
850,000

After reviewing 1.9 million records for people who have registered with the WorkSource Oregon Management Information System(WOMIS), state officials say they've identified 851,322 people whose information may have been compromised.

Chick-Fil-AChick-Fil-A
9,000

One financial institution that received an alert about a breach, said the bank had nearly 9,000 customer cards listed in that alert, and that the only common point-of-purchase were Chick-fil-A locations.

NaverNaver
25,000,000

A 31yo was recently booked by the police for infiltrating the accounts of 25 million people on Naver, S. Korea's largest Web portal. According to the National Police Agency, the suspect, surnamed Seo, purchased the private information of 25 million people. Seo then used the data, which included the names, residential numbers, Internet IDs and passwords, to hack into Naver accounts. He sent spam messages and other illicit emails to the Naver account holders to rake in illegal profit of some 160 million won ($148,000).

JP Morgan Chase ConsumerJP Morgan Consumer
76,000,000

Some reports suggests that credit and debit card information was not involved, that the hackers instead stole personal data such as addresses and phone numbers.

JP Morgan Small BusinessJP Morgan Small Business
7,000,000

The New York Times reported that and 7 million small businesses were involved.

Jimmy Johns
Jimmy Johns
216 Locations

The company explained the incident this way: “An intruder stole log-in credentials from Jimmy John’s point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems at some corporate and franchised locations.

GoodwillGoodwill
868,000

The national, charitable resale organization announced in early September that card information at approximately 330 stores had been compromised.

Home DepotHome Depot
56,000,000

About 56 million card records were hacked in this attack that is said to revolve around malware that was installed on cash register systems.

EbayEbay
145,000,000

The origin of the breach comes from hackers compromising a small number of employee login credentials, which gave access to eBay’s corporate network.

Sally's Beauty SupplySally's Beauty Supply
25,000 Records

In March, the Texas-based beauty chain said it had been hacked by the same gang that hacked Target.

Benesse HoldingsBenesse Holdings
22,600,000

Education services provider Benesse Corp. said personal data on 22.6 million customers were stored on a smartphone owned by the Tokyo systems engineer under arrest on suspicion of theft and illegal copying of customer data. While announcing the figure Monday, Benesse, a subsidiary of Benesse Holdings Inc., said the stolen information — the worst data leak in Japan’s history — also included customer data on its group firms’ online-shopping website Benesse Life Smile Shop & message board website Benesse Women’s Park.

DropboxDropbox
6,900,000

Hundreds of passwords to Dropbox accounts have been leaked in the latest security breach, with hackers threatening to release millions more account details in exchange for Bitcoin.

Dairy QueenDairy Queen
600,000

The ice cream chain said the breach affected 395 of its over 4,500 locations in the United States. The hacked information contained the names and credit card information of past customers.

Community Health SystemsCommunity Health Systems
4,500,000

According to a CHS SEC filing describing the breach, the hack likely originated from China and focused on valuable non-clinical, non-medical data, such as “patient names, addresses, birthdates, telephone numbers and Social Security numbers."

Nieman Marcus Nieman Marcus
1,100,000

The company, in a statement, said, “We do know, and our forensic reports have confirmed, that malicious software (malware) was clandestinely installed on our system and that it attempted to collect or ‘scrape’ payment card data from July 16, 2013 to Oct. 30, 2013.”

St Joseph's Health SystemSt Joseph's Health System
405,000

Information was accessed through a single server by hackers from China and other locations. The server contained employee and patient data for St. Joseph Regional Health Center in Bryan, Burleson St. Joseph Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center. The breach supposedly occurred between December 16 through the 18th, 2013. The data included patient names, birth dates, Social Security numbers, and possibly addresses. Medical information for patients was accessible, as well as bank information for current and former employees. Both adult and minor information may have been compromised.

Northwestern City of Verden
18 million

German authorities recently confirmed that they're investigating the theft of around 18 million e-mail account passwords, affecting all major German Internet service providers

LinkedIn / eHarmony LinkedIn / eHarmony
8 million

Business social network LinkedIn and online dating service eHarmony said Wednesday that some of their users' passwords were stolen and millions appear to have been leaked onto the Internet.

YEAR-2013

Logo/Company Name
VICTIMS
SUMMARY
Target
Target
110,000,000

Around 70 million holiday shoppers had their card data compromised late last year in the breach at Target, the incident that kicked off the current wave of big breaches.

Horizon Healthcare Services, Inc. (Horizon Blue Cross Blue Shield)Horizon Healthcare Services, Inc. (Horizon Blue Cross Blue Shield)
840,000

Sometime between November 1 and 3, two unencrypted laptops were stolen from employee workstations. The laptops were password-protected and cable-locked to the workstations. Names, Social Security numbers, addresses, dates of birth, Horizon Blue Cross Blue Shield New Jersey identification numbers, and demographic information may have been exposed.

Maricopa County Community College DistrictMaricopa County Community College District
2,490,000

An unspecified data breach may have exposed the information of current and former students, employees, and vendors. Names, Social Security numbers, bank account information, and dates of birth may have been viewed by unauthorized parties.

CorporateCarOnline.comCorporateCarOnline.com
850,000

Hackers stole and stored information online related to customers who used limousine and other ground transportation. The online information included plain text archives of credit card numbers, expiration dates, names, and addresses. Many of the customers were wealthy and used credit cards that would be attractive to identity thieves.

Schnucks SupermarketSchnucks Supermarket
2,400,000

According to the company, only card numbers and expiration dates appear to have been exposed, not the cardholder's name, address or identifying information.

MichaelsMichaels
2,600,000
In a statement, the company said, “After weeks of analysis, (Michaels stores and its subsidiary, Aaron Brothers), were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms” the company had retained to analyze what had gone wrong
AdobeAdobe
152,000,000

Adobe said hackers had stolen encrypted customer credit card records, as well as login data for an undetermined number of Adobe user accounts.

ZapposZappos
24,000,000

Hackers were able to access Zappos customer's names, e-mail addresses, addresses, phone numbers, the last four digits of credit card numbers and cryptically scrambled passwords.

YEAR-2012

Logo/Company Name
VICTIMS
SUMMARY
Sony's Playstation NetworkSony's Playstation Network
77,000,000

Online gaming platform experienced a massive data breach that exposed the names, addresses and other personal information of 77 million users.



Subscribe to Our Newsletter for the latest news & alerts on scams and free security software.

Copyright © Prilock Security 2019 All Rights Reserved
Privacy Statement and Terms of Use