Popular Companies Data Breach List



"The company will contact 130,000 customers to advise them to reset their modems, and have said that at least 2,000 devices were breached. "

Daily MotionDaily Motion
85 Million

"Over 85 million Dailymotion users' email addresses, usernames and passwords have reportedly been hacked by an unknown hacker. Dailymotion is like France's YouTube."

Madison Square GardenMadison Square Garden

"Anyone who purchased food, drink, or other merchandise at the company’s properties between Nov. 9, 2015 and Oct. 24, 2016 may have had their payment card information filched."

Michigan State UniversityMichigan State University

 "Michigan State University has experienced a data breach, which it said took place on November 13th. Their database includes 400,000 people's information."


"Two separate data incidents, one of which exposed the personal information of more than 425,000 public housing residents."

AU Red CrossAU Red Cross
1.3 Million

"1.3 million Red Cross blood donors were leaked online in the form of a single database file. 550,000 of the donors were identified as unique."

43.4 Million

 "Web hosting service Weebly has confirmed a major data breach from February 2016 that affected 43.4 million users."

Modern Business SolutionsModern Business Solutions

"Allegedly, a hacker scanning for unsecured databases was able to compromise at least 58.8 million records, possibly as many as 258 million."

6.6 Million

"More than 2.2 Million people have already had their personal and sensitive data posted to PasteBin. The hackers who dumped the data has put another 4.4 Million accounts up for sale."

Eddie BauerEddie Bauer

"Credit and debit cards used at 350+ North American stores during the first six months of 2016 may have been compromised."

6 Million

"For each user, the data included a username, a hashed password, the registration and last login dates, and a user ID. For the vast majority of users, but not for all, there was also an email address associated with their account."

Bon SecoursBon Secours

"Personal information of patients was left exposed on the internet for four days."

1.7 Million

"The company said it detected and then quickly blocked an attack last week, but some data, including some sync users’ passwords and account information, such as login names, may have been compromised.”

Athens OrthopedicAthens Orthopedic

"Confirmed that a hacker had gained access to our electronic medical records system earlier in the month, using the log-in credentials of a third-party vendor."

9 Million

"A known vulnerability found in older vBulletin discussion board software program, which powers the site’s community, allowed the hacker to gain access to the databases."

2 Million

"The breach was a result of known SQL injection vulnerability in the Forumrunner add-on on the forum, which Canonical had neglected to patch."

200 Million

"2012 Data breach finally comes to public light 4 years after the fact."


"Warframe is available on PC, Playstation 4 and Xbox One, and is consistently in thetop 20 played games on Steam. Company confirmed that a list of 775,749 email addresses was acquired through a Drupal SQL exploit."

127 Million

"User accounts for dating site Badoo are being traded in the digital underground, including email address, cracked passwords, names, and dates of birth."

51 Million

"Although the company is no longer around, the data dump included 51 million username/password combos, reconfirming the need for unique and strong passwords."

Vertical ScopeVertical Scope
45 Million

"Stolen database contains close to 45 million records from 1,100 websites and forums."

36 Million

"More than 36 million accounts/records of internal data from several vulnerable networks."

70 Million

"Tens of millions of user accounts from virtual pets community Neopets have allegedly been hacked and traded on the criminal underground."


"Thieves were able to access W-2 data merely by entering at Equifax’s portal the employee’s default PIN code, exposing 431,000 Kroger employees."

117 Million

"A hacker is trying to sell the account information, including emails and passwords, of 117 million LinkedIn users. The hacker, who goes by the name “Peace,” told Motherboard that the data was stolen during the LinkedIn breach of 2012."

360 Million

"Myspace may no longer be “hip,” but this hacker thinks your stolen account data is still worth something online. A hacker known as Peace is trying to sell the passwords and emails of 360 million Myspace users for six bitcoin."

Time Warner CableTime Warner Cable

"Up to 320,000 Time Warner Cable customers may have had their email passwords stolen resulting from a variety of hacking methods, company officials confirmed."


Logo/Company Name

"Domain registrar and web hosting firm Web.com said on Tuesday that hackers made away with credit card and personal information of roughly 93,000 of its customers after breaching a server operated by the company. Web.com said that it discovered the breach of one of its computer systems on August 13, 2015 through its ongoing security monitoring."


Background check provider, SterlingBackcheck, recently began notifying 100,000 people that their names, birthdates and Social Security numbers may have been exposed when an unencrypted laptop was stolen from an employee's car on May 29, 2015, CBS46 News reports.


"The Internal Revenue Service (IRS) disclosed today that identity thieves abused a feature on the agency’s Web site to pull sensitive data on more than 330,000 potential victims as part of a scheme to file fraudulent tax refund requests. The new figure is far larger than the number of Americans the IRS said were potentially impacted when it first acknowledged the vulnerability in May 2015."

The Carphone WarehouseThe Carphone Warehouse
2.4 million

"Up to 2.4m Carphone Warehouse customers may have had their personal information and bank details compromised, after the mobile phone retailer said its systems had been breached by a sophisticated cyber attack. The attack hit the division of Carphone Warehouse that operates the websites OneStopPhoneShop.com, e2save.com and Mobiles.co.uk, and provides services to TalkTalk Mobile among others. As many as 90,000 customers may also have had their encrypted credit card details accessed by the hackers."

Ashley MadisonAshley Madison
37 million

Large caches of data stolen from online cheating site AshleyMadison.com have been posted online by an individual or group that claims to have completely compromised the company’s user databases, financial records and other proprietary information.

CVSPhoto.com, Costco Photo Center, Rite Aid PhotoCVSPhoto.com, Costco Photo Center, Rite Aid Photo

"Customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised,” CVS said in a statement that replaced the photo website’s normal homepage content. “As a precaution, as our investigation is underway we are temporarily shutting down access to online and related mobile photo services." *Same message appears on Costco & Rite Aid's websites.

UCLA HealthUCLA Health
4.5 million

The information compromised included names, dates of birth, Social Security numbers, Medicare and health plan identification numbers, patient diagnosis and procedures. It has been reported that UCLA did not take basic steps to encrypt the patient data.

Federal Government's OPM (Office of Personnel Management)Federal Government's OPM (Office of Personnel Management)
4.2 million - 1st Breach // 21.5 million - 2nd Breach

A massive cyber breach at the Office of Personnel Management may have exposed the personal and financial information of 21.5 million employees (or more), putting their credit and finances at risk.

Adult FriendFinderAdult FriendFinder
4 million

While there’s no concrete evidence that the payments information attached to the accounts were compromised, the online dating site Adult FriendFinder admitted that its database was breached — impacting an estimated 4 million members, according to multiple media reports. However, the scope of the breach hasn’t been fully discovered.

CareFirst Blue CrossCareFirst Blue Cross
1.1 million

Attackers gained access to names, birth dates, email addresses and insurance identification numbers. The company said the database did not include Social Security or credit card numbers, passwords or medical information. Nevertheless, CareFirst is offering credit monitoring and identity theft protection for two years.

Hard Rock Hotel & CasinoHard Rock Hotel & Casino

“This criminal attack was limited to credit or debit card transactions between September 3rd, 2014 and April 2nd, 2015 at restaurant, bar and retail locations at the Hard Rock Hotel Las Vegas property, including the Culinary Dropout Restaurant. The attack did not affect transactions at the hotel, casino, Nobu, Affliction, John Varvatos, Rocks, Hart & Huntington Tattoo or Reliquary Spa & Salon.”


Criminals are using Starbucks accounts to access consumers’ linked credit cards. Taking advantage of the Starbucks auto-reload function, they can steal hundreds of dollars in a matter of minutes. Because the crime is so simple, it can escalate quickly, and the consumer protections controlling the transaction are unclear. Starbucks denied the unauthorized activity was the result of a hack or intrusion into its servers or mobile applications.

Sally Beauty SupplySally Beauty Supply

Criminals used malware that is believed to have been effectively deployed on some of its point-of-sale systems at varying times between March 6th and April 17th, 2015. Accordingly, the payment card information of customers that used cards at affected U.S. Sally Beauty stores during this time may have been put at risk.

11 Million

Premera Blue Cross said it was hacked and now the private medical and financial data of up to 11 million customers may be exposed. The hackers were actually able to break into customers’ claims and view banking account numbers, Social Security numbers and birth dates, as well as sensitive clinical information.

Sacred HeartSacred Heart

One of the third-party vendors Sacred Heart Health System uses for its billing operations was recently hacked, compromising the health information of about 14,000 patients. Hackers used a phishing attack to gain access to the email account of an employee of the billing vendor. They were able to access patients’ names, dates of service, dates of birth, diagnoses and procedures, total charges, and physicians’ names. About 40 of the patients also had their Social Security numbers compromised.

SRI Inc.
SRI Inc.

Indiana-based SRI Incorporated – which conducts tax sales, deed sales and foreclosure sales relating to the recoupment of delinquent tax for local governments – is notifying roughly 9,000 individuals that their personal information may be at risk.


The HMSA website says users who received services from Anthem over the last 10 years could have had their information accessed. The information that may have been compromised includes names, dates of birth, cities of residence, and part of the membership number.

Anthem HealthcareAnthem Healthcare
98.6 Million

Anthem has updated the total, with non-customers included, and the amount of those affected could reach as high as 98.6 million. Uncertainty in the total is because 14 million of the records are incomplete, making it difficult for Anthem to link all of its members to the correct plans.

Morgan StanleyMorgan Stanley
350,000 Clients

Financial services firm Morgan Stanley publicly admitted on Jan. 5 2015 that it was the victim of an insider data breach.

USPS WorkersUSPS Workers

The USPS is victim of a cyber attack with Chinese hackers being suspected. Currently the FBI is investigating the breach and it appears that information obtained included names, dates of birth, Social Security numbers, addresses, and dates of employment. According to officials, all postal service employees were affected and they are not yet clear why their information was of interest to these hackers. They are not seeing any evidence of customer information being compromised.


Logo/Company Name
7.7 million

Global threads bazaar AliExpress, an offshoot of global bazaar AliBaba, has patched a URL flaw that allowed attackers to harvest users’ personal details including names, shipping addresses and phone numbers. The insecure direct object reference vulnerability, reported by an unnamed researcher, affected 7.7 million logged-in users for AliExpress, the online retail wing of AliBaba that’s the most visited e-commerce site in Russia.


The Federal Communications Commission (FCC) recently announced that AT&T has agreed to pay a $25 million fine for privacy violations related to a 2014 data breach that exposed almost 280,000 customers' names, full or partial Social Security numbers, and account-related data, including customer proprietary network information (CPNI).


Uber said that on September 17, 2014, it discovered one of its databases could potentially have been accessed by a third party. After subsequent investigation, it learned that a one-time unauthorized access to an Uber database by a third-party occurred on May 13, 2014, & that the information of nearly 50,000 individuals (primarily taxi drivers employed by Uber) was compromised. The company disclosed that the files which were accessed only contained the names & driver’s license numbers of certain drivers.

Xbox Live Xbox Live
48 Million

Around 48 million Xbox subscribers were interrupted from their gaming. The motive of this hack is unclear.

Sony Pictures
Sony Pictures

Five Sony films, an early version of a script for the next James Bond movie, Spectre, Brad Pitt's Fury, and a whole host of Sony's private company information has apparently been exposed to the public, including bosses' salaries and employees' social security information.

Texas Health and Human ServicesTexas Health and Human Services
2 million

The Texas Health and Human Services department discovered a data breach, it appears by "chance", after terminating their relationship with Xerox Corporation. The information includes "Medicaid clients' names, birthdates, Medicaid numbers, and medical and billing records related to care provided through Medicaid, such as reports, diagnosis codes and photographs."

Korea Credit Bureau, NH Nonghyup Card, Lotte Card, KB Kookmin CardKorea Credit Bureau, NH Nonghyup Card, Lotte Card, KB Kookmin Card
104 million

Credit card details from almost half of all South Koreans have been stolen and sold to marketing firms. The data was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores. Approximately 104 million credit card accounts were compromised following breaches at three credit card firms in South Korea. Originally, the BBC reported the breaches had affected 20 million cards.

1.2 million

"Staples that the investigation revealed that the hackers used malware that provided access to information for transactions at 115 of its stores. The hackers stole cardholder names, payment card numbers, expiration dates and card verification codes. The company is offering free identity theft protection services."

Barney & BarneyBarney & Barney

According to documents posted by financial news service Credit.com, the company has notified its customers that a pair of CDs containing the names, addresses, social security numbers and account numbers for users had gone missing.

Oregon Employment DepartmentOregon Employment Department

After reviewing 1.9 million records for people who have registered with the WorkSource Oregon Management Information System(WOMIS), state officials say they've identified 851,322 people whose information may have been compromised.


One financial institution that received an alert about a breach, said the bank had nearly 9,000 customer cards listed in that alert, and that the only common point-of-purchase were Chick-fil-A locations.

25 Million

A 31yo was recently booked by the police for infiltrating the accounts of 25 million people on Naver, S. Korea's largest Web portal. According to the National Police Agency, the suspect, surnamed Seo, purchased the private information of 25 million people. Seo then used the data, which included the names, residential numbers, Internet IDs and passwords, to hack into Naver accounts. He sent spam messages and other illicit emails to the Naver account holders to rake in illegal profit of some 160 million won ($148,000).

JP Morgan Chase ConsumerJP Morgan Consumer
76 Million

Some reports suggests that credit and debit card information was not involved, that the hackers instead stole personal data such as addresses and phone numbers.

JP Morgan Small BusinessJP Morgan Small Business
7 Million

The New York Times reported that and 7 million small businesses were involved.

Jimmy Johns
Jimmy Johns
216 Locations

The company explained the incident this way: “An intruder stole log-in credentials from Jimmy John’s point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems at some corporate and franchised locations.


The national, charitable resale organization announced in early September that card information at approximately 330 stores had been compromised.

Home DepotHome Depot
56 Million

About 56 million card records were hacked in this attack that is said to revolve around malware that was installed on cash register systems.

145 Million

The origin of the breach comes from hackers compromising a small number of employee login credentials, which gave access to eBay’s corporate network.

Sally's Beauty SupplySally's Beauty Supply
25,000 Records

In March, the Texas-based beauty chain said it had been hacked by the same gang that hacked Target.

Benesse HoldingsBenesse Holdings
22.6 Million

Education services provider Benesse Corp. said personal data on 22.6 million customers were stored on a smartphone owned by the Tokyo systems engineer under arrest on suspicion of theft and illegal copying of customer data. While announcing the figure Monday, Benesse, a subsidiary of Benesse Holdings Inc., said the stolen information — the worst data leak in Japan’s history — also included customer data on its group firms’ online-shopping website Benesse Life Smile Shop & message board website Benesse Women’s Park.

6.9 Million

Hundreds of passwords to Dropbox accounts have been leaked in the latest security breach, with hackers threatening to release millions more account details in exchange for Bitcoin.

Dairy QueenDairy Queen

The ice cream chain said the breach affected 395 of its over 4,500 locations in the United States. The hacked information contained the names and credit card information of past customers.

Community Health SystemsCommunity Health Systems
4.5 Million

According to a CHS SEC filing describing the breach, the hack likely originated from China and focused on valuable non-clinical, non-medical data, such as “patient names, addresses, birthdates, telephone numbers and Social Security numbers."

Nieman Marcus Nieman Marcus
1.1 Million

The company, in a statement, said, “We do know, and our forensic reports have confirmed, that malicious software (malware) was clandestinely installed on our system and that it attempted to collect or ‘scrape’ payment card data from July 16, 2013 to Oct. 30, 2013.”

St Joseph's Health SystemSt Joseph's Health System

Information was accessed through a single server by hackers from China and other locations. The server contained employee and patient data for St. Joseph Regional Health Center in Bryan, Burleson St. Joseph Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center. The breach supposedly occurred between December 16 through the 18th, 2013. The data included patient names, birth dates, Social Security numbers, and possibly addresses. Medical information for patients was accessible, as well as bank information for current and former employees. Both adult and minor information may have been compromised.

Northwestern City of Verden
18 million

German authorities recently confirmed that they're investigating the theft of around 18 million e-mail account passwords, affecting all major German Internet service providers

LinkedIn / eHarmony LinkedIn / eHarmony
8 million

Business social network LinkedIn and online dating service eHarmony said Wednesday that some of their users' passwords were stolen and millions appear to have been leaked onto the Internet.

2.3 Million

Thanks to a gap in the service's security, the phone numbers and usernames have been downloaded by a Web site calling itself SnapchatDB.info. The compromised accounts are concentrated mostly in California and New York, with the two states accounting for nearly 2.3 million accounts. Other regions affected include Illinois, Colorado and Florida.


Logo/Company Name
110 Million

Around 70 million holiday shoppers had their card data compromised late last year in the breach at Target, the incident that kicked off the current wave of big breaches.

Horizon Healthcare Services, Inc. (Horizon Blue Cross Blue Shield)Horizon Healthcare Services, Inc. (Horizon Blue Cross Blue Shield)

Sometime between November 1 and 3, two unencrypted laptops were stolen from employee workstations. The laptops were password-protected and cable-locked to the workstations. Names, Social Security numbers, addresses, dates of birth, Horizon Blue Cross Blue Shield New Jersey identification numbers, and demographic information may have been exposed.

Maricopa County Community College DistrictMaricopa County Community College District
2.49 Million

An unspecified data breach may have exposed the information of current and former students, employees, and vendors. Names, Social Security numbers, bank account information, and dates of birth may have been viewed by unauthorized parties.


Hackers stole and stored information online related to customers who used limousine and other ground transportation. The online information included plain text archives of credit card numbers, expiration dates, names, and addresses. Many of the customers were wealthy and used credit cards that would be attractive to identity thieves.

Schnucks SupermarketSchnucks Supermarket
2.4 Million

According to the company, only card numbers and expiration dates appear to have been exposed, not the cardholder's name, address or identifying information.

2.6 Million
In a statement, the company said, “After weeks of analysis, (Michaels stores and its subsidiary, Aaron Brothers), were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms” the company had retained to analyze what had gone wrong
152 Million

Adobe said hackers had stolen encrypted customer credit card records, as well as login data for an undetermined number of Adobe user accounts.

24 Million

Hackers were able to access Zappos customer's names, e-mail addresses, addresses, phone numbers, the last four digits of credit card numbers and cryptically scrambled passwords.


Logo/Company Name
Sony's Playstation NetworkSony's Playstation Network
77 Million

Online gaming platform experienced a massive data breach that exposed the names, addresses and other personal information of 77 million users.

Subscribe to Our Newsletter for the latest news & alerts on scams and free security software.

Copyright © Prilock Security 2017 All Rights Reserved