10 Biggest Data Breaches in History

May 1, 2020
10 Biggest Data Breaches in History

Did you hear about that last big data breach? It’s a question posed more and more frequently these days, as the exposure of supposedly safe information repeatedly makes its way into the hands of malicious hackers. Neither banking information nor social security numbers are exempt, and if you recently signed up online to discreetly cheat on your spouse, beware: That information is not as secure as you think it is, either.

As data breaches go, 2019 was a bad year. In the first six months alone, the number of breaches far surpassed those in 2018, meaning roughly 3,800 breaches occurred. These breaches exposed an estimated 4.1 billion records, just from January through June. That’s a lot of credit card numbers, expiration dates, and CVVs being released into the wild. But data breaches are not new. They’ve been happening for years, compromising your data privacy in ways you never realized.

And it’s not only your financial information that’s at risk when a hacker attacks your favorite online shopping service. Your home address could be getting out there, too, along with your encrypted passwords and answers to your security questions.

Data breaches put us all at risk of horrors we’d rather avoid, such as identity theft and unauthorized charges on our credit accounts. Hackers compile the data they steal during a breach, package it up nicely, and sell it off to the highest bidder. The more complete your information — the bigger the payout.

Data breaches affect billions of people each year, including you, your loved ones, and your favorite brands. We’ve compiled a list of the 10 worst data breaches in recent history. If you frequent these establishments or use these services, odds are good that the information you provided is no longer secure:

1. Yahoo, August 2013

Even today, the 2013 attack on Yahoo stands as the worst data breach in history because it affected every single one of the 3 billion accounts stored on its server.

Customer names were compromised, as were their dates of birth, telephone numbers, and encrypted passwords.

2. Yahoo, December 2014

Shockingly, in December of 2014, Yahoo was attacked again. Email addresses were exposed this time, along with names, dates of birth, encrypted passwords, security questions, and telephone numbers. This time the data breach affected 500 million accounts, but worse? Yahoo kept news of the breach undisclosed for two years.

Members of the Russian Federal Security Service were ultimately charged with the crime, and the Securities and Exchange Commission (SAEC) fined Yahoo for failing to warn its consumers.

3. First American Financial Corporation, May 2019

In mid-2019, First American Financial Corporation suffered a data breach of their own design. It wasn’t hackers who exposed private consumer information in the incident, but rather a defect in a production application that made secure information available to anyone accessing the site.

Bank account numbers, bank statements, mortgage papers, tax records, social security numbers, drivers license images, and wire transaction receipts were accidentally made public. allowing users to access mortgage loan information dating back to 2003. Experts estimated roughly 885 million accounts were compromised in the incident.

4. Marriott International, 2014-2018

In 2018, hotel giant Marriott International alerted users to a data breach that had apparently been going on for four years. Hackers first accessed their Starwood Guest Reservation Database in 2014 and began stealing information that included names, email addresses, phone numbers, passport numbers, addresses, dates of birth, gender, loyalty program information, credit card numbers, and expiration dates.

Then, in January of 2020, Marriott was hacked again, and 5.2 million users had names, affiliations, employer names, hotel preferences, gender, age, home addresses, email addresses, and loyalty information compromised.

5. Facebook, 2019

In April of 2019, Facebook disclosed a massive data breach that affected the information of roughly 540 million users.

According to reports, it was the actions of third-party app developers who released private data that included account names and IDs, friends, photos, location check-ins, and reactions to comments.

6. Adult FriendFinder, October, 2016

In 2016, a data breach in a self-described “sex and swinger community” exposed the private information of roughly 339 million users. Embarrassingly enough, the information included usernames, email addresses, passwords, and dates of the user’s last visit to the site.

Even accounts that had been deleted were exposed in the hack. Sadly, the breach in 2016 wasn’t the first for Adult Friendfinder. Just a year prior, 4 million accounts were exposed and information leaked, including a user’s sexual preference.

Wrapped into the 2016 breach were another 69 million accounts from sites such as Cams.com, Penthouse.com, iCams.com, and Stripshow.com — all companies tied to Adult Friendfinder. The same identifiable user information was leaked, including VIP status, IP addresses, browser information, and whether items had been purchased. The breach is thought to have been generated by Russian hackers.

7. Zynga, September, 2019

The name may not be instantly recognizable, especially for those who don’t frequent the boredom-busting games on Facebook. For Farmvillers and those who play Words With Friends, however, Zynga is a household name. The mobile gaming app was hacked in late 2019, exposing the information of 218 million users.

The information leaked and sold contained Facebook and Zynga IDs, usernames, password information, and telephone numbers. The apps hacked were Draw Something and Words With Friends. Eventually, a hacker from Pakistan claimed responsibility for the breach.

8. Aadhaar, March, 2018

In 2018, a government site in India was hacked and personal identifying information exposed that is estimated to have affected 1.1 billion registered users. The site is a national ID database, containing both reported and biometric information on Indian citizens.

The information leaked contained ID numbers that are similar to U.S. social security numbers, names, and linked accounts. It’s still unclear whether thumbprint or iris scan information was made available.

9. Verifications.io, February, 2019

If you’re a company who regularly sends out newsletters or email marketing campaigns, you may use a service such as Verifications. io. This service checks email addresses to ensure they’re valid and not fake.

This helps prevent you from wasting valuable time and resources sending content to users who don’t exist, and it’s a big help to anyone who reaches consumers through email.

In February of 2019, however, Verifications, io was hacked, and email addresses of roughly 763 million users were exposed. In addition to email addresses, researches found additional bits of odd information that should not have been readily accessible.

These included mortgage amounts and loan interest rates, genders, dates of birth, and various social media log-in information.

10. eBay, May 2014

Even online auction sites aren’t safe from malicious hacking. In May of 2014, online giant ebay admitted they’d been hacked earlier in the year. Among the information exposed were passwords, names, email addresses, physical addresses, phone numbers, and dates of birth.

The breach was discovered by an eBay technology officer who noticed odd activity on the company’s network. And while eBay has repeatedly claimed that no financial information was exposed, they did ask users to update their passwords.

The eBay data breach may not seem like as big a deal as other recent breaches, but for users who have the same password across multiple sites, it opens up a back door for tech-savvy hackers to do quite a bit of damage.

Protect Your Online Data Privacy

Nearly everyone in America has an online presence today. Whether you shop online at national retailers such as Amazon and Walmart, or you regularly log in to Facebook to see what the neighbors are doing.

And just because your favorite website doesn’t have your financial information, doesn’t mean you can’t be compromised by a breach in data privacy.

When hackers obtain personal information such as your email address or telephone number, it becomes much easier for them to send phishing emails or to make phishing calls to glean more information.

Additionally, if you use the same password over and over across multiple sites, you’re letting yourself open to widespread damage.

To protect your online data experts recommend these tips:

  • Put passcodes on all your mobile devices. There’s a lot of information stored your phone, laptop and tablet, and if you leave one behind at the cafe and it’s not passcode-protected, whoever picks it up could easily access too much of your life, including your online banking app, and your social media logins.
  • Use different passwords. Probably the easiest way to help limit the damage from an online data breach is to use separate passwords across all sites you frequent. Then, when one site becomes compromised, you won’t have to change passwords everywhere else.
  • Amp up your privacy settings on social media. Some social media sites, such as Facebook, are continually making improvements and changes across their platforms. Unfortunately, not all those changes are helpful for users. This is why it’s important to stay on top of your privacy settings. Be careful who has access to your location check-ins, photos, and more.

It’s impossible to completely protect yourself and your information from an online data breach, but by being a bit more tech-savvy, you can certainly lessen the damage. Use these tips to help protect your data privacy while online.