Skip to content

Instantly share code, notes, and snippets.

@bluekvirus

bluekvirus/.block

Last active June 18, 2018 17:47
Show Gist options
  • Save bluekvirus/0ffa0b3359a84e42a361a21755b526fe to your computer and use it in GitHub Desktop.
Save bluekvirus/0ffa0b3359a84e42a361a21755b526fe to your computer and use it in GitHub Desktop.
Download ZIP
data-breach-chronicle
Raw
.block
height: 960
Raw
draw.js
/**
* Drawing data breach chronicle chart as a beeswarm.
*
* Data Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
* (click 'see the data' at the bottom, then jump to the latest data export as csv, delete 1st and 3rd row)
*
* @author Tim Lauv
* @created 2018.06.17
*/
document.addEventListener('DOMContentLoaded', function(){
console.log('READY!');
// Globals
// Hooks up the <SVG> canvas in index.html
var svg = d3.select('svg'),
width = +(svg.style('width')).replace('px', ''),
height = svg.attr('height');
// D3 Forces (simulation)
var sim = d3.forceSimulation()
.force('Y', d3.forceY(height / 2))
.force('charge', d3.forceManyBody());
// Raw data in JSON format
d3.csv('Information-is-Beautiful-Data-Breaches-(public)-2018-update.csv').then(data => {
//console.log(data);
// Extract useful attributes, ranges and unique keys
var extracted = {
nodes: data.map(d => {
return {
entity: d.Entity, // label (radius > threshold) (done)
'entity-short-description': d['alternative name'],
'entity-type': d['ORGANISATION'], // stroke color (done)
year: d['YEAR(2)'], // x axis (done)
count: d['records lost'], // area sqrt() = radius (done)
method: d['METHOD OF LEAK'], // fill color (done)
level: d['DATA SENSITIVITY'], // alpha (done)
};
}),
};
extracted.methods = d3.set(extracted.nodes, d => d.method).values();
extracted['entity-types'] = d3.set(extracted.nodes, d => d['entity-type']).values();
extracted.years = d3.set(extracted.nodes, d => d.year).values();
extracted.counts = d3.set(extracted.nodes, d => d.count).values();
extracted.levels = d3.set(extracted.nodes, d => d.level).values();
//console.log(extracted);
// Prepare x-axis scale (years to [0 - width]) for both axis and force
var x = d3.scaleLinear()
.domain(d3.extent(extracted.years))
.range([0 + width * 0.085, width * 0.85]);
sim.force('X', d3.forceX(d => x(d.year)).strength(0.8));
// Prepare radius for attack count (use area instead: r ^ r = count)
var r = d3.scaleSqrt()
.domain(d3.extent(extracted.counts))
.range([0, width / 5]);
extracted.nodes.forEach(d => {
// Note: cache the radius since it requires square root!
d.r = r(d.count / 50000);
});
// Prepare node color fill scale (counts to [theme colors])
var fill = d3.scaleQuantile()
.domain(extracted.counts)
.range(['#9B699B'/*Prague*/, '#DCE1EB'/*Munich*/, '#4B5A6E'/*Lausanne*/, '#333742'/*Berlin*/,
'#23B9B9'/*Genève*/, '#9B699B'/*Toulouse*/, '#2D4664'/*Copenhagen*/, '#3C6482'/*Stockholm*/]);
// Prepare node color fill alpha scale (breach levels to [0.4 - 0.8])
var alpha = d3.scalePoint()
.domain(extracted.levels)
.range([0.4, 0.8]);
// Graphics Rendering (create svg elements to represent extracted.nodes/links)
var g_node = svg.append('g').attr('class', 'nodes').selectAll('circle').data(extracted.nodes).enter()
.append('circle')
.attr('r', d => d.r)
.attr('fill', d => fill(d.count))
.attr('fill-opacity', 0.5)
.attr('opacity', d => alpha(d.level))
.attr('stroke', d => fill(d.count));
var g_label = svg.append('g').attr('class', 'label').selectAll('text').data(extracted.nodes).enter()
.append('text')
// Note: centering the text is delayed till sim tick. (can't have BBox measurement at this point)
.attr('dy', d => d.r / 2 * 0.2)
.attr('font-size', d => d.r / 2 * 0.6)
.attr('opacity', d => alpha(d.level) + 0.3)
.text(d => {
// Note: filtering company name by radius
if (d.r > 1)
return d.entity;
return '';
});
var g_axis_x = svg.append('g').attr('class', 'axis axis-x')
.call(d3.axisBottom(x).ticks(extracted.years.length / 2, 'd'));
// Note: not showing the grid lines since they won't align with n-body forced nodes;
// var g_dotted_grid_x = svg.append('g').attr('class', 'grid grid-x').selectAll('line').data(extracted.years).enter()
// .append('line')
// .attr('x1', d => x(d))
// .attr('y1', 20)
// .attr('x2', d => x(d))
// .attr('y2', 750);
// Patch extracted.nodes/links data with force adjusted position values
sim.nodes(extracted.nodes)
// Upon position changes (per ticking) update svg elements accordingly
.on('tick', function(){
// Note: .x, .y is now adjusted by the forces!
g_node.attr('cx', d => d.x)
.attr('cy', d => d.y);
g_label.attr('x', d => d.x)
.attr('y', d => d.y)
.attr('dx', function(d){
// Note: requires svg node local scope, thus can't use => fn (which has global this!)
return - this.getBBox().width / 2;
});
});
});
});
Raw
index.html
<!DOCTYPE html>
<meta charset="utf-8">
<link href="https://fonts.googleapis.com/css?family=Lato" rel="stylesheet">
<style>
body {
font-family: 'Lato', sans-serif;
}
.header {
margin-top: 25px;
margin-left: 50px;
position:absolute;
}
.header .title {
display: inline-block;
border: 2px solid;
padding: 0.7em;
margin: 0;
}
.header .sub {
font-size: 0.7em;
margin-left: 2.5em;
}
svg {
/* centering the svg canvas with auto width!*/
padding-top: 1em;
margin: 0 auto;
display: block;
width: 95%;
}
.nodes circle {
/* fill: none; */
/* fill-opacity: 0.4; */
/* stroke: #000000; */
stroke-width: 1px;
}
.axis-x {
transform: translateY(760px) /* translateX(-20px) */;
stroke-width: 3px;
}
.axis-x text {
font-size: 1.5em;
transform: translateY(1em);
}
/* .grid-x {
transform: translateX(-20px);
stroke-width: 1px;
stroke: #000000;
stroke-dasharray: 20,10,5,5,5,10;
opacity: 0.1;
} */
</style>
<div class="header">
<h1 class="title">Data Breach Chronicles 2004 - 2018</h1>
<p class="sub">Data Source: <a href="http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/">http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/</a></p>
</div>
<svg height="800"></svg>
<script src="https://d3js.org/d3.v5.min.js"></script>
<script src="draw.js"></script>
Raw
Information-is-Beautiful-Data-Breaches-(public)-2018-update.csv
Entity alternative name story YEAR YEAR(2) records lost ORGANISATION METHOD OF LEAK interesting story NO OF RECORDS STOLEN DATA SENSITIVITY UNUSED UNUSED Exclude 1st source link 2nd source link 3rd source source name
AOL American Online A former America Online software engineer stole 92 million screen names and e-mail addresses and sold them to spammers who sent out up to 7 billion unsolicited e-mails. 0 2004 92000000 web inside job 92000000 1 http://money.cnn.com/2004/06/23/technology/aol_spam/ http://www.msnbc.msn.com/id/8985989/#.UFcN8RgUwaA CNN
Cardsystems Solutions Inc. Third-party payment processor for Visa, Mastercard, Amex, and Discover CardSystems was fingered by MasterCard after it spotted fraud on credit card accounts and found a common thread, tracing it back to CardSystems. An unauthorized entity put a specific code into CardSystems' network, enabling the person or group to gain access to the data. It's not clear how many of the 40 million accounts were actually stolen. 1 2005 40000000 financial hacked y 40000000 300 http://www.msnbc.msn.com/id/8260050/ns/technology_and_science-security/t/million-credit-cards-exposed/#.UFiz7aRYtmg MSNBC
Ameritrade Inc. Computer backup tape containing personal information was lost. online broker 1 2005 200000 financial lost / stolen device or media 200000 20 http://www.nbcnews.com/id/7561268/ NBC
Citigroup Blame the messenger! A box of computer tapes containing information on 3.9 million customers was lost by United Parcel Service (UPS) while in transit to a credit reporting agency. 1 2005 3900000 financial lost / stolen device or media y 3900000 300 http://www.nytimes.com/2005/06/07/business/07data.html?pagewanted=all&_moc.semityn.www NY Times
Automatic Data Processing Business outsourcing, payrolls, benefits 1 2005 125000 financial poor security 130000 20 http://abcnews.go.com/Technology/story?id=2160425&page=1#.UFcROxgUwaA ABC
AOL American Online Durp. AOL VOLUNTARILY released search data for roughly 20 million web queries from 658,000 anonymized users of the service. No one is quite sure why. 2 2006 20000000 web accidentally published y 20000000 1 http://techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data/ Tech Crunch
KDDI Japanese telecommunications operator Press report: "Tokyo police have arrested two men for trying to extort nearly US$90,000 from KDDI Corp. The pair allegedly threatened to disclose the existence of storage media containing personal data belonging to four million KDDI customers prior to a shareholder meeting; however, KDDI alerted the police as soon as they were contacted by the blackmailers; the police monitored communications between KDDI and the pair for several weeks. " 2 2006 4000000 telecoms hacked y 4000000 1 http://www.computerworld.com/s/article/9001150/KDDI_suffers_massive_data_breach Computer World
Countrywide Financial Corp Mortgage financer 2 2006 2600000 financial inside job 2600000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Hewlett Packard Laptop lost/stolen containing employee data: names, addresses, Social Security numbers, dates of birth and other employment-related information. 2 2006 200000 tech, retail lost / stolen device or media y 200000 20 http://news.cnet.com/Laptop-with-HP-employee-data-stolen/2100-7348_3-6052964.html CNET
T-Mobile, Deutsche Telecom Thieves got their hands on a storage device with the data, which included the names, addresses, cell phone numbers, and some birth dates and e-mail addresses for high-profile German citizens. The company said the records did not contain bank details, credit card numbers, or call data. 2 2006 17000000 telecoms lost / stolen device or media 17000000 1 http://www.datalossdb.org http://www.informationweek.com/security/attacks/t-mobile-lost-17-million-subscribers-per/210700232 Data Loss Database
US Dept of Vet Affairs The Veterans Affairs Department agreed to pay $20 million to settle a class action lawsuit over the loss of a laptop. The department originally took three weeks to report the theft. The laptop was recovered with the data apparently intact a month after it was reported stolen. But it is impossible to say with absolute certainty that the data was not accessed and copied. 2 2006 26500000 government, military lost / stolen device or media 26500000 20 http://gcn.com/Articles/2009/02/02/VA-data-breach-suit-settlement.aspx GCN
Monster.com Jobs website A trojan virus stole log-ins that were used to harvest user names, e-mail addresses, home addresses and phone numbers. Soon after phishing e-mails encouraged users to download a Monster Job Seeker Tool, which was in fact a program that encrypted files in their computer and left a ransom note demanding money for their decryption. 3 2007 1600000 web hacked y 1600000 20 http://news.bbc.co.uk/1/hi/6956349.stm BBC
Hannaford Brothers Supermarket Chain Delhaize Group: Hannaford Bros, Sweetbay, Food Lion, Bloom, Bottom Dollar, Harveys, Kash n' Karry An estimated 4.2 million credit and debit card numbers were stolen. 3 2007 4200000 retail hacked 4200000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
TD Ameritrade US online broker TD Ameritrade settled a class action lawsuit to compensate as many as 6.3 million TD Ameritrade customers whose data was stolen by hackers costing the Nebraska online brokerage firm less than $2 per victim. 3 2007 6300000 financial hacked 6300000 1 http://www.wired.com/threatlevel/2008/07/ameritrade-hack/ Wired
TK / TJ Maxx Largest retail breach to date Hackers hacked a Minnesota store wifi network and stole data from credit and debit cards of shoppers at off-price retailers TJX, owners of nearly 2,500 stores, including T.J. Maxx and Marshalls. This case is believed to be the largest such breach of consumer information. 3 2007 94000000 retail hacked 94000000 300 http://www.zdnet.com/wi-fi-hack-caused-tk-maxx-security-breach-3039286991/ http://www.msnbc.msn.com/id/17871485/ns/technology_and_science-security/t/tj-maxx-theft-believed-largest-hack-ever/#.UFi-HaRYtmg ZD Net
Texas Lottery Data on more than 89,000 lottery winners (including names, Social Security numbers, addresses and prize amounts )were taken from the agency without permission by a former computer analyst who copied the password-free data. The employee added he wanted the information "for possible future reference as a programmer at other state agencies." 3 2007 89000 government inside job 90000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Compass Bank A former employee stole a hardrive containing 1m account details from the bank, then used it to defraud cutomers of nearly $32,000. 3 2007 1000000 financial inside job y 1000000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.computerworld.com/s/article/9072198/Programmer_who_stole_drive_containing_1_million_bank_records_gets_42_months ITRC
Fidelity National Information Services Employee sold customer information to a data broker, including names, addresses, birth dates, bank account and credit card information. 3 2007 8500000 financial inside job 8500000 300 http://www.pcworld.com/article/135117/article.html PCWorld
Dai Nippon Printing Japanese printing company A former contractor of Dai Nippon Printing Company in Tokyo, Japan stole 8.6 million records containing the personal data of customers of 43 of the company's clients. 3 2007 8637405 retail inside job 8600000 1 http://usatoday30.usatoday.com/tech/news/computersecurity/2007-12-30-data_n.htm USA Today
City and Hackney Teaching Primary Care Trust Heavily encrypted disks containing details of children are lost by couriers. 3 2007 160000 government lost / stolen device or media 160000 20 http://www.computerweekly.com/news/2240104003/Hackney-NHS-trust-encrypts-IT-equipment-following-loss-of-child-data Computer Weekly
Gap Inc Stolen laptop which contained social security numbers, data on people who applied for positions at Gap stores, including Banana Republic and Old Navy, between July 2006 and June 2007. 3 2007 800000 retail lost / stolen device or media 800000 20 http://www.pcworld.com/article/137865/article.html PC World
Driving Standards Agency Hard disk with details of candidates for the driving theory test was lost in a premises in Iowa by subcontractors. Only names, addresses and phone numbers. 3 2007 3000000 government lost / stolen device or media 3000000 20 http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm BBC News
Driving Standards Agency, Details of candidates for the driving theory test were on a hard drive that went missing in the US. 3 2007 3000000 government lost / stolen device or media 3000000 20 http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm BBC News
UK Revenue & Customs HMRC A set of discs containing confidential details of 25 million child benefit recipients was lost. 3 2007 25000000 government lost / stolen device or media 25000000 1 http://news.bbc.co.uk/2/hi/uk_news/7103911.stm BBC News
Jefferson County West Virginia, US "Jefferson County Clerk Jennifer Maghan said she unveiled a new online search tool that enabled residents and business professionals to access nearly 1.6 million documents that are stored in her office via their home computers" 4 2008 1600000 government accidentally published y 1600000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.journal-news.net/page/content.detail/id/511806.html?nav=5006 ITRC
Norwegian Tax Authorities "Tax authorities said they had accidentally sent CD-ROMs filled with the 2006 tax returns of nearly four million people living in Norway, a country of just 4.6 million inhabitants, to the editorial staff at national newspapers, radios and television stations." 4 2008 3950000 government accidentally published y 4000000 20 http://infowatch.com/node/1289 Info Watch
RBS Worldpay the U.S. payment processing arm of The Royal Bank of Scotland Group The hack primarily effected U.S. prepaid and the gift card issuing business of RBS Worldpay. Actual fraud has been committed on approximately 100 cards. Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed. 4 2008 1500000 financial hacked 1500000 20 http://www.theregister.co.uk/2008/12/29/rbs_worldpay_breach/ The Register
Data Processors International Provides merchant account establishment and Internet based credit card payment processing services 4 2008 5000000 financial hacked 5000000 1 http://money.cnn.com/2003/02/18/technology/creditcards/ CNN
Chile Ministry Of Education A computer hacker in Chile published confidential records belonging to six million people to illustrate the weakness of their security. 4 2008 6000000 government hacked 6000000 1 http://news.bbc.co.uk/2/hi/americas/7395295.stm http://www.geek.com/articles/news/government-servers-in-chile-hacked-6-million-personal-records-made-public-20080514/ BBC News
Auction.co.kr South Korea's largest online shopping site 4 2008 18000000 web hacked 18000000 300 http://www.darkreading.com/security/perimeter-security/211201111/hacker-steals-data-on-18m-auction-customers-in-south-korea.html Dark reading
GS Caltex Private oil company Two multimedia discs containing the names, social security numbers, addresses, cell phone numbers, email addresses and workplaces of Korean customers sorted by age were stolen. They were found by an office worker in a backstreet’s trash pile in Seoul. Experts say a GS Caltex employee likely stole the information for personal purposes given there were no signs of hacking. 4 2008 11100000 energy inside job 11100000 20 http://www.datalossdb.org http://english.donga.com/srv/service.php3?biid=2008090631088 Data Loss Database
Service Personnel and Veterans Agency (UK) Stolen USBs containing personal information about private lives of staff. 4 2008 50500 government lost / stolen device or media 50000 20 http://news.bbc.co.uk/1/hi/england/gloucestershire/7639006.stm BBC News
Stanford University Tens of thousands of past and current Stanford University employees had personal information - including their dates of birth, Social Security numbers and home addresses - stored on the hard drive of a stolen university laptop. 4 2008 72000 academic lost / stolen device or media 72000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.sfgate.com/bayarea/article/Stanford-employees-data-on-stolen-laptop-3281185.php ITRC
UK Home Office PA Consulting lost an unencrypted memory stick containing details of high risk, prolific and other offenders. 4 2008 84000 government lost / stolen device or media 84000 20 http://en.wikipedia.org/wiki/List_of_UK_government_data_losses Wikipedia
AT&T A laptop was stolen from a car containing unencrypted Social Security numbers and bonus/salary info of AT&T employees. 4 2008 113000 telecoms lost / stolen device or media y 100000 1 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Starbucks A laptop was stolen that contained private information on 97,000 employees, including names, addresses and Social Security numbers. Employees tried to sue Starbucks in California winning their case in the appeals court before losing in the higher federal court as they were unable to prove any cognizable harm or injury. 4 2008 97000 retail lost / stolen device or media y 100000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://privacyblog.littler.com/2011/01/articles/identity-theft/after-starbucks-laptop-is-stolen-alleged-victims-of-identity-theft-win-pyrrhic-victory/ ITRC
UK Ministry of Defence Hard drive containing very sensitive details of Armed Forces personnel - passport & national insurance numbers, bank details etc - went missing. Loss was revealed during National Identity Fraud Prevention Week. 4 2008 1700000 government lost / stolen device or media y 1700000 50000 http://news.bbc.co.uk/1/hi/uk_politics/7667507.stm BBC News
University of Miami Thieves stole a briefcase containing data tapes out of a vehicle used by a private off-site storage company. Anyone who had been a patient of a University of Miami physician or visited a UM facility since 1999 is likely included on the tapes. The data included names, addresses, Social Security numbers and health information. 47,000 of these records may have included credit card or other financial information regarding bill payment. 4 2008 2100000 academic lost / stolen device or media 2100000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
University of Utah Hospitals & Clinics stolen data tapes The data tapes were stolen by petty thieves from an employee's car. According to police reports the thieves tried - and failed - to view the tapes using a VHS player. 4 2008 2200000 academic lost / stolen device or media y 2200000 4000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
BNY Mellon Shareowner Services Wealth management A back-up tape, containing over 12 million customers records were lost. 4 2008 12500000 financial lost / stolen device or media 12500000 1 http://www.wctv.tv/news/headlines/28132494.html?storySection=comments ITRC
University of California Berkeley details on students, alumni and others 5 2009 160000 academic hacked 160000 300 http://www.msnbc.msn.com/id/30645920/ns/technology_and_science-security/t/hackers-breach-uc-berkeley-computers/#.UFjFaKRYtmg ITRC
Virginia Prescription Monitoring Program A hacker, who was never arrested, demanded a $10 million ransom for a breach effecting 530,000 Virginians. Social security numbers may have been taken. The data was found in a database containing 35 million prescription records. 5 2009 531400 healthcare hacked y 500000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Network Solutions Domain name registration business A large-scale infection of WordPress-driven blogs with malicious code led to the compromise of 573,000 debit and credit cards. 5 2009 573000 tech hacked 600000 300 http://www.computerworld.com/s/article/9175783/Network_Solutions_sites_hacked_again http://voices.washingtonpost.com/securityfix/2009/07/network_solutions_hack_comprom.html ITRC
CheckFree Corporation Provider of online banking, online bill payment and electronic bill payment services for the financial services industry Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on the day of the attack were redirected to a Ukrainian Web server that used malicious software to try and install a password-stealing program on the victim's computer. 5 2009 5000000 financial hacked y 5000000 1 http://www.computerworld.com/s/article/9125078/CheckFree_warns_5_million_customers_after_hack Computer World
Virginia Dept. Of Health An extortion demand posted on WikiLeaks sought $10 million to return over 8 million patient records and 35 million prescriptions allegedly stolen from Virginia Department of Health Professions. All 36 servers were shut down to protect records. 5 2009 8257378 government, healthcare hacked y 8300000 4000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
RockYou! Developer of online games (Zoo World/Zoo World 2) and advertising products The site did not allow users to use special characters or punctuation in their passwords and e-mailed user passwords in plain text. Hackers took advantage of these security lapses, using simple techniques to gain access to 32 million user accounts. 5 2009 32000000 web, gaming hacked y 32000000 1 http://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ Tech Crunch
Heartland Independent payment processor The biggest credit card scam in history, Heartland eventually paid more than $110 million to Visa, MasterCard, American Express and other card associations to settle claims related to the breach. 5 2009 130000000 financial hacked y 130000000 300 http://www.forbes.com/sites/davelewis/2015/05/31/heartland-payment-systems-suffers-data-breach/#155d10312985 Guardian
US Dept of Defense "According to a report to Congress, assessment forms of 72,000 service members who returned from deployment to Iraq or Afghanistan between Jan 1, 2007 to May 31, 2008 were breached. The forms ask for the service member's SSN,. Name, date of birth." 5 2009 72000 military lost / stolen device or media y 72000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
US National Guard About 131,000 former and current Army Guard members potentially affected when a personal laptop owned by an Army Guard contractor was stolen. Database incuded names, Social Security Numbers, incentive payment amounts and payment dates. 5 2009 131000 military lost / stolen device or media y 130000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Affinity Health Plan, Inc. A rented photocopier used to copy health records did not have its hard-drive wiped before its return. 5 2009 344579 healthcare lost / stolen device or media y 300000 4000 http://security-hack1.blogspot.com/2010/04/affinity-health-plan-alerts-public.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Blue Cross Blue Shield of Tennessee US health insurance organization A thief stole 57 hard drives from the closet of a BlueCross call center in Chattanooga, Tenn. Data on the stolen hard drives was encoded but not encrypted. Bluecross stated there was no evidence the information was accessed due to the specialized nature of the hardware stolen. 5 2009 1023209 healthcare lost / stolen device or media y 1000000 20 http://www.scmagazine.com/thief-steals-57-hard-drives-from-bluecross-blueshield-of-tennessee/article/162178/ http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
AvMed, Inc. Two company laptops containing names, addresses, dates of birth, Social Security numbers and health-related information. 5 2009 1220000 healthcare lost / stolen device or media 1200000 20 http://www.governmentsecurity.org/latest-security-news/laptop-theft-exposes-private-info-of-avmed-health-plansaapos-customers.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Health Net Largest US publicly traded managed health care company A portable hard drive with seven years of personal and medical information on about 1.5 million Health Net customers was lost for six months before being reported. 5 2009 1500000 healthcare lost / stolen device or media y 1500000 4000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
US Military Without first destroying the data the agency sent back a defective unencrypted hard drive for repair and recycling which held detailed records on 76 million veterans, including millions of Social Security numbers dating to 1972. 5 2009 76000000 military lost / stolen device or media y 76000000 20 http://www.wired.com/threatlevel/2009/10/probe-targets-archives-handling-of-data-on-70-million-vets/ ITRC
Yale University 6 2010 43000 academic accidentally published 40000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
AT&T US Telecoms company Details of iPad 3G users hacked from AT&T website, thought to include those of White House chief of staff Rahm Emanuel. 6 2010 114000 telecoms hacked y 100000 1 http://www.guardian.co.uk/technology/2010/jun/10/apple-ipad-security-leak?INTCMP=SRCH Guardian
Ankle & foot Center of Tampa Bay, Inc. The information hacked included information such as patient names, social security numbers, date of birth, home addressees, account numbers, and healthcare services and related diagnostic codes. 6 2010 156000 healthcare hacked 160000 4000 http://www.phiprivacy.net/?p=5743 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Seacoast Radiology, PA Computer gamers hacked a server at Seacoast Radiology in Rochester in search of more bandwidth in November to play Call of Duty: Black Ops. In the process they also gained access to personal records of the more than 230,000 patients of the health center. 6 2010 231400 healthcare hacked y 200000 20 http://www.fosters.com/apps/pbcs.dll/article?AID=/20110120/GJNEWS_01/701209744 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
US Federal Reserve Bank of Cleveland A Malaysian man has been charged with hacking into major U.S. corporations, including the U.S. Federal Reserve Bank of Cleveland and FedComp after U.S. Secret Service investigators found more than "400,000 stolen credit and debit card account numbers allegedly obtained by hacking into various computer systems of other financial institutions" 6 2010 400000 financial hacked 400000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Puerto Rico Department of Health Double whammy. Two separate breaches. On September 3rd, 2010 data on 115,000 people was stolen from unauthorized access of an electronic device, on the 21st they reported an additional 400,000 records were hacked. 6 2010 515000 healthcare hacked 500000 4000 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Ohio State University 6 2010 760000 academic hacked 800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Gawker.com US news and gossip blog network including Gawker.com Gizmodo.com Lifehacker.com Hacked. 1.5 Million usernames, emails, passwords taken. 6 2010 1500000 web hacked 1500000 20 http://www.guardian.co.uk/technology/2010/dec/13/gawker-hackers-passwords-twitter-wikileaks?INTCMP=SRCH http://www.mediaite.com/online/gawker-medias-entire-commenter-database-appears-to-have-been-hacked/ Guardian
Betfair UK gambling site Betfair waited 18 months to report the breach of their online gambling site, alarming banking institutions and security experts. Betfair's systems breach, which occurred in March and April 2010, was not uncovered until this past May, when a server crashed. 6 2010 2300000 web hacked 2300000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Embassy Cables Confidential communications between 274 embassies in countries throughout the world and the State Department in Washington DC, between 1966-2010. Wikileaks 6 2010 251000 government inside job 300000 50000 http://wikileaks.org/cablegate.html Wikileaks
US Military Wikileaks / Bradley Manning/Cablegate. WIKILEAKS! 6 2010 260000 military inside job y 300000 50000 http://www.guardian.co.uk/news/datablog/2010/nov/29/wikileaks-cables-data Guardian
Classified Iraq War documents Wikileaks 6 2010 392000 government inside job 400000 20 http://www.forbes.com/sites/andygreenberg/2010/10/22/wikileaks-reveals-the-biggest-classified-data-breach-in-history/ Forbes
Colorado government Department of Health Care Policy & Financing 6 2010 105470 healthcare lost / stolen device or media 100000 20 http://www.databreaches.net/?p=12611 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Lincoln Medical & Mental Health Center 130,495 patients lost their protected health information after seven CDs were lost in transit. 6 2010 130495 healthcare lost / stolen device or media 130000 4000 http://www.phiprivacy.net/?tag=lincoln-medical-and-mental-health-center http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Emergency Healthcare Physicians, Ltd. A Chicago emergency physician group The stolen portable hard drive is believed to have contained records from 2003 to 2006 that included patient names, addressees, phone numbers, birth dates, Social Security numbers, and, in some cases, drivers' license numbers. 6 2010 180111 healthcare lost / stolen device or media 180000 4000 http://www.healthcareinfosecurity.com/chicago-breach-affects-180000-a-2496 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Triple-S Salud, Inc. Puerto-Rican health insurance company 6 2010 398000 healthcare lost / stolen device or media 400000 4000 https://www.databreaches.net/puerto-rico-dept-of-health-reports-breach-affecting-400000-triple-s-salud-fined-100k/ Data Breaches
South Shore Hospital, Massachusetts South Shore Hospital hired a contractor to destroy files no longer in use and lost the shipment. The back-up computer files possibly contained names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, protected health information including diagnoses and treatments. As well as bank account and credit card numbers for some. Patients, employees, physicians, volunteers, donors, vendors and other business partners were effected. 6 2010 800000 healthcare lost / stolen device or media 800000 50000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
New York City Health & Hospitals Corp. New York City Health & Hospitals Corporation's North Bronx Healthcare Network 6 2010 1700000 healthcare lost / stolen device or media 1700000 4000 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
JP Morgan Chase In 2007, the personal information of approximately 2.6 million current and former holders of a Chase-Circuit City credit card had been mistakenly identified as trash and thrown out in garbage bags outside five branch offices in New York. 6 2010 2600000 financial lost / stolen device or media y 2600000 300 http://www.pcworld.com/article/131453/article.html ITRC
Educational Credit Management Corp US student loan guarantor A contractor for the US Department of Education stole the records of 3.3 million people. Data included names, addresses, Social Security numbers and dates of birth of borrowers, but no financial or bank account information. 6 2010 3300000 financial lost / stolen device or media y 3300000 20 http://www.foxnews.com/us/2010/03/26/student-loan-company-data-m-people-stolen/ ITRC
US Army 7 2011 50000 military accidentally published 50000 1 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
State of Texas 3.5 million records were accidentally published online including people's names, mailing addresses, social security numbers, and in some cases dates of birth and driver's license numbers. 7 2011 3500000 government accidentally published 3500000 20 http://www.informationweek.com/security/attacks/texas-data-breach-exposed-35-million-rec/229401489?queryText=Texas%20data%20leak Information Week
Writerspace.com Website design and hosting for writers Hacker group LulzSec released the e-mails and passwords, 12,000 of which were confirmed to originate from Writerspace.com. 7 2011 62000 web hacked 62000 1 http://www.pcmag.com/article2/0,2817,2387186,00.asp PC Mag
University of Wisconsin - Milwaukee 7 2011 73000 academic hacked 73000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml
US Law Enforcement "AntiSec" hackers published 2,719 social security numbers, 8,214 passwords, 15,798 birth dates, 48,182 street addresses, 1,531,628 email addresses, 106,691 phone numbers, 57 bank account numbers, 53 driver's license numbers, and eight credit card numbers of more than 70 different U.S. law enforcement agencies. 7 2011 123461 government hacked 130000 300 http://www.pcmag.com/article2/0,2817,2390683,00.asp PC World
San Francisco Public Utilities Commission 7 2011 180000 government hacked 180000 1 http://news.cnet.com/8301-27080_3-20068386-245/sf-utilities-agency-warns-of-potential-breach/ CNET
Bethesda Game Studios US video game company (Elder Scrolls, Fallout 3) Hacking collective Lulzsec stole account information of 200,000 user. 7 2011 200000 gaming hacked 200000 1 http://www.pcworld.com/article/231215/lulzsec_a_short_history_of_hacking.html PC World
Restaurant Depot food, equipment, and supplies for restaurants 7 2011 200000 retail hacked 200000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Epsilon Marketing email provider Apr 2011. Names & email addresses of customers of Barclaycard US, Capital One, JP Morgan, Citigroup & other firms have been stolen. 7 2011 3000000 web hacked 3000000 1 https://www.theguardian.com/technology/2011/apr/04/epsilon-email-hack The Guardian
Massachusetts Government Massachusetts Executive Office of Labor and Workforce Over 1,500 departmental computers were infected with the W32.QAKBOT virus, a malicious program which “downloads additional files, steals information, and opens a back door on the compromised computer”. 7 2011 210000 government hacked y 200000 50000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Southern California Medical-Legal Consultants Electronic files containing names and social security numbers of approximately 300,000 individuals who have applied for California workers’ compensation benefits had been exposed to unauthorized access. 7 2011 300000 healthcare hacked 300000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ID theft centre
Honda Canada Names, addresses and vehicle identification numbers were taken from the company’s eCommerce websites myHonda and myAcura 7 2011 283000 retail hacked y 300000 20 http://www.guelphmercury.com/news-story/2200845-honda-canada-hit-by-online-security-breach-283-000-car-owners-personal-data-stolen/ Guelph Mercury
Citigroup Less than 1% of Citbank card holders' names, account numbers, and contact information such as e-mail addresses were stolen. Card security codes were not stolen. 7 2011 360083 financial hacked 400000 300 http://www.pcworld.com/article/229891/Citigroup_Hack_Nets_Over_200k_in_Stolen_Customer_Details.html PC World
Stratfor Shadowy global intelligence company Hacking collective Anonymous defaced the website of Stratfor and posted a file online of the organization’s confidential client list, along with credit card details, passwords and home addresses for those clients. They released 47,680 unique e-mail addresses and 50,277 unique credit card numbers — 9,651 of which were not yet expired. Of the stolen encrypted passwords, 50% were easily crackable. 7 2011 935000 military hacked 900000 300 http://bits.blogs.nytimes.com/2011/12/27/questions-about-motives-behind-stratfor-hack/ NY Times
Sony Pictures LulzSec hacking collective stated all of the information it took was unencrypted, “Sony stored over 1,000,000 passwords of its customers in plaintext." More than 1 million user accounts were compromised. An additional 75,000 music codes and 3.5 million coupons were also uncovered. 7 2011 1000000 web hacked y 1000000 1 http://mashable.com/2011/06/02/sony-pictures-hacked/ Mashable
Oregon Department of Motor Vehicles Sheriff's detectives arrested Tim Nuss for accessing an old Oregon Department of Motor Vehicles database. The DMV database was once sold to marketing companies, but the department stopped selling the information in the late 1990s. The sold data include the names, addresses, birth dates, gender and ages of people who registered with the DMV, but no financial information. 7 2011 1000000 government hacked 1000000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Sega Information stolen during the hack includes names, birth dates, e-mail addresses and passwords from Sega Pass, a system for users interested in newsletters and for registering certain products. 7 2011 1290755 gaming hacked 1300000 20 http://www.zdnet.com/blog/gamification/sega-1-3-million-customer-records-hacked-lulzsec-promises-retribution/481 ZD Net
Washington Post Unknown hackers broke into The Washington Post's jobs website stealing about 1.27 million user IDs and email addresses. 7 2011 1270000 media hacked 1300000 20 http://www.pcmag.com/article2/0,2817,2388200,00.asp PC Mag
China Software Developer Network 7 2011 6000000 web hacked 6000000 1 http://www.zdnet.com/blog/security/chinese-hacker-arrested-for-leaking-6-million-logins/11064 ZD Net
178.com gaming website 7 2011 10000000 web hacked 10000000 1 http://www.ehackingnews.com/2011/12/hackers-compromised-38-million-chinese.html eHacking News
Nexon Korea Corp Personal data of subscribers to online game Maple Story was leaked. game developer 7 2011 13200000 web hacked 13200000 20 http://www.reuters.com/article/2011/11/26/us-korea-hacking-nexon-idUSTRE7AP09H20111126 Reuters
Sony Online Entertainment Hacked by LulzSec. In addition to the Sony Playstation Network breach, compromised 77 million records. More than 23,000 lost financial data, according to Sony. 7 2011 24600000 gaming hacked 24600000 300 http://www.computerworld.com/s/article/9216343/Sony_cuts_off_Sony_Online_Entertainment_service_after_hack Computer World
Tianya Usernames, clear tect passwords and email addresses hacked. blogging site 7 2011 28000000 web hacked 28000000 1 http://www.scmagazine.com.au/News/349585,28-million-clear-text-passwords-found-after-tianya65279-hack.aspx SC Mag
Steam Attackers used login details from a Steam forum hack to access a database that held ID and credit card data. The Valve Corporation 7 2011 35000000 web hacked 35000000 300 http://www.bbc.co.uk/news/technology-15690187 BBC News
Sony PSN Rounding off a thoroughly unhappy year for Sony, their third breach saw the loss of 76,000,000 Sony PSN and Qriocity user accounts to hacking collective Lulzsec. 7 2011 77000000 gaming hacked y 77000000 1 http://mashable.com/2011/05/31/sony-playstation-services-return/ Mashable
Countrywide Financial Corp Employee convicted of downloading millions of borrower files and selling the information to other loan officers. mortgage lender 7 2011 2500000 financial inside job 2500000 20 http://latimesblogs.latimes.com/money_co/2011/09/man-convicted-in-huge-countrywide-data-theft-gets-8-months-in-prison.html LATimes
Morgan Stanley Smith Barney Morgan Stanley mailed a CD containing sensitive data about investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. The package arrived at the building but when it arrived at the relevant desk the data CD was missing. 7 2011 34000 financial lost / stolen device or media y 35000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Memorial Healthcare System Florida An employee of an affiliated physician’s office may have improperly accessed patient information through a web portal used by physicians who provide care and treatment at MHS. Specifically, patients’ names, dates of birth, and Social Security numbers. 7 2011 102153 healthcare lost / stolen device or media 100000 20 http://www.mhs.net/pdf/release071112.pdf http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Spartanburg Regional Healthcare System The stolen computer contained a password-protected file with Social Security numbers as well as names, addresses, dates of birth and medical billing codes. 7 2011 400000 healthcare lost / stolen device or media 400000 4000 http://www.goupstate.com/news/20110527/spartanburg-regional-patients-affected-by-computer-breach http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Eisenhower Medical Center California hospital Stolen computer contained data listing patients' names, ages, dates of birth, medical record numbers and the last four digits of their social security numbers. 7 2011 514330 healthcare lost / stolen device or media 500000 4000 http://databreachinvestigation.blogspot.com/2011/04/thief-gets-away-with-eisenhower-medical.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Nemours Foundation US children's hospitals A health care organization that runs children’s hospitals reported the loss of 1.05 million records when data backup tapes were lost. 7 2011 1055489 healthcare lost / stolen device or media 1100000 4000 http://zerosecurity.org/technews/past-three-years-over-21m-medical-record-breaches/ http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Health Net - IBM Data lost from HN servers managed by IBM Several server drives, containing personal information of former and current employees, went missing. 7 2011 1900000 healthcare lost / stolen device or media 1900000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html ITRC
Sutter Medical Foundation A password protected but unencrypted company computer was stolen. The compromised database contained names, addresses, dates of birth, phone numbers, email addresses, medical record numbers and the name of each patient's health insurance plan. No medical records were stored on the computer. 7 2011 4243434 healthcare lost / stolen device or media 4200000 20 http://www.simplysecurity.com/2011/11/30/sutter-health-sued-for-1-billion-following-data-breach/ http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Tricare Healthcare service for US Military The information for some 4.6 million active and retired military personnel, as well as their families, was on back up-tapes from an electronic health care record used to capture and preserve patient data from 1992 through September 7 2011. 7 2011 4901432 military, healthcare lost / stolen device or media 4900000 4000 http://www.reuters.com/article/us-data-breach-texas-idUSTRE78S5JG20110929 ITRC
NHS UK's national health service, govt funded A laptop holding the unencrypted records of eight million patients went missing from an NHS store room and wasn't reported until 3 weeks later. 7 2011 8300000 healthcare lost / stolen device or media y 8300000 4000 http://www.techweekeurope.co.uk/news/nhs-researchers-lose-laptop-with-8m-patients-records-31810 Tech Week
Accendo Insurance Co. Mismailed letters which allowed some lines of sensitive information (medication name, date of birth, and member ID) to be visible through the envelope window. The mailings were addressed correctly and, to the knowledge of the company, were received by the intended recipients. 7 2011 175350 healthcare poor security 180000 20 http://www.databreaches.net/?p=19198 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
Office of the Texas Attorney General The office of Texas Attorney General Greg Abbott mistakenly gave attorneys access to millions of Social Security numbers in a case against the state’s voter ID law 8 2012 6500000 government accidentally published 6500000 20 http://www.rawstory.com/rs/2012/04/26/texas-attorney-general-exposes-millions-of-voters-social-security-numbers/ Raw Story
"Apple" Hacking group AntiSec claimed they hacked an FBI laptop in March 2012 accessing a file of more than 12 million Apple Unique Device Identifiers (UDIDs). Subsequently, it was discovered that app developer BlueToad was the source of the breach. The list contained personal information such as full names, phone numbers and addresses. AntiSec published a million of these UDIDs online. 8 2012 12367232 tech, retail accidentally published y 12400000 20 http://news.cnet.com/8301-1009_3-57505330-83/antisec-claims-to-have-snatched-12m-apple-device-ids-from-fbi/ http://news.cnet.com/8301-1009_3-57509595-83/udid-leak-source-idd-bluetoad-mobile-firm-says-it-was-hacked/ CNET
Dropbox Websites stolen from other websites used to sign into a small number of Dropbox accounts. The hack was mainly used to send spam to users. 8 2012 30000 web hacked 30000 1 http://www.informationweek.co.uk/security/client/dropbox-admits-hack-adds-more-security-f/240004697 Information Week
Militarysingles.com Online dating network for, you guessed it, military singles Collective group LulzSec released a database of 163,792 names, usernames, e-mail addresses, IP addresses, and passwords of "single" military personnel. 8 2012 163792 web, military hacked 180000 1 http://www.pcworld.com/article/252647/reborn_lulzsec_claims_hack_of_dating_site_for_military_personnel.html PC World
Formspring Interest-based social Q&A website Formspring was tipped off to a breach after 420,000 hashed passwords were posted to a security forum. 8 2012 420000 web hacked y 400000 1 http://news.cnet.com/8301-1009_3-57469944-83/formspring-disables-user-passwords-in-security-breach/?tag=mncol;txt CNet
Yahoo Voices Yahoo Voices service was hacked, exposing more than 450,000 usernames and passwords. 8 2012 450000 tech, web hacked 500000 1 http://it.slashdot.org/story/12/07/12/1243217/nearly-half-a-million-yahoo-passwords-leaked-updated?utm_source=feedburnerGoogle+Reader&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29&utm_content=Google+Reader http://www.pbs.org/newshour/rundown/2012/07/check-whether-your-yahoo-password-was-hacked.html Slashdot
Medicaid US health program for low income people and families The Utah Department of Technology Services had recently moved their claims records to a new server, and hackers believed to be operating out of Eastern Europe were able to circumvent the server’s multi-layered security system containing Social Security numbers for the Medicaid claims. 8 2012 780000 government, healthcare hacked y 800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Global Payments Credit, debit and check processing for merchants (Visa, Mastercard, etc) 1.5 million credit card numbers from its systems may have been exposed after detecting “unauthorized access” into its processing system. 8 2012 7000000 financial hacked 1500000 300 http://www.washingtonpost.com/business/technology/faq-the-global-payments-hack/2012/04/02/gIQAIHLLrS_story.html ITRC
Three Iranian banks Saderat, Eghtesad Novin, & Saman After finding a security vulnerability in Iran's banking system, software manager Khosrow Zarefarid wrote a formal report and sent it to the CEOs of all the affected banks across the country. When the banks ignored his findings, he hacked 3 million bank accounts, belonging to at least 22 different banks, to prove his point. 8 2012 3000000 financial hacked y 3000000 50000 http://www.zdnet.com/blog/security/3-million-bank-accounts-hacked-in-iran/11577 ZD Net
LinkedIn, eHarmony, Last.fm Hacker 'dwdm' uploaded a file containing 6.5 million passwords on a Russian hacker forum. Soon after another 1.5 million passwords were discovered. On analysis, 93% of the passwords could be found in the Top 10,000 password list. 8 2012 8000000 web hacked 8000000 1 http://news.cnet.com/8301-1009_3-57449325-83/what-the-password-leaks-mean-to-you-faq/?tag=mncol;txt http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/ Cnet
Gamigo German gaming website 8 2012 8000000 web hacked 8000000 1 http://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passwords-spilled-from-gaming-site-gamigo-months-after-breach/ Forbes
KT Corp. Korean mobile carrier Two suspects reportedly earnt an estimated $877,000 by selling the contact information and plan details of 8.7 million KT subscribers, almost half of the carrier's total customers. 8 2012 8700000 telecoms hacked 8700000 20 http://www.koreatimes.co.kr/www/news/biz/2012/07/113_116143.html http://news.cnet.com/8301-1009_3-57482215-83/hackers-accused-of-stealing-data-from-9m-korean-mobile-users/ Korea Times
Greek government A computer programmer was arrested in Greece for allegedly stealing the identity information of what could amount to 83% of the country's population. The 35-year-old was found in possession of 9 million data files containing identification card data, addresses, tax ID numbers and licence plate numbers, which he was also suspected of trying to sell. 8 2012 9000000 government hacked 9000000 20 http://www.wired.co.uk/news/archive/2012-11/22/greece-id-theft Wired
Blizzard Activision, Battle.net Scrambled passwords, e-mail addresses, and personal security answers were knowingly stolen from Blizzard's internal network. Blizzard would not elaborate on the size of the hack ("millions"). 8 2012 14000000 gaming hacked 14000000 20 https://us.battle.net/support/en/article/important-security-update-faq#5 Blizzard
Zappos 8 2012 24000000 web hacked 24000000 20 http://www.forbes.com/sites/andygreenberg/2012/01/15/zappos-says-hackers-accessed-24-million-customers-account-details/ Forbes
Last.fm Owned by CBS Historical 2012 hack, details have only just been disclosed. 8 2012 43500000 web hacked 43500000 1 http://www.zdnet.com/article/hackers-stole-43-million-last-fm-account-details-in-2012-breach/ ZD Net
Dropbox User credentials were stolen in a 2012 hack, but the number affected has only just come to light. 8 2012 68700000 web hacked 68700000 1 http://www.telegraph.co.uk/technology/2016/08/31/dropbox-hackers-stole-70-million-passwords-and-email-addresses/ The Telegraph
Massive American business hack 7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard Over eight years, a hacking ring targeted banks, payment processors and chain stores, to steal more than 160 million credit and debit card numbers, targeting more than 800,000 bank accounts 8 2012 160000000 financial hacked y 160000000 50000 http://www.nydailynews.com/news/national/russians-ukrainian-charged-largest-hacking-spree-u-s-history-article-1.1408948 NY Daily
LinkedIn Information about a 2012 data breach has just come to light. 8 2012 117000000 web hacked 117000000 1 http://money.cnn.com/2016/05/19/technology/linkedin-hack/ CNN
South Carolina State Dept. of Revenue A server was breached by an international hacker. 8 2012 3600000 government hacked 3600000 300 http://www.infoworld.com/article/2615754/cyber-crime/south-carolina-reveals-massive-data-breach-of-social-security-numbers--credit-cards.html Information Week
South Carolina Government South Carolina Department of Health and Human Services A man was charged with five counts of violating medical confidentiality laws and one count of disclosure of confidential information after he gained access to personal information for more than 228,000 Medicaid beneficiaries. 8 2012 6400000 healthcare inside job 200000 4000 http://www.thestate.com/2012/04/20/2241321/personal-information-of-more-than.html#.UFpUVqRYtmg http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
New York State Electric & Gas An employee from a software consulting firm was allowed unauthorized access to the company’s databases. 8 2012 1800000 energy inside job 1800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Court Ventures Experian A Vietnamese identity theft service was sold personal records, including Social Security numbers, credit card data and bank account information, by Court Ventures, a company now owned by data brokerage firm Experian. 8 2012 200000000 financial inside job 200000000 20 http://bits.blogs.nytimes.com/2013/10/24/senator-intensifies-probe-of-data-brokers/?_php=true&_type=blogs&_r=0 http://www.experianplc.com/news/company-news/2014/04-04-2014.aspx NY Times / Experian
Emory Healthcare hospital system in Atlanta The company 'misplaced' 10 discs containing sensitive information, including social security numbers. 8 2012 315000 healthcare lost / stolen device or media 300000 4000 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html US Gov
California Department of Child Support Services California child support records were lost in transit during a disaster preparedness exercise. 8 2012 800000 government lost / stolen device or media 800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://articles.businessinsider.com/2012-04-03/news/31279254_1_major-data-breach-identity-theft-office-of-privacy-protection ITRC
Disqus hackers 17.5m email addresses in July 2012. About a third of those accounts contained passwords, which were hashed using the dated SHA-1 algorithm 8 2012 17500000 web hacked 17500000 4000 http://www.zdnet.com/article/disqus-confirms-comments-tool-hacked/ ZD Net
Citigroup Third big data breach from Citigroup."The personal information of 150,000 consumers who went into bankruptcy between 2007 and 2011 – including their social security numbers – were exposed after Citi failed to properly redact court records before they were put on the Public Access to Court Electronic Records (PACER) system." 9 2013 150000 financial accidentally published y 150000 20 http://news.softpedia.com/news/Citi-Exposes-Details-of-150-000-Individuals-Who-Went-into-Bankruptcy-369979.shtml Softpedia
TerraCom & YourTel The telecom firms TerraCom and YourTel have branded reporters for Scripps News as "hackers" after journalists discovered that the personal data of over 170,000 customers - including social security numbers and other identifying data that could be used for identity theft - were sitting on a publicly accessible server. 9 2013 170000 telecoms accidentally published y 180000 20 http://boingboing.net/2013/05/23/terracom-and-yourtel-threaten.html http://www.wired.co.uk/news/archive/2013-05/23/reporter-google-breach-hacker Boing Boing; Wired
NMBS Belgian national railway operator Data stored on a non-secure server, making it possible to access names, gender, DOB, email and postal address data of customers externally by means of a simple search engine query. Most of the data belong to customers in Belgium, France and the UK, including thousands of Commission and Parliament employees. Caused, the NMBS said, by a data worker “clicking on the wrong button”. 9 2013 1460000 transport accidentally published 1500000 20 http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+WQ+E-2013-001939+0+DOC+XML+V0//EN&language=nl http://www.flanderstoday.eu/business/nmbs-data-leak-was-breach-privacy European Parliament
Facebook Using the network's "Download Your Information" tool, some Facebook members were inadvertently sent the phone numbers or email address of Facebook friends that were otherwise private. Facebook assured users that the bug was fixed within a day, and that there is no evidence that the information was used maliciously. 9 2013 6000000 web accidentally published 6000000 1 https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766 Facebook
Central Hudson Gas & Electric Customer banking information and other personal information may have been accessed during the hack. 9 2013 110000 energy hacked 100000 300 http://www.privacyrights.org/data-breach Privacy Rights
Kirkwood Community College Hacked online database 9 2013 125000 academic hacked 130000 20 http://www.privacyrights.org/data-breach http://www.databreachwatch.org/community-college-data-breach-leaks-125000-ssns/ Privacy Rights
Washington State court system Administrative offices Up to 160,000 Social Security numbers and a million driver's license numbers may have been accessed by hackers exploiting old versions of Adobe Cold Fusion software on the server. 9 2013 160000 government hacked 160000 20 http://www.reuters.com/article/2013/05/09/us-usa-hack-washingtonstate-idUSBRE9480YY20130509 http://www.privacyrights.org/data-breach Reuters; Privacy Rights
Nintendo Japan's Club Nintendo service Japan's Club Nintendo service was hacked following thousands of unauthorized accesses. Customer information compromised in the attack includes full names, phone numbers, home and email addresses. 9 2013 240000 gaming hacked 250000 20 http://www.joystiq.com/2013/07/05/club-nintendo-japan-hacked/ JoyStiq
Apple Developer portal hacked. "Some" information about 275,000 3rd-party developers potentially stolen. 9 2013 275000 tech hacked 300000 1 http://www.guardian.co.uk/technology/2013/jul/22/apple-developer-site-hacked The Guardian
OVH French Internet host 9 2013 web hacked 500000 20 http://status.ovh.net/?do=details&id=5070 OVH
Scribd "world's largest online library" Hack resulted in a few hundred thousand stolen passwords. 9 2013 500000 web hacked 500000 1 http://nakedsecurity.sophos.com/2013/04/05/scribd-worlds-largest-online-library-admits-to-network-intrusion-password-breach/ http://www.nbcnews.com/technology/scribd-hack-exposes-thousands-users-1B9239618 Naked Security; NBC News
Drupal open-source content management platform Malicious files placed on association.drupal.org servers via a 3rd-party application. Exposed usernames, e-mail addresses, country information, and cryptographically hashed passwords. 9 2013 1000000 web hacked 1000000 1 http://arstechnica.com/security/2013/05/drupal-org-resets-login-credentials-after-hack-exposes-password-data/ Ars Technica
Ubuntu The discussion forum for the popular alternative, open-source operating system July 2013: Discussion forum for the operating system was compromised leaking personal details and password. The passwords were cryptographically scrambled using the MD5 hashing algorithm - considered an inadequate means of protecting stored passwords by security experts. 9 2013 2000000 tech hacked y 2000000 300 http://arstechnica.com/security/2013/07/hack-exposes-e-mail-addresses-password-data-for-2-million-ubuntu-forum-users/ Data Loss Database
ssndob.ms SSNDOB was an underground identity theft service. Teenage hackers used it to collect data for exposed.su, a site that listed the SSNs, birthdays, phone numbers, current and previous addresses for dozens of top celebrities including Beyonce, Kanye West and Michelle Obama. In doing so they revealed SSNDOB had data on more than 4 million people. 9 2013 4000000 web hacked y 4000000 20 http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/ Krebs on Security
SnapChat 31st Dec 2013. Hackers abused an exploit to syphon 4.7m user details, including phone numbers. Check here to see if your account was compromised: http://lookup.gibsonsec.org/ 9 2013 4700000 web, tech hacked 4700000 20 http://www.forbes.com/sites/andygreenberg/2012/01/15/zappos-says-hackers-accessed-24-million-customers-account-details/ Forbes
Yahoo Japan 22 million Yahoo user IDs may have been leaked after Yahoo detected an unauthorized attempt to access the administrative system of its web portal Yahoo Japan. The leaked information did not include passwords and data necessary for identity verification to reset passwords. 9 2013 22000000 tech, web hacked 22000000 1 http://www.reuters.com/article/2013/05/17/us-yahoojapan-idUSBRE94G0P620130517 Reuters
Adobe Sep 17th 2013. Hackers obtained access to a large swathe of Adobe customer IDs and encrypted passwords & removed sensitive information (i.e. names, encrypted credit or debit card numbers, expiration dates, etc.). Approximately 36 million Adobe customers were involved: 3.1 million whose credit or debit card information was taken and nearly 33 million active users whose current, encrypted passwords were in the database taken. Correction Jan 2015: we previously reported 152m records were taking, but the remainder affected invalid, inactive, test accounts or had out-of-date passwords associated with them. 9 2013 36000000 tech hacked y 36000000 50000 http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html http://www.zdnet.com/adobe-admits-2-9m-customer-accounts-have-been-compromised-7000021546/ http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/ Adobe
Evernote online note-taking site Evernote asked its 50 million users to reset their passwords following an attempt to hack the note-taking network. The company said it’d found no evidence that any payment information for Evernote Premium or Evernote Business customers had been accessed, nor was there any indication that content stored by users had been accessed, changed or lost. 9 2013 50000000 web hacked 50000000 1 http://www.wired.co.uk/news/archive/2013-03/04/evernote-hacked http://www.digitaltrends.com/mobile/evernote-hack-50-million-users-forced-to-reset-passwords/ Wired; Digital Trends
Living Social special offers website Online criminals gained access to user names, e-mail addresses, dates of birth & encrypted passwords for 50 million people. Databases storing financial information were not compromised in the attack, the company said. 9 2013 50000000 web hacked 50000000 1 http://nakedsecurity.sophos.com/2013/04/27/livingsocial-hacked-50-million-affected/ http://bits.blogs.nytimes.com/2013/04/26/living-social-hack-exposes-data-for-50-million-customers/ Naked Security; New York Times
UbiSoft games company 9 2013 gaming hacked 58000000 20 http://forums.ubi.com/forumdisplay.php/495-Security-update-regarding-your-Ubisoft-account-please-create-a-new-password UBI
Yahoo Happened in 2013 but only disclosed late 2016. Data included names, telephone numbers, DOBs, passwords and security questions. 9 2013 1000000000 web hacked 1000000000 20 http://www.nytimes.com/2016/12/14/technology/yahoo-hack.html?action=Click&contentCollection=BreakingNews&contentID=64651831&pgtype=Homepage&_r=0 NY Times
Tumblr Tumblr apparently only just found out about a 2013 data breach, affecting 65m users. 9 2013 65000000 web hacked 65000000 1 https://motherboard.vice.com/read/hackers-stole-68-million-passwords-from-tumblr-new-analysis-reveals Motherboard
Twitter Hackers had access to limited user information -- usernames, email addresses, session tokens and encrypted/salted versions of passwords -- for approximately 250,000 users. 9 2013 250000 web hacked 250000 1 http://www.wired.co.uk/news/archive/2013-02/02/twitter-hacked Wired
National Security Agency Snowden downloaded up to 1.5 million files, then flew to Hong Kong to meet journalists Glenn Greenwald and Laura Poitras before fleeing to Moscow. 9 2013 1500000 government inside job y 1500000 50000 http://uk.businessinsider.com/snowden-leaks-timeline-2016-9 Business Insider
Kissinger Cables More than 1.7 million US diplomatic records for the period 1973 to 1976, including intelligence reports and congressional correspondence. Wikileaks 9 2013 1700000 government inside job 1700000 300 https://www.wikileaks.org/plusd/about/ Wikileaks
Vodafone An IT contractor for the firm used his deep access to the telecom giant's system to copy customer names and bank account details. 9 2013 2000000 telecoms inside job y 2000000 300 http://www.securityweek.com/attacker-steals-data-2-million-vodafone-germany-customers Security Week
Crescent Health Inc., Walgreens Names, Social Security numbers, health insurance identification numbers, health insurance information, dates of birth, diagnoses, other medical information, disability codes, addresses, and phone numbers may have been exposed via a laptop theft. 9 2013 100000 healthcare lost / stolen device or media 100000 4000 http://www.privacyrights.org/data-breach Privacy Rights
Florida Courts Florida Department of Juvenile Justice 9 2013 100000 government lost / stolen device or media 100000 20 http://www.privacyrights.org/data-breach Privacy Rights
Florida Department of Juvenile Justice Three computers were stolen that contained both youth and employee records was reported stolen on January 2, 2013. Over 100,000 records were on the device and may have been exposed. 9 2013 100000 government lost / stolen device or media 100000 20 http://www.privacyrights.org/data-breach Privacy Rights
Advocate Medical Group 4,000,000 patient names, addresses, dates of birth, and Social Security numbers were contained in four computers stolen from an administrative building. Second biggest security breach ever reported to the Department of Health and Human Services (HHS). 9 2013 4000000 healthcare lost / stolen device or media y 4000000 20 http://healthitsecurity.com/2013/08/27/advocate-medical-group-endures-massive-data-breach/ http://datalossdb.org/latest_incidents_remote_sync Health IT Security
Indiana University Students who attended the university between 2011 and 2014 may have had their data exposed after it was stored on an unprotected site. The data was accessed by three webcrawlers but there is not evidence it was accessed by any unauthorized individuals. 9 2013 146000 academic poor security 150000 20 http://news.iu.edu/releases/iu/2014/02/data-exposure-disclosure.shtml http://www.usatoday.com/story/news/nation/2014/02/26/indiana-university-data-breach/5830685/ Indiana University
NASDAQ Nasdaq OMX Group Nasdaq forum website hacked by hacking ring, email addresses and passwords compromised 10 2014 500000 financial hacked y 500000 1 http://www.reuters.com/article/2013/07/18/net-us-nasdaq-cybercrime-website-idUSBRE96H1F520130718 Reuters
Dominios Pizzas (France) 10 2014 600000 web hacked 600000 1 http://www.theguardian.com/technology/2014/jun/16/dominos-pizza-ransom-hack-data The Guardian
Japan Airlines Oct 2014: Japan Airlines confirmed the possible theft of information from up to around 750,000 frequent-flier programme members. Data that may have been stolen included names, genders, birth dates, addresses, email addresses and places of work. 10 2014 750000 transport hacked 800000 20 http://online.wsj.com/articles/japan-airlines-reports-hacker-attack-1412053828 http://www.jal.co.jp/en/info/other/140924.html WSJ
MacRumours.com 10 2014 860000 web hacked 900000 1 http://www.wired.co.uk/news/archive/2013-11/13/mac-rumours-forums-hacked Wired
D&B, Altegrity Hackers stole millions of social security numbers from large US data brokers Dun & Bradstreet Corp and Kroll Background America Inc, owned by Altegrity. Correction 7 Jan 2015: we previously stated that records were stolen from LexisNexis. LexisNexis conducted a thorough investigation of the malware intrusion and found no evidence that the malware accessed or stole any customer or consumer data. 10 2014 1000000 tech hacked 1000000 300 http://www.usatoday.com/story/cybertruth/2013/09/26/lexisnexis-dunn--bradstreet-altegrity-hacked/2878769/ http://www.reuters.com/article/2013/09/26/us-cyberattacks-databrokers-idUSBRE98P03220130926 http://www.bbc.co.uk/news/technology-24284277 USA Today; Reuters; BBC News
Neiman Marcus US retailer 10 2014 1100000 retail hacked 1100000 20 http://www.nytimes.com/2014/01/24/business/neiman-marcus-breach-affected-1-1-million-cards.html http://krebsonsecurity.com/2014/08/stealthy-razor-thin-atm-insert-skimmers/ NY Times
Staples 10 2014 1160000 retail hacked 1200000 300 http://fortune.com/2014/12/19/staples-cards-affected-breach/ Fortune
European Central Bank 10 2014 4000000 financial hacked 4000000 1 http://www.cityam.com/1406190300/ecb-website-hacked City am
UPS Malware was discovered in the credit & debit card processing systems at 51 branches in 24 states. 10 2014 4000000 retail hacked 4000000 300 http://time.com/3151681/ups-hack/ Time
Community Health Systems Aug 2014: Community Health Systems, which operates 206 hospitals across the US, had patient data from the last 5 years breached. Details included names, addresses, social security numbers. Suspected "chinese hackers" were thought responsible. Goal: identity theft. 10 2014 4500000 healthcare hacked y 4500000 20 http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/ CNN
"Gmail" 5 million Gmail account passwords leaked to a forum, alongside passwords from other email providers. Close inspection revealed the user details to be old (3+ years). Multiple individual targeted hacks of third party websites where people used their Gmail IDs, rather than one big dataleak, suspected to be the method. Gmail itself was not hacked. 10 2014 5000000 web hacked y 5000000 1 X http://thenextweb.com/google/2014/09/10/4-93-million-gmail-usernames-passwords-published-google-says-evidence-systems-compromised/ The Next Web
Sony Pictures Wide-ranging hack of potentially every piece of data held by the company, including: unreleased films & scripts, employee social security numbers, salaries and health check results, as well as sensitive internal business documents relating to lay-offs, restructures and executive salaries. Lead suspects are "North Korean hackers" perhaps related to the Seth Rogen film,"The Interview" which mocks the North Korean dictator, Kim Jong Un. 10 2014 10000000 media hacked 10000000 20 http://www.buzzfeed.com/tomgara/sony-hack Buzzfeed
Twitch.tv Gaming site March 23rd. Details unknown at this point. All Twitch's 10 million users have been requested to change their passwords. 10 2014 10000000 healthcare hacked 10000000 1 http://blog.twitch.tv/2015/03/important-notice-about-your-twitch-account/ Twitch
AOL 10 2014 2400000 web hacked 24000000 1 http://blog.aol.com/2014/04/28/aol-security-update/ AOL
Home Depot Malware installed on cash register system across 2,200 stores syphoned credit card details of up to 56 million customers. May be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others 10 2014 56000000 retail hacked y 56000000 300 http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/ Krebs on Security
Target Investigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores. Originally 40m customers. Now 70m! 10 2014 70000000 retail hacked y 70000000 300 http://www.chicagotribune.com/news/sns-rt-us-target-breach-20131218,0,3434295.story http://www.huffingtonpost.com/2013/12/19/target-hacked-customer-credit-card-data-accessed_n_4471672.html?utm_hp_ref=mostpopular http://techcrunch.com/2014/01/10/targets-data-breach-gets-worse-70-million-customers-had-info-stolen-including-names-emails-and-phones/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=Netvibes Chicago Tribune
JP Morgan Chase July 2014: The US's largest bank was compromised by hackers, stealing names, addresses, phone numbers and emails of account holders. The hack began in June but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers. 10 2014 76000000 financial hacked y 76000000 300 http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/?_php=true&_type=blogs&_r=0 Deal Book
Ebay The company has said hackers attacked between late February and early March with login credentials obtained from “a small number” of employees. They then accessed a database containing all user records and copied “a large part” of those credentials. 10 2014 145000000 web hacked y 145000000 1 http://my.chicagotribune.com/#section/-1/article/p2p-80265168/ Chicago Tribune
Yahoo Happened in 2014, but no. records stolen was originally thought to be much smaller. Yahoo recently revealed the real numbers. 10 2014 500000000 web hacked 500000000 20 http://uk.businessinsider.com/yahoo-hack-by-state-sponsored-actor-biggest-of-all-time-2016-9?r=US&IR=T Business Insider
HSBC Turkey "In a message to customers on its website, the bank said an attack on its credit card and debit card systems in Turkey had been thwarted but card numbers, account numbers, card expiry dates and customer names had been “compromised”." 10 2014 2700000 financial hacked 2700000 50000 http://www.reuters.com/article/us-hsbc-turkey-cybersecurity/hsbc-turkey-says-customer-credit-card-data-stolen-idUSKCN0IW1RR20141112 Reuters
Korea Credit Bureau 10 2014 20000000 financial inside job 20000000 50000 http://www.securityweek.com/20-million-people-fall-victim-south-korea-data-leak Security Week
New York Taxis A freedom of information request resulted in the release of data on all 173 million journeys undertaken by New York taxis in one year. Unfortunately, the data was incorrectly anonymised and relatively easy to decode, revealing the driver IDs, pickup & dropoff times, and GPS routes taken for every single cab journey. 10 2014 52000 transport poor security y 52000 1 https://medium.com/@vijayp/f6bc289679a1 Medium
Mozilla 10 2014 76000 web poor security 800000 20 http://www.theguardian.com/technology/2014/aug/05/mozilla-leak-developer-email-addresses-passwords-firefox The Guardian
Imgur Imgur are still investigating how the breach took place. The data was stolen in 2014, but Imgur claim they only discovered it in Nov 2017. 10 2014 1700000 app hacked 1700000 4000 https://blog.imgur.com/2017/11/24/notice-of-data-breach/ Imgur
Facebook Cambridge Analytica, headed at the time by Steve Bannon, harvested 50m profiles in early 2014 to build a system that could profile US voters and target them with political adverts. 10 2014 50000000 web hacked 50000000 1 https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election?CMP=twt_gu Guardian
Australian Immigration Department An employee of the agency inadvertently sent the passport numbers, visa details and other personal identifiers of all world leaders attending the G20 Brisbane summit to the organisers of the Asian Cup football tournament. Barack Obama, Vladimir Putin, Angela Merkel, Xi Jinping, Narendra Modi, David Cameron and many others. 11 2015 500000 government accidentally published 500000 50000 http://www.theguardian.com/world/2015/mar/30/personal-details-of-world-leaders-accidentally-revealed-by-g20-organisers The Guardian
Invest Bank United Arab Emirates bank Hacker breached a United Arab Emirates bank, demanding a ransom of $3m in bitcoin to stop tweeting data, mostly about corporate accounts. The hacker dumped files on the website of a basketball team, which he hacked for storage. The bank, Invest Bank, won't pay the ransom. 11 2015 40000 financial hacked 40000 50000 http://www.dailydot.com/politics/invest-bank-hacker-buba/ Daily Dot
IRS US Tax service "An unnamed cybermafia used an IRS app to download forms full of personal information. They posed as legitimate taxpayers, and tried to download forms on 200,000 people between February and May. They got away with half of them, the IRS said. The crooks used about 15,000 of them to claim tax refunds in other people's names." 11 2015 100000 government hacked 100000 1 http://money.cnn.com/2015/05/26/pf/taxes/irs-website-data-hack/index.html CNN
TalkTalk Telecoms provider 157k customers had personal details stolen, including 15,600 account numbers. 11 2015 157000 web hacked 160000 20 http://www.bbc.co.uk/news/uk-34784980 http://www.bbc.co.uk/news/uk-34611857 http://www.theguardian.com/business/2015/oct/22/talktalk-customer-data-hackers-website-credit-card-details-attack BBC News
MSpy kid & partner tracking service Data dump to the dark web "includes Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions", photos and very private conversations. 11 2015 400000 tech hacked 400000 20 http://krebsonsecurity.com/2015/05/mobile-spy-software-maker-mspy-hacked-customer-data-leaked/ Krebs on Security
British Airways Frequent flyer accounts 11 2015 500000 retail hacked 500000 1 http://www.theguardian.com/business/2015/mar/29/british-airways-frequent-flyer-accounts-hacked The Guardian
Hacking Team Italian cybersecurity firm sells digital surveillance software to law enforcement and national security organisations. 400 GB of documents - including software source code, private messages & client databases - has been stolen and put online via BitTorrent. The documents show the company has sold products to repressive regimes. 11 2015 500000 web hacked y 500000 50000 http://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim The Guardian
Slack software for remote working 11 2015 500000 tech hacked 500000 1 http://techcrunch.com/2015/03/27/slack-got-hacked/ Tech Crunch
Carefirst Blue Cross, Blue Shield US medical insurer Attacked happened in June 2014. Was announced in June 2015. 11 2015 1100000 healthcare hacked 1100000 1 http://carefirstanswers.com/ Carefirst
CarPhone Warehouse UK mobile phone supplier 11 2015 2700000 web hacked 2700000 50000 http://www.theguardian.com/technology/2015/aug/10/carphone-warehouse-uk-data-watchdog-investigating-customer-hack The Guardian
Adult Friend Finder Internet dating & hookup site Sexual preferences, names, email addresses, usernames, dates of birth, postal codes 11 2015 3900000 web hacked 3900000 1 http://www.channel4.com/news/adult-friendfinder-dating-hack-internet-dark-web Channel 4
US Office of Personnel Management "The intruders... gained access to...employees’ Social Security numbers, job assignments, performance ratings and training information" 11 2015 4000000 government hacked 4000000 20 http://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-governments-personnel-office/2015/06/04/889c0e52-0af7-11e5-95fd-d580f1c5d44e_story.html?tid=hpModule_04941f10-8a79-11e2-98d9-3012c1cd8d1e Washington Post
VTech Toymaker company Software used to download games to children's computer tablets was hacked, with personal info and photos stolen. 11 2015 6400000 web hacked 6400000 50000 http://www.theguardian.com/technology/2015/dec/02/vtech-hack-us-hong-kong-investigate-children-exposed http://www.troyhunt.com/2015/11/when-children-are-breached-inside.html The Guardian
Premera US healthcare provider Detected 29th Jan 2015. Occured May 2014. "C could include names, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information" 11 2015 11000000 healthcare hacked 11000000 50000 http://premeraupdate.com/ Premera
Kromtech MacKeeper software A security researcher stumbled on a leak, which exposed usernames, email addresses and passwords of users. He notified Kromtech, who patched it quickly. 11 2015 13000000 web hacked 13000000 1 https://thestack.com/security/2015/12/15/mackeeper-discloses-13-million-mac-users-details-with-poor-hash-protection/ https://www.reddit.com/r/apple/comments/3wq9fc/massive_data_breach/ The Stack
Experian / T-mobile The world's biggest data monitoring firm disclosed a massive breach of customers who applied for service with T-Mobile. Names, addresses, birth dates, Social Security numbers, drivers license numbers and passport numbers. 11 2015 15000000 web hacked 15000000 300 http://www.reuters.com/article/2015/10/02/us-tmobile-dataprotection-idUSKCN0RV5PL20151002 Reuters
US Office of Personnel Management (2nd Breach) attackers have targeted the forms submitted by intelligence and military personnel for security clearances. The document includes personal information - everything from eye colour, to financial history, to past substance abuse, as well as contact details for the individual's friends and relatives 11 2015 21500000 government hacked 21500000 50000 http://www.bbc.co.uk/news/world-us-canada-33120405 http://www.reuters.com/article/2015/07/09/us-cybersecurity-usa-idUSKCN0PJ2M420150709?feedType=RSS&feedName=topNews&utm_source=twitter BBC News
AshleyMadison.com US ex-marital affairs site 20th July 2015: DEVELOPING: Online hookup site for extra-marital affairs has been severely breached and the personal details of 37m users, as well as company financial records, threatened with release. Notorious hacking outfit The Impact Team has claimed responsibility. The hackers are demanding the shutdown of AM.com and other associated sites. 11 2015 37000000 web hacked 37000000 1 http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/ Krebs on Security
Securus Technologies Prison phone service provider Anonymous hacker leaked records of over 70m phone calls, plus links to recordings. Recording/storing attorney-client calls potentially violates constitutional protections. 11 2015 70000000 web hacked 70000000 50000 https://theintercept.com/2015/11/11/securus-hack-prison-phone-company-exposes-thousands-of-calls-lawyers-and-clients/ The Intercept
Uber Occured Sep 2014. Revealed Feb 2015. Names & license plates of 50,000 driver partners. 11 2015 50000 tech poor security 50000 1 http://blog.uber.com/2-27-15 Uber
Sanrio Hello Kitty and other franchises Security researcher was able to access a database of 3.3m of Sanrio's Sanriotown.com accounts, with links to other Sanrio Hello Kitty portals. 11 2015 3300000 web poor security 3300000 20 http://www.csoonline.com/article/3017171/security/database-leak-exposes-3-3-million-hello-kitty-fans.html CSO Online
Deep Root Analytics A database of 198 million US voters has been exposed as a result of incorrect configuration. 11 2015 198000000 web poor security 198000000 20 http://uk.reuters.com/article/us-usa-voters-breach-idUKKBN0UB1E020151229 https://www.upguard.com/breaches/the-rnc-files Reuters, UpGuard
RootsWeb Nov. Ancestry.com's community-driven site RootsWeb was exposed after passwords, email addresses and usernames were leaked from the server. 11 2015 300000 web poor security 300000 4000 https://threatpost.com/leaky-rootsweb-server-exposes-some-ancestry-com-user-data/129248/ Threat Post
Privatization Agency of the Republic of Serbia A text file with personal data and financial documents were made publically available on their website. 12 2016 5190396 government accidentally published 519396 20 http://www.shareconference.net/en/defense/personal-data-more-5-million-citizens-serbia-unlawfully-published Share Conference
Syrian government Hacking outfit calling itself 'Cyber Justice Team' leaked 10GB of data from the government and private websites. Seems to be just data from old leaks, though. 12 2016 274477 government hacked 274477 1 http://news.softpedia.com/news/syrian-government-hacked-43-gb-of-data-spilled-online-by-hacktivists-502765.shtml Softpedia
Minecraft Lifeboat' community Players using the Lifeboat servers have had their email addresses and passwords leaked. 12 2016 7000000 web hacked 7000000 1 http://motherboard.vice.com/read/another-day-another-hack-7-million-emails-and-hashed-passwords-for-minecraft Motherboard
Mossack Fonseca Panamanian law firm 2.6TB of data on politicians, criminals, professional athletes etc leaked from law firm Mossack Fonseca, including emails, contracts, scanned documents, transcripts... 12 2016 11500000 legal hacked y 11500000 50000 http://panamapapers.sueddeutsche.de/articles/56febff0a1bb8d3c3495adf4/ PanamaPapers
Mail. ru Game-related forums Two hackers attacked three game-related forums hosted by Russian company Mail.ru. 12 2016 25000000 web hacked 25000000 20 http://www.zdnet.com/article/over-25-million-accounts-stolen-after-mail-ru-forums-raided-by-hackers/ ZD Net
Fling Dating site A hacker claims to be selling info on sexual desires & preferences, as well as generic personal info, stolen from the dating site Fling. 12 2016 40000000 web hacked 40000000 4000 https://www.europol.europa.eu/iocta/2016/data-breach.html Europol
Turkish citizenship database Turkish citizenship database has allegedly been hacked and leaked online. 12 2016 49611709 government hacked 49611709 20 http://www.businessinsider.com/turkish-citizenship-database-allegedly-hacked-and-leaked-2016-4?r=UK&IR=T Business Insider
Philippines’ Commission on Elections COMELEC After a message was posted on the COMELEC website by hackers from Anonymous, warning the government not to mess with the elections, the entire database was stolen and posted online. 12 2016 55000000 government hacked 55000000 50000 http://blog.trendmicro.com/trendlabs-security-intelligence/55m-registered-voters-risk-philippine-commission-elections-hacked/ Trend Micro
Anthem Second-largest health insurer in the US Feb 2015: Names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information. 12 2016 80000000 healthcare hacked y 80000000 20 http://www.anthemfacts.com/faq Anthem Facts
VK Russia's Facebook Over 100m user accounts were hacked and the data put up for sale online. A VK spokesperson has denied that the site was breached, claiming the data for sale is old details no longer in use. 12 2016 100544934 web hacked 100544934 4000 http://motherboard.vice.com/read/another-day-another-hack-100-million-accounts-for-vk-russias-facebook Motherboard
Wendy's Restaurant chain Malware has been used in 1025 of Wendy's restaurants to steal credit card data from customers. It's currently unknown how many individuals have been impacted. 12 2016 1025 retail hacked 1025 300 http://abcnews.go.com/Technology/wireStory/wendys-1000-restaurants-affected-hack-40407208 ABC News
MySpace The same hacker who was selling LinkedIn user data now claims to have MySpace user data too, and lots of it. 12 2016 164000000 web hacked 164000000 1 http://motherboard.vice.com/read/427-million-myspace-passwords-emails-data-breach Motherboard
Linux Ubuntu forums 12 2016 2000000 web hacked 2000000 1 http://betanews.com/2016/07/15/ubuntu-linux-forums-hacked/ Beta News
uTorrent It's unclear what data has been breached, exactly, but uTorrent has advised passwords are probably compromised. 12 2016 35000 web hacked 35000 1 https://torrentfreak.com/utorrent-forums-hacked-passwords-compromised-160608/ Torrent Freak
Banner Health Hackers gained access to payment card data via food outlets at Banner Health locations. 12 2016 3700000 healthcare hacked 3700000 300 https://www.bannerhealth.com/news/2016/08/banner-health-identifies-cyber-attack# Banner Health
Mutuelle Generale de la Police French police health insurance Files uploaded to Google Drive by a 'malicious' employee. Data included home addresses. The leak came two weeks after a French police officer was murdered by ISIS-inspired attack. 12 2016 112000 healthcare inside job 112000 50000 http://www.bbc.co.uk/news/world-europe-36645519 BBC News
World Check Run by Thompson Reuters 2014 version of World-Check, a database of suspected terrorists and criminals, leaked online. It's unclear what data the records include. 12 2016 2200000 media poor security 2200000 300 https://thestack.com/security/2016/06/29/2-million-person-terror-database-leaked-online/ The Stack
Uber Uber paid the hackers $100,000 to delete the stolen data. Chief security officer Joe Sullivan has resigned. 12 2016 57000000 app hacked 57000000 1 https://www.bbc.co.uk/news/amp/technology-42075306 BBC
Red Cross Blood Service Info leaked includes data about 'at risk sexual behaviours' 13 2017 550000 healthcare accidentally published 550000 4000 http://www.abc.net.au/news/2016-10-28/red-cross-blood-service-admits-to-data-breach/7974036 ABC News
River City Media Spam operator A dodgy backup has allegedly resulted in over a billion leaked email addresses, plus other personal info in some cases, and has exposed RCM's business plans & operations. 13 2017 1370000000 web accidentally published 700000000 20 https://betanews.com/2017/03/06/river-city-media-spam-database-leak/ Beta News
Quest Diagnostics Nov. The stolen data contained names, DOBs, lab results and some telephone numbers. 13 2017 34000 healthcare hacked 34000 4000 http://newsroom.questdiagnostics.com/2016-12-12-Quest-Diagnostics-Provides-Notice-of-Data-Security-Incident#assets_129 Newsroom
Three Three mobile company in the UK Hackers broke into Three's customer database with the intention of fraudulently ordering handsets to sell on. They stole personal details, but no financial records or passwords were stored on the hacked system. 13 2017 200000 telecoms hacked 200000 20 http://www.threemediacentre.co.uk/news/2017/handsetfraud-update.aspx Three
Wonga Apr. Customers from the UK and Poland look to have been affected. 13 2017 270000 financial hacked 270000 50000 https://www.theguardian.com/business/2017/apr/09/wonga-data-breach-could-affect-250000-uk-customers?CMP=Share_iOSApp_Other The Guardian
PayAsUGym Dec. Fitness website hacked & email address published online. 13 2017 300000 web hacked 300000 1 http://www.bbc.co.uk/news/technology-38350987 BBC News
DaFont Font sharing site May. Apparently the hacker found out others were selling the site's database, so he decided to get in on the action himself. 13 2017 700000 web hacked 700000 4000 http://www.zdnet.com/article/font-sharing-site-dafont-hacked-thousands-of-accounts-stolen/ ZD Net
Brazzers Porn site Sept. 'The data contains 790,724 unique email addresses, and also includes usernames and plaintext passwords. (The set has 928,072 entries in all, but many are duplicates.' 13 2017 790724 web hacked 790724 4000 http://motherboard.vice.com/read/nearly-800000-brazzers-porn-site-accounts-exposed-in-forum-hack http://motherboard.vice.com/read/nearly-800000-brazzers-porn-site-accounts-exposed-in-forum-hack Motherboard
Snapchat Apr. Indian hackers apparently leaked data they stole last year in response to Snapchat CEO allegedly stating they had no plans to expand to 'poor countries' like India. Snapchat have yet to confirm any leak. 13 2017 1700000 app hacked 1700000 1 http://www.bgr.in/news/indian-hacker-group-leaks-data-of-1-7-million-snapchat-users-after-ceos-poor-country-comments-report/ BGR
Bell Somebody claiming to be behind the attack has threatened Bell with more leaks if they don't cooporate. 13 2017 1900000 telecoms hacked 1900000 1 http://www.cbc.ca/beta/news/technology/bell-data-breach-customer-names-phone-numbers-emails-leak-1.4116608 CBC
Cellebrite Cellebrite's main product is a device that rips data from mobile phones. 900GB of data was stolen from Cellebrite. The hackers got hacked. The number of records taken is unknown. 13 2017 3000000 tech hacked y 3000000 20 http://motherboard.vice.com/read/hacker-steals-900-gb-of-cellebrite-data Motherboard
Clinton campaign 13 2017 5000000 government hacked 5000000 20 https://techcrunch.com/2016/07/29/clinton-campaign-reportedly-breached-by-hackers/ Tech Crunch
ClixSense Sept. The information stolen contains usernames, passwords, home addresses, payment histories, and other banking details. 13 2017 6600000 web hacked 6600000 50000 http://www.digitaltrends.com/computing/clixsense-hacked/ Digital trends
Lynda.com owned by LinkedIn Hackers breached a database that held records of contact info and courses viewed. No official statement yet on how many records were actually stolen, and no evidence yet of them having been published anywhere. 13 2017 9500000 web hacked 9500000 1 https://www.neowin.net/news/microsoft-owned-linkedin-is-sending-emails-to-users-about-a-lyndacom-data-breach Neowin
Interpark July. South Korean police are blaming North Korea for stealing data in an attempt to obtain foreign currency. 13 2017 10000000 web hacked 10000000 20 http://www.nytimes.com/2016/07/29/world/asia/north-korea-hacking-interpark.html NY times
Zomato Restaurants & events The hacker is selling the stolen dataset for around $1000. 13 2017 17000000 web hacked 17000000 4000 https://www.hackread.com/zomato-hacked-17-million-accounts-sold-on-dark-web/ HackRead
Yahoo User accounts have been hacked using forged cookies to log in without a password over a 2 year period. 13 2017 32000000 web hacked 32000000 4000 https://www.cnet.com/news/yahoo-says-forged-cookie-attack-accessed-about-32m-accounts/ CNet
Weebly Feb. Usernames, passwords and IP addresses stolen, although passwords secured with bcrypt. 13 2017 43000000 web hacked 43000000 4000 https://techcrunch.com/2016/10/20/weebly-hacked-43-million-credentials-stolen/ Tech Crunch
Dailymotion video sharing site 85.2m email addresses extracted, but only 18.3m had associated passwords. 13 2017 85200000 web hacked 85200000 1 http://www.zdnet.com/article/dailymotion-hack-exposes-millions-of-accounts/ ZDNet
Friend Finder Network Parent company of Adult Friend Finder , Cams.com and Penthouse.com Usernames, email addresses, passwords for sites including Adult Friend Finder and Penthouse.com. Passwords encrypted, but LeakedSource claims to be able to crack 99% of them. 13 2017 412000000 web hacked 412000000 1 http://www.zdnet.com/article/adultfriendfinder-network-hack-exposes-secrets-of-412-million-users/ https://www.leakedsource.com/blog/friendfinder ZDNet / LeakedSource
Telegram Instant messaging service Despite Telegram's claims of super security, they've been hacked by a group called Rocket Kitten. 13 2017 15000000 tech hacked 15000000 1 http://venturebeat.com/2016/08/02/hackers-break-into-telegram-revealing-15-million-users-phone-numbers/ Venture Beat
Hong Kong Registration & Electoral Office "the personal information of the city’s 3.7 million voters was possibly compromised after the Registration and Electoral Office reported two laptop computers went missing at its backup venue for the chief executive election." 13 2017 3700000 government lost / stolen device or media 3700000 20 http://www.scmp.com/news/hong-kong/politics/article/2082566/laptops-containing-37-million-hong-kong-voters-data-stolen SCMP
Aadhaar Nov. The personal information of more than a billion Indians stored in the world’s largest biometric database can be bought online for less than £6, according to an investigation by an Indian newspaper. The reporter who broke the story has been named in a criminal complaint filed by government agency responsible for the data. 14 2017 1000000000 government accidentally published 1000000000 300 https://www.theguardian.com/world/2018/jan/04/india-national-id-database-data-leak-bought-online-aadhaar Guardian
CEX A misconfigured spambot leaked full contact info & financial details, although the newest financial data dates to 2009. 14 2017 2000000 retail accidentally published 2000000 300 https://www.theguardian.com/technology/2017/aug/30/spambot-leaks-700m-email-addresses-huge-data-breach-passwords The Guardian
Instagram A bug exposed user's contact information. Instagram initially said it affected only verified accounts, but has now admitted non-verified users were also affected. Instagram hasn't confirmed numbers, but hackers say they have info from 6m accounts. 14 2017 6000000 web hacked 6000000 1 https://www.theverge.com/2017/9/1/16244304/instagram-hack-api-bug-doxagram-selena-gomez The Verge
Equifax If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies. 14 2017 143000000 financial hacked y 143000000 50000 https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do UK Gov
Nival Videogame maker A teen hacker has randomly hacked several Russian websites. In a statement, he claims the hack was revenge for the MH17 crash. The companies affected have not commented, however Troy Hunt, a security researcher, has confirmed its legit. Nival and KM.ru were both hacked. 14 2017 1500000 web hacked 1500000 4000 https://motherboard.vice.com/en_us/article/pgkp57/a-teen-hacker-is-targeting-russian-sites-as-revenge-for-the-mh17-crash Motherboard
KM.ru News site and email provider A teen hacker has randomly hacked several Russian websites. In a statement, he claims the hack was revenge for the MH17 crash. The companies affected have not commented, however Troy Hunt, a security researcher, has confirmed its legit. Nival and KM.ru were both hacked. 14 2017 1500000 web hacked 1500000 4000 https://motherboard.vice.com/en_us/article/pgkp57/a-teen-hacker-is-targeting-russian-sites-as-revenge-for-the-mh17-crash Motherboard
Waterly App for paying water bills Jan 2017. Israel-based app contained a vulnerability in the sign-in process that could potentially expose user account details. The problem was fixed within 2 weeks of being identifiied. 14 2017 1000000 app poor security 1000000 300 https://www.databreaches.net/waterly-app-potentially-exposed-up-to-1-million-israelis-details-researcher/ Data Breaches
Swedish Transport Agency Information about all vehicles in the country (including military and police), made available to IT workers who hadn't been through usual security checks. The question of whether or not Sweden's national security was harmed is censored in the Säpo (Sweden's security police) report. 14 2017 3000000 government poor security y 3000000 50000 https://www.thelocal.se/20170717/swedish-authority-handed-over-keys-to-the-kingdom-in-it-security-slip-up The Local
Spambot A misconfigured spambot has leaked over 7m records, although many of them are likely to be fake or repeated accounts. 14 2017 711000000 web poor security 711000000 4000 https://www.theguardian.com/technology/2017/aug/30/spambot-leaks-700m-email-addresses-huge-data-breach-passwords The Guardian
SVR Tracking Vehicle tracking The leaked passwords were stored using SHA-1, a weak 20yr old hash program. 14 2017 540000 app poor security 540000 4000 https://thehackernews.com/2017/09/hacker-track-car.html The Hacker News
Viacom A misconfigured Amazon Web Server S3 cloud storage bucket was left wide open and public facing. 14 2017 3000000 web hacked 3000000 4000 https://thehackernews.com/2017/09/viacom-amazon-server.html The Hacker News
TIO Networks Owned by Paypal The company has not revealed what type of information was stolen. 14 2017 1600000 financial hacked 1600000 4000 https://www.bleepingcomputer.com/news/security/paypal-says-1-6-million-customer-details-stolen-in-breach-at-canadian-subsidiary/ Bleeping Computer
Al.type Dec. The app's developer failed to secure the database server. 14 2017 31000000 app poor security 31000000 4000 http://www.zdnet.com/article/popular-virtual-keyboard-leaks-31-million-user-data/ ZDNet
Malaysian telcos & MVNOs Oct. Data from numerous Malaysian telco & MVNO providers, including Celcom, Digi, Umobile, Maxis, Friendi, Merchantrade Asia, Tunetalk, Redtone, XOX, Altel, PLDT & EnablingAsia has been leaked. 14 2017 46200000 telecoms hacked 46200000 4000 https://www.lowyat.net/2017/146339/46-2-million-mobile-phone-numbers-leaked-from-2014-data-breach/ LowYat
Malaysian medical practitioners Oct. Databases belonging to the Malaysian Medical Council (MMC), the Malaysian Medical Association (MMA), and the Malaysian Dental Association (MDA) have been leaked. 14 2017 81309 healthcare hacked 81309 4000 https://www.lowyat.net/2017/146339/46-2-million-mobile-phone-numbers-leaked-from-2014-data-breach/ LowYat
MBM Company Limogés Jewellery Mar. Negligent storage of a customer database exposed full postal addresses, email addresses, IP addresses and plain-text passwords. 14 2018 1300000 retail poor security 1300000 4000 https://thenextweb.com/security/2018/03/14/jewelry-site-accidentally-leaks-personal-details-plaintext-passwords-1-3m-users/ NextWeb
Orbitz Mar. An old version of the Orbitz website was hacked, exposing personal details and payment card info. Orbitz is now owned by Expedia. 14 2018 880000 web hacked 880000 300 https://www.usnews.com/news/business/articles/2018-03-20/orbitz-legacy-travel-booking-platform-likely-hacked US News
Aadhaar India's national government ID database Mar. A security researcher discovered a system vulnerability which means that anybody could download private info on all Aadhaar users. The govt. department that deals with the database has denied the breach. 14 2018 1100000000 government poor security 1100000000 4000 http://www.zdnet.com/article/another-data-leak-hits-india-aadhaar-biometric-database/ ZDNet
Saks and Lord & Taylor Both owned by Hudson's Bay Company Apr. A known ring of cybercriminals implanted software into store cash registers, siphoning off payment card details. The company has not divulged how many accounts have been affected, but the research firm that identified the breach believe 5million records may have been stolen. 14 2018 5000000 retail hacked 5000000 300 https://www.nytimes.com/2018/04/01/technology/saks-lord-taylor-credit-cards.html NYTimes
Panerabread Customer records were available via the site for at least 8 months. Panerabread were alerted to the leak in Aug 2017, but didn't pull the site until Apr 2018. Panerabread claims 10k records were leaked, but security researchers put the figure at over 37 million. 14 2018 37000000 retail poor security 37000000 20 https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/ https://medium.com/@djhoulihan/no-panera-bread-doesnt-take-security-seriously-bf078027f815 Krebsonsecurity, Medium
MyFitnessPal UnderArmour Feb. Usernames, email addresses, and hashed user passwords were stolen. 14 2018 150000000 app hacked 150000000 1 https://www.theguardian.com/technology/2018/mar/30/hackers-steal-data-150m-myfitnesspal-app-users-under-armour Guardian
Twitter May. A glitch caused some passwords to be stored in readable text, visible on the internal computer system. 14 2018 330000000 app poor security 330000000 1 https://www.reuters.com/article/us-twitter-passwords/twitter-urges-all-users-to-change-passwords-after-glitch-idUSKBN1I42JG Reuters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment