With the advancements in technology, data breaches have become a common occurrence. For example, data breaches grew from a mere 600 in 2010 to over 1800 in 2021 in the United States only. Likewise, the annual security breaches have also grown exponentially in the rest of the world.
Data breaches have a devastating impact on the victims, be they individuals, organizations, or governments. Essentially, they could lead to severe financial losses, legal consequences, reputational damage, privacy loss, or even a threat to national security.
This article provides a detailed discussion of the biggest breaches worldwide, how they happen, types of data breaches, data breach targets, damages, and much more.
Quick list of the biggest data breaches since 2000
- Yahoo: Breach happened in 2013-2014 affecting 3 billion user accounts, but remained undetected over the following three years.
- Aadhaar: Hackers managed accessing sensitive details of over 1.2 billion registered Indians and selling it on WhatsApp groups.
- LinkedIn: The professional networking service exposed the data of around 700 million users to criminal hackers.
- Sina Weibo: The Chinese social media giant exposed personal information of 538 million users to the hackers who exploited the platform’s API.
- Facebook: Though it has had numerous security breaches in history, the most devastating incident happened in 2019, affecting 533 million users.
- Marriott International (Starwood): The hotel giant exposed sensitive personal and financial information of 500 million customers to the hackers.
- FriendFinder: The dating site suffered a hack in 2016, exposing sensitive data of over 400 million customers.
- MySpace: The incident gained attention after the hackers put the data of over 360 million MySpace users for sale on the dark web.
- Adobe: Hackers not only stole Adobe products source code, but also exfiltrated the naes and account credentials of over 150 million users.
- Equifax: The business faced severe criticism and backlash following the 2017 security breach that affected 147 million users.
- eBay: From the two data breaches it suffered, eBay’s 2014 hack was a serious one that impacted 145 million customers.
- Canva: The Aussie graphics design service exposed the data of 139 million users to the attackers, who then posted the data on the dark web.
- Capital One: The incident gained traction after the attackers confirmed stealing personal and financial information of over 106 million customers.
- JP Morgan Chase: The incident affected household consumers and the small companies alike, as the attackers exploited the stolen data for identity frauds.
- Uber: The popular commuting service paid $100k to the attackers to delete the stolen data of about 57 million Uber users.
- Home Depot: The hackers infected the firm’s payment system with a malware to steal data of over 56 million customers.
- Target Stores: Hackers accessed the vendors POS to steal personal and financial data of about 40 million customers.
What is a data breach?
A data breach refers to an incident in which private information or protected data is accessed, utilized, or disclosed without authority from persons holding the information. A data breach can happen due to user behavior or weaknesses in the technology used to store the information and may result in legal, financial, and reputation damages.
In this light, a data breach may occur through a cyberattack, improper disposal of data, or accidental data leaks. When such happens, a range of private information is exposed, including names, email addresses, social security numbers, credit card information, and location.
17 biggest security breaches in history
Here are some of the most devastating data breaches in the 21st century:
The Yahoo! data breaches happened in 2013 and 2014 and affected 3 billion accounts. The breaches were not discovered until 2016, when Yahoo disclosed that users’ private data, including names, email addresses, dates of birth, and security questions and answers, had been compromised by cybercriminals.
The company faced multiple lawsuits and regulatory investigations due to the breaches. In addition, the incident saw a significant drop in the company’s value to $350 million.
In 2018, a group of hackers gained access to the personal and biometric data of more than 1 billion Indians registered with the nation’s Aadhaar national identification system. Names, addresses, phone numbers, fingerprints, and 12-digit Aadhaar identification numbers of each enrollee, were among the personal data lost to hackers.
The data was sold for as little as $7 through WhatsApp groups. The Indian government received criticism for the insufficient security measures to protect the personal information of the Aadhaar enrolees.
In 2012, nearly 700 million LinkedIn user accounts had their names, email addresses, and passwords compromised due to the data breach. The hackers stole the login information through a third-party website.
Afterward, LinkedIn invalidated the leaked passwords and contacted the impacted members to request new passwords. The corporation came under fire for failing to encrypt user passwords and for not alerting customers of the hack for several days.