Information is Beautiful: Data Breaches (public)
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
Still loading...
Entityalternative namestoryYEARrecords lostORGANISATIONMETHOD OF LEAKNO OF RECORDS STOLENDATA SENSITIVITY1st source link2nd source link3rd sourcesource name
Elaboration if there's an interesting story or detail behind ityears are encoded (0=2004, 8 = 2012, 9 = 2013, 10=2014, 11=2015, 12=2016, 13 = latest)(use 3m, 4m, 5m or 10m to approximate unknown figures)(use 3m, 4m, 5m or 10m to approximate unknown figures)1. Just email address/Online information 20 SSN/Personal details 300 Credit card information 4000 Email password/Health records 50000 Full bank account details
Netflix Twitter accountDec. 'OurMine' hacked Netflix's Twitter account & sent out mocking tweets. 131webhacked11
Tesco BankNov. £2.5m stolen from 9000 customer accounts. 139,000bankinghacked900050000 Register
Quest DiagnosticsNov. The stolen data contained names, DOBs, lab results and some telephone numbers.1334,000healthcarehacked340004000
ThreeThree mobile company in the UKHackers broke into Three's customer database with the intention of fraudulently ordering handsets to sell on. They stole personal details, but no financial records or passwords were stored on the hacked system. 13200,000telecomshacked20000020
WongaApr. Customers from the UK and Poland look to have been affected. 13270,000financialhacked27000050000
PayAsUGymDec. Fitness website hacked & email address published online.13300,000webhacked3000001
Red Cross Blood ServiceInfo leaked includes data about 'at risk sexual behaviours'13550,000healthcareaccidentally published5500004000
BrazzersPorn siteSept. 'The data contains 790,724 unique email addresses, and also includes usernames and plaintext passwords. (The set has 928,072 entries in all, but many are duplicates.'13790,724webhacked7907244000
Waterly by MGAR LtdApp for paying water billsJan. Israel-based app contained a vulnerability in the sign-in process that could potentially expose user account details. The problem was fixed within 2 weeks of being identifiied. 131,000,000appvulnerability1000000300
SnapchatApr. Indian hackers apparently leaked data they stole last year in response to Snapchat CEO allegedly stating they had no plans to expand to 'poor countries' like India. Snapchat have yet to confirm any leak.131,700,000apphacked17000001
CellebriteCellebrite's main product is a device that rips data from mobile phones. 900GB of data was stolen from Cellebrite. The hackers got hacked. The number of records taken is unknown. Motherboard quotes the hacker as stating “I can't say too much about what has been done. It's one thing to slap them, it's a very different thing to take pictures of [their] balls hanging out.”

Clinton campaign135,000,000governmenthacked500000020
ClixSenseSept. The information stolen contains usernames, passwords, home addresses, payment histories, and other banking details.136,600,000webhacked660000050000
Lynda.comowned by LinkedInHackers breached a database that held records of contact info and courses viewed. No official statement yet on how many records were actually stolen, and no evidence yet of them having been published anywhere.139,500,000webhacked95000001
InterparkJuly. South Korean police are blaming North Korea for stealing data in an attempt to obtain foreign currency. 1310,000,000webhacked1000000020
Telegram Instant messaging serviceDespite Telegram's claims of super security, they've been hacked by a group called Rocket Kitten. 1315,000,000techhacked150000001
YahooUser accounts have been hacked using forged cookies to log in without a password over a 2 year period. 1332,000,000webhacked320000004000
WeeblyFeb. Usernames, passwords and IP addresses stolen, although passwords secured with bcrypt. 1343,000,000webhacked430000004000
Dailymotionvideo sharing site85.2m email addresses extracted, but only 18.3m had associated passwords.1385,200,000webhacked852000001
Friend Finder NetworkParent company of Adult Friend Finder , and Penthouse.comUsernames, email addresses, passwords for sites including Adult Friend Finder and Passwords encrypted, but LeakedSource claims to be able to crack 99% of them.13412,000,000webhacked4120000001, LeakedSource
River City MediaSpam operatorA dodgy backup has allegedly resulted in over a billion leaked email addresses, plus other personal info in some cases, and has exposed RCM's business plans & operations. 131,370,000,000webleak137000000020 News
Code.orgNon-profit organisationVolunteer email addresses were left accessible via web browser. 1210webpoor security101
Wendy'sRestaurant chainMalware has been used in 1025 of Wendy's restaurants to steal credit card data from customers. It's currently unknown how many individuals have been impacted.121,025retailhacked1025300
National Childbirth TrustCharityLondon-based charity hacked for user information. 1215,000webhacked150001
uTorrent It's unclear what data has been breached, exactly, but uTorrent has advised passwords are probably compromised. 1235,000webhacked350001
VerizonSecurity servicesCustomer database and information about company's security flaws stolen and put up for sale. 12100,000webhacked100001
Mutuelle Generale de la PoliceFrench police health insuranceFiles uploaded to Google Drive by a 'malicious' employee. Data included home addresses. The leak came two weeks after a French police officer was murdered by ISIS-inspired attack.12112,000healthcareleak11200050000
Syrian governmentHacking outfit calling itself 'Cyber Justice Team' leaked 10GB of data from the government and private websites. Seems to be just data from old leaks, though.12274,477governmenthacked2744771
Linux Ubuntu forums122,000,000webhacked20000001
World CheckRun by Thompson Reuters2014 version of World-Check, a database of suspected terrorists and criminals, leaked online. It's unclear what data the records include.122,200,000medialeak2200000300
Banner HealthHackers gained access to payment card data via food outlets at Banner Health locations.123,700,000healthcarehacked3700000300
Privatization Agency of the Republic of SerbiaA text file with personal data and financial documents were made publically available on their website. 125,190,396governmentleak51939620
MinecraftLifeboat' communityPlayers using the Lifeboat servers have had their email addresses and passwords leaked.127,000,000webhacked70000001
Mossack FonsecaPanamanian law firm 2.6TB of data on politicians, criminals, professional athletes etc leaked from law firm Mossack Fonseca, including emails, contracts, scanned documents, transcripts...1211,500,000legalleak1150000050000
Mail. ruGame-related forumsTwo hackers attacked three game-related forums hosted by Russian company 1225,000,000webhacked2500000020
FlingDating siteA hacker claims to be selling info on sexual desires & preferences, as well as generic personal info, stolen from the dating site Fling. 1240,000,000webhacked400000004000
Turkish citizenship databaseTurkish citizenship database has allegedly been hacked and leaked online.1249,611,709governmentleak4961170920 Insider
Philippines’ Commission on ElectionsCOMELECAfter a message was posted on the COMELEC website by hackers from Anonymous, warning the government not to mess with the elections, the entire database was stolen and posted online. 1255,000,000governmenthacked5500000050000
Anthem Second-largest health insurer in the USFeb 2015: Names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.1280,000,000healthcarehacked8000000020
VKRussia's FacebookOver 100m user accounts were hacked and the data put up for sale online. A VK spokesperson has denied that the site was breached, claiming the data for sale is old details no longer in use.12100,544,934webhacked1005449344000
MySpaceThe same hacker who was selling LinkedIn user data now claims to have MySpace user data too, and lots of it. 12164,000,000webhacked1640000001
Invest BankUnited Arab Emirates bankHacker breached a United Arab Emirates bank, demanding a ransom of $3m in bitcoin to stop tweeting data, mostly about corporate accounts. The hacker dumped files on the website of a basketball team, which he hacked for storage. The bank, Invest Bank, won't pay the ransom. 1140,000financialhacked4000050000
UberOccured Sep 2014. Revealed Feb 2015. Names & license plates of 50,000 driver partners.1150,000techpoor security500001
IRSUS Tax service"An unnamed cybermafia used an IRS app to download forms full of personal information. They posed as legitimate taxpayers, and tried to download forms on 200,000 people between February and May. They got away with half of them, the IRS said. The crooks used about 15,000 of them to claim tax refunds in other people's names."11100,000governmentpoor security1000001
TalkTalkTelecoms provider157k customers had personal details stolen, including 15,600 account numbers. 11157,000webhacked16000020, Guardian
MSpykid & partner tracking serviceData dump to the dark web "includes Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions", photos and very private conversations.11400,000techhacked40000020 Security
Australian Immigration DepartmentAn employee of the agency inadvertently sent the passport numbers, visa details and other personal identifiers of all world leaders attending the G20 Brisbane summit to the organisers of the Asian Cup football tournament. Barack Obama, Vladimir Putin, Angela Merkel, Xi Jinping, Narendra Modi, David Cameron and many others.11500,000governmentaccidentally published50000050000
British AirwaysFrequent flyer accounts11500,000retailhacked5000001
Hacking TeamItalian cybersecurity firm sells digital surveillance software to law enforcement and national security organisations. 400 GB of documents - including software source code, private messages & client databases - has been stolen and put online via BitTorrent. The documents show the company has sold products to repressive regimes.11500,000webhacked50000050000 Guardian
Slacksoftware for remote working11500,000techpoor security5000001
CarefirstBlue Cross, Blue Shield US medical insurerAttacked happened in June 2014. Was announced in June 2015.111,100,000healthcarehacked11000001
CarPhone WarehouseUK mobile phone supplier112,700,000webhacked270000050000
SanrioHello Kitty and other franchisesSecurity researcher was able to access a database of 3.3m of Sanrio's accounts, with links to other Sanrio Hello Kitty portals.113,300,000webconfiguration error330000020
Adult Friend FinderInternet dating & hookup siteSexual preferences, names, email addresses, usernames, dates of birth, postal codes113,900,000webhacked39000001
US Office of Personnel Management"The intruders... gained access to...employees’ Social Security numbers, job assignments, performance ratings and training information"114,000,000governmenthacked400000020
VTechToymaker companySoftware used to download games to children's computer tablets was hacked, with personal info and photos stolen. 116,400,000webhacked640000050000, TroyHunt
PremeraUS healthcare providerDetected 29th Jan 2015. Occured May 2014. "C could include names, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information"1111,000,000healthcarehacked1100000050000
KromtechMacKeeper softwareA security researcher stumbled on a leak, which exposed usernames, email addresses and passwords of users. He notified Kromtech, who patched it quickly. 1113,000,000webhacked130000001, Reddit
Experian / T-mobileThe world's biggest data monitoring firm disclosed a massive breach of customers who applied for service with T-Mobile. Names, addresses, birth dates, Social Security numbers, drivers license numbers and passport numbers.1115,000,000webhacked15000000300
US Office of Personnel Management (2nd Breach)attackers have targeted the forms submitted by intelligence and military personnel for security clearances. The document includes personal information - everything from eye colour, to financial history, to past substance abuse, as well as contact details for the individual's friends and relatives1121,500,000governmenthacked2150000050000, Reuters
AshleyMadison.comUS ex-marital affairs site20th July 2015: DEVELOPING: Online hookup site for extra-marital affairs has been severely breached and the personal details of 37m users, as well as company financial records, threatened with release. Notorious hacking outfit The Impact Team has claimed responsibility. The hackers are demanding the shutdown of and other associated sites.1137,000,000webhacked370000001 Security
Securus TechnologiesPrison phone service providerAnonymous hacker leaked records of over 70m phone calls, plus links to recordings. Recording/storing attorney-client calls potentially violates constitutional protections.1170,000,000webhacked7000000050000
Deep Root AnalyticsA database of 198 million US voters has been exposed as a result of incorrect configuration. 11198,000,000webconfiguration error19800000020, UpGuard
New York TaxisA freedom of information request resulted in the release of data on all 173 million journeys undertaken by New York taxis in one year. Unfortunately, the data was incorrectly anonymised and relatively easy to decode, revealing the driver IDs, pickup & dropoff times, and GPS routes taken for every single cab journey.1052,000transportpoor security520001
Mozilla1076,000webpoor security80000020
NASDAQNasdaq OMX GroupNasdaq forum website hacked by hacking ring, email addresses and passwords compromised10500,000financialhacked5000001
Dominios Pizzas (France)10600,000webhacked6000001
Japan AirlinesOct 2014: Japan Airlines confirmed the possible theft of information from up to around 750,000 frequent-flier programme members. Data that may have been stolen included names, genders, birth dates, addresses, email addresses and places of work.10750,000transporthacked80000020 Street Journal, Japan Airlines
D&B, AltegrityHackers stole millions of social security numbers from large US data brokers Dun & Bradstreet Corp and Kroll Background America Inc, owned by Altegrity. Correction 7 Jan 2015: we previously stated that records were stolen from LexisNexis. LexisNexis conducted a thorough investigation of the malware intrusion and found no evidence that the malware accessed or stole any customer or consumer data. 101,000,000techhacked1000000300 Today; Reuters; BBC News
Neiman MarcusUS retailer101,100,000retailhacked110000020, Krebson Security
European Central Bank104,000,000financialhacked40000001 am
UPSMalware was discovered in the credit & debit card processing systems at 51 branches in 24 states.104,000,000retailhacked4000000300
Community Health SystemsAug 2014: Community Health Systems, which operates 206 hospitals across the US, had patient data from the last 5 years breached. Details included names, addresses, social security numbers. Suspected "chinese hackers" were thought responsible. Goal: identity theft.104,500,000healthcarehacked450000020
"Gmail"5 million Gmail account passwords leaked to a forum, alongside passwords from other email providers. Close inspection revealed the user details to be old (3+ years). Multiple individual targeted hacks of third party websites where people used their Gmail IDs, rather than one big dataleak, suspected to be the method. Gmail itself was not hacked. 105,000,000webhacked50000001
Sony PicturesWide-ranging hack of potentially every piece of data held by the company, including: unreleased films & scripts, employee social security numbers, salaries and health check results, as well as sensitive internal business documents relating to lay-offs, restructures and executive salaries. Lead suspects are "North Korean hackers" perhaps related to the Seth Rogen film, "The Interview" which mocks the North Korean dictator, Kim Jong Un.1010,000,000mediahacked1000000020
Twitch.tvGaming siteMarch 23rd. Details unknown at this point. All Twitch's 10 million users have been requested to change their passwords.1010,000,000healthcarehacked100000001
Korea Credit Bureau1020,000,000financialinside job2000000050000
Home DepotMalware installed on cash register system across 2,200 stores syphoned credit card details of up to 56 million customers. May be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others1056,000,000retailhacked56000000300 Security
TargetInvestigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores. Originally 40m customers. Now 70m!1070,000,000retailhacked7000000020,0,3434295.story
JP Morgan ChaseJuly 2014: The US's largest bank was compromised by hackers, stealing names, addresses, phone numbers and emails of account holders. The hack began in June but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers.1076,000,000financialhacked76000000300
EbayThe company has said hackers attacked between late February and early March with login credentials obtained from “a small number” of employees. They then accessed a database containing all user records and copied “a large part” of those credentials.10145,000,000webhacked1450000001 Tribune
YahooHappened in 2014, but no. records stolen was originally thought to be much smaller. Yahoo recently revealed the real numbers.10500,000,000webhacked50000000020 Insider
South Africa policeSouth Africa Police Service's anonymous whistleblowing websiteHacker collective 'Anonymous' hacked an anonymous whistleblowing website run by the South Africa Police Service (SAPS), revealing the identities of thousands of its users. The hack was in response to the massacre of 34 protesting miners at Marikana in August 2012.916,000governmenthacked 1600020
Crescent Health Inc., WalgreensNames, Social Security numbers, health insurance identification numbers, health insurance information, dates of birth, diagnoses, other medical information, disability codes, addresses, and phone numbers may have been exposed via a laptop theft.9100,000healthcarelost / stolen computer1000004000 Rights
Florida CourtsFlorida Department of Juvenile Justice9100,000governmentlost / stolen computer10000020 Rights
Florida Department of Juvenile JusticeThree computers were stolen that contained both youth and employee records was reported stolen on January 2, 2013. Over 100,000 records were on the device and may have been exposed.9100,000governmentlost / stolen computer10000020 Rights
Central Hudson Gas & ElectricCustomer banking information and other personal information may have been accessed during the hack.9110,000energyhacked100000300 Rights
Kirkwood Community CollegeHacked online database9125,000academichacked13000020 Rights
Indiana UniversityStudents who attended the university between 2011 and 2014 may have had their data exposed after it was stored on an unprotected site. The data was accessed by three webcrawlers but there is not evidence it was accessed by any unauthorized individuals.9146,000academicpoor security15000020 University
CitigroupThird big data breach from Citigroup."The personal information of 150,000 consumers who went into bankruptcy between 2007 and 2011 – including their social security numbers – were exposed after Citi failed to properly redact court records before they were put on the Public Access to Court Electronic Records (PACER) system."9150,000financialpoor security15000020
Washington State court systemAdministrative officesUp to 160,000 Social Security numbers and a million driver's license numbers may have been accessed by hackers exploiting old versions of Adobe Cold Fusion software on the server. 9160,000governmenthacked16000020; Privacy Rights
TerraCom & YourTelThe telecom firms TerraCom and YourTel have branded reporters for Scripps News as "hackers" after journalists discovered that the personal data of over 170,000 customers - including social security numbers and other identifying data that could be used for identity theft - were sitting on a publicly accessible server.9170,000telecomsaccidentally published18000020 Boing; Wired
NintendoJapan's Club Nintendo serviceJapan's Club Nintendo service was hacked following thousands of unauthorized accesses. Customer information compromised in the attack includes full names, phone numbers, home and email addresses.9240,000gaminghacked25000020
TwitterHackers had access to limited user information -- usernames, email addresses, session tokens and encrypted/salted versions of passwords -- for approximately 250,000 users.9250,000webhacked 2500001
2017 update
Jan 2015 update
July 2013 update (old)