Information is Beautiful: Data Breaches (public)
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
£
%
123
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
|
 
Still loading...
ABCDEFGHIJKLMNOPQRSTUVWXYZAAABACADAEAFAGAHAIAJAKALAMANAOAPAQARASATAUAVAWAXAYAZBABB
1
namealternativenamenotesprimaryvaluesubcategorycategorytypehighlightmetric_001metric_002metric_003metric_004excludefirstsourcesecondsourcethirdsource
2
Entityalternative namestoryYEARrecords lostORGANISATIONMETHOD OF LEAKinteresting storyNO OF RECORDS STOLENDATA SENSITIVITYUNUSEDUNUSEDExclude1st source link2nd source link3rd sourcesource nameUNUSEDUNUSEDUNUSEDUNUSEDUNUSEDUNUSEDLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual study
3
update as of 8 Jan 2015Elaboration if there's an interesting story or detail behind ityears are encoded (0=2004, 8 = 2012, 9 = 2013, 10=2014, 11=latest)context & leak size1. Just email address/Online information 20 SSN/Personal details 300 Credit card information 4000 Email password/Health records 50000 Full bank account detailsShow this item in the viz?
4
Staples111,160,000transporthacked1160000300http://fortune.com/2014/12/19/staples-cards-affected-breach/
5
Sony PicturesWide-ranging hack of potentially every piece of data held by the company, including: unreleased films & scripts, employee social security numbers, salaries and health check results, as well as sensitive internal business documents relating to lay-offs, restructures and executive salaries. Lead suspects are "North Korean hackers" perhaps related to the Seth Rogen film, "The Interview" which mocks the North Korean dictator, Kim Jong Un.11100 terrabytesmediahacked100000004http://www.buzzfeed.com/tomgara/sony-hack
6
Japan AirlinesOct 2014: Japan Airlines confirmed the possible theft of information from up to around 750,000 frequent-flier programme members. Data that may have been stolen included names, genders, birth dates, addresses, email addresses and places of work.11750,000transporthacked750,00020http://online.wsj.com/articles/japan-airlines-reports-hacker-attack-1412053828http://www.jal.co.jp/en/info/other/140924.html
7
JP Morgan ChaseJuly 2014: The US's largest bank was compromised by hackers, stealing names, addresses, phone numbers and emails of account holders. The hack began in June but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers.1176,000,000financialhackedy76000000300http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/?_php=true&_type=blogs&_r=0
8
Community Health ServicesAug 2014: Community Health Systems, which operates 206 hospitals across the US, had patient data from the last 5 years breached. Details included names, addresses, social security numbers. Suspected "chinese hackers" were thought responsible. Goal: identity theft.114,500,000healthcarehackedy450000020http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/
9
Gmail5 million Gmail account passwords leaked to a forum, alongside passwords from other email providers. Close inspection revealed the user details to be old (3+ years). Multiple individual targeted hacks of third party websites where people used their Gmail IDs, rather than one big dataleak, suspected to be the method. Gmail itself was not hacked. 115,000,000webhackedy50000001Xhttp://thenextweb.com/google/2014/09/10/4-93-million-gmail-usernames-passwords-published-google-says-evidence-systems-compromised/
10
Home DepotMalware installed on cash register system across 2,200 stores syphoned credit card details of up to 56 million customers. May be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others1156,000,000retailhackedy56000000300http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/
11
Mozilla1176,000webpoor security76000020http://www.theguardian.com/technology/2014/aug/05/mozilla-leak-developer-email-addresses-passwords-firefox
12
AdobeSep 17th 2013. Hackers obtained access to a large swathe of Adobe customer IDs and encrypted passwords & removed sensitive information (i.e. names, encrypted credit or debit card numbers, expiration dates, etc.). Approximately 36 million Adobe customers were involved: 3.1 million whose credit or debit card information was taken and nearly 33 million active users whose current, encrypted passwords were in the database taken. Correction Jan 2015: we previously reported 152m records were taking, but the remainder affected invalid, inactive, test accounts or had out-of-date passwords associated with them.936,000,000techhackedy3600000050000http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.htmlhttp://www.zdnet.com/adobe-admits-2-9m-customer-accounts-have-been-compromised-7000021546/http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/
13
AOL102,400,000webhacked240000001http://blog.aol.com/2014/04/28/aol-security-update/
14
Dominios Pizzas (France)10600,000webhacked6000001http://www.theguardian.com/technology/2014/jun/16/dominos-pizza-ransom-hack-data
15
EbayThe company has said hackers attacked between late February and early March with login credentials obtained from “a small number” of employees. They then accessed a database containing all user records and copied “a large part” of those credentials.10145,000,000webhackedy1450000001http://my.chicagotribune.com/#section/-1/article/p2p-80265168/
16
European Central Bank10"unknown"financialhacked40000001http://www.cityam.com/1406190300/ecb-website-hacked
17
Korea Credit Bureau1020000000financialinside job2000000050000http://www.securityweek.com/20-million-people-fall-victim-south-korea-data-leak
18
D&B, AltegrityHackers stole millions of social security numbers from large US data brokers Dun & Bradstreet Corp and Kroll Background America Inc, owned by Altegrity. Correction 7 Jan 2015: we previously stated that records were stolen from LexisNexis. LexisNexis conducted a thorough investigation of the malware intrusion and found no evidence that the malware accessed or stole any customer or consumer data. 101,000,000techhacked1000000300http://www.usatoday.com/story/cybertruth/2013/09/26/lexisnexis-dunn--bradstreet-altegrity-hacked/2878769/http://www.reuters.com/article/2013/09/26/us-cyberattacks-databrokers-idUSBRE98P03220130926http://www.bbc.co.uk/news/technology-24284277USA Today; Reuters; BBC News
19
MacRumours.com10860,000webhacked8600001http://www.wired.co.uk/news/archive/2013-11/13/mac-rumours-forums-hacked
20
NASDAQNasdaq OMX GroupNasdaq forum website hacked by hacking ring, email addresses and passwords compromised10unknownfinancialhackedy5000001http://www.reuters.com/article/2013/07/18/net-us-nasdaq-cybercrime-website-idUSBRE96H1F520130718
21
Neiman MarcusUS retailer101,100,000retailhacked110010020http://www.nytimes.com/2014/01/24/business/neiman-marcus-breach-affected-1-1-million-cards.htmlhttp://krebsonsecurity.com/2014/08/stealthy-razor-thin-atm-insert-skimmers/
22
New York TaxisA freedom of information request resulted in the release of data on all 173 million journeys undertaken by New York taxis in one year. Unfortunately, the data was incorrectly anonymised and relatively easy to decode, revealing the driver IDs, pickup & dropoff times, and GPS routes taken for every single cab journey.1052,000transportpoor securityy520001https://medium.com/@vijayp/f6bc289679a1
23
TargetInvestigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores. Originally 40m customers. Now 70m!1070,000,000retailhackedy70000000200http://www.chicagotribune.com/news/sns-rt-us-target-breach-20131218,0,3434295.storyhttp://www.huffingtonpost.com/2013/12/19/target-hacked-customer-credit-card-data-accessed_n_4471672.html?utm_hp_ref=mostpopularhttp://techcrunch.com/2014/01/10/targets-data-breach-gets-worse-70-million-customers-had-info-stolen-including-names-emails-and-phones/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=NetvibesITRC
24
UPSMalware was discovered in the credit & debit card processing systems at 51 branches in 24 states.10"unknown"retailhacked4000000300http://time.com/3151681/ups-hack/
25
Advocate Medical Group4,000,000 patient names, addresses, dates of birth, and Social Security numbers were contained in four computers stolen from an administrative building. Second biggest security breach ever reported to the Department of Health and Human Services (HHS).94,000,000healthcarelost / stolen mediay4,000,00020http://healthitsecurity.com/2013/08/27/advocate-medical-group-endures-massive-data-breach/http://datalossdb.org/latest_incidents_remote_sync
26
AppleDeveloper portal hacked. "Some" information about 275,000 3rd-party developers potentially stolen.9275,000techhacked2750001http://www.guardian.co.uk/technology/2013/jul/22/apple-developer-site-hacked
27
Central Hudson Gas & ElectricCustomer banking information and other personal information may have been accessed during the hack.9110,000energyhacked110000300http://www.privacyrights.org/data-breachPrivacy Rights
28
CitigroupThird big data breach from Citigroup."The personal information of 150,000 consumers who went into bankruptcy between 2007 and 2011 – including their social security numbers – were exposed after Citi failed to properly redact court records before they were put on the Public Access to Court Electronic Records (PACER) system."9150,000financialpoor securityy150,00020http://news.softpedia.com/news/Citi-Exposes-Details-of-150-000-Individuals-Who-Went-into-Bankruptcy-369979.shtml
29
Crescent Health Inc., WalgreensNames, Social Security numbers, health insurance identification numbers, health insurance information, dates of birth, diagnoses, other medical information, disability codes, addresses, and phone numbers may have been exposed via a laptop theft.9100,000healthcarelost / stolen computer1000004000http://www.privacyrights.org/data-breachPrivacy Rights
30
Drupalopen-source content management platformMalicious files placed on association.drupal.org servers via a 3rd-party application. Exposed usernames, e-mail addresses, country information, and cryptographically hashed passwords.91,000,000webhacked10000001http://arstechnica.com/security/2013/05/drupal-org-resets-login-credentials-after-hack-exposes-password-data/Ars Technica
31
Evernoteonline note-taking siteEvernote asked its 50 million users to reset their passwords following an attempt to hack the note-taking network. The company said it’d found no evidence that any payment information for Evernote Premium or Evernote Business customers had been accessed, nor was there any indication that content stored by users had been accessed, changed or lost.950,000,000webhacked500000001http://www.wired.co.uk/news/archive/2013-03/04/evernote-hackedhttp://www.digitaltrends.com/mobile/evernote-hack-50-million-users-forced-to-reset-passwords/Wired; Digital Trends
32
FacebookUsing the network's "Download Your Information" tool, some Facebook members were inadvertently sent the phone numbers or email address of Facebook friends that were otherwise private. Facebook assured users that the bug was fixed within a day, and that there is no evidence that the information was used maliciously.96,000,000webaccidentally published60000001https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766
33
Florida CourtsFlorida Department of Juvenile Justice9100,000governmentlost / stolen computer10000020http://www.privacyrights.org/data-breachPrivacy Rights
34
Florida Department of Juvenile JusticeThree computers were stolen that contained both youth and employee records was reported stolen on January 2, 2013. Over 100,000 records were on the device and may have been exposed.9100,000governmentlost / stolen computer100,00020http://www.privacyrights.org/data-breachPrivacy Rights
35
Indiana UniversityStudents who attended the university between 2011 and 2014 may have had their data exposed after it was stored on an unprotected site. The data was accessed by three webcrawlers but there is not evidence it was accessed by any unauthorized individuals.9146,000academicpoor security14600020Xhttp://news.iu.edu/releases/iu/2014/02/data-exposure-disclosure.shtmlhttp://www.usatoday.com/story/news/nation/2014/02/26/indiana-university-data-breach/5830685/Indiana University
36
Kirkwood Community CollegeHacked online database9125,000academichacked12500020http://www.privacyrights.org/data-breachhttp://www.databreachwatch.org/community-college-data-breach-leaks-125000-ssns/Privacy Rights
37
Kissinger CablesMore than 1.7 million US diplomatic records for the period 1973 to 1976, including intelligence reports and congressional correspondence.Wikileaks91,700,000governmentinside job1700000300https://www.wikileaks.org/plusd/about/
38
Living Socialspecial offers websiteOnline criminals gained access to user names, e-mail addresses, dates of birth & encrypted passwords for 50 million people. Databases storing financial information were not compromised in the attack, the company said.950,000,000webhacked500000004000http://nakedsecurity.sophos.com/2013/04/27/livingsocial-hacked-50-million-affected/http://bits.blogs.nytimes.com/2013/04/26/living-social-hack-exposes-data-for-50-million-customers/Naked Security; New York Times
39
NintendoJapan's Club Nintendo serviceJapan's Club Nintendo service was hacked following thousands of unauthorized accesses. Customer information compromised in the attack includes full names, phone numbers, home and email addresses.9240,000gaminghacked23932620http://www.joystiq.com/2013/07/05/club-nintendo-japan-hacked/
40
NMBSBelgian national railway operatorData stored on a non-secure server, making it possible to access names, gender, DOB, email and postal address data of customers externally by means of a simple search engine query. Most of the data belong to customers in Belgium, France and the UK, including thousands of Commission and Parliament employees. Caused, the NMBS said, by a data worker “clicking on the wrong button”.91,460,000transportaccidentally published146000020http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+WQ+E-2013-001939+0+DOC+XML+V0//EN&language=nlhttp://www.flanderstoday.eu/business/nmbs-data-leak-was-breach-privacyEuropean Parliament
41
OVHFrench Internet host9undisclosedwebhacked50000020http://status.ovh.net/?do=details&id=5070
42
Scribd"world's largest online library" Hack resulted in a few hundred thousand stolen passwords.9500,000webhacked5000001http://nakedsecurity.sophos.com/2013/04/05/scribd-worlds-largest-online-library-admits-to-network-intrusion-password-breach/http://www.nbcnews.com/technology/scribd-hack-exposes-thousands-users-1B9239618Naked Security; NBC News
43
SnapChat31st Dec 2013. Hackers abused an exploit to syphon 4.7m user details, including phone numbers. Check here to see if your account was compromised: http://lookup.gibsonsec.org/94,700,000web, techhacked470000020http://www.forbes.com/sites/andygreenberg/2012/01/15/zappos-says-hackers-accessed-24-million-customers-account-details/
44
South Africa policeSouth Africa Police Service's anonymous whistleblowing websiteHacker collective 'Anonymous' hacked an anonymous whistleblowing website run by the South Africa Police Service (SAPS), revealing the identities of thousands of its users. The hack was in response to the massacre of 34 protesting miners at Marikana in August 2012.916,000governmenthacked y1600020http://www.wired.co.uk/news/archive/2013-05/22/south-africa-whistleblower-leakWired
45
ssndob.msSSNDOB was an underground identity theft service. Teenage hackers used it to collect data for exposed.su, a site that listed the SSNs, birthdays, phone numbers, current and previous addresses for dozens of top celebrities including Beyonce, Kanye West and Michelle Obama. In doing so they revealed SSNDOB had data on more than 4 million people.94,000,000webhackedy40000002http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/Krebs on Security
46
TerraCom & YourTelThe telecom firms TerraCom and YourTel have branded reporters for Scripps News as "hackers" after journalists discovered that the personal data of over 170,000 customers - including social security numbers and other identifying data that could be used for identity theft - were sitting on a publicly accessible server.9170,000telecomsaccidentally publishedy17000020http://boingboing.net/2013/05/23/terracom-and-yourtel-threaten.htmlhttp://www.wired.co.uk/news/archive/2013-05/23/reporter-google-breach-hackerBoing Boing; Wired
47
TwitterHackers had access to limited user information -- usernames, email addresses, session tokens and encrypted/salted versions of passwords -- for approximately 250,000 users.9250,000webhacked 2500001http://www.wired.co.uk/news/archive/2013-02/02/twitter-hackedWired
48
UbiSoftgames company9"unknown"gaminghacked5800000020http://forums.ubi.com/forumdisplay.php/495-Security-update-regarding-your-Ubisoft-account-please-create-a-new-password
49
UbuntuThe discussion forum for the popular alternative, open-source operating systemJuly 2013: Discussion forum for the operating system was compromised leaking personal details and password. The passwords were cryptographically scrambled using the MD5 hashing algorithm - considered an inadequate means of protecting stored passwords by security experts.92,000,000techhackedy2000000300http://arstechnica.com/security/2013/07/hack-exposes-e-mail-addresses-password-data-for-2-million-ubuntu-forum-users/Data Loss Database
50
VodafoneAn IT contractor for the firm used his deep access to the telecom giant's system to copy customer names and bank account details.92,000,000telecomsinside joby2000000300http://www.securityweek.com/attacker-steals-data-2-million-vodafone-germany-customersSecurity Week
51
Washington State court systemAdministrative officesUp to 160,000 Social Security numbers and a million driver's license numbers may have been accessed by hackers exploiting old versions of Adobe Cold Fusion software on the server. 9160,000governmenthacked16000020http://www.reuters.com/article/2013/05/09/us-usa-hack-washingtonstate-idUSBRE9480YY20130509http://www.privacyrights.org/data-breachReuters; Privacy Rights
52
Yahoo Japan22 million Yahoo user IDs may have been leaked after Yahoo detected an unauthorized attempt to access the administrative system of its web portal Yahoo Japan. The leaked information did not include passwords and data necessary for identity verification to reset passwords.922,000,000tech, webhacked220000001http://www.reuters.com/article/2013/05/17/us-yahoojapan-idUSBRE94G0P620130517Reuters
53
Court VenturesExperianA Vietnamese identity theft service was sold personal records, including Social Security numbers, credit card data and bank account information, by Court Ventures, a company now owned by data brokerage firm Experian.8200,000,000financialinside job2000000005http://bits.blogs.nytimes.com/2013/10/24/senator-intensifies-probe-of-data-brokers/?_php=true&_type=blogs&_r=0http://www.experianplc.com/news/company-news/2014/04-04-2014.aspxNY Times / Experian
54
"Apple"Hacking group AntiSec claimed they hacked an FBI laptop in March 2012 accessing a file of more than 12 million Apple Unique Device Identifiers (UDIDs). Subsequently, it was discovered that app developer BlueToad was the source of the breach. The list contained personal information such as full names, phone numbers and addresses. AntiSec published a million of these UDIDs online.812,367,232 tech, retailaccidentally publishedy1236723220http://news.cnet.com/8301-1009_3-57505330-83/antisec-claims-to-have-snatched-12m-apple-device-ids-from-fbi/http://news.cnet.com/8301-1009_3-57509595-83/udid-leak-source-idd-bluetoad-mobile-firm-says-it-was-hacked/
55
BlizzardActivision, Battle.netScrambled passwords, e-mail addresses, and personal security answers were knowingly stolen from Blizzard's internal network. Blizzard would not elaborate on the size of the hack ("millions"). 814,000,000gaminghacked1400000020https://us.battle.net/support/en/article/important-security-update-faq#5http://thehightechsociety.com/blizzard-battle-net-hack/
56
California Department of Child Support ServicesCalifornia child support records were lost in transit during a disaster preparedness exercise.8800,000governmentlost / stolen media 80000020http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtmlhttp://articles.businessinsider.com/2012-04-03/news/31279254_1_major-data-breach-identity-theft-office-of-privacy-protectionITRC
57
DropboxWebsites stolen from other websites used to sign into a small number of Dropbox accounts. The hack was mainly used to send spam to users. 8"small number"webhacked30,0001http://www.informationweek.co.uk/security/client/dropbox-admits-hack-adds-more-security-f/240004697
58
Emory Healthcarehospital system in Atlanta8315,000healthcarepoor security3150004000http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
59
Formspring Interest-based social Q&A websiteFormspring was tipped off to a breach after 420,000 hashed passwords were posted to a security forum. 8420,000webaccidentally publishedy4200004000http://news.cnet.com/8301-1009_3-57469944-83/formspring-disables-user-passwords-in-security-breach/?tag=mncol;txt
60
GamigoGerman gaming website88,000,000webhacked80000001http://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passwords-spilled-from-gaming-site-gamigo-months-after-breach/
61
Global PaymentsCredit, debit and check processing for merchants (Visa, Mastercard, etc)1.5 million credit card numbers from its systems may have been exposed after detecting “unauthorized access” into its processing system. 87,000,000financialhacked1500000300http://www.washingtonpost.com/business/technology/faq-the-global-payments-hack/2012/04/02/gIQAIHLLrS_story.htmlITRChttp://money.cnn.com/2012/03/30/technology/credit-card-data-breach/index.htm
62
Greek governmentA computer programmer was arrested in Greece for allegedly stealing the identity information of what could amount to 83% of the country's population. The 35-year-old was found in possession of 9 million data files containing identification card data, addresses, tax ID numbers and licence plate numbers, which he was also suspected of trying to sell.89,000,000governmenthacked900000020http://www.wired.co.uk/news/archive/2012-11/22/greece-id-theftWired
63
KT Corp.Korean mobile carrierTwo suspects reportedly earnt an estimated $877,000 by selling the contact information and plan details of 8.7 million KT subscribers, almost half of the carrier's total customers.88,700,000telecomshacked870000020http://www.koreatimes.co.kr/www/news/biz/2012/07/113_116143.htmlhttp://news.cnet.com/8301-1009_3-57482215-83/hackers-accused-of-stealing-data-from-9m-korean-mobile-users/
64
LinkedIn, eHarmony, Last.fmHacker 'dwdm' uploaded a file containing 6.5 million passwords on a Russian hacker forum. Soon after another 1.5 million passwords were discovered. On analysis, 93% of the passwords could be found in the Top 10,000 password list.88,000,000webaccidentally published80000004000http://news.cnet.com/8301-1009_3-57449325-83/what-the-password-leaks-mean-to-you-faq/?tag=mncol;txthttp://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/
65
Massive American business hack7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and IngenicardOver eight years, a hacking ring targeted banks, payment processors and chain stores, to steal more than 160 million credit and debit card numbers, targeting more than 800,000 bank accounts 8160,000,000financialhackedy16000000050000http://www.nydailynews.com/news/national/russians-ukrainian-charged-largest-hacking-spree-u-s-history-article-1.1408948
66
MedicaidUS health program for low income people and familiesThe Utah Department of Technology Services had recently moved their claims records to a new server, and hackers believed to be operating out of Eastern Europe were able to circumvent the server’s multi-layered security system containing Social Security numbers for the Medicaid claims.8780,000government, healthcarehackedy78000020http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtmlITRC
67
Militarysingles.comOnline dating network for, you guessed it, military singlesCollective group LulzSec released a database of 163,792 names, usernames, e-mail addresses, IP addresses, and passwords of "single" military personnel.8163,792web, militaryaccidentally published1637924000http://www.pcworld.com/article/252647/reborn_lulzsec_claims_hack_of_dating_site_for_military_personnel.htmlPC World
68
New York State Electric & GasAn employee from a software consulting firm was allowed unauthorized access to the company’s databases.81,800,000energyinside job180000020http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtmlITRC
69
Office of the Texas Attorney GeneralThe office of Texas Attorney General Greg Abbott mistakenly gave attorneys access to millions of Social Security numbers in a case against the state’s voter ID law86,500,000governmentaccidentally published650000020http://www.rawstory.com/rs/2012/04/26/texas-attorney-general-exposes-millions-of-voters-social-security-numbers/
70
South Carolina GovernmentSouth Carolina Department of Health and Human ServicesA man was charged with five counts of violating medical confidentiality laws and one count of disclosure of confidential information after he gained access to personal information for more than 228,000 Medicaid beneficiaries.86,400,000healthcareinside job228,4354000http://www.thestate.com/2012/04/20/2241321/personal-information-of-more-than.html#.UFpUVqRYtmghttp://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
71
Three Iranian banksSaderat, Eghtesad Novin, & SamanAfter finding a security vulnerability in Iran's banking system, software manager Khosrow Zarefarid
wrote a formal report and sent it to the CEOs of all the affected banks across the country. When the banks ignored his findings, he hacked 3 million bank accounts, belonging to at least 22 different banks, to prove his point.
83,000,000financialhackedy300000050000http://www.zdnet.com/blog/security/3-million-bank-accounts-hacked-in-iran/11577ZD Net
72
Yahoo VoicesYahoo Voices service was hacked, exposing more than 450,000 usernames and passwords.8450,000tech, webhacked4500001http://it.slashdot.org/story/12/07/12/1243217/nearly-half-a-million-yahoo-passwords-leaked-updated?utm_source=feedburnerGoogle+Reader&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29&utm_content=Google+Readerhttp://www.pbs.org/newshour/rundown/2012/07/check-whether-your-yahoo-password-was-hacked.htmlSlashdot
73
Zappos824,000,000webhacked2400000020http://www.forbes.com/sites/andygreenberg/2012/01/15/zappos-says-hackers-accessed-24-million-customers-account-details/
74
178.comgaming website710,000,000webhacked100000001http://www.ehackingnews.com/2011/12/hackers-compromised-38-million-chinese.html
75
Accendo Insurance Co. Mismailed letters which allowed some lines of sensitive information (medication name, date of birth, and member ID) to be visible through the envelope window. The mailings were addressed correctly and, to the knowledge of the company, were received by the intended recipients.7175,350healthcarepoor security1753504000http://www.databreaches.net/?p=19198http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
76
Bethesda Game StudiosUS video game company (Elder Scrolls, Fallout 3)Hacking collective Lulzsec stole account information of 200,000 user.7200,000gaminghacked2000001http://www.pcworld.com/article/231215/lulzsec_a_short_history_of_hacking.htmlPC World
77
China Software Developer Network76,000,000webhacked60000001http://www.zdnet.com/blog/security/chinese-hacker-arrested-for-leaking-6-million-logins/11064
78
CitigroupLess than 1% of Citbank card holders' names, account numbers, and contact information such as e-mail addresses were stolen. Card security codes were not stolen. 7360,083financialhacked360083300http://www.pcworld.com/article/229891/Citigroup_Hack_Nets_Over_200k_in_Stolen_Customer_Details.htmlPC World
79
Countrywide Financial CorpEmployee convicted of downloading millions of borrower files and selling the information to other loan officers.mortgage lender72,500,000financialinside job250000020http://latimesblogs.latimes.com/money_co/2011/09/man-convicted-in-huge-countrywide-data-theft-gets-8-months-in-prison.html
80
Eisenhower Medical CenterCalifornia hospitalStolen computer contained data listing patients' names, ages, dates of birth, medical record numbers and the last four digits of their social security numbers.7514,330healthcarelost / stolen computer5143304000http://databreachinvestigation.blogspot.com/2011/04/thief-gets-away-with-eisenhower-medical.htmlhttp://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
81
Health Net - IBMData lost from HN servers managed by IBMSeveral server drives, containing personal information of former and current employees, went missing.71,900,000healthcarelost / stolen media 1900000300http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtmlhttp://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.htmlITRC
82
Honda CanadaNames, addresses and vehicle identification numbers were taken from the company’s eCommerce websites myHonda and myAcura7283,000retailpoor securityy28300020http://www.guelphmercury.com/news-story/2200845-honda-canada-hit-by-online-security-breach-283-000-car-owners-personal-data-stolen/
83
Massachusetts GovernmentMassachusetts Executive Office of Labor and WorkforceOver 1,500 departmental computers were infected with the W32.QAKBOT virus, a malicious program which “downloads additional files, steals information, and opens a back door on the compromised computer”. 7210,000governmentpoor securityy21000050000http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtmlITRC
84
Memorial Healthcare SystemFloridaAn employee of an affiliated physician’s office may have improperly accessed patient information through a web portal used by physicians who provide care and treatment at MHS. Specifically, patients’ names, dates of birth, and Social Security numbers.7102,153healthcarelost / stolen media10215320http://www.mhs.net/pdf/release071112.pdfhttp://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
85
Morgan Stanley Smith BarneyMorgan Stanley mailed a CD containing sensitive data about investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. The package arrived at the building but when it arrived at the relevant desk the data CD was missing.734,000financiallost / stolen media y34000300http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtmlITRC
86
Nemours FoundationUS children's hospitalsA health care organization that runs children’s hospitals reported the loss of 1.05 million records when data backup tapes were lost.71,055,489healthcarelost / stolen media 10554894000http://zerosecurity.org/technews/past-three-years-over-21m-medical-record-breaches/http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
87
Nexon Korea CorpPersonal data of subscribers to online game Maple Story was leaked.game developer713,200,000webhacked1320000020http://www.reuters.com/article/2011/11/26/us-korea-hacking-nexon-idUSTRE7AP09H20111126
88
NHSUK's national health service, govt fundedA laptop holding the unencrypted records of eight million patients went missing from an NHS store room and wasn't reported until 3 weeks later. 78,300,000healthcarelost / stolen media y83000004000http://www.techweekeurope.co.uk/news/nhs-researchers-lose-laptop-with-8m-patients-records-31810Tech Week
89
Oregon Department of Motor VehiclesSheriff's detectives arrested Tim Nuss for accessing an old Oregon Department of Motor Vehicles database. The DMV database was once sold to marketing companies, but the department stopped selling the information in the late 1990s. The sold data include the names, addresses, birth dates, gender and ages of people who registered with the DMV, but no financial information. 71,000,000governmentpoor security100000020http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtmlITRC
90
Restaurant Depotfood, equipment, and supplies for restaurants7200,000retailhacked200000300http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtmlITRC
91
San Francisco Public Utilities Commission 7180,000governmenthacked1800001http://news.cnet.com/8301-27080_3-20068386-245/sf-utilities-agency-warns-of-potential-breach/
92
SegaInformation stolen during the hack includes names, birth dates, e-mail addresses and passwords from Sega Pass, a system for users interested in newsletters and for registering certain products. 71,290,755gaminghacked12907554000 http://www.zdnet.com/blog/gamification/sega-1-3-million-customer-records-hacked-lulzsec-promises-retribution/481ZD Net
93
Sony Online EntertainmentHacked by LulzSec. In addition to the Sony Playstation Network breach, compromised 77 million records. More than 23,000 lost financial data, according to Sony.724,600,000gaminghacked24600000300http://www.computerworld.com/s/article/9216343/Sony_cuts_off_Sony_Online_Entertainment_service_after_hackComputer World
94
Sony PicturesLulzSec hacking collective stated all of the information it took was unencrypted, “Sony stored over 1,000,000 passwords of its customers in plaintext." More than 1 million user accounts were compromised. An additional 75,000 music codes and 3.5 million coupons were also uncovered.71,000,000webhackedy10000001http://mashable.com/2011/06/02/sony-pictures-hacked/Mashable
95
Sony PSNRounding off a thoroughly unhappy year for Sony, their third breach saw the loss of 76,000,000 Sony PSN and Qriocity user accounts to hacking collective Lulzsec.777,000,000gaminghackedy770000001http://mashable.com/2011/05/31/sony-playstation-services-return/Mashable
96
Southern California Medical-Legal ConsultantsElectronic files containing names and social security numbers of approximately 300,000 individuals who have applied for California workers’ compensation benefits had been exposed to unauthorized access.7300,000healthcarehacked30000020http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml
97
Spartanburg Regional Healthcare SystemThe stolen computer contained a password-protected file with Social Security numbers as well as names, addresses, dates of birth and medical billing codes.7400,000healthcarelost / stolen computer4000004000http://www.spartanburgregional.com/Pages/PatientNotice.aspxhttp://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
98
State of Texas3.5 million records were accidentally published online including people's names, mailing addresses, social security numbers, and in some cases dates of birth and driver's license numbers.73,500,000governmentaccidentally published350000020http://www.informationweek.com/security/attacks/texas-data-breach-exposed-35-million-rec/229401489?queryText=Texas%20data%20leakInformation Week
99
SteamAttackers used login details from a Steam forum hack to access a database that held ID and credit card data.The Valve Corporation735,000,000webhacked35000000300http://www.bbc.co.uk/news/technology-15690187
100
StratforShadowy global intelligence companyHacking collective Anonymous defaced the website of Stratfor and posted a file online of the organization’s confidential client list, along with credit card details, passwords and home addresses for those clients. They released 47,680 unique e-mail addresses and 50,277 unique credit card numbers — 9,651 of which were not yet expired. Of the stolen encrypted passwords, 50% were easily crackable. 7935,000militaryaccidentally published935000300http://bits.blogs.nytimes.com/2011/12/27/questions-about-motives-behind-stratfor-hack/NY Times
Loading...
 
 
 
Jan 2015 update
July 2013 update (old)