Balloon Race: Data Breaches - LATEST
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
 
ABCDEFGHIJKLMN
1
Entityalternative namerecords lostYEARstorySECTORMETHODinteresting storyDATA SENSITIVITYDISPLAYED RECORDSsource name1st source link2nd source link
2
(use 3m, 4m, 5m or 10m to approximate unknown figures) year story brokeweb
healthcare
app
retail
gaming
transport
financial
tech
government
telecoms
legal
media
academic
energy
military
poor security
hacked
oops!
lost device
inside job
1. Just email address/Online information
2 SSN/Personal details
3 Credit card information
4 Health & other personal records
5 Full details
=IF(C3>100000000,C3,")
3
AISThailand's largest cell network8,000,000,0002020May 2020. Data relating to internet use was available online. No personal information directly exposed, but habits could be deduced from IP addresses.telecomspoor security18,000,000,000Tech Crunchhttps://techcrunch.com/2020/05/24/thai-billions-internet-records-leak/
4
Nintendo300,0002020Apr 2020. Unauthorised access to thousands of Nintendo Switch accounts. Hackers were able to use saved payment details to make purchases.gaminghacked3300,000Tech Crunchhttps://techcrunch.com/2020/06/09/nintendo-accounts-affected-breach/?guccounter=1&guce_referrer=aHR0cHM6Ly9nYW1lcy5zbGFzaGRvdC5vcmcvc3RvcnkvMjAvMDYvMDkvMTg0MjIzNy9uaW50ZW5kby1ub3ctc2F5cy0zMDAwMDAtYWNjb3VudHMtYnJlYWNoZWQtYnktaGFja2Vycz91dG1fc291cmNlPXJzczEuMG1haW5saW5rYW5vbiZ1dG1fbWVkaXVtPWZlZWQ&guce_referrer_sig=AQAAAIXC8IvaFgPdt5t-CUm7yPEhKblsmme4097SUtEWdSkjyrdsxVYiQBfbdpekm_Y29T7evb-5zNNl2-ZHfNSmVkKFnE5vClvpvsaPYykOO8WtAX76dZoL2EUkVL8XfmMQBVlNF43T5MATGNeSnwn6Ta6ELVBXnf_ZTsmVaemjk1Vf
5
Pakistani mobile operators115,000,0002020Apr 2020. Personal details stolen from Jazz and other mobile networks were put up for sale for $2.1m in bitcoin.telecomshacked2115,000,000ZDNethttps://www.zdnet.com/article/details-of-44m-pakistani-mobile-users-leaked-online-part-of-bigger-115m-cache/
6
US Marshals Service387,0002020May 2020. Prisoners had sensitive personal data stolen in December 2019. They were notified five months later.governmenthacked2287,000NextGovhttps://www.nextgov.com/cybersecurity/2020/05/us-marshals-service-breach-exposed-personal-data-387000-prisoners/165305/
7
db8151ddmystery breach'22,000,0002020May 2020. Aggregated data from multiple websites was discovered in an open database. It included addresses, job titles, phone numbers and social media profiles. The breach was dubbed 'db8151dd'.webhacked222,000,0009 to 5 Machttps://9to5mac.com/2020/05/15/db8151dd/
8
EasyJet9,000,0002020May 2020. The airline became aware of a hack in January, but didn't notify customers until April. Email addresses, travel details and credit card details were stolen. transporthacked39,000,000BBChttps://www.bbc.co.uk/news/technology-52722626
9
Microsoft250,000,0002020Jan 2020. Customer support records spanning 14 years were left online without password protection. webpoor security1250,000,000Forbeshttps://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/#91076484d1b3
10
Dutch Government6,900,0002020Mar 2020. Two hard drives with data from 6.9m registered organ donors went missing. They contained contact details, ID numbers & signatures.governmentlost device46,900,000ZDNethttps://www.zdnet.com/article/dutch-government-loses-hard-drives-with-data-of-6-9-million-registered-donors/
11
Virgin Media900,0002020Mar 2020. A poorly-configured database left names, email addresses and phone numbers exposed for 10 months. retailpoor security1900,000BBC https://www.bbc.co.uk/news/business-51760510
12
Boots Advantage Card150,0002020Mar 2020. Hackers accessed Advantage Card records, but no financial data was stolen. Payment using points was suspended.retailhacked1150,000Whichhttps://www.which.co.uk/news/2020/03/boots-advantage-card-tesco-clubcard-both-suffer-data-breaches-in-same-week/
13
Tesco Clubcard600,0002020Mar 2020. Details of accrued loyalty points were accessed, but financial details weren't exposed.retailhacked1600,000Tech Radarhttps://www.techradar.com/uk/news/tesco-clubcard-holders-warned-of-major-security-issue
14
Marriott Hotels5,200,0002020Mar 2020. Guest records were accessed using the logins of two employees between mid-Jan and end of Feb. retailinside job25,200,000Marriotthttps://news.marriott.com/news/2020/03/31/marriott-international-notifies-guests-of-property-system-incident
15
Zoom500,0002020Apr 2020. Email addresses, passwords and personal meeting URLs were sold on the dark web. It led to a host of zoom-bombing pranks. apphacked1500,000We Live Securityhttps://www.welivesecurity.com/2020/04/16/half-million-zoom-accounts-sale-dark-web/
16
Israeli government6,500,0002020Feb 2020. Names, addresses, and ID card numbers of every Israeli voter were found on an insecure website belonging to Elector, a political communications app.governmentpoor security26,500,000NYTimeshttps://www.nytimes.com/2020/02/10/world/middleeast/israeli-voters-leak.html?action=click&module=News&pgtype=Homepage
17
MGM Hotels10,600,0002020Feb 2020. Data stolen during an 2019 hack of an MGM server was published on a hacking forum.retailhacked210,600,000ZDNethttps://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/
18
Buchbinder Car Rentals5,000,0002020Jan 2020. Correspondence, invoices and contracts containing personal details were left exposed on an unsecured company server. transportpoor security25,000,000Teller Reporthttps://www.tellerreport.com/news/2020-01-22---big-data-leak--media--at-buchbinder-car-rental-company--customer-data-was-open-.BJ-S5Jk8Z8.html
19
Wawafuel & convenience store chain30,000,0002019Dec 2019. Card-stealing malware was installed, and remained undiscovered for nine months. retailhacked330,000,000Krebs on Securityhttps://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/
20
Desjardins Group4,200,0002019June 2019. An employee of the Canadian financial firm leaked customer information outside the organisation: names, addresses, birthdates, social insurance numbers & transaction habits.financialinside job2CBChttps://www.cbc.ca/news/canada/montreal/desjardins-data-breach-1.5344216
21
US Customs and Border Protection100,0002019June 2019. Photos of faces and license plates taken at an US border crossing were stolen in a cyberattack on a surveillance contractor.governmenthackedy2Washington Posthttps://www.washingtonpost.com/technology/2019/06/10/us-customs-border-protection-says-photos-travelers-into-out-country-were-recently-taken-data-breach/?utm_term=.69c66aaf152f
22
Quest Diagnostics20,000,0002019June 2019. For an 8 month period, a hacker group stole personal and payment information from a firm providing billing services for the US healthcare sector.healthcarepoor security4ZDNethttps://www.zdnet.com/article/amca-data-breach-has-now-gone-over-the-20-million-mark/
23
Australian National University200,0002019June 2019. A hacker accessed personal information including addresses, bank account details, payroll information and academic records. Staff, students and visitors were affected.academichacked4Guardianhttps://www.theguardian.com/australia-news/2019/jun/04/australian-national-university-hit-by-huge-data-breach
24
Canva139,000,0002019May 2019. Names, email addresses and location data belonging to users of an Australian graphic design service were stolen by a hacker.webhacked2ZDNethttps://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/
25
First American Financial Corporation885,000,0002019May 2019. Anyone with a web browser could access these First American insurance documents dating back to 2003. Bank details, mortgage & tax records, social security numbers, drivers license images.financialpoor security4885,000,000Krebs on Securityhttps://krebsonsecurity.com/2019/05/first-american-financial-corp-leaked-hundreds-of-millions-of-title-insurance-records/
26
ChtrboxInstagram Influencers49,000,0002019May 2019. Contact details for millions of Instagram influencers, celebrities and brand accounts was left exposed in an online database for at least six days.mediapoor securityy1Techcrunchhttps://techcrunch.com/2019/05/20/instagram-influencer-celebrity-accounts-scraped/
27
WiFi FinderA hotspot finder app2,000,0002019Apr 2019. An Android app for finding local WiFi passwords inadvertently provided access to the entire database, including domestic WiFi points.apppoor security1Techcrunchhttps://techcrunch.com/2019/04/22/hotspot-password-leak/
28
Toyota3,100,0002019Apr 2019. A security breach of Toyota subsidiaries' IT systems may have leaked personal customer information.transporthacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/toyota-security-breach-exposes-personal-info-of-31-million-clients/https://global.toyota/jp/newsroom/corporate/27465617.html
29
UnknownOpen database in China1,800,0002019Mar 2019. A Dutch researcher found women's personal information in an open Chinese database. It included phone numbers, addressed and their "BreedReady" status, whatever that might be.webpoor securityy4The Guardianhttps://www.theguardian.com/world/2019/mar/11/china-database-lists-breedready-status-of-18-million-women
30
VårdguidenSweden's healthcare hotline2,700,0002019Feb 2019. 170,000 hours of sensitive calls to Sweden's healthcare hotline were stored on an open web server with no encryption or authentication. The breach was blamed on a subcontractor, Medicall.healthcarepoor securityy5ComputerSwedenhttps://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internethttps://thenextweb.com/eu/2019/02/18/2-7-million-patient-calls-to-swedish-healthcare-hotline-left-unprotected-online/#
31
Dubsmash162,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.apphacked1162,000,000The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
32
ShareThis41,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
33
HauteLook28,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.retailhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
34
Animoto25,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.apphacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
35
EyeEm22,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
36
8fit20,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.apphacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
37
Whitepages18,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
38
Fotolog16,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
39
Armor Games11,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.gaminghacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
40
BookMate8,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
41
CoffeeMeetsBagel6,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
42
Artsy1,000,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
43
DataCamp700,0002019Feb 2019. Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
44
Ixigo18,000,0002019Feb 2019. Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.transportpoor security1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/
45
YouNow40,000,0002019Feb 2019. Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.webhacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/
46
Houzz57,000,0002019Feb 2019. Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.retailhacked2Techcrunchhttps://techcrunch.com/2019/01/31/houzz-data-breach/
47
Ge.tt1,800,0002019Feb 2019. Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.webhacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/
48
Coinmama450,0002019Feb 2019. Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.financialhacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/
49
Roll204,000,0002019Feb 2019. Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.gaminghacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/
50
Stronghold Kingdoms5,000,0002019Feb 2019. Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.gaminghacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/
51
Petflow1,000,0002019Feb 2019. Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.retailpoor security1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/
52
500px14,800,0002019Feb 2019. A July 2018 hack exposed the personal information of all 500px users, including names, usernames, email addresses, encrypted passwords, location, birth date, and gender.webhacked2PetaPixelhttps://petapixel.com/2019/02/13/500px-hacked-personal-data-stolen-from-all-14-8-million-users/
53
Blurpassword manager2,400,0002019Jan 2019. A server belonging to the password manager service contained a freely accessible file with users' email addresses, names and encrypted passwords.techoops!1ZDNethttps://www.zdnet.com/article/data-of-2-4-million-blur-password-manager-users-left-exposed-online/
54
Blank Media Games7,600,0002019Jan 2019. A hacker stole usernames, email addresses and encrypted passwords belonging to players of the game "Town of Salem" from an insecure server.gaminghacked1ZDNethttps://www.zdnet.com/article/town-of-salem-game-suffers-data-breach-exposing-7-6-million-user-details/
55
Indian citizens275,265,2982019May 2019. The discovery of a huge, unprotected MongoDB database containing personal information of Indian citizens, including their education, resume and current salary.
webpoor security2275000000Bleeping Computerhttps://www.bleepingcomputer.com/news/security/over-275-million-records-exposed-by-unsecured-mongodb-database/
56
Bulgarian National Revenue Agency5,000,0002019Jul 2019. A hacker stole personal details of Bulgarian citizens from 110 government databases. 5m records, out of a total population of 7m.governmenthacked2ZDNethttps://www.zdnet.com/article/hacker-steals-data-of-millions-of-bulgarians-emails-it-to-local-media/
57
Capital One100,000,0002019Jul 2019. The massive data breach included personal information from credit card applications over a 14-year period. A former Amazon employee, Paige Thompson, awaits trial for fraud.financialhacked3Forbeshttps://www.forbes.com/sites/rachelsandler/2019/07/29/capital-one-says-hacker-breached-accounts-of-100-million-people-ex-amazon-employee-arrested/#2a5cb36b41d2
58
Supremabiometrics security company27,800,0002019Aug 2019. A biometric security company stored unencrypted usernames and passwords, fingerprints and facial recognition information on a publicly accessible database.techpoor security5Guardianhttps://www.theguardian.com/technology/2019/aug/14/major-breach-found-in-biometrics-system-used-by-banks-uk-police-and-defence-firms
59
Facebook419,000,0002019Sep 2019. Several unprotected databases were found to contain the phone numbers of around 20% of all Facebook users, with (in some cases) names and locations.webpoor security2420,000,000Fast Companyhttps://www.fastcompany.com/90399734/the-phone-numbers-of-419-million-facebook-accounts-have-been-leaked
60
DoorDashfood delivery company4,900,0002019Sep 2019. Users who joined the platform before April 2018 had their names, email addresses, order history, phone numbers and encrypted passwords stolen in a hack.transport24,900,000Techcrunchhttps://techcrunch.com/2019/09/26/doordash-data-breach/
61
BriansClubsite selling stolen card data26,000,0002019Oct 2019. A site selling stolen payment card data was hacked and 26 million records were leaked. Banks were able to invalidate those cards, taking around 1/3 of the world's stolen cards out of circulation.webhacked326,000,000Ars Technicahttps://arstechnica.com/information-technology/2019/10/data-for-a-whopping-26-million-stolen-payment-cards-leaked-in-hack-of-fraud-bazaar/
62
Microsoft44,000,0002019Microsoft's threat research team discovered 44 million users of Azure and Microsoft Services Accounts were using leaked credentials to log in. techhacked244,000,000Business Insiderhttps://www.businessinsider.in/tech/news/passwords-of-44-million-microsoft-users-compromised/articleshow/72433154.cms
63
People Data Labs3,000,000,0002019Nov 2019. Stashes of personal information originally compiled by a data aggregation firm were found on an insecure server. It included names, email addresses, phone numbers, LinkedIn and Facebook information.techpoor security21,200,000,000Dataviperhttps://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/
64
OxyData380,000,0002019Nov 2019. Information compiled by a data aggregation firm were found on an insecure server. It included complete scrapes of LinkedIn data, including recruiter information.techpoor security2380,000,000Dataviperhttps://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/
65
Click2Gov300,0002018Dec 2018. Vulnerabilities in government payment software allowed hackers to access financial records and personal data across 46 US cities.financialhacked3Fortunehttp://fortune.com/2018/12/18/click2gov-local-government-portals-hackers-credit-card-breach/
66
SingHealth1,500,0002018July 2018. Hackers stole personal details of 1.5 million patients, as well as the prescription details of 160,000 people, including prime minister Lee Hesien Loong.healthcarehacked4Straits Timeshttps://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most
67
GovPayNow.comGovernment Payment Service Inc14,000,0002018Sep 2018. A company used by US government agencies to accept online payments exposed personal records via a standard web browser, including addresses, phone numbers and credit card digits.financialpoor security2Krebs on Securityhttps://krebsonsecurity.com/2018/09/govpaynow-com-leaks-14m-records/
68
Cathay Pacific Airways94,000,0002018Oct 2018. Stolen data included names, nationalities, birth dates, phone numbers, addresses, passport & identity card numbers & expired credit card numbers.transporthacked3ABC Newshttps://www.abc.net.au/news/2018-10-25/cathay-pacific-data-breach-affects-9.4-million-customers/10429878
69
Chinese resume leak202,000,0002018Dec 2018. Information thought to have been scraped from Chinese jobseeking websites was found in an insecure database. It included resumes, phone numbers, height, weight, driving license & literacy level.webpoor security2202,000,000HackenProofhttps://blog.hackenproof.com/industry-news/202-million-private-resumes-exposed
70
WordPress76,500,0002018Aug 2018. According to security researchers, WordPress was notified of a security vulnerability over a year ago, but did not address it. No reports have been received which suggest the exploit is being actively used in the wild.webpoor security1ZDNethttps://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/https://www.zdnet.com/article/wordpress-vulnerability-affects-a-third-of-most-popular-websites-online/
71
Google+52,500,0002018Dec 2018. A vulnerability exposed users' personal details to developers, even if their profiles were set to private. As a result, Google shut down the consumer version of the social network 4 months early.webpoor security2The Vergehttps://www.theverge.com/2018/12/10/18134541/google-plus-privacy-api-data-leak-developers
72
Quora100,000,0002018Dec 2018. Login details and private messages were compromised by "a malicious third party".webhacked1100,000,000NY Timeshttps://www.nytimes.com/2018/12/04/technology/quora-hack-data-breach.html
73
Marriott International383,000,0002018Nov 2018. Hackers breached the reservation system of all Starwood hotels, including Sheraton, Westin and Le Meridien. Personal information, credit card details and passport info dating back to 2014 was stolen.retailhacked3383,000,000NY Times, CNEThttps://www.nytimes.com/2018/11/30/business/marriott-data-breach.htmlhttps://www.cnet.com/news/marriott-says-hackers-stole-more-than-5-million-passport-numbers/
74
NMBSBelgian national railway operator700,0002018Dec 2018. Customer names, gender, DOB, email and postal address data were left on a publicly searchable server belonging to the Belgian rail authority. Caused by a data worker “clicking on the wrong button”.transportoops!y2Flanders Todayhttp://www.flanderstoday.eu/business/nmbs-data-leak-was-breach-privacy
75
Facebook50,000,0002018Mar 2018. Cambridge Analytica, headed at the time by Steve Bannon, harvested profiles in early 2014 to build a system that could profile US voters and target them with political adverts.webhackedy150,000,000Guardianhttps://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election?CMP=twt_gu
76
Panerabread37,000,0002018Apr 2018. Customer records, including loyalty card numbers, were available via the bakery chain's website for at least 8 months. The firm claims 10k records were leaked. Security researchers put the figure at over 37 million. retailpoor security2Krebsonsecurity, Mediumhttps://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/https://medium.com/@djhoulihan/no-panera-bread-doesnt-take-security-seriously-bf078027f815
77
Dixons Carphone10,000,0002018Jun 2018. The firm admitted that hackers were able to access the details of 10m customers and 6m payment cards.telecomshacked1BBChttps://www.bbc.co.uk/news/business-45016906
78
MyHeritage92,283,8892018Jun 2018. The genealogy site received a message from a researcher who had discovered over 92m email addresses and encrypted passwords on an external server.webhacked1Bloomberghttps://www.bloombergquint.com/technology/hack-of-dna-website-exposes-data-from-92-million-user-accounts
79
Saks and Lord & TaylorBoth owned by Hudson's Bay Company5,000,0002018Apr 2018. A known ring of cybercriminals implanted software into store cash registers, siphoning off credit card details from readers.retailhacked3NYTimeshttps://www.nytimes.com/2018/04/01/technology/saks-lord-taylor-credit-cards.html
80
CareemDubai-born ride hailing service14,000,0002018Apr 2018. The Dubai-based ride hailing service admitted that names, email addresses, phone numbers and trip data had been accessed in what it called a "cyber incident".apphacked2Khaleej Timeshttps://www.khaleejtimes.com/nation/dubai//dubais-careem-admits-to-data-breach-of-14-million-users
81
Texas voter records14,800,0002018Aug 2018. A single file containing 14.8 million voter records was found on an unsecured server. It was thought to have been originally compiled by Data Trust, a Republican-focused data analytics firm.webpoor security2TechCrunchhttps://techcrunch.com/2018/08/23/millions-of-texas-voter-records-exposed-online/
82
British Airways380,0002018Sep 2018. The personal and financial details of customers who booked flights in a two-week period over the summer were compromised.transporthacked4Guardianhttps://www.theguardian.com/business/2018/sep/06/british-airways-customer-data-stolen-from-its-website
83
T-Mobile2,000,0002018Aug 2018. Personal data along with passwords encrypted by a notoriously weak algorithm (MD5) were stolen. The firm initially failed to disclose the password breach, "because they were encrypted".telecomshacked1Motherboardhttps://motherboard.vice.com/en_us/article/a3qpk5/t-mobile-hack-data-breach-api-customer-data
84
MyFitnessPalUnderArmour150,000,0002018Mar 2018. A breach of usernames, email addresses, and hashed passwords belonging to users of the fitness app.apphacked1150,000,000Guardianhttps://www.theguardian.com/technology/2018/mar/30/hackers-steal-data-150m-myfitnesspal-app-users-under-armour
85
Helse Sør-Øst RHFHealth authority responsible for 10 Norwegian counties.3,000,0002018Feb 2018. Patient records of more than half of Norway's population were stolen. The hack is thought to have happened via old computers running Windows XP.healthcarehacked4It Governancehttps://www.itgovernance.eu/blog/en/breach-at-norways-largest-healthcare-authority-was-a-disaster-waiting-to-happen
86
NametestsFacebook quiz app owned by Social Sweethearts120,000,0002018Jun 2018. A security failure in a "personality test" app on Facebook left millions of people’s data publicly exposed for almost two years – even after they had deleted the app.apppoor security1120,000,000Mediumhttps://medium.com/@intideceukelaire/this-popular-facebook-app-publicly-exposed-your-data-for-years-12483418eff8
87
Ticketmaster40,0002018Jun 2018. The data was stolen via an attack on a third-party customer support firm. It was likely to have affected UK customers who bought tickets between Feb and Jun 2018.webhacked3BBC Newshttps://www.bbc.co.uk/news/technology-44628874
88
FirebaseA service from Google100,000,0002018Jun 2018. Misconfigured databases used by app developers were found to be exposing 113GB of personal data, accumulated by thousands of iOS and Android mobile apps.apppoor security5100,000,000Bleeping Computerhttps://www.bleepingcomputer.com/news/security/thousands-of-apps-leak-sensitive-data-via-misconfigured-firebase-backends/
89
AadhaarIndia's national, biometric government ID database1,100,000,0002018Mar 2018. India's biometric database was breached via a leak at a state-owned utility company. All registered Indian citizens were affected; their names, identity numbers and bank details were exposed. Data later found for sale on WhatsApp for less than £6.governmentpoor security41,100,000,000ZDNethttp://www.zdnet.com/article/another-data-leak-hits-india-aadhaar-biometric-database/
90
Grindr3,000,0002018Mar 2018. A third-party tool that allows users to see who had blocked them was able to access non-public personal info, including locations of users who had opted out of location sharing.apppoor security3NBC Newshttps://www.nbcnews.com/feature/nbc-out/security-flaws-gay-dating-app-grindr-expose-users-location-data-n858446
91
Orbitz880,0002018Mar 2018. An legacy version of the travel website was hacked, exposing personal details and payment card info of people who'd made purchases in 2016 and 2017. Orbitz is now owned by Expedia.webhacked3US Newshttps://www.usnews.com/news/business/articles/2018-03-20/orbitz-legacy-travel-booking-platform-likely-hacked
92
MBM CompanyLimogés Jewellery1,300,0002018Mar 2018. An insecure customer database belonging to the jewellery firm exposed postal addresses, email addresses, IP addresses and plain-text passwords. retailpoor security4NextWebhttps://thenextweb.com/security/2018/03/14/jewelry-site-accidentally-leaks-personal-details-plaintext-passwords-1-3m-users/
93
LocalBloxdatasearch service48,000,0002018May 2018. A cloud storage repository was left publically accessible. Data included names, addresses, DOBs, and other information scraped from social media websites including Facebook.webpoor security2UpGuardhttps://www.upguard.com/breaches/s3-localblox
94
Twitter330,000,0002018May 2018. A glitch caused some passwords to be stored in readable text that was visible on Twitter's internal computer system.apppoor security1330,000,000Reutershttps://www.reuters.com/article/us-twitter-passwords/twitter-urges-all-users-to-change-passwords-after-glitch-idUSKBN1I42JG
95
ViewFinesSouth African traffic fines database934,0002018May 2018. Data originating with a South African traffic fine payment firm was leaked online. It included names, national ID numbers, cell numbers, email addresses and plain text passwords.transportoops!4iAfrikanhttps://www.iafrikan.com/2018/05/23/just-under-1-million-personal-records-of-south-africans-leaked-online/
96
TicketFly27,000,0002018May 2018. Names, addresses, email addresses and phone numbers were stolen from the ticketing firm. Ransom demands were made. The FBI indicted a suspect in February 2020. webhacked2The Vergehttps://www.theverge.com/2018/6/7/17438516/ticketfly-hack-personal-information-26-million-customers-leaked
97
Amazon5,000,0002018Nov 2018. Customer names & email addresses were disclosed on its website. Amazon hasn't confirmed how many records were exposed. retailoops!1Guardianhttps://www.theguardian.com/technology/2018/nov/21/amazon-hit-with-major-data-breach-days-before-black-friday
98
Amazon100,0002018Nov 2018. Customer names and email addresses accidentally disclosed on its website, just two days ahead of Black Friday. No of users affected not released.techpoor security1The Guardianhttps://amp.theguardian.com/technology/2018/nov/21/amazon-hit-with-major-data-breach-days-before-black-friday
99
Urban MassageHome massage app309,0002018Nov 2018. Database contained over 351,000 booking records, and more than 2,000 records on Urban massage therapists, including their names, email addresses and phone numbers.apppoor security2Tech Crunchhttps://techcrunch.com/2018/11/27/urban-massage-data-exposed-customers-creepy-clients/?guccounter=1
100
Dell 100,0002018Nov 2018. Dell detected & disrupted unauthorized activity on its network attempting to extract Dell customer information, which was included names, email addresses & hashed passwordstechhacked1Dellhttps://www.dell.com/learn/us/en/uscorp1/press-releases/2018-11-28-customer-update
Loading...