ABCDEFGHIJKLMNOP
1
organisationalternative namerecords lostyear datestorysectormethodinteresting storydata sensitivitydisplayed recordssource name1st source link2nd source linkID
2
(use 3m, 4m, 5m or 10m to approximate unknown figures) year story brokeweb
healthcare
app
retail
gaming
transport
financial
tech
government
telecoms
legal
media
academic
energy
military
poor security
hacked
oops!
lost device
inside job
1. Just email address/Online information
2 SSN/Personal details
3 Credit card information
4 Health & other personal records
5 Full details
=IF(C3>100000000,C3,")
3
Ubiquiti16,000,0002021Feb 2021Unknown amount of user data breachedtechhacked2ZDNethttps://www.zdnet.com/article/ubiquiti-tells-customers-to-change-passwords-after-security-breach/
4
Meet Mindful2,240,0002021Feb 2021Dating site user data includes real names, phone numbers, Facebook account codes, latitude & longtitude. Thankfully private messages were not leaked.techhacked4ZDnethttps://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/375
5
Experian Brazil220,000,0002021Feb 2021Details hazyfinancehacked2220,000,000ZDNethttps://www.zdnet.com/article/experian-challenged-over-massive-data-leak-in-brazil/374
6
Gab4,000,0002021 Mar 2021Over 70GB of data from the far-right social media site was hacked. Alll posts, messages, passwords from all users were breached.techhackedy3100,000Wiredhttps://www.wired.com/story/gab-hack-data-breach-ddosecrets/373
7
Star Alliance16,000,0002021 Mar 2021The Star Alliance of airlines including Singapore Airlines, Lufthansa and United, said on Thursday it had been the victim of a cyber attack leading to a breach of passenger data. Lufthansa, Cathay Pacific and Air New Zealand were also affected. Breached data was limited to "name, tier status and membership number”transporthacked1The Guardianhttps://www.theguardian.com/world/2021/mar/05/airline-data-hack-hundreds-of-thousands-of-star-alliance-passengers-details-stolen372
8
Facebook533,000,0002021 Mar 2021Phone numbers, full names, locations, email addresses, and biographical information on 533 million users from 106 countries. Scraped due to a vulnerability "patched in 2019".techhackedy1533,000,000Business Insiderhttps://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T371
9
Ledger270,0002020 Dec 2020A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free.financehacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum/370
10
T-mobile200,0002020 Dec 2020The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.telecomshacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/369
11
The Hospital Group1,000,0002020 Dec 2020Hackers compromised the plastic surgery firm and threatened to release over 900 gigabytes of private surgery photographs. health hackedy4BBChttps://www.bbc.co.uk/news/technology-55439190368
12
SolarWinds50,000,0002020 Dec 2020Suspected Russian hackers compromised network monitoring software used by the Pentagon, intelligence agencies, nuclear labs and many Fortune 500 companies. A tainted software update acted as a trojan horse. An unknown number of companies and individuals might be affected.apphackedy3New York Timeshttps://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html367
13
Ho Mobile2,500,0002020 Dec 2020Italian mobile operator owned by Vodaphone is now taking the rare step of offering to replace the SIM cards of all affected customers. Data hacked full names, telephone numbers, social security numbers, email addresses, dates and places of birth, nationality, and home addresses.telecomshacked2ZD Nethttps://www.zdnet.com/article/italian-mobile-operator-offers-to-replace-sim-cards-after-massive-data-breach/366
14
Spotify500,0002020 Dec 2020Undisclosed number of users had their email addresses and passwords left open online. Spotify said the vulnerability existed as far back as April 9 but wasn’t discovered until November 12.appoops!1Tech Crunchhttps://techcrunch.com/2020/12/10/spotify-resets-user-passwords-after-a-bug-exposed-private-account-information/?guccounter=1&guce_referrer=aHR0cHM6Ly9pdC5zbGFzaGRvdC5vcmcv&guce_referrer_sig=AQAAAMGNMpm00iWQgE4Zhw1q6_5FoeBsJUbWyKEniavHxaZR-X1oBrnXuFtvr9B4IYBK1C6x9AfEqEZwzfJaZhhINvaBZltXd-DF036LVwwnAhWAMQpD98Lahw3sni-Z2bS6qEIjPgodPdZHV3DRJWLrNt0bOoohuh_DWM8-IngVnCl6365
15
Drizly2,400,0002020 Sep 2020Alcohol delivery service hacked with email addresses, DOB, hashed passwords and some home addresses leaked. apphacked2Tech Crunchhttps://techcrunch.com/2020/07/28/drizly-data-breach/364
16
GEDmatch1,400,0002020 Sep 2020DNA data on up to 1.4m users of this geneaology site may have been hacked.misc, healthhackedy5New York Timeshttps://www.nytimes.com/2020/08/01/technology/gedmatch-breach-privacy.html?referringSource=articleShare363
17
Call of Duty / Activision500,0002020 Sep 2020Login data for users of the popular video games may have compromised. Activision refutes the claim. gaminghacked1Forbeshttps://www.forbes.com/sites/daveywinder/2020/09/21/activision-accounts-hacked-500000-call-of-duty-players-could-be-affected-report/?sh=7ca04e0f7bbe362
18
Zhenhua2,400,0002020 Sep 2020Personal details of millions of notable people around the world found in a leaked database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks. Mostly compiled from social media profiles.miscoops!y1The Guardianhttps://www.theguardian.com/world/2020/sep/14/zhenhua-data-full-list-leak-database-personal-details-millions-china-tech-company361
19
Cense AI2,500,0002020 Aug 2020Medical records from an artificial intelligence company were left open online.tech, healthpoor security4PC Maghttps://uk.pcmag.com/encryption/128228/report-ai-company-leaks-over-25m-medical-records360
20
Nintendo300,0002020 Apr 2020Unauthorised access to thousands of Nintendo Switch accounts. Hackers were able to use saved payment details to make purchases.gaminghacked3300,000Tech Crunchhttps://techcrunch.com/2020/06/09/nintendo-accounts-affected-breach/?guccounter=1&guce_referrer=aHR0cHM6Ly9nYW1lcy5zbGFzaGRvdC5vcmcvc3RvcnkvMjAvMDYvMDkvMTg0MjIzNy9uaW50ZW5kby1ub3ctc2F5cy0zMDAwMDAtYWNjb3VudHMtYnJlYWNoZWQtYnktaGFja2Vycz91dG1fc291cmNlPXJzczEuMG1haW5saW5rYW5vbiZ1dG1fbWVkaXVtPWZlZWQ&guce_referrer_sig=AQAAAIXC8IvaFgPdt5t-CUm7yPEhKblsmme4097SUtEWdSkjyrdsxVYiQBfbdpekm_Y29T7evb-5zNNl2-ZHfNSmVkKFnE5vClvpvsaPYykOO8WtAX76dZoL2EUkVL8XfmMQBVlNF43T5MATGNeSnwn6Ta6ELVBXnf_ZTsmVaemjk1Vf359
21
Pakistani mobile operators115,000,0002020 Apr 2020Personal details stolen from Jazz and other mobile networks were put up for sale for $2.1m in bitcoin.telecomshacked2115,000,000ZDNethttps://www.zdnet.com/article/details-of-44m-pakistani-mobile-users-leaked-online-part-of-bigger-115m-cache/358
22
US Marshals Service387,0002020 May 2020Prisoners had sensitive personal data stolen in December 2019. They were notified five months later.governmenthacked2287,000NextGovhttps://www.nextgov.com/cybersecurity/2020/05/us-marshals-service-breach-exposed-personal-data-387000-prisoners/165305/357
23
db8151dd"mystery breach"22,000,0002020 May 2020Aggregated data from multiple websites was discovered in an open database. It included addresses, job titles, phone numbers and social media profiles. The breach was dubbed 'db8151dd'.webhacked222,000,0009 to 5 Machttps://9to5mac.com/2020/05/15/db8151dd/356
24
EasyJet9,000,0002020 May 2020The airline became aware of a hack in January, but didn't notify customers until April. Email addresses, travel details and credit card details were stolen. transporthacked39,000,000BBChttps://www.bbc.co.uk/news/technology-52722626355
25
Microsoft250,000,0002020 Jan 2020Customer support records spanning 14 years were left online without password protection. webpoor security1250,000,000Forbeshttps://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/#91076484d1b3354
26
Dutch Government6,900,0002020 Mar 2020Two hard drives with data from 6.9m registered organ donors went missing. They contained contact details, ID numbers & signatures.governmentlost device46,900,000ZDNethttps://www.zdnet.com/article/dutch-government-loses-hard-drives-with-data-of-6-9-million-registered-donors/353
27
Virgin Media900,0002020 Mar 2020A poorly-configured database left names, email addresses and phone numbers exposed for 10 months. retailpoor security1900,000BBC https://www.bbc.co.uk/news/business-51760510352
28
Boots Advantage Card150,0002020 Mar 2020Hackers accessed Advantage Card records, but no financial data was stolen. Payment using points was suspended.retailhacked1150,000Whichhttps://www.which.co.uk/news/2020/03/boots-advantage-card-tesco-clubcard-both-suffer-data-breaches-in-same-week/351
29
Tesco Clubcard600,0002020 Mar 2020Details of accrued loyalty points were accessed, but financial details weren't exposed.retailhacked1600,000Tech Radarhttps://www.techradar.com/uk/news/tesco-clubcard-holders-warned-of-major-security-issue350
30
Marriott Hotels5,200,0002020 Mar 2020Guest records were accessed using the logins of two employees between mid-Jan and end of Feb. retailinside job25,200,000Marriotthttps://news.marriott.com/news/2020/03/31/marriott-international-notifies-guests-of-property-system-incident349
31
Zoom500,0002020 Apr 2020Email addresses, passwords and personal meeting URLs were sold on the dark web. It led to a host of zoom-bombing pranks. apphacked1500,000We Live Securityhttps://www.welivesecurity.com/2020/04/16/half-million-zoom-accounts-sale-dark-web/348
32
Israeli government6,500,0002020 Feb 2020Names, addresses, and ID card numbers of every Israeli voter were found on an insecure website belonging to Elector, a political communications app.governmentpoor security26,500,000NYTimeshttps://www.nytimes.com/2020/02/10/world/middleeast/israeli-voters-leak.html?action=click&module=News&pgtype=Homepage347
33
MGM Hotels10,600,0002020 Feb 2020Data stolen during an 2019 hack of an MGM server was published on a hacking forum.retailhacked210,600,000ZDNethttps://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/346
34
Buchbinder Car Rentals5,000,0002020 Jan 2020Correspondence, invoices and contracts containing personal details were left exposed on an unsecured company server. transportpoor security25,000,000Teller Reporthttps://www.tellerreport.com/news/2020-01-22---big-data-leak--media--at-buchbinder-car-rental-company--customer-data-was-open-.BJ-S5Jk8Z8.html345
35
Wawafuel & convenience store chain30,000,0002019 Dec 2019Card-stealing malware was installed, and remained undiscovered for nine months. retailhacked330,000,000Krebs on Securityhttps://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/344
36
Desjardins Group4,200,0002019 Jun 2019An employee of the Canadian financial firm leaked customer information outside the organisation: names, addresses, birthdates, social insurance numbers & transaction habits.financeinside job2CBChttps://www.cbc.ca/news/canada/montreal/desjardins-data-breach-1.5344216343
37
US Customs and Border Protection100,0002019 Jun 2019Photos of faces and license plates taken at an US border crossing were stolen in a cyberattack on a surveillance contractor.governmenthackedy2Washington Posthttps://www.washingtonpost.com/technology/2019/06/10/us-customs-border-protection-says-photos-travelers-into-out-country-were-recently-taken-data-breach/?utm_term=.69c66aaf152f342
38
Quest Diagnostics20,000,0002019 Jun 2019For an 8 month period, a hacker group stole personal and payment information from a firm providing billing services for the US healthcare sector.health poor security4ZDNethttps://www.zdnet.com/article/amca-data-breach-has-now-gone-over-the-20-million-mark/341
39
Australian National University200,0002019 Jun 2019A hacker accessed personal information including addresses, bank account details, payroll information and academic records. Staff, students and visitors were affected.academichacked4Guardianhttps://www.theguardian.com/australia-news/2019/jun/04/australian-national-university-hit-by-huge-data-breach340
40
Canva139,000,0002019 May 2019 Names, email addresses and location data belonging to users of an Australian graphic design service were stolen by a hacker.webhacked2139,000,000ZDNethttps://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/339
41
ChtrboxInstagram Influencers49,000,0002019 May 2019Contact details for millions of Instagram influencers, celebrities and brand accounts was left exposed in an online database for at least six days.miscpoor securityy1Techcrunchhttps://techcrunch.com/2019/05/20/instagram-influencer-celebrity-accounts-scraped/337
42
WiFi FinderA hotspot finder app2,000,0002019 Apr 2019An Android app for finding local WiFi passwords inadvertently provided access to the entire database, including domestic WiFi points.apppoor security1Techcrunchhttps://techcrunch.com/2019/04/22/hotspot-password-leak/336
43
Toyota3,100,0002019 Apr 2019A security breach of Toyota subsidiaries' IT systems may have leaked personal customer information.transporthacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/toyota-security-breach-exposes-personal-info-of-31-million-clients/https://global.toyota/jp/newsroom/corporate/27465617.html335
44
UnknownOpen database in China1,800,0002019 Mar 2019A Dutch researcher found women's personal information in an open Chinese database. It included phone numbers, addressed and their "BreedReady" status, whatever that might be.webpoor securityy4The Guardianhttps://www.theguardian.com/world/2019/mar/11/china-database-lists-breedready-status-of-18-million-women334
45
VårdguidenSweden's healthcare hotline2,700,0002019 Feb 2019170,000 hours of sensitive calls to Sweden's healthcare hotline were stored on an open web server with no encryption or authentication. The breach was blamed on a subcontractor, Medicall.health poor securityy5ComputerSwedenhttps://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internethttps://thenextweb.com/eu/2019/02/18/2-7-million-patient-calls-to-swedish-healthcare-hotline-left-unprotected-online/#333
46
Dubsmash162,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.web hacked1162,000,000The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/332
47
ShareThis41,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/331
48
HauteLook28,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.retailhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/330
49
Animoto25,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/329
50
EyeEm22,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/328
51
8fit20,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/327
52
Whitepages18,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/326
53
Fotolog16,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/325
54
Armor Games11,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.gaminghacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/324
55
BookMate8,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/323
56
CoffeeMeetsBagel6,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/322
57
Artsy1,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/321
58
DataCamp700,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/320
59
Ixigo18,000,0002019 Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.transportpoor security1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/319
60
YouNow40,000,0002019 Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.webhacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/318
61
Houzz57,000,0002019 Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.retailhacked2Techcrunchhttps://techcrunch.com/2019/01/31/houzz-data-breach/317
62
Ge.tt1,800,0002019 Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.webhacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/316
63
Coinmama450,0002019 Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.financehacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/315
64
Roll204,000,0002019 Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.gaminghacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/314
65
Stronghold Kingdoms5,000,0002019 Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.gaminghacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/313
66
Petflow1,000,0002019 Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.retailpoor security1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/312
67
500px14,800,0002019 Feb 2019A July 2018 hack exposed the personal information of all 500px users, including names, usernames, email addresses, encrypted passwords, location, birth date, and gender.webhacked2PetaPixelhttps://petapixel.com/2019/02/13/500px-hacked-personal-data-stolen-from-all-14-8-million-users/311
68
Blurpassword manager2,400,0002019 Jan 2019A server belonging to the password manager service contained a freely accessible file with users' email addresses, names and encrypted passwords.techoops!1ZDNethttps://www.zdnet.com/article/data-of-2-4-million-blur-password-manager-users-left-exposed-online/310
69
Blank Media Games7,600,0002019 Jan 2019A hacker stole usernames, email addresses and encrypted passwords belonging to players of the game "Town of Salem" from an insecure server.gaminghacked1ZDNethttps://www.zdnet.com/article/town-of-salem-game-suffers-data-breach-exposing-7-6-million-user-details/309
70
Indian citizens275,265,2982019 May 2019The discovery of a huge, unprotected MongoDB database containing personal information of Indian citizens, including their education, resume and current salary.
webpoor security2275,000,000Bleeping Computerhttps://www.bleepingcomputer.com/news/security/over-275-million-records-exposed-by-unsecured-mongodb-database/308
71
Bulgarian National Revenue Agency5,000,0002019 Jul 2019A hacker stole personal details of Bulgarian citizens from 110 government databases. 5m records, out of a total population of 7m.governmenthacked2ZDNethttps://www.zdnet.com/article/hacker-steals-data-of-millions-of-bulgarians-emails-it-to-local-media/307
72
Capital One100,000,0002019 Jul 2019The massive data breach included personal information from credit card applications over a 14-year period. A former Amazon employee, Paige Thompson, awaits trial for fraud.financehacked3100,000,000Forbeshttps://www.forbes.com/sites/rachelsandler/2019/07/29/capital-one-says-hacker-breached-accounts-of-100-million-people-ex-amazon-employee-arrested/#2a5cb36b41d2306
73
Supremabiometrics security company27,800,0002019 Aug 2019A biometric security company stored unencrypted usernames and passwords, fingerprints and facial recognition information on a publicly accessible database.techpoor security5Guardianhttps://www.theguardian.com/technology/2019/aug/14/major-breach-found-in-biometrics-system-used-by-banks-uk-police-and-defence-firms305
74
Facebook419,000,0002019 Sep 2019Several unprotected databases were found to contain the phone numbers of around 20% of all Facebook users, with (in some cases) names and locations.webpoor security2420,000,000Fast Companyhttps://www.fastcompany.com/90399734/the-phone-numbers-of-419-million-facebook-accounts-have-been-leaked304
75
DoorDashfood delivery company4,900,0002019 Sep 2019Users who joined the platform before April 2018 had their names, email addresses, order history, phone numbers and encrypted passwords stolen in a hack.transporthacked24,900,000Techcrunchhttps://techcrunch.com/2019/09/26/doordash-data-breach/303
76
BriansClubsite selling stolen card data26,000,0002019 Oct 2019A site selling stolen payment card data was hacked and 26 million records were leaked. Banks were able to invalidate those cards, taking around 1/3 of the world's stolen cards out of circulation.webhacked326,000,000Ars Technicahttps://arstechnica.com/information-technology/2019/10/data-for-a-whopping-26-million-stolen-payment-cards-leaked-in-hack-of-fraud-bazaar/302
77
OxyData380,000,0002019 Nov 2019Information compiled by a data aggregation firm were found on an insecure server. It included complete scrapes of LinkedIn data, including recruiter information.techpoor security2380,000,000Dataviperhttps://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/300
78
Click2Gov300,0002018 Dec 2018Vulnerabilities in government payment software allowed hackers to access financial records and personal data across 46 US cities.financehacked3Fortunehttp://fortune.com/2018/12/18/click2gov-local-government-portals-hackers-credit-card-breach/299
79
SingHealth1,500,0002018 Jul 2018Hackers stole personal details of 1.5 million patients, as well as the prescription details of 160,000 people, including prime minister Lee Hesien Loong.health hacked4Straits Timeshttps://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most298
80
GovPayNow.comGovernment Payment Service Inc14,000,0002018 Sep 2018A company used by US government agencies to accept online payments exposed personal records via a standard web browser, including addresses, phone numbers and credit card digits.financepoor security2Krebs on Securityhttps://krebsonsecurity.com/2018/09/govpaynow-com-leaks-14m-records/297
81
Cathay Pacific Airways94,000,0002018 Oct 2018Stolen data included names, nationalities, birth dates, phone numbers, addresses, passport & identity card numbers & expired credit card numbers.transporthacked3ABC Newshttps://www.abc.net.au/news/2018-10-25/cathay-pacific-data-breach-affects-9.4-million-customers/10429878296
82
Chinese resume leak202,000,0002018 Dec 2018Information thought to have been scraped from Chinese jobseeking websites was found in an insecure database. It included resumes, phone numbers, height, weight, driving license & literacy level.webpoor security2202,000,000HackenProofhttps://blog.hackenproof.com/industry-news/202-million-private-resumes-exposed295
83
Google+52,500,0002018 Dec 2018A vulnerability exposed users' personal details to developers, even if their profiles were set to private. As a result, Google shut down the consumer version of the social network 4 months early.webpoor security2The Vergehttps://www.theverge.com/2018/12/10/18134541/google-plus-privacy-api-data-leak-developers294
84
Quora100,000,0002018 Dec 2018Login details and private messages were compromised by "a malicious third party".webhacked1100,000,000NY Timeshttps://www.nytimes.com/2018/12/04/technology/quora-hack-data-breach.html293
85
Marriott International383,000,0002018 Nov 2018Hackers breached the reservation system of all Starwood hotels, including Sheraton, Westin and Le Meridien. Personal information, credit card details and passport info dating back to 2014 was stolen.retailhacked3383,000,000NY Times, CNEThttps://www.nytimes.com/2018/11/30/business/marriott-data-breach.htmlhttps://www.cnet.com/news/marriott-says-hackers-stole-more-than-5-million-passport-numbers/292
86
NMBSBelgian national railway operator700,0002018 Dec 2018Customer names, gender, birth dates, email and postal address data were left on a publicly searchable server belonging to the Belgian rail authority. Caused by a data worker “clicking on the wrong button”.transportoops!y2Flanders Todayhttp://www.flanderstoday.eu/business/nmbs-data-leak-was-breach-privacy291
87
Facebook50,000,0002018 Mar 2018Cambridge Analytica, headed at the time by Steve Bannon, harvested profiles in early 2014 to build a system that could profile US voters and target them with political adverts.webhackedy150,000,000Guardianhttps://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election?CMP=twt_gu290
88
Panerabread37,000,0002018 Apr 2018Customer records, including loyalty card numbers, were available via the bakery chain's website for at least 8 months. The firm claims 10k records were leaked. Security researchers put the figure at over 37 million. retailpoor security2Krebsonsecurity, Mediumhttps://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/https://medium.com/@djhoulihan/no-panera-bread-doesnt-take-security-seriously-bf078027f815289
89
Dixons Carphone10,000,0002018 Jun 2018The firm admitted that hackers were able to access the details of 10m customers and 6m payment cards.telecomshacked1BBChttps://www.bbc.co.uk/news/business-45016906288
90
MyHeritage92,283,8892018 Jun 2018The genealogy site received a message from a researcher who had discovered over 92m email addresses and encrypted passwords on an external server.webhacked1Bloomberghttps://www.bloombergquint.com/technology/hack-of-dna-website-exposes-data-from-92-million-user-accounts287
91
Saks and Lord & TaylorBoth owned by Hudson's Bay Company5,000,0002018 Apr 2018A known ring of cybercriminals implanted software into store cash registers, siphoning off credit card details from readers.retailhackedy3NYTimeshttps://www.nytimes.com/2018/04/01/technology/saks-lord-taylor-credit-cards.html286
92
CareemDubai-born ride hailing service14,000,0002018 Apr 2018The Dubai-based ride hailing service admitted that names, email addresses, phone numbers and trip data had been accessed in what it called a "cyber incident".apphacked2Khaleej Timeshttps://www.khaleejtimes.com/nation/dubai//dubais-careem-admits-to-data-breach-of-14-million-users285
93
Texas voter records14,800,0002018 Aug 2018A single file containing 14.8 million voter records was found on an unsecured server. It was thought to have been originally compiled by Data Trust, a Republican-focused data analytics firm.webpoor security2TechCrunchhttps://techcrunch.com/2018/08/23/millions-of-texas-voter-records-exposed-online/284
94
British Airways380,0002018 Sep 2018The personal and financial details of customers who booked flights in a two-week period over the summer were compromised.transporthacked4Guardianhttps://www.theguardian.com/business/2018/sep/06/british-airways-customer-data-stolen-from-its-website283
95
T-Mobile2,000,0002018 Aug 2018Personal data along with passwords encrypted by a notoriously weak algorithm (MD5) were stolen. The firm initially failed to disclose the password breach, "because they were encrypted".telecomshacked1Motherboardhttps://motherboard.vice.com/en_us/article/a3qpk5/t-mobile-hack-data-breach-api-customer-data282
96
MyFitnessPalUnderArmour150,000,0002018 Mar 2018A breach of usernames, email addresses, and hashed passwords belonging to users of the fitness app.apphacked1150,000,000Guardianhttps://www.theguardian.com/technology/2018/mar/30/hackers-steal-data-150m-myfitnesspal-app-users-under-armour281
97
Helse Sør-Øst RHFHealth authority responsible for 10 Norwegian counties.3,000,0002018 Feb 2018Patient records of more than half of Norway's population were stolen. The hack is thought to have happened via old computers running Windows XP.health hacked4It Governancehttps://www.itgovernance.eu/blog/en/breach-at-norways-largest-healthcare-authority-was-a-disaster-waiting-to-happen280
98
NametestsFacebook quiz app owned by Social Sweethearts120,000,0002018 Jun 2018A security failure in a "personality test" app on Facebook left millions of people’s data publicly exposed for almost two years – even after they had deleted the app.apppoor securityy1120,000,000Mediumhttps://medium.com/@intideceukelaire/this-popular-facebook-app-publicly-exposed-your-data-for-years-12483418eff8279
99
Ticketmaster40,0002018 Jun 2018The data was stolen via an attack on a third-party customer support firm. It was likely to have affected UK customers who bought tickets between Feb and Jun 2018.webhacked3BBC Newshttps://www.bbc.co.uk/news/technology-44628874278
100
FirebaseA service from Google100,000,0002018 Jun 2018Misconfigured databases used by app developers were found to be exposing 113GB of personal data, accumulated by thousands of iOS and Android mobile apps.apppoor security5100,000,000Bleeping Computerhttps://www.bleepingcomputer.com/news/security/thousands-of-apps-leak-sensitive-data-via-misconfigured-firebase-backends/277