ABCDEFGHIJKLMNOP
1
organisationalternative namerecords lostyear datestorysectormethodinteresting storydata sensitivitydisplayed recordssource name1st source link2nd source linkID
2
visualisation here: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
pink = new
(use 3m, 4m, 5m or 10m to approximate unknown figures) year story brokeweb
healthcare
app
retail
gaming
transport
financial
tech
government
telecoms
legal
media
academic
energy
military
poor security
hacked
oops!
lost device
inside job
1. Just email address/Online information
2 SSN/Personal details
3 Credit card information
4 Health & other personal records
5 Full details
=IF(C3>100000000,C3,")
3
Dubai Real Estate Leak800,0002022May 2022Data leak exposes how criminals, officials, and sanctioned politicians poured money into Dubai real estate including more than 100 members of Russia's political elite, public officials, or businesspeople close to the Kremlin, as well as dozens of Europeans implicated in money laundering and corruptionfinancialinside joby1E24https://e24.no/internasjonal-oekonomi/i/Bj97B0/dubai-uncovered-data-leak-exposes-how-criminals-officials-and-sanctioned-politicians-poured-money-into-dubai-real-estate417
4
Heroku50,0002022Apr 2022A compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." on the Salesforce-owned cloud platform.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/heroku-admits-that-customer-credentials-were-stolen-in-cyberattack/416
5
Mailchimp106,5862022Apr 2022Hackers gained access to internal customer support and account management tools of the email marketing company to steal audience data and conduct phishing attacks.techhacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/415
6
PayHere1,580,2492022Mar 2022Sri Lankan payment gateway PayHere suffered a data breach exposing more than 65GB of payment records including over 1.5M unique email addresses. (IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date).financialhacked3Pay Herehttps://blog.payhere.lk/ensuring-integrity-on-payhere-cybersecurity-incident/414
7
CDEK18,218,2032022Mar 2022UNVERIFIED. Russian courier service CDEK was hacked by Ukrainian hacker group "IT Army" - including 19M unique email addresses along with names and phone numbers. retailhacked319,000,000Have I Been Pwnedhttps://twitter.com/haveibeenpwned/status/1504343470072549377?lang=en413
8
Washington State Dpt of Licensing257,0002022Feb 2022The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system.governmenthacked3Seattle Timeshttps://www.seattletimes.com/business/breach-at-state-licensing-agency-may-have-exposed-data-from-1000s-of-professionals/412
9
Red Cross500,0002022Jan 2022A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.NGOhacked4Arsetechniahttps://arstechnica.com/information-technology/2022/01/red-cross-hack-compromises-the-personal-data-of-515k-highly-vulnerable-people/411
10
Open Subtitles100,0002022Jan 2022webhacked1Open Subtitleshttps://forum.opensubtitles.org/viewtopic.php?t=17685410
11
FlexBooker3,700,0002022Jan 2022appointment scheduling servicewebhacked33,700,000Bleeping Computerhttps://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/409
12
LINE Pay133,0002021Dec 2021financialpoor security 2The Registerhttps://www.theregister.com/2021/12/07/line_pay_leaks_around_133000/408
13
Robinhood5,000,9372021Nov 2021a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers.financialhacked25,000,000Tech Crunchhttps://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1407
14
GoDaddy1,200,0002021Nov 2021Security Incident Affecting Managed WordPress Servicwebhacked1SEChttps://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1406
15
Travelio471,3762021Nov 2021The Indonesian real estate website Travelio suffered a data breach of over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. mischacked2470,000HaveIBeenPwnedhttps://www.riskbasedsecurity.com/2021/12/14/dark-web-roundup-november-2021/405
16
Acer3,000,0002021Oct 2021techhacked1Hot Hardwarehttps://hothardware.com/news/acer-confirms-hacked-again-60gb-stolen-customer-data404
17
Brewdog200,0002021Oct 2021BrewDog, one of the world's largest craft beer brewers, has exposed personally identifiable information (PII) belonging to more than 200,000 of its shareholders and customers,retailpoor security1Tech Radarhttps://www.techradar.com/news/brewdog-exposes-data-of-200000-customers-and-shareholders403
18
Nvidia100,0002021Mar 2021techhacked2CNN Businesshttps://edition.cnn.com/2022/03/01/tech/nvidia-information-leak/https://it.slashdot.org/story/22/03/01/1523248/nvidia-says-employee-company-information-leaked-online-after-cyber-attack?utm_source=feedly1.0mainlinkanon&utm_medium=feed401
19
Okta100,0002021Jan 2021Identity and access management provider Oktatechhacked1The Vergehttps://www.theverge.com/2022/4/20/23034360/okta-lapsus-hack-investigation-breach-25-minuteshttps://twitter.com/BillDemirkapi/status/1508527487655067660/399
20
Experian SASouth Africa24,000,0002020 Jul 2020Handed over personal information of their South African customers to a fraudulent client.weboops!3Uni of Hawaiihttps://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/experian-security-breach-in-south-africa/#:~:text=Experian%20disclosed%20the%20data%20breach,local%20businesses%20(Cimpanu%202020).402
21
Royal Enfield420,8732020 Jan 2020Motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. (Email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information)transportpoor security3The Quinthttps://www.thequint.com/news/india/royal-enfield-exposed-database-containing-450000-customer-data-cyber-security-expert398
22
Avvo4,101,1012019Dec 2019A data breach of the lawyer directory service released 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. legalhacked14,100,000HaveIBeenPwnedhttps://www.troyhunt.com/breach-disclosure-blow-by-blow-heres-why-its-so-hard/397
23
Aimware305,4702019May 2019Video game cheats website "Aimware" suffered a data breach of subscribers' personal information (email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes)gaminghacked3HaveIBeenPwned396
24
Twitch10,000,0002021Oct 2021Full source code breach of the streaming gaming site revealed a trove of internal data & documents including core config packages, devtools, and payments to top streamers. gaminghackedy4unknownBBChttps://www.bbc.co.uk/news/technology-58817658395
25
Syniverse500,000,0002021Sep 2021"A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide."telecomshacked4unknownVicehttps://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked394
26
Pandora Papers11,900,0002021Oct 2021Millions of documents reveal offshore deals and assets of more than 100 billionaires, 30 world leaders and 300 public officialsgovernmenthackedy4Guardianhttps://www.theguardian.com/news/2021/oct/03/pandora-papers-biggest-ever-leak-of-offshore-data-exposes-financial-secrets-of-rich-and-powerful393
27
Neiman Marcus4,600,0002021Sep 2021Occurred sometime in May 2020 after "an unauthorized party" obtained the personal information of some Neiman Marcus customers from their online accounts.retailhacked3Ars Technicahttps://arstechnica.com/information-technology/2021/10/neiman-marcus-data-breach-impacts-4-6-million-customers/392
28
Epik15,000,0002021Sep 2021An Internet-services company for concealing online identities, popular with the far right retailhackedy5Ars Technicahttps://arstechnica.com/information-technology/2021/09/epik-data-breach-impacts-15-million-users-including-non-customers/391
29
Thailand visitors100,000,0002021Sep 2021Any foreigner who has travelled to Thailand in the last decade ‘might have had their information exposed’governmentpoor security 2100,000,000South China Morning Posthttps://www.scmp.com/news/asia/southeast-asia/article/3149475/details-some-100-million-visitors-thailand-exposed-online390
30
T-Mobile 40,000,0002021Aug 2021Exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company.telecomshacked3Krebson Securityhttps://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/389
31
Contact tracing data38,000,0002021Aug 2021A thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases.telecomshacked338,000,000Wiredhttps://www.wired.com/story/microsoft-power-apps-data-exposed/388
32
Estonian gov280,0002021Jul 2021A hacker was able to obtain over 280,000 personal identity photos following an attack on the state information system last Friday.governmenthacked4News ERRhttps://news.err.ee/1608291072/hacker-downloads-close-to-300-000-personal-id-photos387
33
GuntraderUK firearms sales website111,0002021Jul 2021Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords used by gun shops across the UK.retailhacked2The Registerhttps://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/386
34
Linkedin700,000,0002021Jul 2021The hacker appears to have misused the official LinkedIn API to scrape the data, the same method used in a similar breach back in April. User details, but no passwords.web hacked1700,000,0009 to 5 machttps://9to5mac.com/2021/06/29/linkedin-breach/385
35
VW3,300,0002021Jun 2021Phone numbers, email addresses and some sensitive credit data. Nearly all those impacted were current or potential customers of Audi, one of the German automaker's luxury brandstransporthacked2Reutershttps://www.reuters.com/business/autos-transportation/vw-says-data-breach-vendor-impacted-33-million-people-north-america-2021-06-11/384
36
MacDonalds10,000,0002021Jun 2021Unknown detailretailhacked2unknownWall St Journalhttps://www.wsj.com/articles/mcdonalds-hit-by-data-breach-in-south-korea-taiwan-11623412800383
37
Air India4,500,0002021May 2021Passenger’s name, date of birth, contact information, passport information, ticket information, frequent flyer data and credit card information.transporthacked2Indian Expresshttps://indianexpress.com/article/explained/air-india-sita-data-breach-explained-7325501/382
38
Omiai dating appJapanese dating app1,710,0002021May 2021Addresses and dates of birth from identification, including passports, drivers’ licenses and health insurance cards, provided to the company.apphacked2Japan Timeshttps://www.japantimes.co.jp/news/2021/05/22/business/tech/omiai-dating-app-hack-japan/381
39
Amazon Reviews13,124,9622021May 2021Database exposing an organized fake reviews scam affecting Amazon. The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free productswebpoor security y2Safety Detectiveshttps://www.safetydetectives.com/blog/amazon-reviews-leak-report/380
40
Peloton3,000,0002021May 2021techpoor security 2Ars Technicahttps://arstechnica.com/gadgets/2021/05/peloton-takes-3-months-to-fix-flaw-that-exposed-users-private-information/#p3379
41
Digital Ocean10,000,0002021Apr 2021techpoor security unknownTech Crunchhttps://techcrunch.com/2021/04/28/digitalocean-customer-billing-data-breach/378
42
Park Mobilemobile parking app21,000,0002021Apr 2021Customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.transporthacked2Krebson Securityhttps://krebsonsecurity.com/2021/04/parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users/377
43
Ubiquiti16,000,0002021Feb 2021Unknown amount of user data breachedtechhacked2ZDNethttps://www.zdnet.com/article/ubiquiti-tells-customers-to-change-passwords-after-security-breach/376
44
Meet Mindful2,240,0002021Feb 2021Dating site user data includes real names, phone numbers, Facebook account codes, latitude & longtitude. Thankfully private messages were not leaked.techhacked4ZDnethttps://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/375
45
Experian Brazil220,000,0002021Feb 2021Details hazyfinancehacked2220,000,000ZDNethttps://www.zdnet.com/article/experian-challenged-over-massive-data-leak-in-brazil/374
46
Gab4,000,0002021 Mar 2021Over 70GB of data from the far-right social media site was hacked. Alll posts, messages, passwords from all users were breached.techhackedy3100,000Wiredhttps://www.wired.com/story/gab-hack-data-breach-ddosecrets/373
47
Star Alliance16,000,0002021 Mar 2021The Star Alliance of airlines including Singapore Airlines, Lufthansa and United, said on Thursday it had been the victim of a cyber attack leading to a breach of passenger data. Lufthansa, Cathay Pacific and Air New Zealand were also affected. Breached data was limited to "name, tier status and membership number”transporthacked1The Guardianhttps://www.theguardian.com/world/2021/mar/05/airline-data-hack-hundreds-of-thousands-of-star-alliance-passengers-details-stolen372
48
Facebook533,000,0002021 Mar 2021Phone numbers, full names, locations, email addresses, and biographical information on 533 million users from 106 countries. Scraped due to a vulnerability "patched in 2019".techhackedy1533,000,000Business Insiderhttps://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T371
49
Ledger270,0002020 Dec 2020A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free.financehacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum/370
50
T-mobile200,0002020 Dec 2020The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.telecomshacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/369
51
The Hospital Group1,000,0002020 Dec 2020Hackers compromised the plastic surgery firm and threatened to release over 900 gigabytes of private surgery photographs. health hackedy4BBChttps://www.bbc.co.uk/news/technology-55439190368
52
SolarWinds50,000,0002020 Dec 2020Suspected Russian hackers compromised network monitoring software used by the Pentagon, intelligence agencies, nuclear labs and many Fortune 500 companies. A tainted software update acted as a trojan horse. An unknown number of companies and individuals might be affected.apphackedy3New York Timeshttps://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html367
53
Ho Mobile2,500,0002020 Dec 2020Italian mobile operator owned by Vodaphone is now taking the rare step of offering to replace the SIM cards of all affected customers. Data hacked full names, telephone numbers, social security numbers, email addresses, dates and places of birth, nationality, and home addresses.telecomshacked2ZD Nethttps://www.zdnet.com/article/italian-mobile-operator-offers-to-replace-sim-cards-after-massive-data-breach/366
54
Spotify500,0002020 Dec 2020Undisclosed number of users had their email addresses and passwords left open online. Spotify said the vulnerability existed as far back as April 9 but wasn’t discovered until November 12.appoops!1Tech Crunchhttps://techcrunch.com/2020/12/10/spotify-resets-user-passwords-after-a-bug-exposed-private-account-information/?guccounter=1&guce_referrer=aHR0cHM6Ly9pdC5zbGFzaGRvdC5vcmcv&guce_referrer_sig=AQAAAMGNMpm00iWQgE4Zhw1q6_5FoeBsJUbWyKEniavHxaZR-X1oBrnXuFtvr9B4IYBK1C6x9AfEqEZwzfJaZhhINvaBZltXd-DF036LVwwnAhWAMQpD98Lahw3sni-Z2bS6qEIjPgodPdZHV3DRJWLrNt0bOoohuh_DWM8-IngVnCl6365
55
Drizly2,400,0002020 Sep 2020Alcohol delivery service hacked with email addresses, DOB, hashed passwords and some home addresses leaked. apphacked2Tech Crunchhttps://techcrunch.com/2020/07/28/drizly-data-breach/364
56
GEDmatch1,400,0002020 Sep 2020DNA data on up to 1.4m users of this geneaology site may have been hacked.misc, healthhackedy5New York Timeshttps://www.nytimes.com/2020/08/01/technology/gedmatch-breach-privacy.html?referringSource=articleShare363
57
Call of Duty / Activision500,0002020 Sep 2020Login data for users of the popular video games may have compromised. Activision refutes the claim. gaminghacked1Forbeshttps://www.forbes.com/sites/daveywinder/2020/09/21/activision-accounts-hacked-500000-call-of-duty-players-could-be-affected-report/?sh=7ca04e0f7bbe362
58
Zhenhua2,400,0002020 Sep 2020Personal details of millions of notable people around the world found in a leaked database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks. Mostly compiled from social media profiles.miscoops!y1The Guardianhttps://www.theguardian.com/world/2020/sep/14/zhenhua-data-full-list-leak-database-personal-details-millions-china-tech-company361
59
Cense AI2,500,0002020 Aug 2020Medical records from an artificial intelligence company were left open online.tech, healthpoor security4PC Maghttps://uk.pcmag.com/encryption/128228/report-ai-company-leaks-over-25m-medical-records360
60
Nintendo300,0002020 Apr 2020Unauthorised access to thousands of Nintendo Switch accounts. Hackers were able to use saved payment details to make purchases.gaminghacked3300,000Tech Crunchhttps://techcrunch.com/2020/06/09/nintendo-accounts-affected-breach/?guccounter=1&guce_referrer=aHR0cHM6Ly9nYW1lcy5zbGFzaGRvdC5vcmcvc3RvcnkvMjAvMDYvMDkvMTg0MjIzNy9uaW50ZW5kby1ub3ctc2F5cy0zMDAwMDAtYWNjb3VudHMtYnJlYWNoZWQtYnktaGFja2Vycz91dG1fc291cmNlPXJzczEuMG1haW5saW5rYW5vbiZ1dG1fbWVkaXVtPWZlZWQ&guce_referrer_sig=AQAAAIXC8IvaFgPdt5t-CUm7yPEhKblsmme4097SUtEWdSkjyrdsxVYiQBfbdpekm_Y29T7evb-5zNNl2-ZHfNSmVkKFnE5vClvpvsaPYykOO8WtAX76dZoL2EUkVL8XfmMQBVlNF43T5MATGNeSnwn6Ta6ELVBXnf_ZTsmVaemjk1Vf359
61
Pakistani mobile operators115,000,0002020 Apr 2020Personal details stolen from Jazz and other mobile networks were put up for sale for $2.1m in bitcoin.telecomshacked2115,000,000ZDNethttps://www.zdnet.com/article/details-of-44m-pakistani-mobile-users-leaked-online-part-of-bigger-115m-cache/358
62
US Marshals Service387,0002020 May 2020Prisoners had sensitive personal data stolen in December 2019. They were notified five months later.governmenthacked2287,000NextGovhttps://www.nextgov.com/cybersecurity/2020/05/us-marshals-service-breach-exposed-personal-data-387000-prisoners/165305/357
63
db8151dd"mystery breach"22,000,0002020 May 2020Aggregated data from multiple websites was discovered in an open database. It included addresses, job titles, phone numbers and social media profiles. The breach was dubbed 'db8151dd'.webhacked222,000,0009 to 5 Machttps://9to5mac.com/2020/05/15/db8151dd/356
64
EasyJet9,000,0002020 May 2020The airline became aware of a hack in January, but didn't notify customers until April. Email addresses, travel details and credit card details were stolen. transporthacked39,000,000BBChttps://www.bbc.co.uk/news/technology-52722626355
65
Microsoft250,000,0002020 Jan 2020Customer support records spanning 14 years were left online without password protection. webpoor security1250,000,000Forbeshttps://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/#91076484d1b3354
66
Dutch Government6,900,0002020 Mar 2020Two hard drives with data from 6.9m registered organ donors went missing. They contained contact details, ID numbers & signatures.governmentlost device46,900,000ZDNethttps://www.zdnet.com/article/dutch-government-loses-hard-drives-with-data-of-6-9-million-registered-donors/353
67
Virgin Media900,0002020 Mar 2020A poorly-configured database left names, email addresses and phone numbers exposed for 10 months. retailpoor security1900,000BBC https://www.bbc.co.uk/news/business-51760510352
68
Boots Advantage Card150,0002020 Mar 2020Hackers accessed Advantage Card records, but no financial data was stolen. Payment using points was suspended.retailhacked1150,000Whichhttps://www.which.co.uk/news/2020/03/boots-advantage-card-tesco-clubcard-both-suffer-data-breaches-in-same-week/351
69
Tesco Clubcard600,0002020 Mar 2020Details of accrued loyalty points were accessed, but financial details weren't exposed.retailhacked1600,000Tech Radarhttps://www.techradar.com/uk/news/tesco-clubcard-holders-warned-of-major-security-issue350
70
Marriott Hotels5,200,0002020 Mar 2020Guest records were accessed using the logins of two employees between mid-Jan and end of Feb. retailinside job25,200,000Marriotthttps://news.marriott.com/news/2020/03/31/marriott-international-notifies-guests-of-property-system-incident349
71
Zoom500,0002020 Apr 2020Email addresses, passwords and personal meeting URLs were sold on the dark web. It led to a host of zoom-bombing pranks. apphacked1500,000We Live Securityhttps://www.welivesecurity.com/2020/04/16/half-million-zoom-accounts-sale-dark-web/348
72
Israeli government6,500,0002020 Feb 2020Names, addresses, and ID card numbers of every Israeli voter were found on an insecure website belonging to Elector, a political communications app.governmentpoor security26,500,000NYTimeshttps://www.nytimes.com/2020/02/10/world/middleeast/israeli-voters-leak.html?action=click&module=News&pgtype=Homepage347
73
MGM Hotels10,600,0002020 Feb 2020Data stolen during an 2019 hack of an MGM server was published on a hacking forum.retailhacked210,600,000ZDNethttps://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/346
74
Buchbinder Car Rentals5,000,0002020 Jan 2020Correspondence, invoices and contracts containing personal details were left exposed on an unsecured company server. transportpoor security25,000,000Teller Reporthttps://www.tellerreport.com/news/2020-01-22---big-data-leak--media--at-buchbinder-car-rental-company--customer-data-was-open-.BJ-S5Jk8Z8.html345
75
Wawafuel & convenience store chain30,000,0002019 Dec 2019Card-stealing malware was installed, and remained undiscovered for nine months. retailhacked330,000,000Krebs on Securityhttps://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/344
76
Desjardins Group4,200,0002019 Jun 2019An employee of the Canadian financial firm leaked customer information outside the organisation: names, addresses, birthdates, social insurance numbers & transaction habits.financeinside job2CBChttps://www.cbc.ca/news/canada/montreal/desjardins-data-breach-1.5344216343
77
US Customs and Border Protection100,0002019 Jun 2019Photos of faces and license plates taken at an US border crossing were stolen in a cyberattack on a surveillance contractor.governmenthackedy2Washington Posthttps://www.washingtonpost.com/technology/2019/06/10/us-customs-border-protection-says-photos-travelers-into-out-country-were-recently-taken-data-breach/?utm_term=.69c66aaf152f342
78
Quest Diagnostics20,000,0002019 Jun 2019For an 8 month period, a hacker group stole personal and payment information from a firm providing billing services for the US healthcare sector.health poor security4ZDNethttps://www.zdnet.com/article/amca-data-breach-has-now-gone-over-the-20-million-mark/341
79
Australian National University200,0002019 Jun 2019A hacker accessed personal information including addresses, bank account details, payroll information and academic records. Staff, students and visitors were affected.academichacked4Guardianhttps://www.theguardian.com/australia-news/2019/jun/04/australian-national-university-hit-by-huge-data-breach340
80
Canva139,000,0002019 May 2019 Names, email addresses and location data belonging to users of an Australian graphic design service were stolen by a hacker.webhacked2139,000,000ZDNethttps://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/339
81
ChtrboxInstagram Influencers49,000,0002019 May 2019Contact details for millions of Instagram influencers, celebrities and brand accounts was left exposed in an online database for at least six days.miscpoor securityy1Techcrunchhttps://techcrunch.com/2019/05/20/instagram-influencer-celebrity-accounts-scraped/337
82
WiFi FinderA hotspot finder app2,000,0002019 Apr 2019An Android app for finding local WiFi passwords inadvertently provided access to the entire database, including domestic WiFi points.apppoor security1Techcrunchhttps://techcrunch.com/2019/04/22/hotspot-password-leak/336
83
Toyota3,100,0002019 Apr 2019A security breach of Toyota subsidiaries' IT systems may have leaked personal customer information.transporthacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/toyota-security-breach-exposes-personal-info-of-31-million-clients/https://global.toyota/jp/newsroom/corporate/27465617.html335
84
UnknownOpen database in China1,800,0002019 Mar 2019A Dutch researcher found women's personal information in an open Chinese database. It included phone numbers, addressed and their "BreedReady" status, whatever that might be.webpoor securityy4The Guardianhttps://www.theguardian.com/world/2019/mar/11/china-database-lists-breedready-status-of-18-million-women334
85
VårdguidenSweden's healthcare hotline2,700,0002019 Feb 2019170,000 hours of sensitive calls to Sweden's healthcare hotline were stored on an open web server with no encryption or authentication. The breach was blamed on subcontractor Medicall.health poor securityy5ComputerSwedenhttps://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internethttps://thenextweb.com/eu/2019/02/18/2-7-million-patient-calls-to-swedish-healthcare-hotline-left-unprotected-online/#333
86
Dubsmash162,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.web hacked1162,000,000The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/332
87
ShareThis41,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/331
88
HauteLook28,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.retailhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/330
89
Animoto25,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/329
90
EyeEm22,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/328
91
8fit20,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/327
92
Whitepages18,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/326
93
Fotolog16,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/325
94
Armor Games11,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.gaminghacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/324
95
BookMate8,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/323
96
CoffeeMeetsBagel6,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/322
97
Artsy1,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/321
98
DataCamp700,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/320
99
Ixigo18,000,0002019 Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.transportpoor security1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/319
100
YouNow40,000,0002019 Feb 2019Part of the theft of 127 million online account details from 8 hacked websites. They were put up for sale on the dark web 1 week after a similar tranche of 617 million records from 16 other websites.webhacked1Techcrunchhttps://techcrunch.com/2019/02/14/hacker-strikes-again/318