A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | organisation | alternative name | records lost | year | date | story | sector | method | interesting story | data sensitivity | displayed records | source name | 1st source link | 2nd source link | ID | ||||||||||||
2 | visualisation here: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ pink = new | (use 3m, 4m, 5m or 10m to approximate unknown figures) | year story broke | web healthcare app retail gaming transport financial tech government telecoms legal media academic energy military | poor security hacked oops! lost device inside job | 1. Just email address/Online information 2 SSN/Personal details 3 Credit card information 4 Health & other personal records 5 Full details | |||||||||||||||||||||
3 | Kaiser Permanente | 13,400,000 | 2024 | Apr 24 | A leading U.S. healthcare organization transmitted personal information to third-party vendors, including Google, Microsoft Bing, and X (formerly Twitter), including search terms entered in Kaiser's health encyclopedia. | health | oops! | 3 | Bleeping Computer | https://restoreprivacy.com/data-breach-at-kaiser-permanente-affects-13-4-million-people/ | 492 | ||||||||||||||||
4 | Ticketmaster | 560,000,000 | 2024 | Jun 24 | Hacker group ShinyHunters say it stole names, addresses, phone numbers and partial credit cards details from hundreds of millions of Ticketmaster customers around the world. | media | hacked | y | 3 | 560m | BBC | https://www.bbc.co.uk/news/articles/cw99ql0239wo | 491 | ||||||||||||||
5 | Stanford University | 27,000 | 2023 | May 23 | The Akira ransomware group claims to have stolen 430 GB of data, including names and social security numbers. The breach went unnoticed for four months, suggesting a possible prolonged attacker presence | academic | hacked | 2 | Slashdot | https://yro.slashdot.org/story/24/03/13/2053224/stanford-university-failed-to-detect-ransomware-intruders-for-4-months?utm_source=feedly1.0mainlinkanon&utm_medium=feed | 490 | ||||||||||||||||
6 | Cooler Master | 500,000 | 2024 | May 24 | Threat actor 'Ghostr' hacked the company's Fanzone website, stealing 103 GB of data. Compromised info includes names, emails, phone numbers, birth dates, addresses, product details, employee info, and vendor correspondence. | tech | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/cooler-master-confirms-customer-info-stolen-in-data-breach/ | 489 | ||||||||||||||||
7 | Financial Business and Consumer Solutions | FBCS | 3,200,000 | 2024 | Feb 24 | A U.S. debt collection agency reported a breach Initially affecting 1.9m people but the number has since increased significantly. Stolen data includes names, SSNs, birthdates, account info, and driver's license numbers. | tech | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/collection-agency-fbcs-ups-data-breach-tally-to-32-million-people/ | 488 | |||||||||||||||
8 | Santander | 30,000,000 | 2024 | May 24 | Threat actor 'ShinyHunters' claim to be selling Santander bank data on 30m customers from Chile, Spain and Uruguay. | financial | hacked | 3 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/banco-santander-warns-of-a-data-breach-exposing-customer-info/ | 487 | ||||||||||||||||
9 | Everbridge | 5,600,000 | 2024 | May 24 | The American crisis management software company, serving the U.S. Army, Atlanta Airport, and Norway and Australia, suffered a major data breach. Both business and user data compromised. | tech | hacked | 1 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/everbridge-warns-of-corporate-systems-breach-exposing-business-data/ | 486 | ||||||||||||||||
10 | BBC | 25,000 | 2024 | May 24 | Personal information of BBC Pension Scheme members, including current and former employees, was compromised. Data types include names, National Insurance numbers, birthdates, and home addresses. | media | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/bbc-suffers-data-breach-impacting-current-former-employees/ | 485 | ||||||||||||||||
11 | First American | 44,000 | 2023 | Dec 23 | The second largest title insurance company in the US did not reveal which personal information was compromissed. | finance | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/first-american-december-data-breach-impacts-44-000-people/ | 484 | ||||||||||||||||
12 | Christie's | 500,000 | 2024 | May 24 | Famous auction house Christie's lost sensitive information on 500,000 clients to the RansomHub extortion gang. This includes full names, physical addresses, and ID details. Ironically, the cybercriminals also auction these stolen files to the highest bidder. | retail | hacked | y | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/christies-confirms-breach-after-ransomhub-threatens-to-leak-data/ | 483 | |||||||||||||||
13 | Sav-Rx | 2,800,000 | 2023 | Oct 23 | Prescription management company Sav-Rx warned over 2.8m people in the US of a data breach. Compromised data includes full names, birthdates, SSNs, emails, addresses, phone numbers, eligibility data, and insurance IDs. | health | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/sav-rx-discloses-data-breach-impacting-28-million-americans/ | 482 | ||||||||||||||||
14 | Cencora | 100,000 | 2024 | Feb 24 | Major drug companies, including Novartis and Bayer, disclosed data breaches after a February 2024 cyberattack at Cencora, their pharmaceutical services partner. Compromised data includes names, addresses, diagnoses, medications, and prescriptions. | health | hacked | 4 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/cencora-data-breach-exposes-us-patient-info-from-11-drug-companies/ | 481 | ||||||||||||||||
15 | WebTPA | 2,400,00 | 2023 | Apr 23 | The breach at this employer service compromised names, contact info, birth/death dates, SSNs, and insurance details. Impacted individuals include customers of The Hartford, Transamerica, and Gerber Life Insurance. | tech | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/webtpa-data-breach-impacts-24-million-insurance-policyholders/ | 480 | ||||||||||||||||
16 | Nissan | Nissan North America | 53;000 | 2023 | Nov 23 | This breach of the car manufacturer exposed personal data (including Social Security numbers) belonging to current and former employees. | transport | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-impacts-over-53-000-employees/ | 479 | |||||||||||||||
17 | Singing River | Singing River Health System | 895,000 | 2023 | Aug 23 | A healthcare provider in the Gulf Coast region was breached by the Rhysida ransomware gang. Compromised data includes names, birthdates, addresses, SSNs, and medical info. | health | hacked | 4 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/singing-river-health-system-data-of-895-000-stolen-in-ransomware-attack/ | 478 | |||||||||||||||
18 | City of Helsinki | Helsinki | 80,000 | 2024 | Apr 24 | A data breach in Helsinki's education division affected tens of thousands of students, guardians, and personnel. Compromised data includes usernames, emails, IDs, addresses, fee details, education info, welfare requests, and medical certificates. | government | hacked | 4 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/helsinki-suffers-data-breach-after-hackers-exploit-unpatched-flaw/ | https://poliisi.fi/en/-/police-investigate-extensive-data-breach-in-helsinki-city-s-computer-network | 477 | ||||||||||||||
19 | Firstmac | 100,000 | 2024 | Apr 24 | Australia's largest non-bank lender had 500GB of data stolen by the Embargo cyber-extortion group. Stolen data includes names, addresses, emails, phone numbers, birthdates, bank account info, and driver's license numbers. | finance | hacked | 3 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/largest-non-bank-lender-in-australia-warns-of-a-data-breach/ | https://www.cyberdaily.au/security/10487-exclusive-aussie-lender-firstmac-falls-victim-to-embargo-ransomware-gang | 476 | |||||||||||||||
20 | The Post Millennial | 26,000,000 | 2024 | May 24 | A conservative Canadian news magazine was breached leaking data on mailing lists, subscriber info, and details of writers and editors: names, emails, usernames, passwords, IPs, phone numbers, addresses, and genders. | media | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/the-post-millennial-hack-leaked-data-impacting-26-million-people/ | https://www.mediaite.com/politics/conservative-news-websites-hacked-replaced-with-page-leaking-private-information/ | 475 | |||||||||||||||
21 | Dell | 49,000,000 | 2024 | Apr 24 | The Dell data breach by a threat actor scraped 49m customer records via a partner portal API accessed as a fake company. Data includes customer names, order info, warranty details, service tags, and locations. | tech | oops! | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/ | 474 | ||||||||||||||||
22 | UK Ministry of Defense | 270,000 | 2024 | May 24 | A threat actor breached the Ministry of Defence, accessing the Armed Forces payment network. Compromised data includes personal and banking details and a few addresses of active, reserve, and some retired personnel. | government | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/uk-confirms-ministry-of-defence-payroll-data-exposed-in-data-breach/ | https://www.theguardian.com/technology/article/2024/may/06/uk-military-personnels-data-hacked-in-mod-payroll-breach | 473 | |||||||||||||||
23 | Dropbox | Dropbox Sign | 100,000 | 2024 | Apr 24 | A Dropbox service which allows online document signatures, was breached. Hackers accessed authentication tokens, MFA keys, hashed passwords, and customer information. | tech | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/dropbox-says-hackers-stole-customer-data-auth-secrets-from-esignature-service/ | 472 | |||||||||||||||
24 | Panda Restaurants | 47,000 | 2024 | Mar 24 | Information exposed includes names or other personal identifiers and their driver's license numbers or ID card numbers for an undisclosed cohort. | retail | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/panda-restaurants-discloses-a-data-breach-after-corporate-systems-hack/ | 471 | ||||||||||||||||
25 | Philadelphia Inquirer | 25,000 | 2023 | May 23 | A breach at this daily newspaper exposed names, personal identifiers, and financial account or credit/debit card numbers with security codes, passwords, or PINs. The Cuba ransomware gang claimed responsibility. | media | hacked | 4 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/philadelphia-inquirer-data-of-over-25-000-people-stolen-in-2023-breach/ | 470 | ||||||||||||||||
26 | French government | 43,000,000 | 2024 | Feb 24 | A breach in a French government department - responsible for registering and assisting unemployed people - exposed 20 years of personal data, including names, birthdates, Social Security numbers, travel IDs, emails, postal addresses, and phone numbers. | government | hacked | 2 | 43m | The Register | https://www.theregister.com/2024/03/14/mega_data_breach_at_french/ | 469 | |||||||||||||||
27 | USG | University System of Georgia | 800,000 | 2023 | May 24 | USG, operating 26 public colleges and universities in Georgia, was compromised in the 2023 Clop MOVEit attacks, which impacted thousands of organizations worldwide. Data included full/partial SSNs, birthdates, bank account numbers, and tax documents with Tax IDs. | government | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/university-system-of-georgia-800k-exposed-in-2023-moveit-attack/ | https://www.usg.edu/news/release/notice_of_data_breach | 468 | ||||||||||||||
28 | Ohio Lottery | 538,000 | 2023 | Dec 24 | The DragonForce ransomware gang claimed responsibility for the Christmas Eve attack on the Ohio Lottery. They accessed names, SSNs, and other personal identifiers of affected individuals. | gaming | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/ohio-lottery-ransomware-attack-impacts-over-538-000-individuals/ | 467 | ||||||||||||||||
29 | OmniVision | 100,000 | 2023 | Sep 24 | The Cactus ransomware gang claimed an attack, leaking passport scans, NDAs, contracts, and confidential documents from OmniVision, a subsidiary of Will Semiconductor, designs imaging sensors for various devices. | tech | hacked | 3 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/omnivision-discloses-data-breach-after-2023-ransomware-attack/ | 466 | ||||||||||||||||
30 | Western Sydney University | 7,500 | 2023 | May 24 | Hackers had accessed the University's Microsoft Office 365 environment, including email accounts and SharePoint files. | academic | hacked | 1 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/western-sydney-university-data-breach-exposed-student-data/ | 465 | ||||||||||||||||
31 | AT&T | 73,000,000 | 2024 | Apr 24 | Sensitive 2019 data from 7.6m current AT&T account holders and approximately 65.4m former account holders. Emails, passcodes, social security numbers. | telecoms | hacked | 4 | 73m | Ars Technica | https://arstechnica.com/tech-policy/2024/04/att-acknowledges-data-leak-that-hit-73-million-current-and-former-users/ | 464 | |||||||||||||||
32 | Irish towing company | 512,000 | 2023 | Oct 23 | The driving licences and payment card etails of thousands of motorists who had vehicles towed on behalf of the Irish police | transport | poor security | 3 | Irish independent | https://www.independent.ie/irish-news/thousands-of-drivers-have-sensitive-data-exposed-to-hackers-in-major-it-breach/a1379036136.html | 463 | ||||||||||||||||
33 | Maine Government | 1,300,000 | 2023 | May 23 | Russian ransomware group Clop stole names, dates of birth, Social Security numbers, driver’s license and other state or taxpayer identification numbers. Some individuals had medical and health insurance information taken. | government | hacked | 4 | Tech Crunch | https://techcrunch.com/2023/11/09/maine-government-data-breach-clop-ransomware/ | 462 | ||||||||||||||||
34 | Welltok | 8,500,000 | 2023 | Nov 23 | Patient data was exposed during the breach, including full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information. | health | hacked | 4 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/welltok-data-breach-exposes-data-of-85-million-us-patients/ | 461 | ||||||||||||||||
35 | Maximus | 10,000,000 | 2023 | Jul 23 | Exploit of a zero-day flaw in the MOVEit file transfer application. Data stolen included social security numbers, protected health information. | government | hacked | 4 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/8-million-people-hit-by-data-breach-at-us-govt-contractor-maximus/ | 460 | ||||||||||||||||
36 | Okta | 134 | 2023 | Nov 23 | Names and email addresses of customers of the identity security company. 134 of the company's 18,400 clients were impacted, but that only five instances of successful session hijacking were logged | tech | hacked | 1 | Okta | https://sec.okta.com/harfiles | 459 | ||||||||||||||||
37 | Delta Dental | 7,000,000 | 2023 | May 23 | The dental insurance company suffered unauthorized access by threat actors through the MOVEit file transfer software application exposing full credit card details of customers | health | hacked | 3 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/delta-dental-of-california-data-breach-exposed-info-of-7-million-people/ | 458 | ||||||||||||||||
38 | Xfinity | 36,000,000 | 2023 | Oct 23 | Hackers using the CitrixBleed vulnerability accessed acocunt details like name, last four digits of social security numbers and hashed passwords | telecoms | hacked | 2 | Tech Crunch | https://techcrunch.com/2023/12/19/comcast-xfinity-hackers-36-million-customers/ | 457 | ||||||||||||||||
39 | Atlassian | 13,200 | 2023 | Feb 23 | SiegedSec hacked Atlassian, the owner of Trello and other apps, via a third party office app, leaking employee details and office floor plans after an employee publicly shared credentials. | tech | oops! | y | 1 | Cyberscoop | https://cyberscoop.com/atlassian-hack-employee-data-seigedsec/ | 456 | |||||||||||||||
40 | 100,000 | 2023 | Feb 23 | A phishing attack granted access to Reddit's internal documents and systems, but without breaching main production systems, user passwords, or accounts. | web | hacked | y | 1 | Forbes | https://www.forbes.com/sites/daveywinder/2023/02/10/reddit-confirms-it-was-hacked-recommends-users-set-up-2fa/ | 455 | ||||||||||||||||
41 | Go Daddy | 1,228,000 | 2022 | Dec 23 | GoDaddy faced a multi-year breach (2020-2022) by a single intruder, resulting in stolen source code, user credentials, malware installation, and user redirects to malicious sites. WordPress customers’ email addresses, usernames, passwords, and even their SSL private keys were stolen. | web | hacked | y | 3 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/ | 454 | |||||||||||||||
42 | MGM | 10,600,000 | 2023 | Sept 23 | AlphV and Scattered Spider's cyberattack on MGM caused slot machine errors and hotel queues in Las Vegas, stealing pre-March 2019 customer data and inflicting a $100m loss on the company's Q3 results. MGM declined to say if any ransom was paid. | retail | hacked | y | 3 | Reuters | https://www.reuters.com/business/mgm-expects-cybersecurity-issue-negatively-impact-third-quarter-earnings-2023-10-05/ | 453 | |||||||||||||||
43 | Uber | 20,000,000 | 2022 | Dec 22 | Data on 77,000 Uber employees and internal reports were leaked on forums. While Uber denied ownership of the implicated source code, the breach stemmed from their third-party vendor, Teqtivity, which had a security incident earlier that year. | transport | hacked | y | 1 | Restore Privacy | https://restoreprivacy.com/uber-data-leak-breach-third-party-vendor-hacked/ | 452 | |||||||||||||||
44 | X (Twitter) | 200,000,000 | 2023 | Jan 23 | From Nov 2022 to Jan 2023, over 200 million Twitter users' data, including emails and names, was exposed due to repeated security flaw exploitations and posted on hacker forums. But no highly sensitive data was revealed. | web | poor security | 1 | 200m | Firewall Times | https://firewalltimes.com/twitter-data-breach-timeline/ | 451 | |||||||||||||||
45 | CommuteAir | 1,500,000 | 2023 | Jan 23 | Swiss hacker Maia Arson Crimew, stumbled upon a misconfigured AWS server containing TSA's No Fly list and exposed ~250,000 'selectees' (selectees are automatically chosen for additional screening each time they fly) to a hacker forum. | transport | hacked | y | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/us-no-fly-list-shared-on-a-hacking-forum-government-investigating/ | 450 | |||||||||||||||
46 | Yum! | 10,000,000 | 2023 | Jan 23 | The brand owner of KFC, Pizza Hut, and Taco Bell fast food chains saw an undisclosed amount of personal user information stolen during a ransomware attack: names, driver's license numbers, and other ID card numbers. ~300 restaurants were shut down in the UK due to IT system disruptions caused by the attack. | retail | hacked | y | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/kfc-pizza-hut-owner-discloses-data-breach-after-ransomware-attack/ | 449 | |||||||||||||||
47 | PharMerica | 5,800,000 | 2023 | May 23 | Full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people. | health | hacked | 4 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-of-58-million-pharmerica-patients/ | 448 | ||||||||||||||||
48 | NATO | 8,000 | 2023 | Jul 23 | Hacktivist group, SiegedSec, claimed to have broken into six NATO web portals and stolen >3,000 files and 9GB of data. Threat intel biz CloudSEK analysis revealed 20 unclassified documents and 8,000 personnel records with names, job titles, email addresses, home addresses, and photos. | government | hacked | y | 4 | The Register | https://www.theregister.com/2023/10/04/nato_data_attack/#:~:text=On%20Sunday%2C%20the%20SiegedSec%20crew,)%3B%20the%20Communities%20of%20Interest | 447 | |||||||||||||||
49 | Topgolf Callaway | 1,114,954 | 2023 | Aug 23 | Only full names, shipping and email addresses, phone numbers, order histories, account passwords and answers to security questions were exposed. | retail | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/golf-gear-giant-callaway-data-breach-exposes-info-of-11-million/ | 446 | ||||||||||||||||
50 | Sony | 6,800 | 2023 | Oct 23 | Personal information belonging to current and former employees and their family members was stolen by Clop in a ransomware attack. Details unrevealed by Sony. | tech | hacked | 2 | The Verge | https://www.theverge.com/2023/10/5/23905370/sony-interactive-entertainment-security-breach-confirmation | https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/ | 445 | |||||||||||||||
51 | 23andMe | 6,900,000 | 2023 | Oct 23 | Hackers accessed the genetic site's user data via login guesses and information from DNA relatives (users opt into sharing info through DNA relatives for others to see). Stolen data included personal and some genetic ancestry and health details. After two breaches, one unverified, 23andMe now faces legal action. | health | hacked | y | 4 | 6.9m | Tech Crunch | https://arstechnica.com/tech-policy/2023/12/hackers-stole-ancestry-data-of-6-9-million-users-23andme-finally-confirmed/ | https://www.bleepingcomputer.com/news/security/23andme-hit-with-lawsuits-after-hacker-leaks-stolen-genetics-data/ | 444 | |||||||||||||
52 | Optus | 9,700,000 | 2022 | Sept 2022 | The telecom company faced a 'sophisticated attack' exposing ~10 million accounts including personal details (passport, driver’s licence & Medicare numbers). Hacker demanded $1m ransom but later apologized and claimed data deletion, unverified. | telecoms | hacked | 4 | The Guardian | https://www.theguardian.com/business/2022/sep/29/optus-data-breach-everything-we-know-so-far-about-what-happened | https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack | 443 | |||||||||||||||
53 | PayPal | 34942 | 2023 | Dec 22 | PayPal's breach involved unauthorized account access using credential stuffing (exploiting users reusing the same password for multiple accounts). It wasn't from a direct security lapse and hackers couldn't transact. PayPal reset passwords. | finance | hacked | 2 | Office of the Maine Attorney General | https://apps.web.maine.gov/online/aeviewer/ME/40/766753f1-f9c7-4dc5-9a5c-fe0f3ff51c06.shtml | https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/ | 442 | |||||||||||||||
54 | Acer | 10,000,000 | 2023 | Mar 23 | Acer suffered a data breach when a server was hacked, with threat actors selling 160GB of stolen data. The company said the incident hadn't impacted customer info. | tech | hacked | 1 | Slashdot | https://it.slashdot.org/story/23/03/07/1459230/acer-confirms-breach-after-hacker-offers-to-sell-stolen-data?utm_source=feedly1.0mainlinkanon&utm_medium=feed | https://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/ | 441 | |||||||||||||||
55 | MSI | 10,000,000 | 2023 | Apr 23 | Money Message ransomware group claims to have stolen MSI's source code, demanding $4 million to prevent leaks. MSI downplays impact and hasn't confirmed paying ransom, assuring no user data was affected but advises software downloads only from official sources. | tech | hacked | 1 | Slashdot | https://it.slashdot.org/story/23/04/07/152242/msi-confirms-breach-as-ransomware-gang-claims-responsibility?utm_source=feedly1.0mainlinkanon&utm_medium=feed | https://uk.pcmag.com/security/146322/msi-confirms-breach-as-ransomware-gang-claims-responsibility | 440 | |||||||||||||||
56 | T-Mobile | 37,000,000 | 2023 | Jan 23 | T-Mobile's system was exploited by 'bad actors' from November 2022 to January 2023, exposing customer data. It's their ninth hack since 2018, with a 2021 breach affecting 49 million customers. | telecoms | hacked | 2 | Ars Technica | https://arstechnica.com/information-technology/2023/05/t-mobile-discloses-2nd-data-breach-of-2023-this-one-leaking-account-pins-and-more/ | 439 | ||||||||||||||||
57 | T-Mobile | 836 | 2023 | Mar 23 | T-Mobile faced its second 2023 data breach, exposing PINs and data from Feb to Mar. Though way smaller than the first 2023 breach (only affecting 836 customers), it adds to the $350mil 2021 settlement and erodes customer trust. | telecoms | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/t-mobile-discloses-second-data-breach-since-the-start-of-2023/ | 438 | ||||||||||||||||
58 | ChatGPT | 101,000 | 2023 | Mar 23 | Over 101,000 ChatGPT accounts were stolen by malware last year. Breakdown: Asia-Pacific 40,999, Middle-East/Africa 24,925, Europe 16,951, Latin America 12,314, North America 4,737. Malware extracts browser credentials from SQLite databases, using CryptProtectData function to decrypt stored data. | tech | hacked | y | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/over-100-000-chatgpt-accounts-stolen-via-info-stealing-malware/ | 437 | |||||||||||||||
59 | TIAA | The Teachers Insurance and Annuity Association of America | 2,300,000 | 2023 | May 23 | This US retirement fund for teachers faced a data breach exposing client details. A former teacher-client is suing for inadequate cybersecurity and leaving data unencrypted on a vulnerable platform. | finance | hacked, poor security | 2 | ClassAction | https://www.classaction.org/news/teachers-insurance-and-annuity-association-of-america-hit-with-class-action-over-may-2023-data-breach#:~:text=Teachers%20Insurance%20and%20Annuity%20Association%20of%20America%20faces%20a%20class,of%20approximately%202.3%20million%20individuals. | https://news.slashdot.org/story/23/06/30/2038234/schools-say-us-teachers-retirement-fund-was-breached-by-moveit-hackers?utm_source=feedly1.0mainlinkanon&utm_medium=feed | 436 | ||||||||||||||
60 | Microsoft | 30,000,000 | 2023 | Jun 23 | Anonymous Sudan hacked Microsoft, accessed customer data, and caused outages. They offered the database for $50,000. But Microsoft claims no evidence of compromised customer data. | web | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/microsoft-denies-data-breach-theft-of-30-million-customer-accounts/ | 435 | ||||||||||||||||
61 | Microsoft | 10,000,000 | 2023 | May 23 | China-backed hackers stole a cryptographic key from Microsoft, undetected for a month, accessing 25 organizations, including government. Microsoft's postmortem cites past system vulnerabilities. | web | hacked | 3 | unknown | NYT | https://www.nytimes.com/2023/07/11/us/politics/china-hack-us-government-microsoft.html?smid=nytcore-ios-share | https://www.wired.com/story/china-backed-hackers-steal-microsofts-signing-key-post-mortem/ | 434 | ||||||||||||||
62 | Roblox | 4,000 | 2020 | Dec 20 | Data identifying Roblox creators was breached at a developers' conference, undisclosed for 2 years due to a third-party security issue. | gaming | poor security | 2 | The Verge | https://www.theverge.com/2023/7/21/23802742/roblox-data-breach-leak-developer-personal-information-exposed | 433 | ||||||||||||||||
63 | Discord.io | 760,000 | 2023 | Aug 23 | Unidentified person listed user data for sale on darknet. Discord.io enables custom Discord invites. | gaming | hacked | 1 | Stackdiary | https://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet// | 432 | ||||||||||||||||
64 | Clorox | 10,000,000 | 2023 | Aug 23 | Clorox detected unauthorized IT activity in August 2023. By September, the contained hack led to slower production and a 2% stock drop. Specific affected files undisclosed | retail | hacked | 1 | unknown | Slashdot | https://it.slashdot.org/story/23/10/04/1917217/clorox-security-breach-linked-to-group-behind-casino-hacks?utm_source=feedly1.0mainlinkanon&utm_medium=feed | 431 | |||||||||||||||
65 | Latitude Financial | 14,000,000 | 2023 | Apr 23 | 14 million customer records, including driver's licence numbers, passport numbers and financial statements, stolen in a cyber-attack that was worse than the company initially reported. | finance | hacked | 2 | Privacy Commissioner | https://www.privacy.org.nz/publications/statements-media-releases/new-zealands-biggest-data-breach-shows-retention-is-the-sleeping-giant-of-data-security/ | 430 | ||||||||||||||||
66 | Toyota | 296,019 | 2022 | Oct 22 | An access key to a data server storing customer email addresses and management numbers was mistakenly published publically on GitHub for five years. | transport | poor security | 2 | Slashdot | https://yro.slashdot.org/story/22/10/10/2032250/toyota-discloses-data-leak-after-access-key-exposed-on-github?utm_source=feedly1.0mainlinkanon&utm_medium=feed | 429 | ||||||||||||||||
67 | Shein | 39,000,000 | 2022 | Oct 22 | Online fast fashion retailer suffered a breach of its login credentials in 2018 but failed to notify its customers | retail | hacked | 2 | Tech Crunch | https://techcrunch.com/2022/10/13/shein-zoetop-fined-1-9m-data-breach/?guccounter=1 | 428 | ||||||||||||||||
68 | Indonesia's health agency | BPJS Kesehatan | 279,000,000 | 2022 | May 21 | The ID numbers, salary and phone numbers of every single man, woman and child in the country was stolen. | government | hacked | y | 3 | Kr Asia | https://kr-asia.com/shoddy-data-protection-in-indonesia-threatens-personal-security-of-citizens | 427 | ||||||||||||||
69 | CoinSquare | 50,000 | 2022 | Nov 22 | Major Canadian Crypto Exchange. company claims customer assets are “secure in cold storage and are not at risk.” | tech | hacked | 1 | Coin Desk | https://www.coindesk.com/tech/2022/11/26/major-canadian-crypto-exchange-coinsquare-says-client-data-breached/ | 426 | ||||||||||||||||
70 | Indian Railways | 30,000,000 | 2022 | Dec 22 | Stolen data includes usernames, emails, phone numbers, gender, city, state, invoices | transport | hacked | 2 | Techlo Media | https://techlomedia.in/2022/12/data-of-30-million-indian-railways-users-is-up-for-sale-on-a-dark-forum-96589/ | 425 | ||||||||||||||||
71 | Indonesian SIM cards | 1,000,000,000 | 2022 | Oct 22 | A vast data hack of 1.3 bn SIM registrations evealing national identity numbers, phone numbers, and more. | telecoms | hacked | 3 | 1.3bn | Rest of World | https://restofworld.org/2022/indonesia-hacked-sim-bjorka/ | 424 | |||||||||||||||
72 | LastPass | 33,000,000 | 2022 | Aug 22 | Popular password manager breached; basic account info exposed. Sensitive vault data like usernames and passwords remained safely encrypted. | web | hacked | 2 | Tech Crunch | https://techcrunch.com/2022/12/14/parsing-lastpass-august-data-breach-notice/ | https://www.forbes.com/sites/daveywinder/2023/03/03/why-you-should-stop-using-lastpass-after-new-hack-method-update/ | 423 | |||||||||||||||
73 | 200,000,000 | 2022 | Dec 22 | Over 200 million Twitter emails were stolen and posted online, possibly before Musk's 2022 takeover. | web | hacked | 1 | Wired | https://www.wired.com/story/twitter-leak-200-million-user-email-addresses/ | 422 | |||||||||||||||||
74 | City of Amagasaki, Japan | 500,000 | 2022 | Jun 2022 | An unnamed government official lost his bag after a night's drinking. It contained a USB stick with sensitive data of the entire city's residents. USB stick was encrypted and passworded. | government | oops! | 3 | BBC | https://www.bbc.co.uk/news/world-asia-61921222 | 421 | ||||||||||||||||
75 | Shanghai Police | 500,000,000 | 2022 | Jul 2022 | A database containing records of over a billion Chinese civilians – allegedly stolen from the Shanghai Police. Addresses, police records and national ID numbers. Potentially one of the largest data breaches in history. Details repressed and censored by Chinese media. | finance | hacked | 5 | "one billion" | The Register | https://www.theregister.com/2022/07/05/shanghai_police_database_for_sell/ | 420 | |||||||||||||||
76 | 5,400,000 | 2021 | Dec 2021 | Zero day vulnerability allowed a threat actor to create profiles of 5.4 million Twitter users inc. a verified phone number or email address, and scraped public information, such as follower counts, screen name, login name, etc | web | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/twitter-confirms-zero-day-used-to-expose-data-of-54-million-accounts/ | 419 | |||||||||||||||||
77 | Plex | 15,000,000 | 2022 | Aug 2022 | Intruders access password data, usernames, and emails for at least half of its 30 million users. | web | hacked | 1 | Ars technica | https://arstechnica.com/information-technology/2022/08/plex-imposes-password-reset-after-hackers-steal-data-for-15-million-users/ | 418 | ||||||||||||||||
78 | Dubai Real Estate Leak | 800,000 | 2022 | May 2022 | Data leak exposes how criminals, officials, and sanctioned politicians poured money into Dubai real estate including more than 100 members of Russia's political elite, public officials, or businesspeople close to the Kremlin, as well as dozens of Europeans implicated in money laundering and corruption | finance | inside job | y | 1 | E24 | https://e24.no/internasjonal-oekonomi/i/Bj97B0/dubai-uncovered-data-leak-exposes-how-criminals-officials-and-sanctioned-politicians-poured-money-into-dubai-real-estate | 417 | |||||||||||||||
79 | Heroku | 50,000 | 2022 | Apr 2022 | A compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." on the Salesforce-owned cloud platform. | tech | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/heroku-admits-that-customer-credentials-were-stolen-in-cyberattack/ | 416 | ||||||||||||||||
80 | Mailchimp | 106,586 | 2022 | Apr 2022 | Hackers gained access to internal customer support and account management tools of the email marketing company to steal audience data and conduct phishing attacks. | tech | hacked | 1 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/ | 415 | ||||||||||||||||
81 | PayHere | 1,580,249 | 2022 | Mar 2022 | Sri Lankan payment gateway PayHere suffered a data breach exposing more than 65GB of payment records including over 1.5M unique email addresses. (IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). | finance | hacked | 3 | Pay Here | https://blog.payhere.lk/ensuring-integrity-on-payhere-cybersecurity-incident/ | 414 | ||||||||||||||||
82 | CDEK | 18,218,203 | 2022 | Mar 2022 | UNVERIFIED. Russian courier service CDEK was hacked by Ukrainian hacker group "IT Army" - including 19M unique email addresses along with names and phone numbers. | retail | hacked | 3 | 19m | Have I Been Pwned | https://twitter.com/haveibeenpwned/status/1504343470072549377?lang=en | 413 | |||||||||||||||
83 | Washington State Dpt of Licensing | 257,000 | 2022 | Feb 2022 | The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system. | government | hacked | 3 | Seattle Times | https://www.seattletimes.com/business/breach-at-state-licensing-agency-may-have-exposed-data-from-1000s-of-professionals/ | 412 | ||||||||||||||||
84 | Red Cross | 500,000 | 2022 | Jan 2022 | A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran. | NGO | hacked | 4 | Arsetechnia | https://arstechnica.com/information-technology/2022/01/red-cross-hack-compromises-the-personal-data-of-515k-highly-vulnerable-people/ | 411 | ||||||||||||||||
85 | Open Subtitles | 100,000 | 2022 | Jan 2022 | web | hacked | 1 | Open Subtitles | https://forum.opensubtitles.org/viewtopic.php?t=17685 | 410 | |||||||||||||||||
86 | FlexBooker | 3,700,000 | 2022 | Jan 2022 | appointment scheduling service | web | hacked | 3 | 3.7m | Bleeping Computer | https://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/ | 409 | |||||||||||||||
87 | LINE Pay | 133,000 | 2021 | Dec 2021 | finance | poor security | 2 | The Register | https://www.theregister.com/2021/12/07/line_pay_leaks_around_133000/ | 408 | |||||||||||||||||
88 | Robinhood | 5,000,937 | 2021 | Nov 2021 | a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers. | finance | hacked | 2 | 5m | Tech Crunch | https://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1 | 407 | |||||||||||||||
89 | GoDaddy | 1,200,000 | 2021 | Nov 2021 | Security Incident Affecting Managed WordPress Servic | web | hacked | 1 | SEC | https://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1 | 406 | ||||||||||||||||
90 | Travelio | 471,376 | 2021 | Nov 2021 | The Indonesian real estate website Travelio suffered a data breach of over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. | misc | hacked | 2 | 470K | HaveIBeenPwned | https://www.riskbasedsecurity.com/2021/12/14/dark-web-roundup-november-2021/ | 405 | |||||||||||||||
91 | Acer | 3,000,000 | 2021 | Oct 2021 | tech | hacked | 1 | Hot Hardware | https://hothardware.com/news/acer-confirms-hacked-again-60gb-stolen-customer-data | 404 | |||||||||||||||||
92 | Brewdog | 200,000 | 2021 | Oct 2021 | BrewDog, one of the world's largest craft beer brewers, has exposed personally identifiable information (PII) belonging to more than 200,000 of its shareholders and customers, | retail | poor security | 1 | Tech Radar | https://www.techradar.com/news/brewdog-exposes-data-of-200000-customers-and-shareholders | 403 | ||||||||||||||||
93 | Experian SA | South Africa | 24,000,000 | 2020 | Jul 2020 | Handed over personal information of their South African customers to a fraudulent client. | web | oops! | 3 | Uni of Hawaii | https://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/experian-security-breach-in-south-africa/#:~:text=Experian%20disclosed%20the%20data%20breach,local%20businesses%20(Cimpanu%202020). | 402 | |||||||||||||||
94 | Nvidia | 100,000 | 2021 | Mar 2021 | tech | hacked | 2 | CNN Business | https://edition.cnn.com/2022/03/01/tech/nvidia-information-leak/ | https://it.slashdot.org/story/22/03/01/1523248/nvidia-says-employee-company-information-leaked-online-after-cyber-attack?utm_source=feedly1.0mainlinkanon&utm_medium=feed | 401 | ||||||||||||||||
95 | Okta | 100,000 | 2021 | Jan 2021 | Identity and access management provider Okta | tech | hacked | 1 | The Verge | https://www.theverge.com/2022/4/20/23034360/okta-lapsus-hack-investigation-breach-25-minutes | https://twitter.com/BillDemirkapi/status/1508527487655067660/ | 399 | |||||||||||||||
96 | Royal Enfield | 420,873 | 2020 | Jan 2020 | Motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. (Email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information) | transport | poor security | 3 | The Quint | https://www.thequint.com/news/india/royal-enfield-exposed-database-containing-450000-customer-data-cyber-security-expert | 398 | ||||||||||||||||
97 | Avvo | 4,101,101 | 2019 | Dec 2019 | A data breach of the lawyer directory service released 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. | legal | hacked | 1 | 4.1m | HaveIBeenPwned | https://www.troyhunt.com/breach-disclosure-blow-by-blow-heres-why-its-so-hard/ | 397 | |||||||||||||||
98 | Aimware | 305,470 | 2019 | May 2019 | Video game cheats website "Aimware" suffered a data breach of subscribers' personal information (email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes) | gaming | hacked | 3 | HaveIBeenPwned | 396 | |||||||||||||||||
99 | Twitch | 10,000,000 | 2021 | Oct 2021 | Full source code breach of the streaming gaming site revealed a trove of internal data & documents including core config packages, devtools, and payments to top streamers. | gaming | hacked | y | 4 | unknown | BBC | https://www.bbc.co.uk/news/technology-58817658 | 395 | ||||||||||||||
100 | Syniverse | 500,000,000 | 2021 | Sep 2021 | "A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide." | telecoms | hacked | 4 | unknown | Vice | https://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked | 394 |