ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
organisationalternative namerecords lostyear datestorysectormethodinteresting storydata sensitivitydisplayed recordssource name1st source link2nd source linkID
2
visualisation here: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
pink = new
(use 3m, 4m, 5m or 10m to approximate unknown figures) year story brokeweb
healthcare
app
retail
gaming
transport
financial
tech
government
telecoms
legal
media
academic
energy
military
poor security
hacked
oops!
lost device
inside job
1. Just email address/Online information
2 SSN/Personal details
3 Credit card information
4 Health & other personal records
5 Full details
3
Kaiser Permanente13,400,0002024 Apr 24A leading U.S. healthcare organization transmitted personal information to third-party vendors, including Google, Microsoft Bing, and X (formerly Twitter), including search terms entered in Kaiser's health encyclopedia.healthoops!3Bleeping Computerhttps://restoreprivacy.com/data-breach-at-kaiser-permanente-affects-13-4-million-people/492
4
Ticketmaster560,000,0002024 Jun 24Hacker group ShinyHunters say it stole names, addresses, phone numbers and partial credit cards details from hundreds of millions of Ticketmaster customers around the world.mediahackedy3560mBBChttps://www.bbc.co.uk/news/articles/cw99ql0239wo491
5
Stanford University27,0002023 May 23The Akira ransomware group claims to have stolen 430 GB of data, including names and social security numbers. The breach went unnoticed for four months, suggesting a possible prolonged attacker presenceacademichacked 2Slashdothttps://yro.slashdot.org/story/24/03/13/2053224/stanford-university-failed-to-detect-ransomware-intruders-for-4-months?utm_source=feedly1.0mainlinkanon&utm_medium=feed490
6
Cooler Master500,0002024 May 24Threat actor 'Ghostr' hacked the company's Fanzone website, stealing 103 GB of data. Compromised info includes names, emails, phone numbers, birth dates, addresses, product details, employee info, and vendor correspondence.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/cooler-master-confirms-customer-info-stolen-in-data-breach/489
7
Financial Business and Consumer SolutionsFBCS3,200,0002024 Feb 24A U.S. debt collection agency reported a breach Initially affecting 1.9m people but the number has since increased significantly. Stolen data includes names, SSNs, birthdates, account info, and driver's license numbers.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/collection-agency-fbcs-ups-data-breach-tally-to-32-million-people/488
8
Santander30,000,0002024 May 24Threat actor 'ShinyHunters' claim to be selling Santander bank data on 30m customers from Chile, Spain and Uruguay. financialhacked3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/banco-santander-warns-of-a-data-breach-exposing-customer-info/487
9
Everbridge5,600,0002024 May 24The American crisis management software company, serving the U.S. Army, Atlanta Airport, and Norway and Australia, suffered a major data breach. Both business and user data compromised.techhacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/everbridge-warns-of-corporate-systems-breach-exposing-business-data/486
10
BBC25,0002024 May 24Personal information of BBC Pension Scheme members, including current and former employees, was compromised. Data types include names, National Insurance numbers, birthdates, and home addresses.mediahacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/bbc-suffers-data-breach-impacting-current-former-employees/485
11
First American44,0002023 Dec 23The second largest title insurance company in the US did not reveal which personal information was compromissed. financehacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/first-american-december-data-breach-impacts-44-000-people/484
12
Christie's500,0002024 May 24Famous auction house Christie's lost sensitive information on 500,000 clients to the RansomHub extortion gang. This includes full names, physical addresses, and ID details. Ironically, the cybercriminals also auction these stolen files to the highest bidder.retailhackedy2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/christies-confirms-breach-after-ransomhub-threatens-to-leak-data/483
13
Sav-Rx2,800,0002023 Oct 23Prescription management company Sav-Rx warned over 2.8m people in the US of a data breach. Compromised data includes full names, birthdates, SSNs, emails, addresses, phone numbers, eligibility data, and insurance IDs.healthhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/sav-rx-discloses-data-breach-impacting-28-million-americans/482
14
Cencora100,0002024 Feb 24Major drug companies, including Novartis and Bayer, disclosed data breaches after a February 2024 cyberattack at Cencora, their pharmaceutical services partner. Compromised data includes names, addresses, diagnoses, medications, and prescriptions.healthhacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/cencora-data-breach-exposes-us-patient-info-from-11-drug-companies/481
15
WebTPA2,400,002023 Apr 23The breach at this employer service compromised names, contact info, birth/death dates, SSNs, and insurance details. Impacted individuals include customers of The Hartford, Transamerica, and Gerber Life Insurance.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/webtpa-data-breach-impacts-24-million-insurance-policyholders/480
16
NissanNissan North America53;0002023 Nov 23This breach of the car manufacturer exposed personal data (including Social Security numbers) belonging to current and former employees. transporthacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-impacts-over-53-000-employees/479
17
Singing RiverSinging River Health System895,0002023 Aug 23A healthcare provider in the Gulf Coast region was breached by the Rhysida ransomware gang. Compromised data includes names, birthdates, addresses, SSNs, and medical info.healthhacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/singing-river-health-system-data-of-895-000-stolen-in-ransomware-attack/478
18
City of HelsinkiHelsinki80,0002024 Apr 24A data breach in Helsinki's education division affected tens of thousands of students, guardians, and personnel. Compromised data includes usernames, emails, IDs, addresses, fee details, education info, welfare requests, and medical certificates.governmenthacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/helsinki-suffers-data-breach-after-hackers-exploit-unpatched-flaw/https://poliisi.fi/en/-/police-investigate-extensive-data-breach-in-helsinki-city-s-computer-network477
19
Firstmac100,0002024 Apr 24Australia's largest non-bank lender had 500GB of data stolen by the Embargo cyber-extortion group. Stolen data includes names, addresses, emails, phone numbers, birthdates, bank account info, and driver's license numbers.financehacked3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/largest-non-bank-lender-in-australia-warns-of-a-data-breach/https://www.cyberdaily.au/security/10487-exclusive-aussie-lender-firstmac-falls-victim-to-embargo-ransomware-gang476
20
The Post Millennial26,000,0002024 May 24A conservative Canadian news magazine was breached leaking data on mailing lists, subscriber info, and details of writers and editors: names, emails, usernames, passwords, IPs, phone numbers, addresses, and genders.
mediahacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/the-post-millennial-hack-leaked-data-impacting-26-million-people/https://www.mediaite.com/politics/conservative-news-websites-hacked-replaced-with-page-leaking-private-information/475
21
Dell49,000,0002024 Apr 24The Dell data breach by a threat actor scraped 49m customer records via a partner portal API accessed as a fake company. Data includes customer names, order info, warranty details, service tags, and locations.techoops!2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/474
22
UK Ministry of Defense270,0002024 May 24A threat actor breached the Ministry of Defence, accessing the Armed Forces payment network. Compromised data includes personal and banking details and a few addresses of active, reserve, and some retired personnel.governmenthacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/uk-confirms-ministry-of-defence-payroll-data-exposed-in-data-breach/https://www.theguardian.com/technology/article/2024/may/06/uk-military-personnels-data-hacked-in-mod-payroll-breach473
23
DropboxDropbox Sign100,0002024 Apr 24A Dropbox service which allows online document signatures, was breached. Hackers accessed authentication tokens, MFA keys, hashed passwords, and customer information.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/dropbox-says-hackers-stole-customer-data-auth-secrets-from-esignature-service/472
24
Panda Restaurants47,0002024 Mar 24Information exposed includes names or other personal identifiers and their driver's license numbers or ID card numbers for an undisclosed cohort.retailhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/panda-restaurants-discloses-a-data-breach-after-corporate-systems-hack/471
25
Philadelphia Inquirer25,0002023 May 23A breach at this daily newspaper exposed names, personal identifiers, and financial account or credit/debit card numbers with security codes, passwords, or PINs. The Cuba ransomware gang claimed responsibility.mediahacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/philadelphia-inquirer-data-of-over-25-000-people-stolen-in-2023-breach/470
26
French government43,000,0002024 Feb 24A breach in a French government department - responsible for registering and assisting unemployed people - exposed 20 years of personal data, including names, birthdates, Social Security numbers, travel IDs, emails, postal addresses, and phone numbers.governmenthacked243mThe Registerhttps://www.theregister.com/2024/03/14/mega_data_breach_at_french/469
27
USGUniversity System of Georgia 800,0002023 May 24USG, operating 26 public colleges and universities in Georgia, was compromised in the 2023 Clop MOVEit attacks, which impacted thousands of organizations worldwide. Data included full/partial SSNs, birthdates, bank account numbers, and tax documents with Tax IDs.governmenthacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/university-system-of-georgia-800k-exposed-in-2023-moveit-attack/https://www.usg.edu/news/release/notice_of_data_breach468
28
Ohio Lottery538,0002023 Dec 24The DragonForce ransomware gang claimed responsibility for the Christmas Eve attack on the Ohio Lottery. They accessed names, SSNs, and other personal identifiers of affected individuals.gaminghacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/ohio-lottery-ransomware-attack-impacts-over-538-000-individuals/467
29
OmniVision100,0002023 Sep 24The Cactus ransomware gang claimed an attack, leaking passport scans, NDAs, contracts, and confidential documents from OmniVision, a subsidiary of Will Semiconductor, designs imaging sensors for various devices. techhacked3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/omnivision-discloses-data-breach-after-2023-ransomware-attack/466
30
Western Sydney University7,5002023 May 24Hackers had accessed the University's Microsoft Office 365 environment, including email accounts and SharePoint files.academichacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/western-sydney-university-data-breach-exposed-student-data/465
31
AT&T73,000,0002024 Apr 24Sensitive 2019 data from 7.6m current AT&T account holders and approximately 65.4m former account holders. Emails, passcodes, social security numbers.telecomshacked473mArs Technicahttps://arstechnica.com/tech-policy/2024/04/att-acknowledges-data-leak-that-hit-73-million-current-and-former-users/464
32
Irish towing company512,0002023 Oct 23The driving licences and payment card etails of thousands of motorists who had vehicles towed on behalf of the Irish policetransportpoor security3Irish independenthttps://www.independent.ie/irish-news/thousands-of-drivers-have-sensitive-data-exposed-to-hackers-in-major-it-breach/a1379036136.html463
33
Maine Government1,300,0002023 May 23Russian ransomware group Clop stole names, dates of birth, Social Security numbers, driver’s license and other state or taxpayer identification numbers. Some individuals had medical and health insurance information taken.governmenthacked4Tech Crunchhttps://techcrunch.com/2023/11/09/maine-government-data-breach-clop-ransomware/462
34
Welltok8,500,0002023 Nov 23Patient data was exposed during the breach, including full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information.health hacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/welltok-data-breach-exposes-data-of-85-million-us-patients/461
35
Maximus10,000,0002023 Jul 23Exploit of a zero-day flaw in the MOVEit file transfer application. Data stolen included social security numbers, protected health information.governmenthacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/8-million-people-hit-by-data-breach-at-us-govt-contractor-maximus/460
36
Okta1342023 Nov 23Names and email addresses of customers of the identity security company. 134 of the company's 18,400 clients were impacted, but that only five instances of successful session hijacking were loggedtechhacked1Oktahttps://sec.okta.com/harfiles459
37
Delta Dental7,000,0002023 May 23The dental insurance company suffered unauthorized access by threat actors through the MOVEit file transfer software application exposing full credit card details of customershealth hacked3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/delta-dental-of-california-data-breach-exposed-info-of-7-million-people/458
38
Xfinity36,000,0002023 Oct 23Hackers using the CitrixBleed vulnerability accessed acocunt details like name, last four digits of social security numbers and hashed passwordstelecomshacked2Tech Crunchhttps://techcrunch.com/2023/12/19/comcast-xfinity-hackers-36-million-customers/457
39
Atlassian13,2002023 Feb 23SiegedSec hacked Atlassian, the owner of Trello and other apps, via a third party office app, leaking employee details and office floor plans after an employee publicly shared credentials.techoops!y1Cyberscoophttps://cyberscoop.com/atlassian-hack-employee-data-seigedsec/456
40
Reddit100,0002023 Feb 23A phishing attack granted access to Reddit's internal documents and systems, but without breaching main production systems, user passwords, or accounts.webhackedy1Forbeshttps://www.forbes.com/sites/daveywinder/2023/02/10/reddit-confirms-it-was-hacked-recommends-users-set-up-2fa/455
41
Go Daddy1,228,0002022 Dec 23GoDaddy faced a multi-year breach (2020-2022) by a single intruder, resulting in stolen source code, user credentials, malware installation, and user redirects to malicious sites. WordPress customers’ email addresses, usernames, passwords, and even their SSL private keys were stolen.webhackedy3Bleeping Computerhttps://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/454
42
MGM10,600,0002023Sept 23AlphV and Scattered Spider's cyberattack on MGM caused slot machine errors and hotel queues in Las Vegas, stealing pre-March 2019 customer data and inflicting a $100m loss on the company's Q3 results. MGM declined to say if any ransom was paid. retailhackedy3Reutershttps://www.reuters.com/business/mgm-expects-cybersecurity-issue-negatively-impact-third-quarter-earnings-2023-10-05/453
43
Uber20,000,0002022 Dec 22Data on 77,000 Uber employees and internal reports were leaked on forums. While Uber denied ownership of the implicated source code, the breach stemmed from their third-party vendor, Teqtivity, which had a security incident earlier that year.transporthackedy1Restore Privacyhttps://restoreprivacy.com/uber-data-leak-breach-third-party-vendor-hacked/452
44
X (Twitter)200,000,0002023 Jan 23From Nov 2022 to Jan 2023, over 200 million Twitter users' data, including emails and names, was exposed due to repeated security flaw exploitations and posted on hacker forums. But no highly sensitive data was revealed.webpoor security1200mFirewall Timeshttps://firewalltimes.com/twitter-data-breach-timeline/451
45
CommuteAir1,500,0002023 Jan 23Swiss hacker Maia Arson Crimew, stumbled upon a misconfigured AWS server containing TSA's No Fly list and exposed ~250,000 'selectees' (selectees are automatically chosen for additional screening each time they fly) to a hacker forum.transporthackedy2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/us-no-fly-list-shared-on-a-hacking-forum-government-investigating/450
46
Yum!10,000,0002023 Jan 23The brand owner of KFC, Pizza Hut, and Taco Bell fast food chains saw an undisclosed amount of personal user information stolen during a ransomware attack: names, driver's license numbers, and other ID card numbers. ~300 restaurants were shut down in the UK due to IT system disruptions caused by the attack. retailhackedy2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/kfc-pizza-hut-owner-discloses-data-breach-after-ransomware-attack/449
47
PharMerica5,800,0002023 May 23Full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people.health hacked4Bleeping Computerhttps://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-of-58-million-pharmerica-patients/448
48
NATO8,0002023 Jul 23Hacktivist group, SiegedSec, claimed to have broken into six NATO web portals and stolen >3,000 files and 9GB of data. Threat intel biz CloudSEK analysis revealed 20 unclassified documents and 8,000 personnel records with names, job titles, email addresses, home addresses, and photos.governmenthackedy4The Registerhttps://www.theregister.com/2023/10/04/nato_data_attack/#:~:text=On%20Sunday%2C%20the%20SiegedSec%20crew,)%3B%20the%20Communities%20of%20Interest447
49
Topgolf Callaway1,114,9542023 Aug 23Only full names, shipping and email addresses, phone numbers, order histories, account passwords and answers to security questions were exposed. retailhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/golf-gear-giant-callaway-data-breach-exposes-info-of-11-million/446
50
Sony6,8002023 Oct 23Personal information belonging to current and former employees and their family members was stolen by Clop in a ransomware attack. Details unrevealed by Sony.techhacked2The Vergehttps://www.theverge.com/2023/10/5/23905370/sony-interactive-entertainment-security-breach-confirmationhttps://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/445
51
23andMe6,900,0002023 Oct 23Hackers accessed the genetic site's user data via login guesses and information from DNA relatives (users opt into sharing info through DNA relatives for others to see). Stolen data included personal and some genetic ancestry and health details. After two breaches, one unverified, 23andMe now faces legal action.health hackedy46.9mTech Crunchhttps://arstechnica.com/tech-policy/2023/12/hackers-stole-ancestry-data-of-6-9-million-users-23andme-finally-confirmed/https://www.bleepingcomputer.com/news/security/23andme-hit-with-lawsuits-after-hacker-leaks-stolen-genetics-data/444
52
Optus9,700,0002022Sept 2022The telecom company faced a 'sophisticated attack' exposing ~10 million accounts including personal details (passport, driver’s licence & Medicare numbers). Hacker demanded $1m ransom but later apologized and claimed data deletion, unverified.telecomshacked4The Guardianhttps://www.theguardian.com/business/2022/sep/29/optus-data-breach-everything-we-know-so-far-about-what-happenedhttps://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack443
53
PayPal 349422023 Dec 22PayPal's breach involved unauthorized account access using credential stuffing (exploiting users reusing the same password for multiple accounts). It wasn't from a direct security lapse and hackers couldn't transact. PayPal reset passwords.financehacked2Office of the Maine Attorney Generalhttps://apps.web.maine.gov/online/aeviewer/ME/40/766753f1-f9c7-4dc5-9a5c-fe0f3ff51c06.shtmlhttps://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/442
54
Acer10,000,0002023 Mar 23Acer suffered a data breach when a server was hacked, with threat actors selling 160GB of stolen data. The company said the incident hadn't impacted customer info.techhacked1Slashdothttps://it.slashdot.org/story/23/03/07/1459230/acer-confirms-breach-after-hacker-offers-to-sell-stolen-data?utm_source=feedly1.0mainlinkanon&utm_medium=feedhttps://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/441
55
MSI10,000,0002023 Apr 23Money Message ransomware group claims to have stolen MSI's source code, demanding $4 million to prevent leaks. MSI downplays impact and hasn't confirmed paying ransom, assuring no user data was affected but advises software downloads only from official sources.techhacked1Slashdothttps://it.slashdot.org/story/23/04/07/152242/msi-confirms-breach-as-ransomware-gang-claims-responsibility?utm_source=feedly1.0mainlinkanon&utm_medium=feedhttps://uk.pcmag.com/security/146322/msi-confirms-breach-as-ransomware-gang-claims-responsibility440
56
T-Mobile37,000,0002023 Jan 23T-Mobile's system was exploited by 'bad actors' from November 2022 to January 2023, exposing customer data. It's their ninth hack since 2018, with a 2021 breach affecting 49 million customers.telecomshacked2Ars Technicahttps://arstechnica.com/information-technology/2023/05/t-mobile-discloses-2nd-data-breach-of-2023-this-one-leaking-account-pins-and-more/439
57
T-Mobile8362023 Mar 23T-Mobile faced its second 2023 data breach, exposing PINs and data from Feb to Mar. Though way smaller than the first 2023 breach (only affecting 836 customers), it adds to the $350mil 2021 settlement and erodes customer trust.telecomshacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/t-mobile-discloses-second-data-breach-since-the-start-of-2023/438
58
ChatGPT101,0002023 Mar 23Over 101,000 ChatGPT accounts were stolen by malware last year. Breakdown: Asia-Pacific 40,999, Middle-East/Africa 24,925, Europe 16,951, Latin America 12,314, North America 4,737. Malware extracts browser credentials from SQLite databases, using CryptProtectData function to decrypt stored data.techhackedy2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/over-100-000-chatgpt-accounts-stolen-via-info-stealing-malware/437
59
TIAAThe Teachers Insurance and Annuity Association of America2,300,0002023 May 23This US retirement fund for teachers faced a data breach exposing client details. A former teacher-client is suing for inadequate cybersecurity and leaving data unencrypted on a vulnerable platform.financehacked, poor security2ClassActionhttps://www.classaction.org/news/teachers-insurance-and-annuity-association-of-america-hit-with-class-action-over-may-2023-data-breach#:~:text=Teachers%20Insurance%20and%20Annuity%20Association%20of%20America%20faces%20a%20class,of%20approximately%202.3%20million%20individuals.https://news.slashdot.org/story/23/06/30/2038234/schools-say-us-teachers-retirement-fund-was-breached-by-moveit-hackers?utm_source=feedly1.0mainlinkanon&utm_medium=feed436
60
Microsoft30,000,0002023 Jun 23Anonymous Sudan hacked Microsoft, accessed customer data, and caused outages. They offered the database for $50,000. But Microsoft claims no evidence of compromised customer data.webhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/microsoft-denies-data-breach-theft-of-30-million-customer-accounts/435
61
Microsoft10,000,0002023 May 23China-backed hackers stole a cryptographic key from Microsoft, undetected for a month, accessing 25 organizations, including government. Microsoft's postmortem cites past system vulnerabilities.webhacked3unknownNYThttps://www.nytimes.com/2023/07/11/us/politics/china-hack-us-government-microsoft.html?smid=nytcore-ios-sharehttps://www.wired.com/story/china-backed-hackers-steal-microsofts-signing-key-post-mortem/434
62
Roblox4,0002020 Dec 20Data identifying Roblox creators was breached at a developers' conference, undisclosed for 2 years due to a third-party security issue.gamingpoor security2The Vergehttps://www.theverge.com/2023/7/21/23802742/roblox-data-breach-leak-developer-personal-information-exposed433
63
Discord.io760,0002023 Aug 23Unidentified person listed user data for sale on darknet. Discord.io enables custom Discord invites.gaminghacked1Stackdiaryhttps://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet//432
64
Clorox10,000,0002023 Aug 23Clorox detected unauthorized IT activity in August 2023. By September, the contained hack led to slower production and a 2% stock drop. Specific affected files undisclosedretailhacked1unknownSlashdothttps://it.slashdot.org/story/23/10/04/1917217/clorox-security-breach-linked-to-group-behind-casino-hacks?utm_source=feedly1.0mainlinkanon&utm_medium=feed431
65
Latitude Financial14,000,0002023 Apr 2314 million customer records, including driver's licence numbers, passport numbers and financial statements, stolen in a cyber-attack that was worse than the company initially reported.financehacked2Privacy Commissionerhttps://www.privacy.org.nz/publications/statements-media-releases/new-zealands-biggest-data-breach-shows-retention-is-the-sleeping-giant-of-data-security/430
66
Toyota296,0192022 Oct 22An access key to a data server storing customer email addresses and management numbers was mistakenly published publically on GitHub for five years.transportpoor security 2Slashdothttps://yro.slashdot.org/story/22/10/10/2032250/toyota-discloses-data-leak-after-access-key-exposed-on-github?utm_source=feedly1.0mainlinkanon&utm_medium=feed429
67
Shein39,000,0002022 Oct 22Online fast fashion retailer suffered a breach of its login credentials in 2018 but failed to notify its customersretailhacked2Tech Crunchhttps://techcrunch.com/2022/10/13/shein-zoetop-fined-1-9m-data-breach/?guccounter=1428
68
Indonesia's health agencyBPJS Kesehatan279,000,0002022 May 21The ID numbers, salary and phone numbers of every single man, woman and child in the country was stolen.governmenthackedy3Kr Asiahttps://kr-asia.com/shoddy-data-protection-in-indonesia-threatens-personal-security-of-citizens427
69
CoinSquare50,0002022 Nov 22Major Canadian Crypto Exchange. company claims customer assets are “secure in cold storage and are not at risk.”techhacked1Coin Deskhttps://www.coindesk.com/tech/2022/11/26/major-canadian-crypto-exchange-coinsquare-says-client-data-breached/426
70
Indian Railways30,000,0002022 Dec 22Stolen data includes usernames, emails, phone numbers, gender, city, state, invoicestransporthacked2Techlo Mediahttps://techlomedia.in/2022/12/data-of-30-million-indian-railways-users-is-up-for-sale-on-a-dark-forum-96589/425
71
Indonesian SIM cards1,000,000,0002022 Oct 22A vast data hack of 1.3 bn SIM registrations evealing national identity numbers, phone numbers, and more.telecomshacked31.3bnRest of Worldhttps://restofworld.org/2022/indonesia-hacked-sim-bjorka/424
72
LastPass33,000,0002022 Aug 22Popular password manager breached; basic account info exposed. Sensitive vault data like usernames and passwords remained safely encrypted.webhacked2Tech Crunchhttps://techcrunch.com/2022/12/14/parsing-lastpass-august-data-breach-notice/https://www.forbes.com/sites/daveywinder/2023/03/03/why-you-should-stop-using-lastpass-after-new-hack-method-update/423
73
Twitter200,000,0002022 Dec 22Over 200 million Twitter emails were stolen and posted online, possibly before Musk's 2022 takeover.web hacked1Wiredhttps://www.wired.com/story/twitter-leak-200-million-user-email-addresses/422
74
City of Amagasaki, Japan500,0002022Jun 2022An unnamed government official lost his bag after a night's drinking. It contained a USB stick with sensitive data of the entire city's residents. USB stick was encrypted and passworded.governmentoops!3BBChttps://www.bbc.co.uk/news/world-asia-61921222421
75
Shanghai Police500,000,0002022Jul 2022A database containing records of over a billion Chinese civilians – allegedly stolen from the Shanghai Police. Addresses, police records and national ID numbers. Potentially one of the largest data breaches in history. Details repressed and censored by Chinese media.financehacked5"one billion"The Registerhttps://www.theregister.com/2022/07/05/shanghai_police_database_for_sell/420
76
Twitter5,400,0002021Dec 2021Zero day vulnerability allowed a threat actor to create profiles of 5.4 million Twitter users inc. a verified phone number or email address, and scraped public information, such as follower counts, screen name, login name, etcwebhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/twitter-confirms-zero-day-used-to-expose-data-of-54-million-accounts/419
77
Plex15,000,0002022Aug 2022Intruders access password data, usernames, and emails for at least half of its 30 million users.web hacked1Ars technicahttps://arstechnica.com/information-technology/2022/08/plex-imposes-password-reset-after-hackers-steal-data-for-15-million-users/418
78
Dubai Real Estate Leak800,0002022May 2022Data leak exposes how criminals, officials, and sanctioned politicians poured money into Dubai real estate including more than 100 members of Russia's political elite, public officials, or businesspeople close to the Kremlin, as well as dozens of Europeans implicated in money laundering and corruptionfinanceinside joby1E24https://e24.no/internasjonal-oekonomi/i/Bj97B0/dubai-uncovered-data-leak-exposes-how-criminals-officials-and-sanctioned-politicians-poured-money-into-dubai-real-estate417
79
Heroku50,0002022Apr 2022A compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." on the Salesforce-owned cloud platform.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/heroku-admits-that-customer-credentials-were-stolen-in-cyberattack/416
80
Mailchimp106,5862022Apr 2022Hackers gained access to internal customer support and account management tools of the email marketing company to steal audience data and conduct phishing attacks.techhacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/415
81
PayHere1,580,2492022Mar 2022Sri Lankan payment gateway PayHere suffered a data breach exposing more than 65GB of payment records including over 1.5M unique email addresses. (IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date).financehacked3Pay Herehttps://blog.payhere.lk/ensuring-integrity-on-payhere-cybersecurity-incident/414
82
CDEK18,218,2032022Mar 2022UNVERIFIED. Russian courier service CDEK was hacked by Ukrainian hacker group "IT Army" - including 19M unique email addresses along with names and phone numbers. retailhacked319mHave I Been Pwnedhttps://twitter.com/haveibeenpwned/status/1504343470072549377?lang=en413
83
Washington State Dpt of Licensing257,0002022Feb 2022The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system.governmenthacked3Seattle Timeshttps://www.seattletimes.com/business/breach-at-state-licensing-agency-may-have-exposed-data-from-1000s-of-professionals/412
84
Red Cross500,0002022Jan 2022A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.NGOhacked4Arsetechniahttps://arstechnica.com/information-technology/2022/01/red-cross-hack-compromises-the-personal-data-of-515k-highly-vulnerable-people/411
85
Open Subtitles100,0002022Jan 2022webhacked1Open Subtitleshttps://forum.opensubtitles.org/viewtopic.php?t=17685410
86
FlexBooker3,700,0002022Jan 2022appointment scheduling servicewebhacked33.7mBleeping Computerhttps://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/409
87
LINE Pay133,0002021Dec 2021financepoor security 2The Registerhttps://www.theregister.com/2021/12/07/line_pay_leaks_around_133000/408
88
Robinhood5,000,9372021Nov 2021a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers.financehacked25mTech Crunchhttps://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1407
89
GoDaddy1,200,0002021Nov 2021Security Incident Affecting Managed WordPress Servicwebhacked1SEChttps://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1406
90
Travelio471,3762021Nov 2021The Indonesian real estate website Travelio suffered a data breach of over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. mischacked2470KHaveIBeenPwnedhttps://www.riskbasedsecurity.com/2021/12/14/dark-web-roundup-november-2021/405
91
Acer3,000,0002021Oct 2021techhacked1Hot Hardwarehttps://hothardware.com/news/acer-confirms-hacked-again-60gb-stolen-customer-data404
92
Brewdog200,0002021Oct 2021BrewDog, one of the world's largest craft beer brewers, has exposed personally identifiable information (PII) belonging to more than 200,000 of its shareholders and customers,retailpoor security1Tech Radarhttps://www.techradar.com/news/brewdog-exposes-data-of-200000-customers-and-shareholders403
93
Experian SASouth Africa24,000,0002020 Jul 2020Handed over personal information of their South African customers to a fraudulent client.weboops!3Uni of Hawaiihttps://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/experian-security-breach-in-south-africa/#:~:text=Experian%20disclosed%20the%20data%20breach,local%20businesses%20(Cimpanu%202020).402
94
Nvidia100,0002021Mar 2021techhacked2CNN Businesshttps://edition.cnn.com/2022/03/01/tech/nvidia-information-leak/https://it.slashdot.org/story/22/03/01/1523248/nvidia-says-employee-company-information-leaked-online-after-cyber-attack?utm_source=feedly1.0mainlinkanon&utm_medium=feed401
95
Okta100,0002021Jan 2021Identity and access management provider Oktatechhacked1The Vergehttps://www.theverge.com/2022/4/20/23034360/okta-lapsus-hack-investigation-breach-25-minuteshttps://twitter.com/BillDemirkapi/status/1508527487655067660/399
96
Royal Enfield420,8732020 Jan 2020Motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. (Email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information)transportpoor security3The Quinthttps://www.thequint.com/news/india/royal-enfield-exposed-database-containing-450000-customer-data-cyber-security-expert398
97
Avvo4,101,1012019Dec 2019A data breach of the lawyer directory service released 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. legalhacked14.1mHaveIBeenPwnedhttps://www.troyhunt.com/breach-disclosure-blow-by-blow-heres-why-its-so-hard/397
98
Aimware305,4702019May 2019Video game cheats website "Aimware" suffered a data breach of subscribers' personal information (email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes)gaminghacked3HaveIBeenPwned396
99
Twitch10,000,0002021Oct 2021Full source code breach of the streaming gaming site revealed a trove of internal data & documents including core config packages, devtools, and payments to top streamers. gaminghackedy4unknownBBChttps://www.bbc.co.uk/news/technology-58817658395
100
Syniverse500,000,0002021Sep 2021"A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide."telecomshacked4unknownVicehttps://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked394