ABCDEFGHIJKLMNOP
1
organisationalternative namerecords lostyear datestorysectormethodinteresting storydata sensitivitydisplayed recordssource name1st source link2nd source linkID
2
visualisation here: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
pink = new		(use 3m, 4m, 5m or 10m to approximate unknown figures) year story brokeweb
healthcare
app
retail
gaming
transport
financial
tech
government
telecoms
legal
media
academic
energy
military		poor security
hacked
oops!
lost device
inside job		1. Just email address/Online information
2 SSN/Personal details
3 Credit card information
4 Health & other personal records
5 Full details		=IF(C3>100000000,C3,")
3
Plex15,000,0002022Aug 2022Intruders access password data, usernames, and emails for at least half of its 30 million users.web hacked1Ars technicahttps://arstechnica.com/information-technology/2022/08/plex-imposes-password-reset-after-hackers-steal-data-for-15-million-users/418
4
Twitter5,400,0002021Dec 2021Zero day vulnerability allowed a threat actor to create profiles of 5.4 million Twitter users inc. a verified phone number or email address, and scraped public information, such as follower counts, screen name, login name, etcwebhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/twitter-confirms-zero-day-used-to-expose-data-of-54-million-accounts/419
5
Shanghai Police500,000,0002022Jul 2022A database containing records of over a billion Chinese civilians – allegedly stolen from the Shanghai Police. Addresses, police records and national ID numbers. Potentially one of the largest data breaches in history. Details repressed and censored by Chinese media.financialhacked5"one billion"The Registerhttps://www.theregister.com/2022/07/05/shanghai_police_database_for_sell/420
6
City of Amagasaki, Japan500,0002022Jun 2022An unnamed government official lost his bag after a night's drinking. It contained a USB stick with sensitive data of the entire city's residents. USB stick was encrypted and passworded.governmentoops!3BBChttps://www.bbc.co.uk/news/world-asia-61921222421
7
Dubai Real Estate Leak800,0002022May 2022Data leak exposes how criminals, officials, and sanctioned politicians poured money into Dubai real estate including more than 100 members of Russia's political elite, public officials, or businesspeople close to the Kremlin, as well as dozens of Europeans implicated in money laundering and corruptionfinancialinside joby1E24https://e24.no/internasjonal-oekonomi/i/Bj97B0/dubai-uncovered-data-leak-exposes-how-criminals-officials-and-sanctioned-politicians-poured-money-into-dubai-real-estate417
8
Heroku50,0002022Apr 2022A compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." on the Salesforce-owned cloud platform.techhacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/heroku-admits-that-customer-credentials-were-stolen-in-cyberattack/416
9
Mailchimp106,5862022Apr 2022Hackers gained access to internal customer support and account management tools of the email marketing company to steal audience data and conduct phishing attacks.techhacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/415
10
PayHere1,580,2492022Mar 2022Sri Lankan payment gateway PayHere suffered a data breach exposing more than 65GB of payment records including over 1.5M unique email addresses. (IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date).financialhacked3Pay Herehttps://blog.payhere.lk/ensuring-integrity-on-payhere-cybersecurity-incident/414
11
CDEK18,218,2032022Mar 2022UNVERIFIED. Russian courier service CDEK was hacked by Ukrainian hacker group "IT Army" - including 19M unique email addresses along with names and phone numbers. retailhacked319,000,000Have I Been Pwnedhttps://twitter.com/haveibeenpwned/status/1504343470072549377?lang=en413
12
Washington State Dpt of Licensing257,0002022Feb 2022The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system.governmenthacked3Seattle Timeshttps://www.seattletimes.com/business/breach-at-state-licensing-agency-may-have-exposed-data-from-1000s-of-professionals/412
13
Red Cross500,0002022Jan 2022A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.NGOhacked4Arsetechniahttps://arstechnica.com/information-technology/2022/01/red-cross-hack-compromises-the-personal-data-of-515k-highly-vulnerable-people/411
14
Open Subtitles100,0002022Jan 2022webhacked1Open Subtitleshttps://forum.opensubtitles.org/viewtopic.php?t=17685410
15
FlexBooker3,700,0002022Jan 2022appointment scheduling servicewebhacked33,700,000Bleeping Computerhttps://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/409
16
LINE Pay133,0002021Dec 2021financialpoor security 2The Registerhttps://www.theregister.com/2021/12/07/line_pay_leaks_around_133000/408
17
Robinhood5,000,9372021Nov 2021a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers.financialhacked25,000,000Tech Crunchhttps://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1407
18
GoDaddy1,200,0002021Nov 2021Security Incident Affecting Managed WordPress Servicwebhacked1SEChttps://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1406
19
Travelio471,3762021Nov 2021The Indonesian real estate website Travelio suffered a data breach of over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. mischacked2470,000HaveIBeenPwnedhttps://www.riskbasedsecurity.com/2021/12/14/dark-web-roundup-november-2021/405
20
Acer3,000,0002021Oct 2021techhacked1Hot Hardwarehttps://hothardware.com/news/acer-confirms-hacked-again-60gb-stolen-customer-data404
21
Brewdog200,0002021Oct 2021BrewDog, one of the world's largest craft beer brewers, has exposed personally identifiable information (PII) belonging to more than 200,000 of its shareholders and customers,retailpoor security1Tech Radarhttps://www.techradar.com/news/brewdog-exposes-data-of-200000-customers-and-shareholders403
22
Nvidia100,0002021Mar 2021techhacked2CNN Businesshttps://edition.cnn.com/2022/03/01/tech/nvidia-information-leak/https://it.slashdot.org/story/22/03/01/1523248/nvidia-says-employee-company-information-leaked-online-after-cyber-attack?utm_source=feedly1.0mainlinkanon&utm_medium=feed401
23
Okta100,0002021Jan 2021Identity and access management provider Oktatechhacked1The Vergehttps://www.theverge.com/2022/4/20/23034360/okta-lapsus-hack-investigation-breach-25-minuteshttps://twitter.com/BillDemirkapi/status/1508527487655067660/399
24
Experian SASouth Africa24,000,0002020 Jul 2020Handed over personal information of their South African customers to a fraudulent client.weboops!3Uni of Hawaiihttps://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/experian-security-breach-in-south-africa/#:~:text=Experian%20disclosed%20the%20data%20breach,local%20businesses%20(Cimpanu%202020).402
25
Royal Enfield420,8732020 Jan 2020Motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. (Email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information)transportpoor security3The Quinthttps://www.thequint.com/news/india/royal-enfield-exposed-database-containing-450000-customer-data-cyber-security-expert398
26
Avvo4,101,1012019Dec 2019A data breach of the lawyer directory service released 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. legalhacked14,100,000HaveIBeenPwnedhttps://www.troyhunt.com/breach-disclosure-blow-by-blow-heres-why-its-so-hard/397
27
Aimware305,4702019May 2019Video game cheats website "Aimware" suffered a data breach of subscribers' personal information (email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes)gaminghacked3HaveIBeenPwned396
28
Twitch10,000,0002021Oct 2021Full source code breach of the streaming gaming site revealed a trove of internal data & documents including core config packages, devtools, and payments to top streamers. gaminghackedy4unknownBBChttps://www.bbc.co.uk/news/technology-58817658395
29
Syniverse500,000,0002021Sep 2021"A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide."telecomshacked4unknownVicehttps://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked394
30
Pandora Papers11,900,0002021Oct 2021Millions of documents reveal offshore deals and assets of more than 100 billionaires, 30 world leaders and 300 public officialsgovernmenthackedy4Guardianhttps://www.theguardian.com/news/2021/oct/03/pandora-papers-biggest-ever-leak-of-offshore-data-exposes-financial-secrets-of-rich-and-powerful393
31
Neiman Marcus4,600,0002021Sep 2021Occurred sometime in May 2020 after "an unauthorized party" obtained the personal information of some Neiman Marcus customers from their online accounts.retailhacked3Ars Technicahttps://arstechnica.com/information-technology/2021/10/neiman-marcus-data-breach-impacts-4-6-million-customers/392
32
Epik15,000,0002021Sep 2021An Internet-services company for concealing online identities, popular with the far right retailhackedy5Ars Technicahttps://arstechnica.com/information-technology/2021/09/epik-data-breach-impacts-15-million-users-including-non-customers/391
33
Thailand visitors100,000,0002021Sep 2021Any foreigner who has travelled to Thailand in the last decade ‘might have had their information exposed’governmentpoor security 2100,000,000South China Morning Posthttps://www.scmp.com/news/asia/southeast-asia/article/3149475/details-some-100-million-visitors-thailand-exposed-online390
34
T-Mobile 76,000,0002021Aug 2021Exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. T-mobile paid a $500m settlement.telecomshacked3Krebson Securityhttps://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/389
35
Contact tracing data38,000,0002021Aug 2021A thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases.telecomshacked338,000,000Wiredhttps://www.wired.com/story/microsoft-power-apps-data-exposed/388
36
Estonian gov280,0002021Jul 2021A hacker was able to obtain over 280,000 personal identity photos following an attack on the state information system last Friday.governmenthacked4News ERRhttps://news.err.ee/1608291072/hacker-downloads-close-to-300-000-personal-id-photos387
37
GuntraderUK firearms sales website111,0002021Jul 2021Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords used by gun shops across the UK.retailhacked2The Registerhttps://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/386
38
Linkedin700,000,0002021Jul 2021The hacker appears to have misused the official LinkedIn API to scrape the data, the same method used in a similar breach back in April. User details, but no passwords.web hacked1700,000,0009 to 5 machttps://9to5mac.com/2021/06/29/linkedin-breach/385
39
VW3,300,0002021Jun 2021Phone numbers, email addresses and some sensitive credit data. Nearly all those impacted were current or potential customers of Audi, one of the German automaker's luxury brandstransporthacked2Reutershttps://www.reuters.com/business/autos-transportation/vw-says-data-breach-vendor-impacted-33-million-people-north-america-2021-06-11/384
40
MacDonalds10,000,0002021Jun 2021Unknown detailretailhacked2unknownWall St Journalhttps://www.wsj.com/articles/mcdonalds-hit-by-data-breach-in-south-korea-taiwan-11623412800383
41
Air India4,500,0002021May 2021Passenger’s name, date of birth, contact information, passport information, ticket information, frequent flyer data and credit card information.transporthacked2Indian Expresshttps://indianexpress.com/article/explained/air-india-sita-data-breach-explained-7325501/382
42
Omiai dating appJapanese dating app1,710,0002021May 2021Addresses and dates of birth from identification, including passports, drivers’ licenses and health insurance cards, provided to the company.apphacked2Japan Timeshttps://www.japantimes.co.jp/news/2021/05/22/business/tech/omiai-dating-app-hack-japan/381
43
Amazon Reviews13,124,9622021May 2021Database exposing an organized fake reviews scam affecting Amazon. The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free productswebpoor security y2Safety Detectiveshttps://www.safetydetectives.com/blog/amazon-reviews-leak-report/380
44
Peloton3,000,0002021May 2021techpoor security 2Ars Technicahttps://arstechnica.com/gadgets/2021/05/peloton-takes-3-months-to-fix-flaw-that-exposed-users-private-information/#p3379
45
Digital Ocean10,000,0002021Apr 2021techpoor security unknownTech Crunchhttps://techcrunch.com/2021/04/28/digitalocean-customer-billing-data-breach/378
46
Park Mobilemobile parking app21,000,0002021Apr 2021Customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses.transporthacked2Krebson Securityhttps://krebsonsecurity.com/2021/04/parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users/377
47
Ubiquiti16,000,0002021Feb 2021Unknown amount of user data breachedtechhacked2ZDNethttps://www.zdnet.com/article/ubiquiti-tells-customers-to-change-passwords-after-security-breach/376
48
Meet Mindful2,240,0002021Feb 2021Dating site user data includes real names, phone numbers, Facebook account codes, latitude & longtitude. Thankfully private messages were not leaked.techhacked4ZDnethttps://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/375
49
Experian Brazil220,000,0002021Feb 2021Details hazyfinancehacked2220,000,000ZDNethttps://www.zdnet.com/article/experian-challenged-over-massive-data-leak-in-brazil/374
50
Gab4,000,0002021 Mar 2021Over 70GB of data from the far-right social media site was hacked. Alll posts, messages, passwords from all users were breached.techhackedy3100,000Wiredhttps://www.wired.com/story/gab-hack-data-breach-ddosecrets/373
51
Star Alliance16,000,0002021 Mar 2021The Star Alliance of airlines including Singapore Airlines, Lufthansa and United, said on Thursday it had been the victim of a cyber attack leading to a breach of passenger data. Lufthansa, Cathay Pacific and Air New Zealand were also affected. Breached data was limited to "name, tier status and membership number”transporthacked1The Guardianhttps://www.theguardian.com/world/2021/mar/05/airline-data-hack-hundreds-of-thousands-of-star-alliance-passengers-details-stolen372
52
Facebook533,000,0002021 Mar 2021Phone numbers, full names, locations, email addresses, and biographical information on 533 million users from 106 countries. Scraped due to a vulnerability "patched in 2019".techhackedy1533,000,000Business Insiderhttps://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T371
53
Ledger270,0002020 Dec 2020A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free.financehacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum/370
54
T-mobile200,0002020 Dec 2020The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.telecomshacked1Bleeping Computerhttps://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/369
55
The Hospital Group1,000,0002020 Dec 2020Hackers compromised the plastic surgery firm and threatened to release over 900 gigabytes of private surgery photographs. health hackedy4BBChttps://www.bbc.co.uk/news/technology-55439190368
56
SolarWinds50,000,0002020 Dec 2020Suspected Russian hackers compromised network monitoring software used by the Pentagon, intelligence agencies, nuclear labs and many Fortune 500 companies. A tainted software update acted as a trojan horse. An unknown number of companies and individuals might be affected.apphackedy3New York Timeshttps://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html367
57
Ho Mobile2,500,0002020 Dec 2020Italian mobile operator owned by Vodaphone is now taking the rare step of offering to replace the SIM cards of all affected customers. Data hacked full names, telephone numbers, social security numbers, email addresses, dates and places of birth, nationality, and home addresses.telecomshacked2ZD Nethttps://www.zdnet.com/article/italian-mobile-operator-offers-to-replace-sim-cards-after-massive-data-breach/366
58
Spotify500,0002020 Dec 2020Undisclosed number of users had their email addresses and passwords left open online. Spotify said the vulnerability existed as far back as April 9 but wasn’t discovered until November 12.appoops!1Tech Crunchhttps://techcrunch.com/2020/12/10/spotify-resets-user-passwords-after-a-bug-exposed-private-account-information/?guccounter=1&guce_referrer=aHR0cHM6Ly9pdC5zbGFzaGRvdC5vcmcv&guce_referrer_sig=AQAAAMGNMpm00iWQgE4Zhw1q6_5FoeBsJUbWyKEniavHxaZR-X1oBrnXuFtvr9B4IYBK1C6x9AfEqEZwzfJaZhhINvaBZltXd-DF036LVwwnAhWAMQpD98Lahw3sni-Z2bS6qEIjPgodPdZHV3DRJWLrNt0bOoohuh_DWM8-IngVnCl6365
59
Drizly2,400,0002020 Sep 2020Alcohol delivery service hacked with email addresses, DOB, hashed passwords and some home addresses leaked. apphacked2Tech Crunchhttps://techcrunch.com/2020/07/28/drizly-data-breach/364
60
GEDmatch1,400,0002020 Sep 2020DNA data on up to 1.4m users of this geneaology site may have been hacked.misc, healthhackedy5New York Timeshttps://www.nytimes.com/2020/08/01/technology/gedmatch-breach-privacy.html?referringSource=articleShare363
61
Call of Duty / Activision500,0002020 Sep 2020Login data for users of the popular video games may have compromised. Activision refutes the claim. gaminghacked1Forbeshttps://www.forbes.com/sites/daveywinder/2020/09/21/activision-accounts-hacked-500000-call-of-duty-players-could-be-affected-report/?sh=7ca04e0f7bbe362
62
Zhenhua2,400,0002020 Sep 2020Personal details of millions of notable people around the world found in a leaked database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks. Mostly compiled from social media profiles.miscoops!y1The Guardianhttps://www.theguardian.com/world/2020/sep/14/zhenhua-data-full-list-leak-database-personal-details-millions-china-tech-company361
63
Cense AI2,500,0002020 Aug 2020Medical records from an artificial intelligence company were left open online.tech, healthpoor security4PC Maghttps://uk.pcmag.com/encryption/128228/report-ai-company-leaks-over-25m-medical-records360
64
Nintendo300,0002020 Apr 2020Unauthorised access to thousands of Nintendo Switch accounts. Hackers were able to use saved payment details to make purchases.gaminghacked3300,000Tech Crunchhttps://techcrunch.com/2020/06/09/nintendo-accounts-affected-breach/?guccounter=1&guce_referrer=aHR0cHM6Ly9nYW1lcy5zbGFzaGRvdC5vcmcvc3RvcnkvMjAvMDYvMDkvMTg0MjIzNy9uaW50ZW5kby1ub3ctc2F5cy0zMDAwMDAtYWNjb3VudHMtYnJlYWNoZWQtYnktaGFja2Vycz91dG1fc291cmNlPXJzczEuMG1haW5saW5rYW5vbiZ1dG1fbWVkaXVtPWZlZWQ&guce_referrer_sig=AQAAAIXC8IvaFgPdt5t-CUm7yPEhKblsmme4097SUtEWdSkjyrdsxVYiQBfbdpekm_Y29T7evb-5zNNl2-ZHfNSmVkKFnE5vClvpvsaPYykOO8WtAX76dZoL2EUkVL8XfmMQBVlNF43T5MATGNeSnwn6Ta6ELVBXnf_ZTsmVaemjk1Vf359
65
Pakistani mobile operators115,000,0002020 Apr 2020Personal details stolen from Jazz and other mobile networks were put up for sale for $2.1m in bitcoin.telecomshacked2115,000,000ZDNethttps://www.zdnet.com/article/details-of-44m-pakistani-mobile-users-leaked-online-part-of-bigger-115m-cache/358
66
US Marshals Service387,0002020 May 2020Prisoners had sensitive personal data stolen in December 2019. They were notified five months later.governmenthacked2287,000NextGovhttps://www.nextgov.com/cybersecurity/2020/05/us-marshals-service-breach-exposed-personal-data-387000-prisoners/165305/357
67
db8151dd"mystery breach"22,000,0002020 May 2020Aggregated data from multiple websites was discovered in an open database. It included addresses, job titles, phone numbers and social media profiles. The breach was dubbed 'db8151dd'.webhacked222,000,0009 to 5 Machttps://9to5mac.com/2020/05/15/db8151dd/356
68
EasyJet9,000,0002020 May 2020The airline became aware of a hack in January, but didn't notify customers until April. Email addresses, travel details and credit card details were stolen. transporthacked39,000,000BBChttps://www.bbc.co.uk/news/technology-52722626355
69
Microsoft250,000,0002020 Jan 2020Customer support records spanning 14 years were left online without password protection. webpoor security1250,000,000Forbeshttps://www.forbes.com/sites/daveywinder/2020/01/22/microsoft-security-shocker-as-250-million-customer-records-exposed-online/#91076484d1b3354
70
Dutch Government6,900,0002020 Mar 2020Two hard drives with data from 6.9m registered organ donors went missing. They contained contact details, ID numbers & signatures.governmentlost device46,900,000ZDNethttps://www.zdnet.com/article/dutch-government-loses-hard-drives-with-data-of-6-9-million-registered-donors/353
71
Virgin Media900,0002020 Mar 2020A poorly-configured database left names, email addresses and phone numbers exposed for 10 months. retailpoor security1900,000BBC https://www.bbc.co.uk/news/business-51760510352
72
Boots Advantage Card150,0002020 Mar 2020Hackers accessed Advantage Card records, but no financial data was stolen. Payment using points was suspended.retailhacked1150,000Whichhttps://www.which.co.uk/news/2020/03/boots-advantage-card-tesco-clubcard-both-suffer-data-breaches-in-same-week/351
73
Tesco Clubcard600,0002020 Mar 2020Details of accrued loyalty points were accessed, but financial details weren't exposed.retailhacked1600,000Tech Radarhttps://www.techradar.com/uk/news/tesco-clubcard-holders-warned-of-major-security-issue350
74
Marriott Hotels5,200,0002020 Mar 2020Guest records were accessed using the logins of two employees between mid-Jan and end of Feb. retailinside job25,200,000Marriotthttps://news.marriott.com/news/2020/03/31/marriott-international-notifies-guests-of-property-system-incident349
75
Zoom500,0002020 Apr 2020Email addresses, passwords and personal meeting URLs were sold on the dark web. It led to a host of zoom-bombing pranks. apphacked1500,000We Live Securityhttps://www.welivesecurity.com/2020/04/16/half-million-zoom-accounts-sale-dark-web/348
76
Israeli government6,500,0002020 Feb 2020Names, addresses, and ID card numbers of every Israeli voter were found on an insecure website belonging to Elector, a political communications app.governmentpoor security26,500,000NYTimeshttps://www.nytimes.com/2020/02/10/world/middleeast/israeli-voters-leak.html?action=click&module=News&pgtype=Homepage347
77
MGM Hotels10,600,0002020 Feb 2020Data stolen during an 2019 hack of an MGM server was published on a hacking forum.retailhacked210,600,000ZDNethttps://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/346
78
Buchbinder Car Rentals5,000,0002020 Jan 2020Correspondence, invoices and contracts containing personal details were left exposed on an unsecured company server. transportpoor security25,000,000Teller Reporthttps://www.tellerreport.com/news/2020-01-22---big-data-leak--media--at-buchbinder-car-rental-company--customer-data-was-open-.BJ-S5Jk8Z8.html345
79
Wawafuel & convenience store chain30,000,0002019 Dec 2019Card-stealing malware was installed, and remained undiscovered for nine months. retailhacked330,000,000Krebs on Securityhttps://krebsonsecurity.com/2020/01/wawa-breach-may-have-compromised-more-than-30-million-payment-cards/344
80
Desjardins Group4,200,0002019 Jun 2019An employee of the Canadian financial firm leaked customer information outside the organisation: names, addresses, birthdates, social insurance numbers & transaction habits.financeinside job2CBChttps://www.cbc.ca/news/canada/montreal/desjardins-data-breach-1.5344216343
81
US Customs and Border Protection100,0002019 Jun 2019Photos of faces and license plates taken at an US border crossing were stolen in a cyberattack on a surveillance contractor.governmenthackedy2Washington Posthttps://www.washingtonpost.com/technology/2019/06/10/us-customs-border-protection-says-photos-travelers-into-out-country-were-recently-taken-data-breach/?utm_term=.69c66aaf152f342
82
Quest Diagnostics20,000,0002019 Jun 2019For an 8 month period, a hacker group stole personal and payment information from a firm providing billing services for the US healthcare sector.health poor security4ZDNethttps://www.zdnet.com/article/amca-data-breach-has-now-gone-over-the-20-million-mark/341
83
Australian National University200,0002019 Jun 2019A hacker accessed personal information including addresses, bank account details, payroll information and academic records. Staff, students and visitors were affected.academichacked4Guardianhttps://www.theguardian.com/australia-news/2019/jun/04/australian-national-university-hit-by-huge-data-breach340
84
Canva139,000,0002019 May 2019 Names, email addresses and location data belonging to users of an Australian graphic design service were stolen by a hacker.webhacked2139,000,000ZDNethttps://www.zdnet.com/article/australian-tech-unicorn-canva-suffers-security-breach/339
85
ChtrboxInstagram Influencers49,000,0002019 May 2019Contact details for millions of Instagram influencers, celebrities and brand accounts was left exposed in an online database for at least six days.miscpoor securityy1Techcrunchhttps://techcrunch.com/2019/05/20/instagram-influencer-celebrity-accounts-scraped/337
86
WiFi FinderA hotspot finder app2,000,0002019 Apr 2019An Android app for finding local WiFi passwords inadvertently provided access to the entire database, including domestic WiFi points.apppoor security1Techcrunchhttps://techcrunch.com/2019/04/22/hotspot-password-leak/336
87
Toyota3,100,0002019 Apr 2019A security breach of Toyota subsidiaries' IT systems may have leaked personal customer information.transporthacked2Bleeping Computerhttps://www.bleepingcomputer.com/news/security/toyota-security-breach-exposes-personal-info-of-31-million-clients/https://global.toyota/jp/newsroom/corporate/27465617.html335
88
UnknownOpen database in China1,800,0002019 Mar 2019A Dutch researcher found women's personal information in an open Chinese database. It included phone numbers, addressed and their "BreedReady" status, whatever that might be.webpoor securityy4The Guardianhttps://www.theguardian.com/world/2019/mar/11/china-database-lists-breedready-status-of-18-million-women334
89
VårdguidenSweden's healthcare hotline2,700,0002019 Feb 2019170,000 hours of sensitive calls to Sweden's healthcare hotline were stored on an open web server with no encryption or authentication. The breach was blamed on subcontractor Medicall.health poor securityy5ComputerSwedenhttps://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internethttps://thenextweb.com/eu/2019/02/18/2-7-million-patient-calls-to-swedish-healthcare-hotline-left-unprotected-online/#333
90
Dubsmash162,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.web hacked1162,000,000The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/332
91
ShareThis41,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/331
92
HauteLook28,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.retailhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/330
93
Animoto25,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/329
94
EyeEm22,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/328
95
8fit20,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/327
96
Whitepages18,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/326
97
Fotolog16,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/325
98
Armor Games11,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.gaminghacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/324
99
BookMate8,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/323
100
CoffeeMeetsBagel6,000,0002019 Feb 2019Part of the theft of 617 million online account details from 16 hacked websites, put up for sale on the dark web.webhacked1The Registerhttps://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/322