Balloon Race: Data Breaches - Defunct formerly-public sheet
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
Entityalternative namestoryYEARrecords lostORGANISATIONMETHOD OF LEAKinteresting storyNO OF RECORDS STOLENDATA SENSITIVITYUNUSEDUNUSEDExclude1st source link2nd source link3rd sourcesource nameUNUSEDUNUSEDUNUSEDUNUSEDUNUSEDUNUSED
this sheet is old: visit here for latest: if there's an interesting story or detail behind ityears are encoded (0=2004, 8 = 2012, 9 = 2013, 10=2014, 11=2015, 13=latest)(use 3m, 4m, 5m or 10m to approximate unknown figures)(use 3m, 4m, 5m or 10m to approximate unknown figures)1. Just email address/Online information 20 SSN/Personal details 300 Credit card information 4000 Email password/Health records 50000 Full bank account detailsShow this item in the viz?
CellebriteCellebrite's main product is a device that rips data from mobile phones. 900GB of data was stolen from Cellebrite. The hackers got hacked. The number of records taken is unknown. Motherboard quotes the hacker as stating “I can't say too much about what has been done. It's one thing to slap them, it's a very different thing to take pictures of [their] balls hanging out.”

Waterly by MGAR LtdApp for paying water billsJan. Israel-based app contained a vulnerability in the sign-in process that could potentially expose user account details. The problem was fixed within 2 weeks of being identifiied. 131000000appvulnerability10000003
BrazzersPorn siteSept. 'The data contains 790,724 unique email addresses, and also includes usernames and plaintext passwords. (The set has 928,072 entries in all, but many are duplicates.'13790724webhacked7907244000
Clinton campaignThe campaign's network was hacked, but nobody knows what information they took.135,000,000governmenthacked500000020
ClixSenseSept. The information stolen contains usernames, passwords, home addresses, payment histories, and other banking details.136600000webhack660000050000
InterparkJuly. South Korean police are blaming North Korea for stealing data in an attempt to obtain foreign currency. 1310,000,000webhack1000000020
Telegram Instant messaging serviceDespite Telegram's claims of super security, they've been hacked by a group called Rocket Kitten. 1315,000,000private firmhacked150000001
WeeblyFeb. Usernames, passwords and IP addresses stolen, although passwords secured with bcrypt. 1343000000webhack430000004000
Red Cross Blood ServiceInfo leaked includes data about 'at risk sexual behaviours'13550000healthcareaccidentally published5500004000
Friend Finder NetworkParent company of Adult Friend Finder , and Penthouse.comUsernames, email addresses, passwords for sites including Adult Friend Finder and Passwords encrypted, but LeakedSource claims to be able to crack 99% of them.13412,000,000webhacked4120000001 / LeakedSource
ThreeThree mobile company in the UKHackers had "access to large parts of the upgrade database" for Three's 9 million UK customers. Database "does not include any customer payment, card information or bank account information"139000000telecomshack900000020
Dailymotionvideo sharing site85.2m email addresses extracted, but only 18.3m had associated passwords.1385200000webhacked852000001
Quest DiagnosticsNov. The stolen data contained names, DOBs, lab results and some telephone numbers.1334000healthcarehacked340004000
Netflix Twitter accountDec. 'OurMine' hacked Netflix's Twitter account & sent out mocking tweets. 131webhacked11
PayAsUGymDec. Fitness website hacked & email address published online.13300000webhacked3000001
Lynda.comowned by LinkedInHackers breached a database that held records of contact info and courses viewed. No official statement yet on how many records were actually stolen, and no evidence yet of them having been published anywhere.139500000webhacked95000001
Tesco BankNov. £2.5m stolen from 9000 customer accounts. 139000bankinghacked90005
Anthem Second-largest health insurer in the USFeb 2015: Names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.1280,000,000healthcarehackedy8000000020
Banner HealthHackers gained access to payment card data via food outlets at Banner Health locations.123,700,000private firmhacked3700000300
Code.orgNon-profit organisationVolunteer email addresses were left accessible via web browser. 1210webpoor security101
Linux Ubuntu forums122,000,000webhacked20000001
Mail. ruGame-related forumsTwo hackers attacked three game-related forums hosted by Russian company 1225,000,000webhacked2500000020
MinecraftLifeboat' communityPlayers using the Lifeboat servers have had their email addresses and passwords leaked.127,000,000webhacked70000001
Mossack FonsecaPanamanian law firm 2.6TB of data on politicians, criminals, professional athletes etc leaked from law firm Mossack Fonseca, including emails, contracts, scanned documents, transcripts...1211,500,000law firmleaky1150000050000
Mutuelle Generale de la PoliceFrench police health insuranceFiles uploaded to Google Drive by a 'malicious' employee. Data included home addresses. The leak came two weeks after a French police officer was murdered by ISIS-inspired attack.12112,000private firmleak11200050000
MySpaceThe same hacker who was selling LinkedIn user data now claims to have MySpace user data too, and lots of it. 12164,000,000webhacked1640000001
National Childbirth TrustCharityLondon-based charity hacked for user information. 1215,000webhacked150001
Philippines’ Commission on ElectionsCOMELECAfter a message was posted on the COMELEC website by hackers from Anonymous, warning the government not to mess with the elections, the entire database was stolen and posted online. 1255,000,000governmenthacked5500000050000
Privatization Agency of the Republic of SerbiaA text file with personal data and financial documents were made publically available on their website. 125,190,396private firmleak51939620
Syrian governmentHacking outfit calling itself 'Cyber Justice Team' leaked 10GB of data from the government and private websites. Seems to be just data from old leaks, though.12274,477governmenthacked2744771
Turkish citizenship databaseTurkish citizenship database has allegedly been hacked and leaked online.1249,611,709governmentleak4961170920
uTorrent It's unclear what data has been breached, exactly, but uTorrent has advised passwords are probably compromised. 1235,000webhacked350001
VerizonSecurity servicesCustomer database and information about company's security flaws stolen and put up for sale. 12100,000webhacked100001
VKRussia's FacebookOver 100m user accounts were hacked and the data put up for sale online. A VK spokesperson has denied that the site was breached, claiming the data for sale is old details no longer in use.12100,544,934webhacked1005449344000
Wendy'sRestaurant chainMalware has been used in 1025 of Wendy's restaurants to steal credit card data from customers. It's currently unknown how many individuals have been impacted.121,025restauranthacked1025300
World CheckRun by Thompson Reuters2014 version of World-Check, a database of suspected terrorists and criminals, leaked online. It's unclear what data the records include.122,200,000private firmleak2200000300
Adult Friend FinderInternet dating & hookup siteSexual preferences, names, email addresses, usernames, dates of birth, postal codes113,900,000webhacked39000001
AshleyMadison.comUS ex-marital affairs site20th July 2015: DEVELOPING: Online hookup site for extra-marital affairs has been severely breached and the personal details of 37m users, as well as company financial records, threatened with release. Notorious hacking outfit The Impact Team has claimed responsibility. The hackers are demanding the shutdown of and other associated sites.1137,000,000webhacked370000001
Australian Immigration DepartmentAn employee of the agency inadvertently sent the passport numbers, visa details and other personal identifiers of all world leaders attending the G20 Brisbane summit to the organisers of the Asian Cup football tournament. Barack Obama, Vladimir Putin, Angela Merkel, Xi Jinping, Narendra Modi, David Cameron and many others.11500,000governmentaccidentally published50000050000
British AirwaysFrequent flyer accounts11500,000retailhacked5000001
CarefirstBlue Cross, Blue Shield US medical insurerAttacked happened in June 2014. Was announced in June 2015.111,100,000healthcarehacked11000001
CarPhone WarehouseUK mobile phone supplier112,700,000webhacked270000050000
Experian / T-mobileThe world's biggest data monitoring firm disclosed a massive breach of customers who applied for service with T-Mobile. Names, addresses, birth dates, Social Security numbers, drivers license numbers and passport numbers.1115,000,000webhacked15000000300
Hacking TeamItalian cybersecurity firm sells digital surveillance software to law enforcement and national security organisations. 400 GB of documents - including software source code, private messages & client databases - has been stolen and put online via BitTorrent. The documents show the company has sold products to repressive regimes.11500,000webhackedy50000050000 Guardian
Invest BankUnited Arab Emirates bankHacker breached a United Arab Emirates bank, demanding a ransom of $3m in bitcoin to stop tweeting data, mostly about corporate accounts. The hacker dumped files on the website of a basketball team, which he hacked for storage. The bank, Invest Bank, won't pay the ransom. 1140,000bankinghacked4000050000
IRSUS Tax service"An unnamed cybermafia used an IRS app to download forms full of personal information. They posed as legitimate taxpayers, and tried to download forms on 200,000 people between February and May. They got away with half of them, the IRS said. The crooks used about 15,000 of them to claim tax refunds in other people's names."11100,000governmentpoor security1000001
KromtechMacKeeper softwareA security researcher stumbled on a leak, which exposed usernames, email addresses and passwords of users. He notified Kromtech, who patched it quickly. 1113,000,000webhacked130000001
MSpykid & partner tracking serviceData dump to the dark web "includes Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions", photos and very private conversations.11400,000techhacked40000020
PremeraUS healthcare providerDetected 29th Jan 2015. Occured May 2014. "C could include names, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information"1111,000,000healthcarehacked1100000050000
SanrioHello Kitty and other franchisesSecurity researcher was able to access a database of 3.3m of Sanrio's accounts, with links to other Sanrio Hello Kitty portals.113,300,000webconfiguration error330000020
Securus TechnologiesPrison phone service providerAnonymous hacker leaked records of over 70m phone calls, plus links to recordings. Recording/storing attorney-client calls potentially violates constitutional protections.1170,000,000webhacked7000000050000
Slacksoftware for remote working11500,000techpoor security5000001
TalkTalkTelecoms provider157k customers had personal details stolen, including 15,600 account numbers. 11157,000webhacked16000020
UberOccured Sep 2014. Revealed Feb 2015. Names & license plates of 50,000 driver partners.1150,000techpoor security500001
US Office of Personnel Management"The intruders... gained access to...employees’ Social Security numbers, job assignments, performance ratings and training information"114,000,000governmenthacked400000020
US Office of Personnel Management (2nd Breach)attackers have targeted the forms submitted by intelligence and military personnel for security clearances. The document includes personal information - everything from eye colour, to financial history, to past substance abuse, as well as contact details for the individual's friends and relatives1121,500,000governmenthacked2150000050000
Voter DatabaseA database of 191 million US voters has been exposed as a result of incorrect configuration. The owner of the database is yet to be identified. The feds are on it. 11191,000,000webconfiguration error19100000020
VTechToymaker companySoftware used to download games to children's computer tablets was hacked, with personal info and photos stolen. 116,400,000webhacked640000050000
"Gmail"5 million Gmail account passwords leaked to a forum, alongside passwords from other email providers. Close inspection revealed the user details to be old (3+ years). Multiple individual targeted hacks of third party websites where people used their Gmail IDs, rather than one big dataleak, suspected to be the method. Gmail itself was not hacked. 105,000,000webhackedy50000001X
Community Health SystemsAug 2014: Community Health Systems, which operates 206 hospitals across the US, had patient data from the last 5 years breached. Details included names, addresses, social security numbers. Suspected "chinese hackers" were thought responsible. Goal: identity theft.104,500,000healthcarehackedy450000020
D&B, AltegrityHackers stole millions of social security numbers from large US data brokers Dun & Bradstreet Corp and Kroll Background America Inc, owned by Altegrity. Correction 7 Jan 2015: we previously stated that records were stolen from LexisNexis. LexisNexis conducted a thorough investigation of the malware intrusion and found no evidence that the malware accessed or stole any customer or consumer data. 101,000,000techhacked1000000300 Today; Reuters; BBC News
Dominios Pizzas (France)10600,000webhacked6000001
EbayThe company has said hackers attacked between late February and early March with login credentials obtained from “a small number” of employees. They then accessed a database containing all user records and copied “a large part” of those credentials.10145,000,000webhackedy1450000001
European Central Bank104,000,000financialhacked40000001
Home DepotMalware installed on cash register system across 2,200 stores syphoned credit card details of up to 56 million customers. May be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others1056,000,000retailhackedy56000000300
Japan AirlinesOct 2014: Japan Airlines confirmed the possible theft of information from up to around 750,000 frequent-flier programme members. Data that may have been stolen included names, genders, birth dates, addresses, email addresses and places of work.10750,000transporthacked80000020
JP Morgan ChaseJuly 2014: The US's largest bank was compromised by hackers, stealing names, addresses, phone numbers and emails of account holders. The hack began in June but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers.1076,000,000financialhackedy76000000300
Korea Credit Bureau1020,000,000financialinside job2000000050000
Mozilla1076,000webpoor security80000020
NASDAQNasdaq OMX GroupNasdaq forum website hacked by hacking ring, email addresses and passwords compromised10500,000financialhackedy5000001
Neiman MarcusUS retailer101,100,000retailhacked110000020
New York TaxisA freedom of information request resulted in the release of data on all 173 million journeys undertaken by New York taxis in one year. Unfortunately, the data was incorrectly anonymised and relatively easy to decode, revealing the driver IDs, pickup & dropoff times, and GPS routes taken for every single cab journey.1052,000transportpoor securityy520001
Sony PicturesWide-ranging hack of potentially every piece of data held by the company, including: unreleased films & scripts, employee social security numbers, salaries and health check results, as well as sensitive internal business documents relating to lay-offs, restructures and executive salaries. Lead suspects are "North Korean hackers" perhaps related to the Seth Rogen film, "The Interview" which mocks the North Korean dictator, Kim Jong Un.1010,000,000mediahacked1000000020
TargetInvestigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores. Originally 40m customers. Now 70m!1070,000,000retailhackedy70000000200,0,3434295.story
Twitch.tvGaming siteMarch 23rd. Details unknown at this point. All Twitch's 10 million users have been requested to change their passwords.1010,000,000healthcarehacked100000001
UPSMalware was discovered in the credit & debit card processing systems at 51 branches in 24 states.104,000,000retailhacked4000000300
YahooHappened in 2014, but no. records stolen was originally thought to be much smaller. Yahoo recently revealed the real numbers.10500,000,000webhacked50000000020
AdobeSep 17th 2013. Hackers obtained access to a large swathe of Adobe customer IDs and encrypted passwords & removed sensitive information (i.e. names, encrypted credit or debit card numbers, expiration dates, etc.). Approximately 36 million Adobe customers were involved: 3.1 million whose credit or debit card information was taken and nearly 33 million active users whose current, encrypted passwords were in the database taken. Correction Jan 2015: we previously reported 152m records were taking, but the remainder affected invalid, inactive, test accounts or had out-of-date passwords associated with them.936,000,000techhackedy3600000050000
Advocate Medical Group4,000,000 patient names, addresses, dates of birth, and Social Security numbers were contained in four computers stolen from an administrative building. Second biggest security breach ever reported to the Department of Health and Human Services (HHS).94,000,000healthcarelost / stolen mediay400000020
AppleDeveloper portal hacked. "Some" information about 275,000 3rd-party developers potentially stolen.9275,000techhacked3000001
Central Hudson Gas & ElectricCustomer banking information and other personal information may have been accessed during the hack.9110,000energyhacked100000300 Rights
CitigroupThird big data breach from Citigroup."The personal information of 150,000 consumers who went into bankruptcy between 2007 and 2011 – including their social security numbers – were exposed after Citi failed to properly redact court records before they were put on the Public Access to Court Electronic Records (PACER) system."9150,000financialpoor securityy15000020
Crescent Health Inc., WalgreensNames, Social Security numbers, health insurance identification numbers, health insurance information, dates of birth, diagnoses, other medical information, disability codes, addresses, and phone numbers may have been exposed via a laptop theft.9100,000healthcarelost / stolen computer1000004000 Rights
Drupalopen-source content management platformMalicious files placed on servers via a 3rd-party application. Exposed usernames, e-mail addresses, country information, and cryptographically hashed passwords.91,000,000webhacked10000001 Technica
Evernoteonline note-taking siteEvernote asked its 50 million users to reset their passwords following an attempt to hack the note-taking network. The company said it’d found no evidence that any payment information for Evernote Premium or Evernote Business customers had been accessed, nor was there any indication that content stored by users had been accessed, changed or lost.950,000,000webhacked500000001; Digital Trends
FacebookUsing the network's "Download Your Information" tool, some Facebook members were inadvertently sent the phone numbers or email address of Facebook friends that were otherwise private. Facebook assured users that the bug was fixed within a day, and that there is no evidence that the information was used maliciously.96,000,000webaccidentally published60000001
Florida CourtsFlorida Department of Juvenile Justice9100,000governmentlost / stolen computer10000020 Rights
Florida Department of Juvenile JusticeThree computers were stolen that contained both youth and employee records was reported stolen on January 2, 2013. Over 100,000 records were on the device and may have been exposed.9100,000governmentlost / stolen computer10000020 Rights
Indiana UniversityStudents who attended the university between 2011 and 2014 may have had their data exposed after it was stored on an unprotected site. The data was accessed by three webcrawlers but there is not evidence it was accessed by any unauthorized individuals.9146,000academicpoor security15000020 University
Kirkwood Community CollegeHacked online database9125,000academichacked13000020 Rights
Kissinger CablesMore than 1.7 million US diplomatic records for the period 1973 to 1976, including intelligence reports and congressional correspondence.Wikileaks91,700,000governmentinside job1700000300
Living Socialspecial offers websiteOnline criminals gained access to user names, e-mail addresses, dates of birth & encrypted passwords for 50 million people. Databases storing financial information were not compromised in the attack, the company said.950,000,000webhacked500000001 Security; New York Times
NintendoJapan's Club Nintendo serviceJapan's Club Nintendo service was hacked following thousands of unauthorized accesses. Customer information compromised in the attack includes full names, phone numbers, home and email addresses.9240,000gaminghacked25000020
NMBSBelgian national railway operatorData stored on a non-secure server, making it possible to access names, gender, DOB, email and postal address data of customers externally by means of a simple search engine query. Most of the data belong to customers in Belgium, France and the UK, including thousands of Commission and Parliament employees. Caused, the NMBS said, by a data worker “clicking on the wrong button”.91,460,000transportaccidentally published150000020 Parliament
2016 Update
data breaches data
underground data costs
Main menu