Balloon Race: Data Breaches - Public Data
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
Still loading...
Entityalternative namestoryYEARrecords lostORGANISATIONMETHOD OF LEAKinteresting storyNO OF RECORDS STOLENDATA SENSITIVITYUNUSEDUNUSEDExclude1st source link2nd source link3rd sourcesource nameUNUSEDUNUSEDUNUSEDUNUSEDUNUSEDUNUSEDLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual studyLink to individual study
Elaboration if there's an interesting story or detail behind ityears are encoded (0=2004, 8 = 2012, 9 = 2013, 10&11=2014, 12=latest)context & leak size1. Just email address/Online information 20 SSN/Personal details 300 Credit card information 4000 Email password/Health records 50000 Full bank account detailsShow this item in the viz?
Australian Immigration DepartmentAn employee of the agency inadvertently sent the passport numbers, visa details and other personal identifiers of all world leaders attending the G20 Brisbane summit to the organisers of the Asian Cup football tournament. Barack Obama, Vladimir Putin, Angela Merkel, Xi Jinping, Narendra Modi, David Cameron and many others.12unknowngovernmentaccidentally published5000005
British AirwaysFrequent flyer accounts12tens of thousandsretailhacked5000001
Slacksoftware for remote working12500000techpoor security5000001
Twitch.tvGaming siteMarch 23rd. Details unknown at this point. All Twitch's 10 million users have been requested to change their passwords.11unknownhealthhacked100000001
PremeraUS healthcare providerDetected 29th Jan 2015. Occured May 2014. "C could include names, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information"1211000000healthhacked110000005
UberOccured Sep 2014. Revealed Feb 2015. Names & license plates of 50,000 driver partners.1250000techpoor security500001
Anthem Second-largest health insurer in the USFeb 2015: Names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.201580000000healthcarehackedy8000000020
Sony PicturesWide-ranging hack of potentially every piece of data held by the company, including: unreleased films & scripts, employee social security numbers, salaries and health check results, as well as sensitive internal business documents relating to lay-offs, restructures and executive salaries. Lead suspects are "North Korean hackers" perhaps related to the Seth Rogen film, "The Interview" which mocks the North Korean dictator, Kim Jong Un.2014100 terrabytesmediahacked1000000020
JP Morgan ChaseJuly 2014: The US's largest bank was compromised by hackers, stealing names, addresses, phone numbers and emails of account holders. The hack began in June but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers.201476000000financialhackedy76000000300
Gmail5 million gmail account passwords leaked to a forum. Close inspection revealed the user details to be old (3+ years). Multiple individual targeted hacks, rather than one big dataleak, suspected to be the method. 20145,000,000webhackedy50000001
Home DepotMalware installed on cash register system across 2,200 stores syphoned credit card details of up to 56 million customers. May be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others201456,000,000retailhackedy56000000300
Mozilla201476,000webpoor security76000020
Community Health ServicesAug 2014: Community Health Systems, which operates 206 hospitals across the US, had patient data from the last 5 years breached. Details included names, addresses, social security numbers. Suspected "chinese hackers" were thought responsible. Goal: identity theft.20144,500,000healthcarehackedy450000020
New York TaxisA freedom of information request resulted in the release of data on all 173 million journeys undertaken by New York taxis in one year. Unfortunately, the data was incorrectly anonymised and relatively easy to decode, revealing the driver IDs, pickup & dropoff times, and GPS routes taken for every single cab journey.201452,000transportpoor securityy520001
Dominios Pizzas (France)2014600,000webhacked6000001
LexisNexisHackers stole millions of social security numbers - including Michelle Obama's - from 3 large US data brokers20141,000,000techhacked1000000300 Today; Reuters; BBC News
Korea Credit Bureau201420000000financialinside job2000000050000
TargetInvestigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores. Originally 40m customers. Now 70m!201470,000,000retailhackedy70000000200,0,3434295.story
EbayThe company has said hackers attacked between late February and early March with login credentials obtained from “a small number” of employees. They then accessed a database containing all user records and copied “a large part” of those credentials.2014145,000,000webhackedy1450000001
AdobeSep 17th 2013. Hackers obtained access to a large swathe of Adobe customer IDs and encrypted passwords & removed sensitive information (i.e. names, encrypted credit or debit card numbers, expiration dates, etc.). Approximately 38 million Adobe customers. Updated: Now 152m (May 2014)2014152,000,000techhackedy15200000050000
Neiman MarcusUS retailer20141,100,000retailhacked110010020
European Central Bank2014"unknown"financialhacked40000001
UPSMalware was discovered in the credit & debit card processing systems at 51 branches in 24 states.2014"unknown"retailhacked4000000300
NASDAQNasdaq OMX GroupNasdaq forum website hacked by hacking ring, email addresses and passwords compromised2014unknownfinancialhackedy5000001
Advocate Medical Group4,000,000 patient names, addresses, dates of birth, and Social Security numbers were contained in four computers stolen from an administrative building. Second biggest security breach ever reported to the Department of Health and Human Services (HHS).20134,000,000healthcarelost / stolen mediay4,000,00020
SnapChat31st Dec 2013. Hackers abused an exploit to syphon 4.7m user details, including phone numbers. Check here to see if your account was compromised:,700,000web, techhacked470000020
South Africa policeSouth Africa Police Service's anonymous whistleblowing websiteHacker collective 'Anonymous' hacked an anonymous whistleblowing website run by the South Africa Police Service (SAPS), revealing the identities of thousands of its users. The hack was in response to the massacre of 34 protesting miners at Marikana in August 2012.201316,000governmenthacked y1600020
Crescent Health Inc., WalgreensNames, Social Security numbers, health insurance identification numbers, health insurance information, dates of birth, diagnoses, other medical information, disability codes, addresses, and phone numbers may have been exposed via a laptop theft.2013100,000healthcarelost / stolen computer1000004000 Rights
Florida CourtsFlorida Department of Juvenile Justice2013100,000governmentlost / stolen computer10000020 Rights
Florida Department of Juvenile JusticeThree computers were stolen that contained both youth and employee records was reported stolen on January 2, 2013. Over 100,000 records were on the device and may have been exposed.2013100,000governmentlost / stolen computer100,00020 Rights
Central Hudson Gas & ElectricCustomer banking information and other personal information may have been accessed during the hack.2013110,000energyhacked110000300 Rights
Kirkwood Community CollegeHacked online database2013125,000academichacked12500020 Rights
CitigroupThird big data breach from Citigroup."The personal information of 150,000 consumers who went into bankruptcy between 2007 and 2011 – including their social security numbers – were exposed after Citi failed to properly redact court records before they were put on the Public Access to Court Electronic Records (PACER) system."2013150,000financialpoor securityy150,00020
Washington State court systemAdministrative officesUp to 160,000 Social Security numbers and a million driver's license numbers may have been accessed by hackers exploiting old versions of Adobe Cold Fusion software on the server. 2013160,000governmenthacked16000020; Privacy Rights
TerraCom & YourTelThe telecom firms TerraCom and YourTel have branded reporters for Scripps News as "hackers" after journalists discovered that the personal data of over 170,000 customers - including social security numbers and other identifying data that could be used for identity theft - were sitting on a publicly accessible server.2013170,000telecomsaccidentally publishedy17000020 Boing; Wired
NintendoJapan's Club Nintendo serviceJapan's Club Nintendo service was hacked following thousands of unauthorized accesses. Customer information compromised in the attack includes full names, phone numbers, home and email addresses.2013240,000gaminghacked23932620
TwitterHackers had access to limited user information -- usernames, email addresses, session tokens and encrypted/salted versions of passwords -- for approximately 250,000 users.2013250,000webhacked 2500001
AppleDeveloper portal hacked. "Some" information about 275,000 3rd-party developers potentially stolen.2013275,000techhacked2750001
Scribd"world's largest online library" Hack resulted in a few hundred thousand stolen passwords.2013500,000webhacked5000001 Security; NBC News
Drupalopen-source content management platformMalicious files placed on servers via a 3rd-party application. Exposed usernames, e-mail addresses, country information, and cryptographically hashed passwords.20131,000,000webhacked10000001 Technica
Dun & BradstreetHackers stole millions of social security numbers - including Michelle Obama's - from 3 large US data brokers20131,000,000techhacked1000000300 Today; Reuters; BBC News
Kroll Background AmericaHackers stole millions of social security numbers - including Michelle Obama's - from 3 large US data brokers20131,000,000techhacked1000000300 Today; Reuters; BBC News
Kissinger CablesMore than 1.7 million US diplomatic records for the period 1973 to 1976, including intelligence reports and congressional correspondence.Wikileaks20131,700,000governmentinside job1700000300
UbuntuThe discussion forum for the popular alternative, open-source operating systemJuly 2013: Discussion forum for the operating system was compromised leaking personal details and password. The passwords were cryptographically scrambled using the MD5 hashing algorithm - considered an inadequate means of protecting stored passwords by security experts.20132,000,000techhackedy2000000300 Loss Database
VodafoneAn IT contractor for the firm used his deep access to the telecom giant's system to copy customer names and bank account details.20132,000,000telecomsinside joby2000000300 Week
FacebookUsing the network's "Download Your Information" tool, some Facebook members were inadvertently sent the phone numbers or email address of Facebook friends that were otherwise private. Facebook assured users that the bug was fixed within a day, and that there is no evidence that the information was used maliciously.20136,000,000webaccidentally published60000001
Yahoo Japan22 million Yahoo user IDs may have been leaked after Yahoo detected an unauthorized attempt to access the administrative system of its web portal Yahoo Japan. The leaked information did not include passwords and data necessary for identity verification to reset passwords.201322,000,000tech, webhacked220000001
Evernoteonline note-taking siteEvernote asked its 50 million users to reset their passwords following an attempt to hack the note-taking network. The company said it’d found no evidence that any payment information for Evernote Premium or Evernote Business customers had been accessed, nor was there any indication that content stored by users had been accessed, changed or lost.201350,000,000webhacked500000001; Digital Trends
Living Socialspecial offers websiteOnline criminals gained access to user names, e-mail addresses, dates of birth & encrypted passwords for 50 million people. Databases storing financial information were not compromised in the attack, the company said.201350,000,000webhacked500000004000 Security; New York Times
UbiSoftgames company2013"unknown"gaminghacked5800000020
OVHFrench Internet host2013undisclosedwebhacked50000020
Militarysingles.comOnline dating network for, you guessed it, military singlesCollective group LulzSec released a database of 163,792 names, usernames, e-mail addresses, IP addresses, and passwords of "single" military personnel.2012163,792web, militaryaccidentally published1637924000 World
Emory Healthcarehospital system in Atlanta2012315,000healthcarepoor security3150004000
Formspring Interest-based social Q&A websiteFormspring was tipped off to a breach after 420,000 hashed passwords were posted to a security forum. 2012420,000webaccidentally publishedy4200004000;txt
Yahoo VoicesYahoo Voices service was hacked, exposing more than 450,000 usernames and passwords.2012450,000tech, webhacked4500001
MedicaidUS health program for low income people and familiesThe Utah Department of Technology Services had recently moved their claims records to a new server, and hackers believed to be operating out of Eastern Europe were able to circumvent the server’s multi-layered security system containing Social Security numbers for the Medicaid claims.2012780,000government, healthcarehackedy78000020
California Department of Child Support ServicesCalifornia child support records were lost in transit during a disaster preparedness exercise.2012800,000governmentlost / stolen media 80000020
New York State Electric & GasAn employee from a software consulting firm was allowed unauthorized access to the company’s databases.20121,800,000energyinside job180000020
Three Iranian banksSaderat, Eghtesad Novin, & SamanAfter finding a security vulnerability in Iran's banking system, software manager Khosrow Zarefarid
wrote a formal report and sent it to the CEOs of all the affected banks across the country. When the banks ignored his findings, he hacked 3 million bank accounts, belonging to at least 22 different banks, to prove his point.
20123,000,000financialhackedy300000050000 Net
South Carolina GovernmentSouth Carolina Department of Health and Human ServicesA man was charged with five counts of violating medical confidentiality laws and one count of disclosure of confidential information after he gained access to personal information for more than 228,000 Medicaid beneficiaries.20126,400,000healthcareinside job228,4354000
Office of the Texas Attorney GeneralThe office of Texas Attorney General Greg Abbott mistakenly gave attorneys access to millions of Social Security numbers in a case against the state’s voter ID law20126,500,000governmentaccidentally published650000020
Global PaymentsCredit, debit and check processing for merchants (Visa, Mastercard, etc)1.5 million credit card numbers from its systems may have been exposed after detecting “unauthorized access” into its processing system. 20127,000,000financialhacked1500000300
GamigoGerman gaming website20128,000,000webhacked80000001
LinkedIn, eHarmony, Last.fmHacker 'dwdm' uploaded a file containing 6.5 million passwords on a Russian hacker forum. Soon after another 1.5 million passwords were discovered. On analysis, 93% of the passwords could be found in the Top 10,000 password list.20128,000,000webaccidentally published80000004000;txt
KT Corp.Korean mobile carrierTwo suspects reportedly earnt an estimated $877,000 by selling the contact information and plan details of 8.7 million KT subscribers, almost half of the carrier's total customers.20128,700,000telecomshacked870000020
Greek governmentA computer programmer was arrested in Greece for allegedly stealing the identity information of what could amount to 83% of the country's population. The 35-year-old was found in possession of 9 million data files containing identification card data, addresses, tax ID numbers and licence plate numbers, which he was also suspected of trying to sell.20129,000,000governmenthacked900000020
Massive American business hack7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and IngenicardOver eight years, a hacking ring targeted banks, payment processors and chain stores, to steal more than 160 million credit and debit card numbers, targeting more than 800,000 bank accounts 2012160,000,000financialhackedy16000000050000
DropboxWebsites stolen from other websites used to sign into a small number of Dropbox accounts. The hack was mainly used to send spam to users. 2012"small number"webhacked30,0001
"Apple"Hacking group AntiSec claimed they hacked an FBI laptop in March 2012 accessing a file of more than 12 million Apple Unique Device Identifiers (UDIDs). Subsequently, it was discovered that app developer BlueToad was the source of the breach. The list contained personal information such as full names, phone numbers and addresses. AntiSec published a million of these UDIDs online.201212,367,232 tech, retailaccidentally publishedy1236723220
BlizzardActivision, Battle.netScrambled passwords, e-mail addresses, and personal security answers were knowingly stolen from Blizzard's internal network. Blizzard would not elaborate on the size of the hack ("millions"). 201214,000,000gaminghacked1400000020
Morgan Stanley Smith BarneyMorgan Stanley mailed a CD containing sensitive data about investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. The package arrived at the building but when it arrived at the relevant desk the data CD was missing.201134,000financiallost / stolen media y34000300
US Army201150,000militaryaccidentally published500001
Writerspace.comWebsite design and hosting for writersHacker group LulzSec released the e-mails and passwords, 12,000 of which were confirmed to originate from 201162,000webhacked620001,2817,2387186,00.aspPC Mag
University of Wisconsin - Milwaukee201173,000academichacked73,00020
Memorial Healthcare SystemFloridaAn employee of an affiliated physician’s office may have improperly accessed patient information through a web portal used by physicians who provide care and treatment at MHS. Specifically, patients’ names, dates of birth, and Social Security numbers.2011102,153healthcarelost / stolen media10215320
US Law Enforcement"AntiSec" hackers published 2,719 social security numbers, 8,214 passwords, 15,798 birth dates, 48,182 street addresses, 1,531,628 email addresses, 106,691 phone numbers, 57 bank account numbers, 53 driver's license numbers, and eight credit card numbers of more than 70 different U.S. law enforcement agencies.2011123,461governmentaccidentally published123461300,2817,2390683,00.aspPC World
Accendo Insurance Co. Mismailed letters which allowed some lines of sensitive information (medication name, date of birth, and member ID) to be visible through the envelope window. The mailings were addressed correctly and, to the knowledge of the company, were received by the intended recipients.2011175,350healthcarepoor security1753504000
San Francisco Public Utilities Commission 2011180,000governmenthacked1800001
Bethesda Game StudiosUS video game company (Elder Scrolls, Fallout 3)Hacking collective Lulzsec stole account information of 200,000 user.2011200,000gaminghacked2000001 World
Restaurant Depotfood, equipment, and supplies for restaurants2011200,000retailhacked200000300
Massachusetts GovernmentMassachusetts Executive Office of Labor and WorkforceOver 1,500 departmental computers were infected with the W32.QAKBOT virus, a malicious program which “downloads additional files, steals information, and opens a back door on the compromised computer”. 2011210,000governmentpoor securityy21000050000
Honda CanadaNames, addresses and vehicle identification numbers were taken from the company’s eCommerce websites myHonda and myAcura2011283,000retailpoor securityy28300020
Southern California Medical-Legal ConsultantsElectronic files containing names and social security numbers of approximately 300,000 individuals who have applied for California workers’ compensation benefits had been exposed to unauthorized access.2011300,000healthcarehacked30000020
CitigroupLess than 1% of Citbank card holders' names, account numbers, and contact information such as e-mail addresses were stolen. Card security codes were not stolen. 2011360,083financialhacked360083300 World
Spartanburg Regional Healthcare SystemThe stolen computer contained a password-protected file with Social Security numbers as well as names, addresses, dates of birth and medical billing codes.2011400,000healthcarelost / stolen computer4000004000
Eisenhower Medical CenterCalifornia hospitalStolen computer contained data listing patients' names, ages, dates of birth, medical record numbers and the last four digits of their social security numbers.2011514,330healthcarelost / stolen computer5143304000
StratforShadowy global intelligence companyHacking collective Anonymous defaced the website of Stratfor and posted a file online of the organization’s confidential client list, along with credit card details, passwords and home addresses for those clients. They released 47,680 unique e-mail addresses and 50,277 unique credit card numbers — 9,651 of which were not yet expired. Of the stolen encrypted passwords, 50% were easily crackable. 2011935,000militaryaccidentally published935000300 Times
Oregon Department of Motor VehiclesSheriff's detectives arrested Tim Nuss for accessing an old Oregon Department of Motor Vehicles database. The DMV database was once sold to marketing companies, but the department stopped selling the information in the late 1990s. The sold data include the names, addresses, birth dates, gender and ages of people who registered with the DMV, but no financial information. 20111,000,000governmentpoor security100000020
Sony PicturesLulzSec hacking collective stated all of the information it took was unencrypted, “Sony stored over 1,000,000 passwords of its customers in plaintext." More than 1 million user accounts were compromised. An additional 75,000 music codes and 3.5 million coupons were also uncovered.20111,000,000webhackedy10000001
Nemours FoundationUS children's hospitalsA health care organization that runs children’s hospitals reported the loss of 1.05 million records when data backup tapes were lost.20111,055,489healthcarelost / stolen media 10554894000
Washington PostUnknown hackers broke into The Washington Post's jobs website stealing about 1.27 million user IDs and email addresses.20111,270,000mediahacked127000020,2817,2388200,00.aspPC Mag
SegaInformation stolen during the hack includes names, birth dates, e-mail addresses and passwords from Sega Pass, a system for users interested in newsletters and for registering certain products. 20111,290,755gaminghacked12907554000 Net
Countrywide Financial CorpEmployee convicted of downloading millions of borrower files and selling the information to other loan lender20112,500,000financialinside job250000020
State of Texas3.5 million records were accidentally published online including people's names, mailing addresses, social security numbers, and in some cases dates of birth and driver's license numbers.20113,500,000governmentaccidentally published350000020 Week
data breaches data
underground data costs