Balloon Race: Data Breaches - Defunct formerly-public sheet
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAABACADAEAFAGAHAIAJAKALAMANAOAPAQARASATAUAVAWAXAYAZBABB
1
namealternativenamenotesprimaryvaluesubcategorycategorytypehighlightmetric_001metric_002metric_003metric_004excludefirstsourcesecondsourcethirdsource
2
Entityalternative namestoryYEARrecords lostORGANISATIONMETHOD OF LEAKinteresting storyNO OF RECORDS STOLENDATA SENSITIVITYUNUSEDUNUSEDExclude1st source link2nd source link3rd sourcesource nameUNUSEDUNUSEDUNUSEDUNUSEDUNUSEDUNUSED
3
this sheet is old: visit here for latest: https://docs.google.com/spreadsheets/d/1Je-YUdnhjQJO_13r8iTeRxpU2pBKuV6RVRHoYCgiMfg/edit#gid=322165570Elaboration if there's an interesting story or detail behind ityears are encoded (0=2004, 8 = 2012, 9 = 2013, 10=2014, 11=2015, 13=latest)(use 3m, 4m, 5m or 10m to approximate unknown figures)(use 3m, 4m, 5m or 10m to approximate unknown figures)1. Just email address/Online information 20 SSN/Personal details 300 Credit card information 4000 Email password/Health records 50000 Full bank account detailsShow this item in the viz?
4
CellebriteCellebrite's main product is a device that rips data from mobile phones. 900GB of data was stolen from Cellebrite. The hackers got hacked. The number of records taken is unknown. Motherboard quotes the hacker as stating “I can't say too much about what has been done. It's one thing to slap them, it's a very different thing to take pictures of [their] balls hanging out.”

133000000techhackedy300000020http://motherboard.vice.com/read/hacker-steals-900-gb-of-cellebrite-data
5
Waterly by MGAR LtdApp for paying water billsJan. Israel-based app contained a vulnerability in the sign-in process that could potentially expose user account details. The problem was fixed within 2 weeks of being identifiied. 131000000appvulnerability10000003https://www.databreaches.net/waterly-app-potentially-exposed-up-to-1-million-israelis-details-researcher/
6
BrazzersPorn siteSept. 'The data contains 790,724 unique email addresses, and also includes usernames and plaintext passwords. (The set has 928,072 entries in all, but many are duplicates.'13790724webhacked7907244000http://motherboard.vice.com/read/nearly-800000-brazzers-porn-site-accounts-exposed-in-forum-hackhttp://motherboard.vice.com/read/nearly-800000-brazzers-porn-site-accounts-exposed-in-forum-hack
7
Clinton campaignThe campaign's network was hacked, but nobody knows what information they took.135,000,000governmenthacked500000020https://techcrunch.com/2016/07/29/clinton-campaign-reportedly-breached-by-hackers/
8
ClixSenseSept. The information stolen contains usernames, passwords, home addresses, payment histories, and other banking details.136600000webhack660000050000http://www.digitaltrends.com/computing/clixsense-hacked/
9
InterparkJuly. South Korean police are blaming North Korea for stealing data in an attempt to obtain foreign currency. 1310,000,000webhack1000000020http://www.nytimes.com/2016/07/29/world/asia/north-korea-hacking-interpark.html
10
Telegram Instant messaging serviceDespite Telegram's claims of super security, they've been hacked by a group called Rocket Kitten. 1315,000,000private firmhacked150000001http://venturebeat.com/2016/08/02/hackers-break-into-telegram-revealing-15-million-users-phone-numbers/
11
WeeblyFeb. Usernames, passwords and IP addresses stolen, although passwords secured with bcrypt. 1343000000webhack430000004000https://techcrunch.com/2016/10/20/weebly-hacked-43-million-credentials-stolen/
12
Red Cross Blood ServiceInfo leaked includes data about 'at risk sexual behaviours'13550000healthcareaccidentally published5500004000http://www.abc.net.au/news/2016-10-28/red-cross-blood-service-admits-to-data-breach/7974036
13
Friend Finder NetworkParent company of Adult Friend Finder , Cams.com and Penthouse.comUsernames, email addresses, passwords for sites including Adult Friend Finder and Penthouse.com. Passwords encrypted, but LeakedSource claims to be able to crack 99% of them.13412,000,000webhacked4120000001http://www.zdnet.com/article/adultfriendfinder-network-hack-exposes-secrets-of-412-million-users/https://www.leakedsource.com/blog/friendfinderZDNet / LeakedSource
14
ThreeThree mobile company in the UKHackers had "access to large parts of the upgrade database" for Three's 9 million UK customers. Database "does not include any customer payment, card information or bank account information"139000000telecomshack900000020http://www.telegraph.co.uk/news/2016/11/17/three-mobile-cyber-hack--six-million-customers-private-data-at-r/
15
Dailymotionvideo sharing site85.2m email addresses extracted, but only 18.3m had associated passwords.1385200000webhacked852000001http://www.zdnet.com/article/dailymotion-hack-exposes-millions-of-accounts/
16
Quest DiagnosticsNov. The stolen data contained names, DOBs, lab results and some telephone numbers.1334000healthcarehacked340004000http://newsroom.questdiagnostics.com/2016-12-12-Quest-Diagnostics-Provides-Notice-of-Data-Security-Incident#assets_129
17
Netflix Twitter accountDec. 'OurMine' hacked Netflix's Twitter account & sent out mocking tweets. 131webhacked11http://www.reuters.com/article/us-netflix-cyber-idUSKBN14A1GR
18
PayAsUGymDec. Fitness website hacked & email address published online.13300000webhacked3000001http://www.bbc.co.uk/news/technology-38350987
19
Lynda.comowned by LinkedInHackers breached a database that held records of contact info and courses viewed. No official statement yet on how many records were actually stolen, and no evidence yet of them having been published anywhere.139500000webhacked95000001https://www.neowin.net/news/microsoft-owned-linkedin-is-sending-emails-to-users-about-a-lyndacom-data-breach
20
Tesco BankNov. £2.5m stolen from 9000 customer accounts. 139000bankinghacked90005http://www.theregister.co.uk/2016/11/30/tesco_bank_breach_former_insider_breach_theory/
21
Anthem Second-largest health insurer in the USFeb 2015: Names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.1280,000,000healthcarehackedy8000000020http://www.anthemfacts.com/faq
22
Banner HealthHackers gained access to payment card data via food outlets at Banner Health locations.123,700,000private firmhacked3700000300https://www.bannerhealth.com/news/2016/08/banner-health-identifies-cyber-attack#
23
Code.orgNon-profit organisationVolunteer email addresses were left accessible via web browser. 1210webpoor security101http://blog.code.org/post/140938173013/some-volunteer-email-addresses-compromised
24
Linux Ubuntu forums122,000,000webhacked20000001http://betanews.com/2016/07/15/ubuntu-linux-forums-hacked/
25
Mail. ruGame-related forumsTwo hackers attacked three game-related forums hosted by Russian company Mail.ru. 1225,000,000webhacked2500000020http://www.zdnet.com/article/over-25-million-accounts-stolen-after-mail-ru-forums-raided-by-hackers/
26
MinecraftLifeboat' communityPlayers using the Lifeboat servers have had their email addresses and passwords leaked.127,000,000webhacked70000001http://motherboard.vice.com/read/another-day-another-hack-7-million-emails-and-hashed-passwords-for-minecraft
27
Mossack FonsecaPanamanian law firm 2.6TB of data on politicians, criminals, professional athletes etc leaked from law firm Mossack Fonseca, including emails, contracts, scanned documents, transcripts...1211,500,000law firmleaky1150000050000http://panamapapers.sueddeutsche.de/articles/56febff0a1bb8d3c3495adf4/
28
Mutuelle Generale de la PoliceFrench police health insuranceFiles uploaded to Google Drive by a 'malicious' employee. Data included home addresses. The leak came two weeks after a French police officer was murdered by ISIS-inspired attack.12112,000private firmleak11200050000http://www.bbc.co.uk/news/world-europe-36645519
29
MySpaceThe same hacker who was selling LinkedIn user data now claims to have MySpace user data too, and lots of it. 12164,000,000webhacked1640000001http://motherboard.vice.com/read/427-million-myspace-passwords-emails-data-breach
30
National Childbirth TrustCharityLondon-based charity hacked for user information. 1215,000webhacked150001https://thestack.com/security/2016/04/08/childbirth-charity-hack-leaks-15000-expectant-parents-data/
31
Philippines’ Commission on ElectionsCOMELECAfter a message was posted on the COMELEC website by hackers from Anonymous, warning the government not to mess with the elections, the entire database was stolen and posted online. 1255,000,000governmenthacked5500000050000http://blog.trendmicro.com/trendlabs-security-intelligence/55m-registered-voters-risk-philippine-commission-elections-hacked/
32
Privatization Agency of the Republic of SerbiaA text file with personal data and financial documents were made publically available on their website. 125,190,396private firmleak51939620http://www.shareconference.net/en/defense/personal-data-more-5-million-citizens-serbia-unlawfully-published
33
Syrian governmentHacking outfit calling itself 'Cyber Justice Team' leaked 10GB of data from the government and private websites. Seems to be just data from old leaks, though.12274,477governmenthacked2744771http://news.softpedia.com/news/syrian-government-hacked-43-gb-of-data-spilled-online-by-hacktivists-502765.shtml
34
Turkish citizenship databaseTurkish citizenship database has allegedly been hacked and leaked online.1249,611,709governmentleak4961170920http://www.businessinsider.com/turkish-citizenship-database-allegedly-hacked-and-leaked-2016-4?r=UK&IR=T
35
uTorrent It's unclear what data has been breached, exactly, but uTorrent has advised passwords are probably compromised. 1235,000webhacked350001https://torrentfreak.com/utorrent-forums-hacked-passwords-compromised-160608/
36
VerizonSecurity servicesCustomer database and information about company's security flaws stolen and put up for sale. 12100,000webhacked100001http://arstechnica.com/security/2016/03/after-verizon-breach-1-5-million-customer-records-put-up-for-sale/
37
VKRussia's FacebookOver 100m user accounts were hacked and the data put up for sale online. A VK spokesperson has denied that the site was breached, claiming the data for sale is old details no longer in use.12100,544,934webhacked1005449344000http://motherboard.vice.com/read/another-day-another-hack-100-million-accounts-for-vk-russias-facebook
38
Wendy'sRestaurant chainMalware has been used in 1025 of Wendy's restaurants to steal credit card data from customers. It's currently unknown how many individuals have been impacted.121,025restauranthacked1025300http://abcnews.go.com/Technology/wireStory/wendys-1000-restaurants-affected-hack-40407208
39
World CheckRun by Thompson Reuters2014 version of World-Check, a database of suspected terrorists and criminals, leaked online. It's unclear what data the records include.122,200,000private firmleak2200000300https://thestack.com/security/2016/06/29/2-million-person-terror-database-leaked-online/
40
Adult Friend FinderInternet dating & hookup siteSexual preferences, names, email addresses, usernames, dates of birth, postal codes113,900,000webhacked39000001http://www.channel4.com/news/adult-friendfinder-dating-hack-internet-dark-web
41
AshleyMadison.comUS ex-marital affairs site20th July 2015: DEVELOPING: Online hookup site for extra-marital affairs has been severely breached and the personal details of 37m users, as well as company financial records, threatened with release. Notorious hacking outfit The Impact Team has claimed responsibility. The hackers are demanding the shutdown of AM.com and other associated sites.1137,000,000webhacked370000001http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/
42
Australian Immigration DepartmentAn employee of the agency inadvertently sent the passport numbers, visa details and other personal identifiers of all world leaders attending the G20 Brisbane summit to the organisers of the Asian Cup football tournament. Barack Obama, Vladimir Putin, Angela Merkel, Xi Jinping, Narendra Modi, David Cameron and many others.11500,000governmentaccidentally published50000050000http://www.theguardian.com/world/2015/mar/30/personal-details-of-world-leaders-accidentally-revealed-by-g20-organisers
43
British AirwaysFrequent flyer accounts11500,000retailhacked5000001http://www.theguardian.com/business/2015/mar/29/british-airways-frequent-flyer-accounts-hacked
44
CarefirstBlue Cross, Blue Shield US medical insurerAttacked happened in June 2014. Was announced in June 2015.111,100,000healthcarehacked11000001http://carefirstanswers.com/
45
CarPhone WarehouseUK mobile phone supplier112,700,000webhacked270000050000http://www.theguardian.com/technology/2015/aug/10/carphone-warehouse-uk-data-watchdog-investigating-customer-hack
46
Experian / T-mobileThe world's biggest data monitoring firm disclosed a massive breach of customers who applied for service with T-Mobile. Names, addresses, birth dates, Social Security numbers, drivers license numbers and passport numbers.1115,000,000webhacked15000000300http://www.reuters.com/article/2015/10/02/us-tmobile-dataprotection-idUSKCN0RV5PL20151002
47
Hacking TeamItalian cybersecurity firm sells digital surveillance software to law enforcement and national security organisations. 400 GB of documents - including software source code, private messages & client databases - has been stolen and put online via BitTorrent. The documents show the company has sold products to repressive regimes.11500,000webhackedy50000050000http://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claimThe Guardian
48
Invest BankUnited Arab Emirates bankHacker breached a United Arab Emirates bank, demanding a ransom of $3m in bitcoin to stop tweeting data, mostly about corporate accounts. The hacker dumped files on the website of a basketball team, which he hacked for storage. The bank, Invest Bank, won't pay the ransom. 1140,000bankinghacked4000050000http://www.dailydot.com/politics/invest-bank-hacker-buba/
49
IRSUS Tax service"An unnamed cybermafia used an IRS app to download forms full of personal information. They posed as legitimate taxpayers, and tried to download forms on 200,000 people between February and May. They got away with half of them, the IRS said. The crooks used about 15,000 of them to claim tax refunds in other people's names."11100,000governmentpoor security1000001http://money.cnn.com/2015/05/26/pf/taxes/irs-website-data-hack/index.html
50
KromtechMacKeeper softwareA security researcher stumbled on a leak, which exposed usernames, email addresses and passwords of users. He notified Kromtech, who patched it quickly. 1113,000,000webhacked130000001https://thestack.com/security/2015/12/15/mackeeper-discloses-13-million-mac-users-details-with-poor-hash-protection/https://www.reddit.com/r/apple/comments/3wq9fc/massive_data_breach/
51
MSpykid & partner tracking serviceData dump to the dark web "includes Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions", photos and very private conversations.11400,000techhacked40000020http://krebsonsecurity.com/2015/05/mobile-spy-software-maker-mspy-hacked-customer-data-leaked/
52
PremeraUS healthcare providerDetected 29th Jan 2015. Occured May 2014. "C could include names, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information"1111,000,000healthcarehacked1100000050000http://premeraupdate.com/
53
SanrioHello Kitty and other franchisesSecurity researcher was able to access a database of 3.3m of Sanrio's Sanriotown.com accounts, with links to other Sanrio Hello Kitty portals.113,300,000webconfiguration error330000020http://www.csoonline.com/article/3017171/security/database-leak-exposes-3-3-million-hello-kitty-fans.html
54
Securus TechnologiesPrison phone service providerAnonymous hacker leaked records of over 70m phone calls, plus links to recordings. Recording/storing attorney-client calls potentially violates constitutional protections.1170,000,000webhacked7000000050000https://theintercept.com/2015/11/11/securus-hack-prison-phone-company-exposes-thousands-of-calls-lawyers-and-clients/
55
Slacksoftware for remote working11500,000techpoor security5000001http://techcrunch.com/2015/03/27/slack-got-hacked/
56
TalkTalkTelecoms provider157k customers had personal details stolen, including 15,600 account numbers. 11157,000webhacked16000020http://www.bbc.co.uk/news/uk-34784980http://www.bbc.co.uk/news/uk-34611857http://www.theguardian.com/business/2015/oct/22/talktalk-customer-data-hackers-website-credit-card-details-attack
57
UberOccured Sep 2014. Revealed Feb 2015. Names & license plates of 50,000 driver partners.1150,000techpoor security500001http://blog.uber.com/2-27-15
58
US Office of Personnel Management"The intruders... gained access to...employees’ Social Security numbers, job assignments, performance ratings and training information"114,000,000governmenthacked400000020http://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-governments-personnel-office/2015/06/04/889c0e52-0af7-11e5-95fd-d580f1c5d44e_story.html?tid=hpModule_04941f10-8a79-11e2-98d9-3012c1cd8d1e
59
US Office of Personnel Management (2nd Breach)attackers have targeted the forms submitted by intelligence and military personnel for security clearances. The document includes personal information - everything from eye colour, to financial history, to past substance abuse, as well as contact details for the individual's friends and relatives1121,500,000governmenthacked2150000050000http://www.bbc.co.uk/news/world-us-canada-33120405http://www.reuters.com/article/2015/07/09/us-cybersecurity-usa-idUSKCN0PJ2M420150709?feedType=RSS&feedName=topNews&utm_source=twitter
60
Voter DatabaseA database of 191 million US voters has been exposed as a result of incorrect configuration. The owner of the database is yet to be identified. The feds are on it. 11191,000,000webconfiguration error19100000020http://uk.reuters.com/article/us-usa-voters-breach-idUKKBN0UB1E020151229
61
VTechToymaker companySoftware used to download games to children's computer tablets was hacked, with personal info and photos stolen. 116,400,000webhacked640000050000http://www.theguardian.com/technology/2015/dec/02/vtech-hack-us-hong-kong-investigate-children-exposedhttp://www.troyhunt.com/2015/11/when-children-are-breached-inside.html
62
"Gmail"5 million Gmail account passwords leaked to a forum, alongside passwords from other email providers. Close inspection revealed the user details to be old (3+ years). Multiple individual targeted hacks of third party websites where people used their Gmail IDs, rather than one big dataleak, suspected to be the method. Gmail itself was not hacked. 105,000,000webhackedy50000001Xhttp://thenextweb.com/google/2014/09/10/4-93-million-gmail-usernames-passwords-published-google-says-evidence-systems-compromised/
63
AOL102,400,000webhacked240000001http://blog.aol.com/2014/04/28/aol-security-update/
64
Community Health SystemsAug 2014: Community Health Systems, which operates 206 hospitals across the US, had patient data from the last 5 years breached. Details included names, addresses, social security numbers. Suspected "chinese hackers" were thought responsible. Goal: identity theft.104,500,000healthcarehackedy450000020http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/
65
D&B, AltegrityHackers stole millions of social security numbers from large US data brokers Dun & Bradstreet Corp and Kroll Background America Inc, owned by Altegrity. Correction 7 Jan 2015: we previously stated that records were stolen from LexisNexis. LexisNexis conducted a thorough investigation of the malware intrusion and found no evidence that the malware accessed or stole any customer or consumer data. 101,000,000techhacked1000000300http://www.usatoday.com/story/cybertruth/2013/09/26/lexisnexis-dunn--bradstreet-altegrity-hacked/2878769/http://www.reuters.com/article/2013/09/26/us-cyberattacks-databrokers-idUSBRE98P03220130926http://www.bbc.co.uk/news/technology-24284277USA Today; Reuters; BBC News
66
Dominios Pizzas (France)10600,000webhacked6000001http://www.theguardian.com/technology/2014/jun/16/dominos-pizza-ransom-hack-data
67
EbayThe company has said hackers attacked between late February and early March with login credentials obtained from “a small number” of employees. They then accessed a database containing all user records and copied “a large part” of those credentials.10145,000,000webhackedy1450000001http://my.chicagotribune.com/#section/-1/article/p2p-80265168/
68
European Central Bank104,000,000financialhacked40000001http://www.cityam.com/1406190300/ecb-website-hacked
69
Home DepotMalware installed on cash register system across 2,200 stores syphoned credit card details of up to 56 million customers. May be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others1056,000,000retailhackedy56000000300http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/
70
Japan AirlinesOct 2014: Japan Airlines confirmed the possible theft of information from up to around 750,000 frequent-flier programme members. Data that may have been stolen included names, genders, birth dates, addresses, email addresses and places of work.10750,000transporthacked80000020http://online.wsj.com/articles/japan-airlines-reports-hacker-attack-1412053828http://www.jal.co.jp/en/info/other/140924.html
71
JP Morgan ChaseJuly 2014: The US's largest bank was compromised by hackers, stealing names, addresses, phone numbers and emails of account holders. The hack began in June but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers.1076,000,000financialhackedy76000000300http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/?_php=true&_type=blogs&_r=0
72
Korea Credit Bureau1020,000,000financialinside job2000000050000http://www.securityweek.com/20-million-people-fall-victim-south-korea-data-leak
73
MacRumours.com10860,000webhacked9000001http://www.wired.co.uk/news/archive/2013-11/13/mac-rumours-forums-hacked
74
Mozilla1076,000webpoor security80000020http://www.theguardian.com/technology/2014/aug/05/mozilla-leak-developer-email-addresses-passwords-firefox
75
NASDAQNasdaq OMX GroupNasdaq forum website hacked by hacking ring, email addresses and passwords compromised10500,000financialhackedy5000001http://www.reuters.com/article/2013/07/18/net-us-nasdaq-cybercrime-website-idUSBRE96H1F520130718
76
Neiman MarcusUS retailer101,100,000retailhacked110000020http://www.nytimes.com/2014/01/24/business/neiman-marcus-breach-affected-1-1-million-cards.htmlhttp://krebsonsecurity.com/2014/08/stealthy-razor-thin-atm-insert-skimmers/
77
New York TaxisA freedom of information request resulted in the release of data on all 173 million journeys undertaken by New York taxis in one year. Unfortunately, the data was incorrectly anonymised and relatively easy to decode, revealing the driver IDs, pickup & dropoff times, and GPS routes taken for every single cab journey.1052,000transportpoor securityy520001https://medium.com/@vijayp/f6bc289679a1
78
Sony PicturesWide-ranging hack of potentially every piece of data held by the company, including: unreleased films & scripts, employee social security numbers, salaries and health check results, as well as sensitive internal business documents relating to lay-offs, restructures and executive salaries. Lead suspects are "North Korean hackers" perhaps related to the Seth Rogen film, "The Interview" which mocks the North Korean dictator, Kim Jong Un.1010,000,000mediahacked1000000020http://www.buzzfeed.com/tomgara/sony-hack
79
Staples101,160,000transporthacked1200000300http://fortune.com/2014/12/19/staples-cards-affected-breach/
80
TargetInvestigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores. Originally 40m customers. Now 70m!1070,000,000retailhackedy70000000200http://www.chicagotribune.com/news/sns-rt-us-target-breach-20131218,0,3434295.storyhttp://www.huffingtonpost.com/2013/12/19/target-hacked-customer-credit-card-data-accessed_n_4471672.html?utm_hp_ref=mostpopularhttp://techcrunch.com/2014/01/10/targets-data-breach-gets-worse-70-million-customers-had-info-stolen-including-names-emails-and-phones/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=NetvibesITRC
81
Twitch.tvGaming siteMarch 23rd. Details unknown at this point. All Twitch's 10 million users have been requested to change their passwords.1010,000,000healthcarehacked100000001http://blog.twitch.tv/2015/03/important-notice-about-your-twitch-account/
82
UPSMalware was discovered in the credit & debit card processing systems at 51 branches in 24 states.104,000,000retailhacked4000000300http://time.com/3151681/ups-hack/
83
YahooHappened in 2014, but no. records stolen was originally thought to be much smaller. Yahoo recently revealed the real numbers.10500,000,000webhacked50000000020http://uk.businessinsider.com/yahoo-hack-by-state-sponsored-actor-biggest-of-all-time-2016-9?r=US&IR=T
84
AdobeSep 17th 2013. Hackers obtained access to a large swathe of Adobe customer IDs and encrypted passwords & removed sensitive information (i.e. names, encrypted credit or debit card numbers, expiration dates, etc.). Approximately 36 million Adobe customers were involved: 3.1 million whose credit or debit card information was taken and nearly 33 million active users whose current, encrypted passwords were in the database taken. Correction Jan 2015: we previously reported 152m records were taking, but the remainder affected invalid, inactive, test accounts or had out-of-date passwords associated with them.936,000,000techhackedy3600000050000http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.htmlhttp://www.zdnet.com/adobe-admits-2-9m-customer-accounts-have-been-compromised-7000021546/http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/
85
Advocate Medical Group4,000,000 patient names, addresses, dates of birth, and Social Security numbers were contained in four computers stolen from an administrative building. Second biggest security breach ever reported to the Department of Health and Human Services (HHS).94,000,000healthcarelost / stolen mediay400000020http://healthitsecurity.com/2013/08/27/advocate-medical-group-endures-massive-data-breach/http://datalossdb.org/latest_incidents_remote_sync
86
AppleDeveloper portal hacked. "Some" information about 275,000 3rd-party developers potentially stolen.9275,000techhacked3000001http://www.guardian.co.uk/technology/2013/jul/22/apple-developer-site-hacked
87
Central Hudson Gas & ElectricCustomer banking information and other personal information may have been accessed during the hack.9110,000energyhacked100000300http://www.privacyrights.org/data-breachPrivacy Rights
88
CitigroupThird big data breach from Citigroup."The personal information of 150,000 consumers who went into bankruptcy between 2007 and 2011 – including their social security numbers – were exposed after Citi failed to properly redact court records before they were put on the Public Access to Court Electronic Records (PACER) system."9150,000financialpoor securityy15000020http://news.softpedia.com/news/Citi-Exposes-Details-of-150-000-Individuals-Who-Went-into-Bankruptcy-369979.shtml
89
Crescent Health Inc., WalgreensNames, Social Security numbers, health insurance identification numbers, health insurance information, dates of birth, diagnoses, other medical information, disability codes, addresses, and phone numbers may have been exposed via a laptop theft.9100,000healthcarelost / stolen computer1000004000http://www.privacyrights.org/data-breachPrivacy Rights
90
Drupalopen-source content management platformMalicious files placed on association.drupal.org servers via a 3rd-party application. Exposed usernames, e-mail addresses, country information, and cryptographically hashed passwords.91,000,000webhacked10000001http://arstechnica.com/security/2013/05/drupal-org-resets-login-credentials-after-hack-exposes-password-data/Ars Technica
91
Evernoteonline note-taking siteEvernote asked its 50 million users to reset their passwords following an attempt to hack the note-taking network. The company said it’d found no evidence that any payment information for Evernote Premium or Evernote Business customers had been accessed, nor was there any indication that content stored by users had been accessed, changed or lost.950,000,000webhacked500000001http://www.wired.co.uk/news/archive/2013-03/04/evernote-hackedhttp://www.digitaltrends.com/mobile/evernote-hack-50-million-users-forced-to-reset-passwords/Wired; Digital Trends
92
FacebookUsing the network's "Download Your Information" tool, some Facebook members were inadvertently sent the phone numbers or email address of Facebook friends that were otherwise private. Facebook assured users that the bug was fixed within a day, and that there is no evidence that the information was used maliciously.96,000,000webaccidentally published60000001https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766
93
Florida CourtsFlorida Department of Juvenile Justice9100,000governmentlost / stolen computer10000020http://www.privacyrights.org/data-breachPrivacy Rights
94
Florida Department of Juvenile JusticeThree computers were stolen that contained both youth and employee records was reported stolen on January 2, 2013. Over 100,000 records were on the device and may have been exposed.9100,000governmentlost / stolen computer10000020http://www.privacyrights.org/data-breachPrivacy Rights
95
Indiana UniversityStudents who attended the university between 2011 and 2014 may have had their data exposed after it was stored on an unprotected site. The data was accessed by three webcrawlers but there is not evidence it was accessed by any unauthorized individuals.9146,000academicpoor security15000020http://news.iu.edu/releases/iu/2014/02/data-exposure-disclosure.shtmlhttp://www.usatoday.com/story/news/nation/2014/02/26/indiana-university-data-breach/5830685/Indiana University
96
Kirkwood Community CollegeHacked online database9125,000academichacked13000020http://www.privacyrights.org/data-breachhttp://www.databreachwatch.org/community-college-data-breach-leaks-125000-ssns/Privacy Rights
97
Kissinger CablesMore than 1.7 million US diplomatic records for the period 1973 to 1976, including intelligence reports and congressional correspondence.Wikileaks91,700,000governmentinside job1700000300https://www.wikileaks.org/plusd/about/
98
Living Socialspecial offers websiteOnline criminals gained access to user names, e-mail addresses, dates of birth & encrypted passwords for 50 million people. Databases storing financial information were not compromised in the attack, the company said.950,000,000webhacked500000001http://nakedsecurity.sophos.com/2013/04/27/livingsocial-hacked-50-million-affected/http://bits.blogs.nytimes.com/2013/04/26/living-social-hack-exposes-data-for-50-million-customers/Naked Security; New York Times
99
NintendoJapan's Club Nintendo serviceJapan's Club Nintendo service was hacked following thousands of unauthorized accesses. Customer information compromised in the attack includes full names, phone numbers, home and email addresses.9240,000gaminghacked25000020http://www.joystiq.com/2013/07/05/club-nintendo-japan-hacked/
100
NMBSBelgian national railway operatorData stored on a non-secure server, making it possible to access names, gender, DOB, email and postal address data of customers externally by means of a simple search engine query. Most of the data belong to customers in Belgium, France and the UK, including thousands of Commission and Parliament employees. Caused, the NMBS said, by a data worker “clicking on the wrong button”.91,460,000transportaccidentally published150000020http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+WQ+E-2013-001939+0+DOC+XML+V0//EN&language=nlhttp://www.flanderstoday.eu/business/nmbs-data-leak-was-breach-privacyEuropean Parliament
Loading...
 
 
 
2016 Update
data breaches data
underground data costs
data-old
Sheet7