This is a list of reports about data breaches , using data compiled from various sources, including press reports, government news releases, and mainstream news articles. The list includes those involving the theft or compromise of 30,000 or more records, although many smaller breaches occur continually. Breaches of large organizations where the number of records is still unknown are also listed. In addition, the various methods used in the breaches are listed, with hacking being the most common.
Most reported breaches are in North America, at least in part because of relatively strict disclosure laws in North American countries.[ citation needed ] 95% of data breaches come from government, retail, or technology industries. [1] It is estimated that the average cost of a data breach will be over $150 million by 2020, with the global annual cost forecast to be $2.1 trillion. [2] [3] As a result of data breaches, it is estimated that in first half of 2018 alone, about 4.5 billion records were exposed. [4] In 2019, a collection of 2.7 billion identity records, consisting of 774 million unique email addresses and 21 million unique passwords, was posted on the web for sale. [5] In January 2024, a data breach dubbed the "mother of all breaches" was uncovered. [6] Over 26 billion records, including some from Twitter, Adobe, Canva, LinkedIn, and Dropbox, were found in the database. [7] [8] No organization immediately claimed responsibility. [9]
In August 2024, one of the largest data security breaches was revealed. It involved the background check databroker, National Public Data and exposed the personal information of nearly 3 billion people. [10]
Government | Agency | Year | Records | Organization type | Method | Sources |
---|---|---|---|---|---|---|
Netherlands | National Police Corps of the Netherlands | 2024 | 63,000+ staff members data including names, email addresses, phone numbers | police | hacked | [11] |
United Kingdom | Transport for London | 2024 | 5000+ Passengers data including home addresses, bank account details, unconfirmed number of Staff data leaked too | Local Transport authority | hacked | [12] |
50 companies and government institutions | Various | 2022 | 6,400,000 | various | poor security | [13] [14] |
India | Indian Council of Medical Research | 2023 | 815,000,000+, including Aadhaar IDs, passport details, names, phone numbers, addresses | government | hacked by pwn0001 | [15] |
Australia | Australian Immigration Department | 2015 | G20 world leaders | government | accidentally published | [16] |
Australia | Australian National University | 2019 | 19 years of data | academic | hacked | [17] |
Sydney, Australia | Western Sydney University | 2024 | 7,500, including email accounts, SharePoint files, and the Microsoft Office 365 environment | academic | hacked | [18] [19] |
Bangladesh | Office of the Registrar General, Birth & Death Registration | 2023 | 50,000,000+ | government | data leak due to security vulnerabilities | [20] |
United Kingdom | BBC | 2024 | 25,290 employee pension records, including name, date of birth, home address, national insurance number | public broadcasting | hacked | [21] [22] |
United Kingdom | British Library | 2023 | unknown | government | ransomware | [23] |
United Kingdom | British National Party | 2008 | Records | Politics | [24] | |
United Kingdom | City and Hackney Teaching Primary Care Trust | 2007 | 160,000 | healthcare | lost / stolen media | [25] |
United Kingdom / Scotland | NHS Dumfries and Galloway | 2024 | still unknown | healthcare | cyber attack | [26] [27] |
Bulgaria | Bulgarian National Revenue Agency | 2019 | over 5,000,000 | government | hacked | [28] [29] |
California | California Department of Child Support Services | 2012 | 800,000 | government | lost / stolen media | [30] [31] |
United States | Central Intelligence Agency | 2017 | 91 | malware tools | internal job | [32] [33] [34] [35] [36] |
Colorado, US | Colorado Department of Health Care Policy & Financing | 2010 | 105,470 | healthcare | lost / stolen computer | [37] |
Philippines | Commission on Elections | 2016 | 55,000,000 | government | hacked | |
United States | Consumer Financial Protection Bureau | 2023 | 256,000 | bureau | poor security | [38] |
United States | Centers for Medicare & Medicaid Services | 2018 | 75,000 | healthcare | hacked | [39] |
South Korea | Defense Integrated Data Center (South Korea) | 2017 | 235 GB | government, military | hacked | [40] |
United States | Democratic National Committee | 2016 | 19,252 | political | hacked | [41] |
United States | Department of Homeland Security | 2016 | 30,000 | government | poor security | [42] [43] |
Indonesia | Directorate General of Immigration of Indonesia | 2023 | 34,900,867 | Government | hacked and published | [44] |
Indonesia | Directorate General of Population and Civil Registration (Dukcapil) | 2023 | 337.225.463 | Government | leaked and published | [45] |
United Kingdom | Driving Standards Agency | 2007 | 3,000,000 | government | lost / stolen media | [46] |
Ecuador | ? | 2019 | 20,800,000 records, including names, family members, financial and work data, civil registration data, car ownership data | government | poor security / misconfigured server | [47] |
? | Embassy Cables | 2010 | 251,000 | government | inside job | [48] |
England/Wales | England and Wales Cricket Board | 2024 | 43,299 | government | unknown | [49] |
European Union | European Central Bank | 2014 | unknown | financial | hacked | [50] [51] |
United States | FBI | 2016 | Records | law enforcement | hacked | [52] [53] [54] |
United States | Federal Reserve Bank of Cleveland | 2010 | 400,000 | financial | hacked | [55] |
Florida | Florida Department of Juvenile Justice | 2013 | 100,000 | government | lost / stolen computer | [56] |
Unknown | Unknown | 2020 | 201,000,000 | personal and demographic data about residents and their properties of US | Poor security | [57] |
Greece | ? | 2012 | 9,000,000 | government | hacked | [58] |
Singapore | Health Sciences Authority | 2019 | 808,000 | healthcare | poor security | [59] |
Ireland | Health Service Executive | 2021 | unknown | healthcare | unknown | [60] |
London, UK | Heathrow Airport | 2017 | 2.5GB | transport | lost / stolen media | [61] [62] [63] |
United States | Internal Revenue Service | 2015 | 720,000 | financial | hacked | [64] [65] |
Japan | Japan Pension Service | 2015 | 1,250,000 | special public corporation | hacked | [66] |
Jefferson County, West Virginia | ? | 2008 | 1,600,000 | government | accidentally published | [30] [67] |
Cedar Rapids, Iowa | Kirkwood Community College | 2013 | 125,000 | academic | hacked | [56] [68] |
Massachusetts, US | Massachusetts Executive Office of Labor and Workforce Development | 2011 | 210,000, including names, Social Security numbers, employer identification numbers, emails, home addresses | government | hacked with a trojan | [69] |
United States | Medicaid | 2012 | 780,000 | government, healthcare | hacked | [30] |
Chile | Ministry of Education | 2008 | 6,000,000, including ID card numbers, addresses, telephone numbers academic records | government | hacked | [70] [71] |
Chile | Servicio Electoral de Chile (Servel) | 2019 | 14,308,151, including names, addresses, tax ID numbers | government | misconfigured server | [72] |
Shanghai, China | Shanghai National Police Database | 2022 | 1,000,000,000, including name, address, birthplace, national ID number, mobile number, all crime/case details | government | unsecured database | [73] [74] |
Singapore | Ministry of Health | 2019 | 14,200 | healthcare | poor security/inside job | [75] [76] |
Slovakia | National Health Information Center (NCZI) of Slovakia | 2020 | 391,250 | healthcare | poor security | [77] |
Norway | Norwegian Tax Administration | 2008 | 3,950,000 | government | accidentally published | [78] |
United States | Office of Personnel Management | 2015 | 21,500,000 | government | hacked | [79] [80] [81] |
Texas, US | Office of the Texas Attorney General | 2012 | 6,500,000 | government | accidentally published | [82] |
United Kingdom | Ofcom | 2016 | unknown | telecom | inside job | [83] |
Columbus, Ohio | Ohio State University | 2010 | 760,000, including names, Social Security numbers, dates of birth, addresses | academic | hacked | [84] |
Oregon | Oregon Department of Transportation | 2011 | 1,000,000, including names, addresses, dates of birth | government | hacked | [85] [30] |
Various | Pandora Papers | 2021 | [86] | |||
Various | Paradise Papers | 2017 | records | [87] | ||
Philippines | Commission on Elections | 2016 | records | hacked | [88] | |
Philippines | Various law enforcement agencies (Philippine National Police, National Bureau of Investigation, Bureau of Internal Revenue) | 2023 | 1,279,437 | government | poor security | [89] |
Puerto Rico | Puerto Rico Department of Health | 2010 | 515,000 | healthcare | hacked | [90] |
Argentina | RENAPER (Argentina) [91] [92] | 2018 | 45,000,000 | government | poor security | [93] [94] |
Russia | Roscosmos | 2022 | handwritten forms, PDFs, spreadsheets, descriptions of lunar missions. | aerospace | hacked by v0g3lsec | [95] |
Sakai City, Japan | ? | 2015 | 680,000 | government | inside job | [96] |
San Francisco, California | San Francisco Public Utilities Commission | 2011 | 180,000 | government | hacked | [97] |
New South Wales, AU | Service NSW | 2020 | 104,000 | government | hacked | [ citation needed ] |
United Kingdom | Service Personnel and Veterans Agency (UK) | 2008 | 50,500 | government | lost / stolen media | [98] |
South Africa | South Africa police | 2013 | 16,000 | government | hacked | [99] |
South Carolina, US | South Carolina Department of Revenue | 2012 | 6,400,000 | healthcare | inside job | [90] [100] [101] [102] |
Stanford, California | Stanford University | 2008 | 72,000, including dates of birth, Social Security numbers, home addresses | academic | lost / stolen computer | [103] [104] |
Texas, US | ? | 2011 | 3,500,000 | government | accidentally published | [105] |
Syrian government (Syria Files) | Various | 2012 | 2,434,899 | government | hacked | [106] [107] |
Texas | Texas Lottery | 2007 | 89,000+, including names, Social Security numbers, addresses, prize amounts | government | inside job | [108] |
United States | Tricare | 2011 | 4,901,432, including Social Security numbers, addresses, phone numbers, clinical notes, laboratory tests, prescriptions | military, healthcare | lost / stolen computer | [109] [90] |
United Kingdom | UK Home Office | 2008 | 84,000 | government | lost / stolen media | [110] |
United Kingdom | UK Ministry of Defence | 2008 | 1,700,000 | government | lost / stolen media | [111] |
United Kingdom | United Kingdom parliamentary expenses scandal | 2009 | Records | government | [ citation needed ] | |
United Kingdom | UK Revenue & Customs | 2007 | 25,000,000 | government | lost / stolen media | [112] |
United Nations | ? | 2019 | unknown | international | hacked | [113] |
United Nations | ? | 2021 | unknown | international | hacked | [114] |
Berkeley, California | University of California, Berkeley | 2009 | 160,000 | academic | hacked | [115] |
Berkeley, California | University of California, Berkeley | 2016 | 80,000 | academic | hacked | [116] |
College Park, Maryland | University of Maryland, College Park | 2014 | 300,000 | academic | hacked | [117] |
Orange County, Florida | University of Central Florida | 2016 | 63,000 | academic | hacked | [118] |
Miami, Florida | University of Miami | 2008 | 2,100,000 | academic | lost / stolen computer | [119] [120] [121] |
Salt Lake City, Utah | University of Utah Hospital & Clinics | 2008 | 2,200,000 | academic | lost / stolen media | [122] |
Milwaukee, Wisconsin | University of Wisconsin–Milwaukee | 2011 | 73,000 | academic | hacked | [30] |
Shah Alam, Malaysia | Universiti Teknologi MARA | 2019 | 1,164,540 | academic | hacked | [123] |
United States | United States Postal Service | 2018 | 60,000,000 | government | poor security | [124] |
United States | U.S. Army | 2011 | 50,000 | military | accidentally published | [30] |
United States | U.S. Army | 2010 | 392,000 | government | inside job | [125] |
United States | U.S. Department of Defense | 2009 | 72,000 | military | lost / stolen media | [30] |
United States | U.S. Department of Veteran Affairs | 2006 | 26,500,000 | government, military | lost / stolen computer | [126] [127] [128] |
United States | Various | 2013 | Insider | |||
United States | Various | 2020 | TBC | government, military | hacked | [129] [130] [131] [132] |
United States | 70 different law enforcement agencies | 2011 | 123,461 | government | accidentally published | [133] |
United States | National Archives and Records Administration (U.S. military veterans records) | 2009 | 76,000,000 | military | lost / stolen media | [134] |
United States | U.S. State Department | 2010 | 260,000 | military | inside job | [135] |
United States | National Guard of the United States | 2009 | 131,000, including names, Social Security Numbers, incentive payment amounts, payment dates | military | lost / stolen computer | [136] [137] |
Virginia, US | Virginia Prescription Monitoring Program | 2009 | 8,257,378 | healthcare | hacked | [30] [138] [139] |
Washington, US | Washington State court system | 2013 | 160,000 | government | hacked | [140] [141] |
New Haven, Connecticut | Yale University | 2010 | 43,000 | academic | accidentally published | [30] |
? | Unknown agency (believed to be tied to United States Census Bureau) | 2020 | 200,000,000 | financial | accidentally published | [142] |
Entity | Year | Records | Organization type | Method | Sources |
---|---|---|---|---|---|
50 companies and government institutions | 2022 | 6,400,000 | various | poor security | [13] [143] |
21st Century Oncology | 2015 | 2,200,000 customer's data, including names, Social Security numbers, physicians, diagnoses, insurance information | healthcare | hacked | [144] [145] [146] |
23andMe | 2023 | 6,900,000 | consumer genetics | credential stuffing | [147] |
500px | 2020 | 14,870,304 | social network | hacked | [148] |
Accendo Insurance Co. | 2020 | 175,350 | healthcare | poor security | [149] [150] |
Accenture | 2007 | [ citation needed ] | |||
Adobe Systems Incorporated | 2013 | 152,000,000 | tech | hacked | [151] [152] |
Adobe Inc. | 2019 | 7,500,000 | tech | poor security | [153] [154] |
ADT Inc. | 2024 | 30,800, including email addresses, phone numbers and postal addresses. | security | accessing certain databases containing customer information | [155] [156] |
Advocate Medical Group | 2017 | 4,000,000 | healthcare | lost / stolen media | [157] [158] |
AerServ (subsidiary of InMobi) | 2018 | 75,000 | advertising | hacked | [159] |
Affinity Health Plan, Inc. | 2013 | 344,579 | healthcare | lost / stolen media | [160] [161] |
Airtel | 2019 | 320,000,000 | telecommunications | poor security | [162] |
Air Canada | 2018 | 20,000 | transport | hacked | [163] |
Air India | 2021 | 4,500,000, including name, date of birth, contact information, passport information, frequent flyer data, credit card data, ticket information | transport | hacked | [164] [165] |
Amazon Japan G.K. | 2019 | unknown | online | accidentally published | [166] [167] |
TD Ameritrade | 2005 | 200,000 | financial | lost / stolen media | [168] |
Ameriprise Financial | 2005 | 260,000 customer records | financial | stolen laptop | [169] |
Ancestry.com | 2021 | 300,000 | genealogy | poor security | [170] |
Animal Jam | 2020 | 46,000,000 | gaming | hacked | [171] [172] |
Ankle & Foot Center of Tampa Bay, Inc. | 2021 | 156,000 | healthcare | hacked | [173] |
Anthem Inc. | 2015 | 80,000,000 | healthcare | hacked | [174] [175] [176] |
AOL | 2004 | 92,000,000 | web | inside job | [177] [178] |
AOL | 2006 | 20,000,000 | web | accidentally published, (sometimes referred to as a "Data Valdez ", [179] [180] [181] due to its size) | [182] |
AOL | 2014 | 2,400,000 | web | hacked | [183] |
Apple iCloud | 2014 | photographs of celebrities | tech, cloud storage | [184] [185] | |
Apple, Inc./BlueToad | 2021 | 12,367,232 | tech, retail | accidentally published | [186] |
Apple | 2013 | 275,000 | tech | hacked | [187] |
Apple Health Medicaid | 2021 | 91,000 | healthcare | poor security | [188] |
Ashley Madison | 2015 | 32,000,000 | dating | hacked | [189] [190] |
AT&T | 2008 | 113,000 | telecoms | lost / stolen computer | [191] |
AT&T | 2010 | 114,000 | telecoms | hacked | [192] |
AT&T | 2021 | 72,000,000 | telecoms | unknown | [193] |
Atraf | 2021 | unknown | dating | hacked | [194] |
Auction.co.kr | 2008 | 18,000,000 | web | hacked | [195] |
Australian Red Cross Blood Service | 2016 | 550,000, including names, contact details, birthdates, medical details, information about "at-risk sexual behaviour" | non-profit | accidently published | [196] [197] |
Automatic Data Processing | 2006 | 125,000 | financial | poor security | [198] |
AvMed, Inc. | 2009 | 1,220,000 | healthcare | lost / stolen computer | [199] [200] |
Bailey's Inc. | 2015 | 250,000 | retail | hacked | [201] |
The Bank of New York Mellon | 2008 | 12,500,000, including names, addresses, birth dates, Social Security numbers | financial | lost box of data tapes | [202] [203] |
Bank of America | 2005 | 1,200,000 | financial | lost / stolen media | [204] |
Barnes & Noble | 2012 | 63 stores | retail | hacked | [205] [206] |
Bell Canada | 2017 | 1,900,000 | telecoms | poor security | [207] |
Bell Canada | 2018 | 100,000 | telecoms | hacked | [208] |
Bell Canada | 2024 | 2,200,000 | telecoms | data leak (12 nov. breachforums) | |
Benesse | 2014 | 35,040,000 | educational services | hacked | [209] |
Betfair | 2010 | 2,300,000 | gambling | hacked | [30] |
Bethesda Game Studios | 2011 | 200,000 | gaming | hacked | [210] |
Bethesda Game Studios | 2018 | customer names, addresses, contact details, partial credit card numbers | gaming | accidentally published | [211] |
Betsson Group | 2020 | unknown | gambling | unknown | [212] |
Blank Media Games | 2018 | 7,633,234 | gaming | hacked | [213] [214] |
Blizzard Entertainment | 2012 | 14,000,000 | gaming | hacked | [215] [216] |
BlueCross BlueShield of Tennessee | 2009 | 1,023,039 | healthcare | lost / stolen media | [217] [218] [90] |
BMO and Simplii | 2018 | 90,000 | financial | poor security | [219] |
Boeing | 2006 | 382,000 employees (after similar losses of data on 3,600 employees in April and 161,000 employees in November, 2005) | transport | Lost/Stolen Device | [169] |
British Airways | 2018 | 500,000 | transport | hacked | [220] [221] [222] [223] [224] |
British Airways | 2015 | tens of thousands | transport | hacked | [225] |
Callaway Golf Company | 2023 | 1,114,954, including full names, shipping addresses, email addresses, phone numbers, order histories, account passwords, answers to security questions | sports | hacked | [226] [227] |
Canva | 2019 | 140,000,000 | web | hacked | [228] [229] [230] [231] [232] |
Capcom | 2020 | 350,000 | gaming | hacked | [233] |
Capital One | 2019 | 106,000,000 | financial | unsecured S3 bucket | [234] [235] [236] |
CardSystems Solutions Inc. (MasterCard, Visa, Discover Financial Services and American Express) | 2005 | 40,000,000 | financial | hacked | [237] [238] |
Cathay Pacific Airways | 2018 | 9,400,000 | transport | hacked | [239] |
CareFirst BlueCross Blue Shield - Maryland | 2015 | 1,100,000 | healthcare | hacked | [240] |
Central Coast Credit Union | 2016 | 60,000 | financial | hacked | [241] |
Central Hudson Gas & Electric | 2013 | 110,000 | energy | hacked | [56] |
CheckFree Corporation | 2009 | 5,000,000 | financial | hacked | [242] |
CGI Group | 2007 | 283,000 | [169] | ||
CheckPeople | 2020 | 56,000,000 | background check | unknown | [243] |
Chess.com | 2023 | 800,000 | gaming | web scraping | [244] [245] |
China Software Developer Network | 2011 | 6,000,000 | web | hacked | [246] |
Chinese gaming websites (three: Duowan, 7K7K, 178.com) | 2011 | 10,000,000 | gaming | hacked | [247] |
ChoicePoint | 2005 | 163,000 consumer records | data aggregator | intentionally selling data | [248] |
Citigroup | 2005 | 3,900,000 | financial | lost / stolen media | [249] |
Citigroup | 2011 | 360,083 | financial | hacked | [250] [251] |
Citigroup | 2013 | 150,000 | financial | poor security | [252] |
Clearview AI | 2020 | unknown (client list) | information technology | hacked | [253] [254] [255] |
Collection No. 1 | 2019 | 773,000,000 | various | compilation of multiple data breaches | [256] |
Community Health Systems | 2014 | 4,500,000 | healthcare | hacked | [257] |
Compass Bank | 2007 | 1,000,000 | financial | inside job | [258] |
Countrywide Financial Corp | 2008 | 2,500,000 | financial | insider theft | [259] [260] [261] [262] |
Cox Communications | 2016 | 40,000 | telecoms | hacked | [263] |
Crescent Health Inc., Walgreens | 2013 | 100,000 | healthcare, pharmacy | lost / stolen computer | [56] [264] |
Cutout.Pro | 2024 | 19,972,829 | web | hacked | [265] |
CVS | 2015 | millions | pharmacy | hacked | [266] |
CyberServe | 2021 | 1,107,034 | hosting provider | hacked | [267] [268] |
D. A. Davidson & Co. | 2007 | 192,000 clients' names, customer account and Social Security numbers, addresses and dates of birth | broker/dealer | hacked by Latvian hackers | [269] |
Dai Nippon Printing | 2007 | 8,637,405, including names, addresses, credit card numbers | printing | inside job | [270] [271] |
Data Processors International (MasterCard, Visa, Discover Financial Services and American Express) | 2008 | 8,000,000 | financial | hacked | [272] |
DC Health Link | 2023 | 56,000 | healthcare | misconfigured website | [273] |
Dedalus Biologie (a division of Dedalus Global [92] ) | 2021 | 500,000 | healthcare | poor security | [274] [275] |
Dell | 2024 | 49,000,000, including customer's names, addresses, order and hardware information | electronics | brute force attack by a "Dell partner" | [276] [277] [278] |
Deloitte | 2017 | 350 clients emails | consulting, accounting | poor security | [279] [280] |
Desjardins | 2019 | 9,700,000 | financial | inside job | [281] |
Diskunion | 2022 | 701,000 | retail | hacked | [ citation needed ] |
Disney | 2024 | 1.2 TB of internal Slack data | entertainment | hacked with a trojan | [282] [283] [284] |
Domino's Pizza (France) | 2014 | 600,000 | restaurant | hacked | [285] |
DonorView [91] [92] | 2023 | 948,029 | charity | poor security | [286] |
DoorDash | 2019 | 4,900,000 | web | hacked | [287] |
Dropbox | 2012 | 68,648,009 | web | hacked | [288] |
Drupal | 2013 | 1,000,000 | web | hacked | [289] |
DSW Inc. | 2005 | 1,400,000 | retail | hacked | [290] |
Dubsmash | 2018 | 162,000,000 | social network | hacked | [291] [148] |
Dun & Bradstreet | 2013 | 1,000,000 | tech | hacked | [292] [293] |
Duolingo | 2023 | 2,676,696 | educational services | web scraping | [294] |
Earl Enterprises (Buca di Beppo, Earl of Sandwich, Planet Hollywood, Chicken Guy, Mixology, Tequila Taqueria) | 2018 | 2,000,000 | restaurant | hacked | [295] |
EasyJet | 2019 | 9,000,000 (approx) - basic booking, 2208 (credit card details) | transport | hacked | [296] [297] |
eBay | 2014 | 145,000,000 | e-commerce | hacked | [298] |
Educational Credit Management Corporation | 2010 | 3,300,000 | nonprofit, financial | lost / stolen media | [299] |
Eisenhower Medical Center | 2011 | 514,330 | healthcare | lost / stolen computer | [300] [90] |
ElasticSearch | 2019 | 108,000,000 | tech | poor security | [301] |
Emergency Healthcare Physicians, Ltd. | 2010 | 180,111 | healthcare | lost / stolen media | [302] [303] |
Emory Healthcare | 2012 | 315,000 | healthcare | poor security | [90] |
Epic Games Fortnite | 2018 | user accounts | gaming | vulnerability | [304] [305] [306] |
Epik | 2021 | 15,000,000 | web | hacked | |
Ernst & Young | 2006 | 234,000 customers of Hotels.com (after a similar loss of data on 38,000 employees of Ernst & Young clients in February) | [169] | ||
Equifax | 2017 | 143,000,000, including names, date of birth, Social Security numbers, addresses, credit cards, driver's licenses | financial, credit reporting | poor security | [307] [308] [309] [310] |
EssilorLuxottica | 2021 | 77,093,812 | healthcare, retail | hacked | [311] [312] |
Evernote | 2013 | 50,000,000 | web | hacked | [313] [314] |
Evide data breach | 2023 | 1,000 | computer services for charities | ransomware hacked | [315] [316] [317] [318] [319] |
Exactis | 2018 | 340,000,000 | data broker | poor security | [320] |
Excellus BlueCross BlueShield | 2015 | 10,000,000 | healthcare | hacked | [321] |
Experian - T-Mobile US | 2015 | 15,000,000 | telecoms | hacked | [322] [323] |
EyeWire | 2016 | unknown | tech | lost / stolen computer | [324] |
2013 | 6,000,000 | social network | accidentally published | [325] | |
2018 | 50,000,000 | social network | poor security | [326] [327] [328] [329] | |
2010 | 87,000,000 | social network | data misuse | [330] [331] [332] | |
2019 | 540,000,000 | social network | poor security | [333] [334] | |
2019 | 1,500,000 | social network | accidentally uploaded | [335] | |
2019 | 267,000,000 | social network | poor security | [336] [337] | |
Facebook Marketplace | 2023 | 200,000 | social network | unknown | [338] |
Fast Retailing | 2019 | 461,091 | retail | hacked | [339] |
Fidelity National Information Services | 2007 | 8,500,000 | financial | inside job | [340] |
Fidelity National Financial | 2023 | 1,300,000 | financial | hacked by ALPHV | [341] [342] |
First American Corporation | 2019 | 885,000,000 | financial | poor security | [343] |
FireEye | 2020 | Unknown | information security | hacked | [344] [345] [346] |
Friend Finder Network | 2016 | 412,214,295 | web | poor security / hacked | [347] [348] |
Funimation | 2016 | 2,500,000 | web | hacked | [349] [350] |
Formspring | 2012 | 420,000 | web | accidentally published | [351] |
Game Freak | 2024 | 2,606 | gaming | hacked (phishing) | [352] [353] [354] |
Gamigo [91] [355] | 2012 | 8,000,000 | web | hacked | [356] |
Gap Inc. | 2007 | 800,000 | retail | lost / stolen computer | [357] [358] |
Gawker | 2010 | 1,500,000 | web | hacked | [359] [360] |
GE Money | 2008 | 650,000 customer's data, including 150,000 Social Security numbers and in-store credit card information from retail customers | financial | magnetic tape missing from an Iron Mountain Incorporated storage facility | [361] |
Global Payments | 2012 | 7,000,000 | financial | hacked | [362] |
Gmail | 2014 | 5,000,000 | web | hacked | [363] |
Golfzon | 2023 | 2,210,000, including names, phone numbers, email addresses, dates of birth | sports | ransomware/hacked | [364] |
Google Plus | 2018 | 500,000 | social network | poor security | [365] [366] [367] [368] |
goregrish.com | 2021 | 300,000 | web | hacked | [369] |
Grozio Chirurgija | 2017 | 25,000 | healthcare | hacked | [370] [371] [372] |
GS Caltex | 2008 | 11,100,000, including names, Social Security numbers, addresses, cell phone numbers, email addresses and workplaces of customers | energy | discs found in trash | [373] [374] [375] |
Gyft | 2016 | unknown | web | hacked | [376] [377] |
Hannaford Brothers Supermarket Chain | 2008 | 4,200,000, including credit card numbers and expiration dates | retail | hacked | [378] |
HauteLook | 2018 | 28,517,244 | e-commerce | hacked | [379] [380] [381] |
HCA Healthcare | 2023 | 11,270,000 | healthcare | hacked | [382] |
Health Net | 2009 | 1,500,000, including names, medical records, addresses, Social Security numbers | healthcare | lost / stolen media | [383] [384] |
Health Net — IBM | 2011 | 1,900,000 | healthcare | lost / stolen media | [385] |
Heartland Payment Systems | 2009 | 130,000,000 | financial | hacked | [386] [387] [388] [389] |
Hewlett Packard | 2006 | 200,000 | tech, retail | lost / stolen media | [390] |
Hilton Hotels | 2014 | 363,000 | hotel/casino | hacked | [391] [392] |
Home Depot | 2014 | 56,000,000 | retail | hacked | [393] [394] |
Honda Canada | 2011 | 283,000, including names, addresses, VIN numbers, Honda Financial Services Account numbers, phone numbers, e-mail addresses | automotives | "unusual traffic" | [395] [396] |
Hyatt Hotels | 2015 | 250 locations | hotel/casino | hacked | [397] [398] |
Iberdrola | 2022 | 1,300,000 | energy | poor security | [399] |
IKEA | 2022 | 95,000 | retail | accidentally published | [400] |
Infosys McCamish Systems | 2023 | 57,028 Bank of America customers, including names and Social Security numbers 28,268 Fidelity Investments customers, including names, dates of birth, Social Security numbers, bank account and routing numbers, credit card numbers, passwords, PINs | tech | hacked | [401] [402] [403] [404] [405] |
Insomniac Games | 2023 | 1.67 TB, 1.3 million files of passports, I-9 forms, termination documents, Slack messages, Wolverine game data | gaming | hacked by Rhysida | [406] |
2020 | 200,000,000 | social network | poor security | [407] | |
Ititan Hosting Solutions | 2024 | unknown | hosting provider | hacked / poor security | [408] |
International Committee of the Red Cross | 2022 | 515,000 | humanitarian | unknown | [409] [410] [411] |
Inuvik hospital | 2016 | 6,700 | healthcare | inside job | [412] |
Iranian banks (three: Saderat, Eghtesad Novin, and Saman) | 2012 | 3,000,000 | financial | hacked | [413] |
Japanet Takata | 2004 | 510,000 | shopping | inside job | [414] |
JP Morgan Chase | 2007 | 2,600,000 | financial | lost / stolen media | [415] |
JP Morgan Chase | 2014 | 76,000,000 | financial | hacked | [416] |
Justdial | 2019 | 100,000,000 | local search | unprotected api | [417] |
Kadokawa Corporation | 2024 | 1.5TB of corporate, and personal information of users and employees of Niconico | web | ransomware hacking | [418] |
KDDI | 2006 | 4,000,000 | telecoms | hacked | [419] |
KitchenPal (iCuisto) | 2023 | 100,000 | web | hacked | [420] |
KM.RU | 2016 | 1,500,000 | web | hacked | [421] |
Koodo Mobile | 2020 | unknown | mobile carrier | hacked | [422] |
Korea Credit Bureau | 2014 | 20,000,000 | financial, credit bureau | inside job | [423] |
Kroll Background America | 2013 | 1,000,000 | tech | hacked | [292] [293] |
KT Corporation | 2012 | 8,700,000 | telecoms | hacked | [424] [425] |
LexisNexis | 2014 | 1,000,000 | tech | hacked | [292] [293] |
Landry's, Inc. | 2015 | 500 locations | restaurant | hacked | [426] [427] |
LastPass | 2015 | password reminders, e-mail addresses | tech | hacked | [428] |
LastPass | 2022 | Password vault backup | tech | poor security/hacked | [429] |
Les Éditions Protégez-vous | 2020 | 380,000 | publisher (magazine) | unknown | [430] |
LifeLabs [91] [92] | 2019 | 15,000,000 | healthcare | hacked | [431] |
Lincoln Medical & Mental Health Center | 2010 | 130,495 | healthcare | lost / stolen media | [432] |
Line Yahoo | 2023 | 520,006 | social media/web | cyber infection/unautorized access | [433] |
LinkedIn, eHarmony, Last.fm | 2012 | 8,000,000 | web | accidentally published | [434] [435] |
Living Social | 2013 | 50,000,000 | web | hacked | [436] [437] |
Lyca Mobile | 2023 | 16,000,000 | telecommunications | hacked | [438] [439] |
MacRumors.com | 2014 | 860,000 | web | hacked | [440] |
Mandarin Oriental Hotels | 2014 | 10 locations | hotel/casino | hacked | [441] [442] |
Manipulated Caiman | 2023 | 40,000,000 | financial | hacked | [443] [312] |
Marriott International | 2018 | 500,000,000 | hotel/casino | hacked | [444] |
Marriott International | 2020 | 5,200,000 | hotel/casino | poor security/inside job | [445] |
MediaWorks New Zealand | 2023 | 162,710 | media | hacked | [446] |
Massive American business hack | 2012 | 160,000,000 | financial | hacked | [447] |
Medibank & AHM | 2022 | 9,700,000 | healthcare | hacked | [ citation needed ] |
Medical Informatics Engineering | 2015 | 3,900,000 | healthcare | hacked | [448] |
Memorial Healthcare System | 2011 | 102,153 | healthcare | lost / stolen media | [449] [90] |
MGM Resorts | 2019 | 10,600,000 | hotel/casino | hacked | [450] |
Michaels | 2014 | 3,000,000 | retail | hacked | [451] |
Microsoft | 2019 | 250,000,000 | tech | data exposed by misconfiguration | [452] |
Microsoft Exchange servers | 2021 | unknown | software | zero-day vulnerabilities | [453] [454] |
Militarysingles.com | 2012 | 163,792 | dating | accidentally published | [455] |
Mitsubishi Tokyo UFJ Bank | 2006 | 960,000 | financial | intentionally lost | [339] |
MongoDB | 2019 | 202,000,000 | tech | poor security | [456] |
MongoDB | 2019 | 275,000,000 | tech | poor security | [457] |
Mossack Fonseca | 2016 | Panama Papers | [458] [459] [460] [461] | ||
Mobile TeleSystems (MTS) | 2019 | 100,000,000 | telecommunications | misconfiguration/poor security | [462] |
Monster.com | 2007 | 1,600,000 | web | hacked | [463] |
Morgan Stanley Smith Barney | 2011 | 34,000 | financial | lost / stolen media | [30] |
Morinaga Confectionery | 2022 | 1,648,922 | food | ransomware hacked | [464] |
Mozilla | 2014 | 76,000 | web | poor security | [465] |
MyHeritage | 2018 | 92,283,889 | genealogy | unknown | [466] |
Myspace | 2016 | 360,000,000+, including usernames, passwords email addresses | social network | poor security/account recovery | [467] [468] [469] |
NASDAQ | 2014 | unknown | financial | hacked | [470] |
National Public Data | 2024 | 2,900,000,000+ (claimed), including names, email addresses, phone numbers, Social Security numbers, and mailing addresses | data broker | hacked | [471] |
Natural Grocers | 2015 | 93 stores | retail | hacked | [472] |
NEC Networks, LLC [91] [92] | 2021 | 1,600,000 | healthcare | hacked | [473] |
Neiman Marcus | 2014 | 1,100,000 | retail | hacked | [474] [475] |
Nemours Foundation | 2011 | 1,055,489 | healthcare | lost / stolen media | [90] [476] |
Network Solutions | 2009 | 573,000 | tech | hacked | [477] [478] |
Newegg | 2018 | credit card information | e-commerce | maliciously injected Javascript | [479] [480] |
New York City Health & Hospitals Corp. | 2010 | 1,700,000 | healthcare | lost / stolen media | [90] |
New York State Electric & Gas | 2012 | 1,800,000 | energy | inside job | [30] |
New York Taxis | 2014 | 52,000 | transport | poor security | [481] |
Nexon Korea Corp | 2011 | 13,200,000 | gaming | hacked | [482] |
NHS | 2011 | 8,630,000 | healthcare | lost / stolen media | [483] |
Nintendo (Club Nintendo) | 2013 | 240,000 | gaming | hacked | [484] |
Nintendo (Nintendo Account) | 2020 | 160,000 | gaming | hacked | [485] |
Nippon Television | 2016 | 430,000 | media | hacked | [233] |
Now:Pensions | 2020 | 30,000 | financial | rogue contractor | [486] |
NTT Business Solutions | 2023 | 9,000,000 | telecoms | hacked | [487] |
NTT Docomo | 2023 | 5,960,000 | telecoms | hacked | [488] |
OGUsers | 2022 | 529,000 | web | hacked | [489] |
Optus | 2022 | 9,800,000 | telecommunications | hacked | [3] |
Orbitz | 2018 | 880,000 | web | hacked | [490] |
OVH | 2013 | undisclosed | web | hacked | [491] |
Pandora Papers | 2021 | [86] | |||
Paradise Papers | 2017 | records | [87] | ||
Patreon | 2015 | 2,300,000 | web | hacked | [492] |
PayPay | 2020 | 20,076,016 | QR code payment | improper setting, hacked | [493] |
Persol Carrier | 2024 | 549,195 | outsourcing service | system deficiency | [ citation needed ] |
Popsugar | 2018 | 123,857 | media | hacked | [494] |
Premera | 2015 | 11,000,000 | healthcare | hacked | [495] |
Quest Diagnostics | 2019 | 11,900,000 | clinical laboratory | poor security | [496] |
Quora | 2018 | 100,000,000 | question & answer | hacked | [497] [498] |
Rakuten | 2020 | 1,381,735 | e-commerce | improper setting, hacked | [493] |
Rambler.ru | 2012 | 98,167,935 | web | hacked | [499] [500] |
Razer | 2020 | 100,000, including email and mailing addresses, product orders, and phone numbers. | tech | misconfigured server | [501] |
RBS Worldpay | 2008 | 1,500,000 | financial | hacked | [502] |
2018 | usernames, emails, 2007 database backup | social network | employee account compromise | [503] | |
2021 | unknown | social network | hacked | [504] [503] | |
Restaurant Depot | 2011 | 200,000 | retail | hacked by Russian hackers | [505] [506] |
Roblox | 2016 | 52,458, including account balances, email addresses, IP addresses, purchases, usernames | gaming | exposed test server | [507] |
Roblox | 2023 | 3,943, including names, usernames, dates of birth, physical addresses, email addresses, IP addresses, phone numbers, and T-shirt sizes. | gaming | unknown | [508] [509] |
RockYou! | 2009 | 32,000,000 | web, gaming | hacked | [510] |
Roku | 2024 | 15,363 accounts | tech | credential stuffing attack | [511] |
Roll20 | 2018 | 4,000,000, including email addresses, IP addresses, names, the last four digits of credit cards | web, gaming | hacked | [512] [513] |
Roll20 | 2024 | full names, email addresses, IP addresses, the last four digits of credit cards | web, gaming | compromised administrative account | [514] [515] |
Rosen Hotels [91] [92] | 2016 | unknown | hotel/casino | hacked | [516] |
Saks Fifth Avenue / Lord & Taylor | 2018 | credit card records | retail | hacked | [517] |
Scottrade | 2015 | 4,600,000 | financial | hacked | [518] |
Scribd | 2013 | 500,000 | web | hacked | [519] [520] |
Seacoast Radiology, PA | 2010 | 231,400 | healthcare | hacked | [90] [521] |
Sega | 2011 | 1,290,755 | gaming | hacked | [522] |
Shadow PC | 2023 | 533,624, including full names, email addresses, dates of birth, billing addresses and credit card expiration dates | tech | social engineering | [523] [524] |
ShopBack | 2020 | unknown | e-commerce | hacked | [525] |
SingHealth | 2018 | 1,500,000 | healthcare | hacked | [526] [527] [528] |
Slack | 2015 | 500,000 | tech | poor security | [529] |
SlickWraps | 2020 | 377,428 | phone accessories | poor security | [530] |
Snapchat | 2013 | 4,700,000 | social network | hacked | [531] |
Snowflake | 2024 | 5 companies, including data from Ticketmaster, Advanced Auto Parts, Lending Tree, Cylance, Santander Bank | tech, data storage | compromised credentials | [532] [533] [534] [535] |
SolarWinds | 2020 | Source Code Compromised | network monitoring | hacked | [536] |
Sony Online Entertainment | 2011 | 24,600,000 | gaming | hacked | [537] [538] |
Sony Pictures | 2011 | 1,000,000, including passwords, email addresses, phone numbers, home addresses, dates of birth | web | hacked by LulzSec | [539] |
Sony Pictures | 2014 | 100 terabytes | media | hacked | [540] [541] |
Sony PlayStation Network | 2011 | 77,000,000 | gaming | hacked | [542] |
South Shore Hospital, Massachusetts | 2010 | 800,000 | healthcare | lost / stolen media | [30] |
Southern California Medical-Legal Consultants | 2011 | 300,000 | healthcare | hacked | [543] [544] |
Spartanburg Regional Healthcare System | 2011 | 400,000, including names, Social Security numbers, addresses, dates of birth and medical billing codes | healthcare | lost / stolen computer | [545] [546] |
Spoutible | 2024 | 207,114 | social network | misconfigured API | [547] |
Staples | 2014 | customer payment cards | retail | hacked | [548] |
Starbucks | 2008 | 97,000, including names, addresses, and Social Security numbers | restaurant | lost / stolen computer | [549] [550] [551] |
Starwood including Westin Hotels & Resorts and Sheraton Hotels and Resorts | 2015 | 54 locations | hotel/casino | hacked | [552] [553] |
Steam | 2011 | 35,000,000 | gaming | hacked | [554] |
StockX | 2019 | 6,800,000 | e-commerce | hacked | [555] |
Stratfor | 2011 | ? | military | hacked | [556] |
Supervalu | 2014 | 200 stores | retail | hacked | [557] |
Sutter Medical Center | 2011 | 4,243,434 | healthcare | lost / stolen computer | [558] |
Taobao | 2016 | 20,000,000 | e-commerce | hacked | [559] |
TalkTalk | 2015 | records | telecom | hacked | [560] |
Tangerine Telecom | 2024 | 243,462 | telecom | compromised credentials | [561] |
Taringa! | 2017 | 28,722,877 | web | hacked | [562] |
Target Corporation | 2013 | 110,000,000 | retail | hacked | [563] [564] [565] |
TaxSlayer.com | 2016 | 8,800 | web | hacked | [566] [567] [568] |
TD Ameritrade | 2007 | 6,300,000 | financial | hacked | [569] |
TD Bank | 2012 | 260,000 | financial | hacked | [570] [571] |
TerraCom & YourTel | 2013 | 170,000 | telecoms | accidentally published | [572] [573] |
Tesla | 2023 | 75,000 | transport | inside job | [574] |
Tetrad | 2020 | 120,000,000 | market analysis | poor security | [575] |
Ticketfly (subsidiary of Eventbrite) | 2018 | 26,151,608 | ticket distribution | hacked | [576] |
Ticketmaster | 2018 | 40,000, including login information, payment data, addresses, names, phone numbers | ticket distribution | maliciously modified Javascript | [577] [578] |
Ticketmaster | 2024 | 560,000,000 | ticket distribution | hacked third party service | [579] [580] |
Tic Hosting Solutions (known as Torchbyte) | 2023 | 46 | hosting provider | misconfigured web server | [581] [408] [582] |
Tianya Club | 2011 | 28,000,000 | web | hacked | [583] |
TikTok | 2020 | 42,000,000 | social network | poor security | [407] |
TK / TJ Maxx | 2007 | 94,000,000 | retail | hacked | [584] [585] |
T-Mobile, Deutsche Telekom | 2006 | 17,000,000, including phone numbers, addresses, dates of birth, email addresses | telecoms | lost / stolen media | [586] [587] |
T-Mobile | 2021 | 45,000,000 | telecom | hacked | [588] |
T-Mobile | 2023 | 37,000,000 | telecom | hacked | [589] |
Tokopedia | 2020 | 91,000,000 | e-commerce | hacked | [590] |
Trello | 2024 | 15,111,945 | tech | misconfigured API | [591] |
Triple-S Salud, Inc. | 2010 | 398,000 | healthcare | lost / stolen media | [592] |
Truecaller | 2019 | 299,055,000 | telephone directory | unknown | [593] [594] |
Trump Hotels | 2014 | 8 locations | hotel/casino | hacked | [595] [596] |
Tumblr | 2013 | 65,469,298 | web | hacked | [597] |
Twilio | 2022 | 125 | tech | phishing attack | [598] [599] |
Twilio | 2024 | 33,000,000, including phone numbers, | tech | credential stuffing attack | [600] [601] |
Twitch | 2015 | unknown | tech | hacked | [602] |
Twitch | 2021 | unknown | tech | hacked/misconfiguration | [603] |
2013 | 250,000 | social network | hacked | [604] | |
Typeform | 2018 | unknown | tech | poor security | [239] |
Uber | 2014 | 50,000 | transport | poor security | [605] |
Uber | 2017 | 57,000,000 | transport | hacked | [606] |
Uber | 2022 | No customer, driver, or sensitive personal data was directly stolen. Exposure of sensitive data from internal systems. | transport | hacked | [607] |
Ubisoft | 2013 | unknown | gaming | hacked | [608] |
Ubuntu | 2013 | 2,000,000 | tech | hacked | [609] |
UCLA Medical Center, Santa Monica | 2015 | 4,500,000 | healthcare | hacked | [610] |
U-Haul | 2023 | 67,000, including full names, dates of birth, driver license numbers | transport | stolen credentials | [611] [612] |
MyFitnessPal [613] [614] | 2018 | 150,000,000 | consumer goods | hacked | [615] [616] |
UPS | 2014 | 51 locations | logistics | hacked | [617] |
Vastaamo | 2020 | 130,000 | healthcare | hacked | [618] |
Verifications.io (first leak) | 2019 | 809,000,000 | online marketing | poor security | [619] |
Verifications.io (total leaks) | 2019 | 2,000,000,000 | online marketing | poor security | [620] |
Verizon Communications | 2016 | 1,500,000 | telecoms | hacked | [621] |
View Media | 2020 | 38,000,000 | online marketing | publicly accessible Amazon Web Services (AWS) server | [622] |
Virgin Media | 2020 | 900,000 | telecoms | accidentally exposed | [623] [624] |
Vodafone | 2013 | 2,000,000 | telecoms | inside job | [625] |
VTech | 2015 | 5,000,000 | retail | hacked | [626] |
Walmart | 2015 | 1,300,000 | retail | hacked | [266] |
Washington Post | 2011 | 1,270,000 | media | hacked | [627] |
Wattpad | 2020 | 270,000,000 | web | hacked | [628] |
Wawa (company) | 2020 | 30,000,000 | retail | hacked | [629] |
Weebly | 2016 | 43,430,316 | web | hacked | [630] [631] |
Wellnow Urgent Care | 2023 | patients’ names, dates of birth, health information | healthcare | ransomware hacked | [632] |
Wendy's | 2015 | unknown | restaurant | hacked | [633] [634] |
Westpac | 2019 | 98,000 | financial | hacked | [635] |
Woodruff Arts Center | 2019 | unknown | arts group | poor security | [636] |
WordPress | 2018 | thousands of websites | web services | vulnerabilities in plugins | [637] |
Writerspace.com | 2011 | 62,000 | web | hacked | [638] |
Xat.com | 2015 | 6,054,459 | web | social engineering | [639] |
Yahoo | 2013 | 3,000,000,000 | web | hacked | [640] [641] |
Yahoo | 2014 | 500,000,000 | web | hacked | [642] [643] [644] [645] [646] |
Yahoo Japan | 2013 | 22,000,000 | tech, web | hacked | [647] |
Yahoo! Voices | 2012 | 450,000 | web | hacked | [648] [649] |
YouTube | 2020 | 4,000,000 | social network | poor security | [407] |
Yum! Brands | 2023 | names, driver's license numbers, and other ID card numbers. | restaurant | ransomware attack | [650] [651] |
Zappos | 2012 | 24,000,000 | e-commerce | hacked | [652] |
Zynga | 2019 | 173,000,000 | social network | hacked | [653] [654] |
Experian | 2020 | 23,000,000 | finance | social engineering | [655] |
Adult FriendFinder(AFF) is an internet-based, adult-oriented social networking service, online dating service and swinger personals community website, founded by Andrew Conru in 1996.
CafePress, Inc. is an American online retailer of stock and user-customized on-demand products. The company was founded in San Mateo, California, but is now headquartered in Louisville, Kentucky, where its production facility is also located. In 2001, CafePress.com won the People's Voice Webby Award in the Commerce category.
The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
LastPass is a password manager application. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.
The 2011 PlayStation Network outage was the result of an "external intrusion" on Sony's PlayStation Network and Qriocity services, in which personal details from approximately 77 million accounts were compromised and prevented users of PlayStation 3 and PlayStation Portable consoles from accessing the service. The attack occurred between April 17 and April 19, 2011, forcing Sony to deactivate the PlayStation Network servers on April 20. The outage lasted 23 days.
The 2012 LinkedIn hack refers to the computer hacking of LinkedIn on June 5, 2012. Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin was convicted of the crime and sentenced to 88 months in prison.
In July 2012, Yahoo Voice, a user-generated content platform owned by Yahoo, suffered a major data breach. On July 11, 2012, a hacking group calling itself "D33DS Company" posted a file online containing approximately 450,000 login credentials and passwords from Yahoo Voice users. The data was obtained through a SQL injection attack that exploited vulnerabilities in Yahoo's database servers.
mSpy is a brand of mobile and computer parental control monitoring software for iOS, Android, Windows, and macOS. The app allows users to monitor and log activity on the client device. It is owned by the Ukrainian IT company Brainstack.
In July 2015, an unknown person or group calling itself "The Impact Team" announced they had stolen the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The hacker(s) copied personal information about the site's user base and threatened to release users' names and personal identifying information if Ashley Madison would not immediately shut down. As evidence of the seriousness of the threat, the personal information of more than 2,500 users was initially released. The company initially denied that its records were insecure, but it continued to operate.
Have I Been Pwned? is a website that allows Internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps. The site has been widely touted as a valuable resource for Internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.
Alex Holden is the owner of Hold Security, a computer security firm. As of 2015, the firm employs 16 people.
Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.
Connected toys are internet-enabled devices with Wi-Fi, Bluetooth, or other capabilities built in. These toys, which may or may not be smart toys, provide a more personalized play experience for children through embedded software that can offer app integration, speech and/or image recognition, RFID functionality, and web searching functions. A connected toy usually collects information about the users either voluntarily or involuntarily, which raises concerns on the topic of privacy. The data collected by the connected toys are usually stored in a database, where companies that produce connected toys can use the data for their own purposes, provided they do so in line with the protections outlined in the Children's Online Privacy Protection Act (COPPA).
Okta, Inc. is an American identity and access management company based in San Francisco. It provides cloud software that helps companies manage and secure user authentication into applications, and for developers to build identity controls into applications, websites, web services, and devices. It was founded in 2009 and had its initial public offering in 2017, reaching a valuation of over $6 billion.
Data breach incidences in India were the second highest globally in 2018, according to a report by digital security firm Gemalto. With over 690 million internet subscribers and growing, India has increasingly seen a rise in data breaches both in the private and public sector. This is a list of some of the biggest data breaches in the country.
ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.
The Epik data breach occurred in September and October 2021, targeting the American domain registrar and web hosting company Epik. The breach exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service. More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped. The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous. The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year. A second release, this time containing bootable disk images, was made on September 29. A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.
In summer 2021, T-Mobile US confirmed that the company had been subject to a data breach. A hacker called John Erin Binns took credit for the release of millions of customer records and the event was a contribution to T-Mobile receiving a fine of $15 million in 2024.
{{cite news}}
: CS1 maint: multiple names: authors list (link){{cite web}}
: CS1 maint: multiple names: authors list (link)