20 of the Worst Data Security Breaches to Date

It sure is convenient doing financial, social and personal business online, but increasingly it’s scary too. In recent years, businesses and institutions have been plagued by cybersecurity breaches — putting all our digital information at risk. A data breach is anything that results in unauthorized access of data, networks, applications or services by defeating a security system. Not even political organizations, such as the Democratic National Committee, have been safe from hackers’ intrusions. Here are 20 of the most serious such breaches that have taken place to date.

20. T-Mobile: Data from 15 million customers is compromised

Hackers captured data of 15 million T-Mobile customers by attacking the company that processes T-Mobile credit checks. In the fall of 2015, credit reporting agency Experian reported a breach lasting from Sept. 1, 2013, to Sept. 6, 2015. The stolen information included names, birthdates, addresses and Social Security numbers, but it did not include credit card or payment information, reported CNET. Anyone who went through a credit check was at risk.

19. U.S. Office of Personnel Management: Data of 21.5 million people is compromised

A massive breach of background-check records at the federal Office of Personnel Management (OPM) exposed the data of 21.5 million people, USA Today reported. The breach came to light in mid-2015. The information affected some 19.7 million people who applied for jobs requiring security clearance and 1.8 million others, primarily spouses and cohabitants of the applicants. Initially officials thought the breach was much smaller in scope. In testimony before Congress, representatives of OPM’s Office of the Inspector General said they had been concerned about security weaknesses in the office’s computer data systems.

18. Ashley Madison: Hack exposes 30 million accounts

A data breach of Ashley Madison, an online dating and social networking service marketed to people who are married or in relationships but want to cheat, resulted in the theft of data associated with more than 30 million accounts. Those whose personal information was affected included thousands of American government officials, as well as celebrities and members of the clergy, The New York Times reported. Avid Life Media, parent company of Ashley Madison, said no full credit card numbers from current or past members were taken. The breach was revealed in mid-2015.

17. RSA Security: Foreign phishing attacks 40 million employees

In March 2011, as many as 40 million employee records were stolen from RSA Security — a company that is in the business of preventing cybersecurity breaches, according to a report by CSO. RSA officials said no customer networks were breached. Two hacker groups were believed to have collaborated with a foreign government to mount the attacks against RSA employees using a phishing scam in which they disguised themselves online as people the employees trusted.

16. PlayStation Network: Data from 77 million users is stolen

In the spring of 2011, Sony reported that the personal data of about 77 million PlayStation Network users had been stolen online. Sony discovered that an unauthorized person had accessed names, addresses, email addresses, birthdates, passwords, security questions and more, The Guardian reported. Juveniles whose accounts had been created by their parents also may have had their data compromised.

15. Anthem: Hackers steal data on 80 million insurance clients

In early 2015, cybercriminals hacked into the Anthem health insurance company database, gaining access to about 80 million records including client names, birthdates, email addresses, street addresses and Social Security numbers. The hackers were armed with a stolen password when they broke into the database, reported CNET. Anthem later paid $115 million to settle a lawsuit against the company related to the breach.

14. JPMorgan Chase: Attack compromises data of 83 million households and businesses

A cyberattack on financial services and banking giant JPMorgan Chase was revealed in the summer of 2014. The attack compromised data from 76 million households and 7 million small businesses. The hackers illegally accessed addresses, ­email information and phone numbers, The New York Post reported.

13. AOL: 92 million screen names and email addresses are stolen

A former America Online software engineer in August 2005 was sentenced to a year and three months in prison for stealing 92 million screen names and email addresses from the company. Authorities said he used another employee’s access code in 2003 to steal a list of customers. He then sold the data to people who sent out as many as 7 billion unsolicited emails, the Associated Press reported.

12. TJX Companies: Breach exposes 94 million credit cards to potential fraud

An estimated 94 million Visa and MasterCard accounts may have been exposed to potential fraud at TJX Cos., which include retailers T.J. Maxx and Marshalls, the Associated Press reported. The full scope of the data breach came to light in 2007. Court filings in a bank case against TJX said fraud-related losses involving Visa cards alone ranged from $68 million to $83 million. The losses encompassed 13 countries.

11. Home Depot: 53 million email addresses and data from 56 million payment cards are stolen

Home Depot Inc. revealed that hackers in 2014 had stolen about 53 million email addresses and data from 56 million payment cards, Reuters reported. Hackers reportedly used a third-party vendor’s user name to break into the network. The company later said it had eliminated malware used in the attack from its systems. The malware had been customized to avoid detection.

10. Target: Hackers access data from 110 million customers

Hackers accessed credit and debit card information for 40 million Target customers during the 2013 holiday season, as noted in a New York Times report. Several weeks after that revelation, Target said information for an additional 70 million people, including their email and mailing addresses, also had been exposed. Target conducted an internal review, acknowledging that it had missed signs of the cybercrime.

9. LinkedIn: Security breach exposes upward of 117 million users

LinkedIn was hacked in 2012 in what originally was thought to be a theft of about 6.5 million passwords. In May 2016, CNN reported that the breach may have involved as many as 117 million passwords, and LinkedIn acknowledged that many login credentials were being sold on the black market. The initial response to the hack was a mandatory password reset for all accounts believed to have been compromised.

8. Heartland Payment Systems: Hack exposes data from 130 million credit cards

In early 2009, Heartland Payment Systems announced that intruders had hacked into computers used to process payment card transactions. An estimated 130 million customers with a variety of credit card types were affected. Heartland ended up paying more than $110 million to Visa, MasterCard, American Express and other credit card companies to settle claims that stemmed from the breach, CNN reported.

7. Equifax: Breach exposes 143 million Americans’ data

A massive security breach took place at Equifax between mid-May and July of 2017, CNN reported. An estimated 143 million Americans were affected. Cybercriminals gained access to names, Social Security numbers, birthdates, addresses and some driver’s license numbers. Additionally, credit card numbers for about 209,000 U.S. customers were accessed along with identifying information on about 182,000 people involved in credit report disputes. U.K. and Canada residents also were affected. Equifax said it had discovered the hack on July 29, though it was not publicly reported until September. The data breach is considered to be one of the worst ever, based on its scope and the sensitive information that was exposed. Equifax is one of three nationwide credit-reporting companies that track and rate consumers’ financial histories in the U.S.

6. eBay: Hackers access about 145 million users’ records

In May 2014, eBay Inc. reported that its network had been breached three months earlier. Hackers reportedly gained access to about 145 million records. According to Reuters, eBay advised customers to change their passwords. The hacked records reportedly contained passwords as well as email addresses, birthdates, mailing addresses and other personal information, but no credit card numbers or financial data. The hackers accessed the website after obtaining login credentials for a few employees, eBay said.

5. Myspace: Breach affects more than 360 million accounts

In May 2016, operators of the Myspace social networking site reported that its data had been compromised by a security breach. More than 360 million accounts were affected — including inactive accounts that were set up when the site was in its heyday, reported USA Today. Time Inc., which bought the website in February 2016, said the stolen data was limited to user names, passwords and email addresses taken from the platform prior to June 11, 2013, when the site was relaunched with stronger security. Time Inc. responded to the breach by invalidating the passwords of all known affected users. The hack reportedly didn’t affect any of Time Inc.’s other media properties, systems or subscriber information.

4. Friend Finder Network: Breach hits 412 million adult accounts

Internet-based adult dating and pornography site company Friend Finder Networks was hacked in October 2016, revealing details of more than 412 million accounts, The Guardian reported. Data exposed included email addresses, passwords, browser information and membership statuses across several sites operated by Friend Finder. The attack was far more extensive than an earlier breach of Ashley Madison, an online service that facilitates extramarital relationships.

3. Yahoo: Cyberattack affects 500 million accounts

Yahoo announced in September 2016 that hackers had stolen data from at least 500 million accounts in a late 2014 data breach, according to a CNN report. Affected account information may have included email addresses, telephone numbers, names, hashed passwords and security questions. The company said a “state-sponsored actor,” meaning a representative of a foreign government, was believed to have been behind the attack.

2. Yahoo: Another security breach affects 3 billion accounts

In December 2016, Yahoo disclosed another sweeping security breach, one that took place in 2013. The company said then that the attack may have resulted in the theft of data from more than 1 billion of its user accounts. However, in October 2017, it was revealed that all 3 billion of Yahoo’s users as of 2013 had been affected. That makes the hack the largest in history, USA Today reported. Verizon, which bought Yahoo in a $4.5 billion deal in June 2017, disclosed the updated information it had learned during the integration of the two firms. The price was trimmed by $350 million after Yahoo’s initial data breach revelations, CBS News reported.

1. Democratic National Committee communications are hacked

The Associated Press recently completed an investigation of how Russians hacked Democratic National Committee email systems during the 2016 presidential campaign, releasing information damaging to the campaign of Democratic Party nominee Hillary Clinton. Clinton was running against Republican nominee Donald Trump, the eventual winner. The attack marked the first known time that a foreign power used computer hacking to attempt to influence an American presidential election. While the extent of Russian influence on the election remains under investigation, there is broad agreement among U.S. intelligence agencies that an organized cyberattack originating from Russia did occur. The AP found that hackers closely aligned with the interests of the Russian government conducted an effort designed to gather millions of email messages related to the Clinton campaign. Because of its political nature, the Democratic National Committee breach had the potential to broadly impact the nation as a whole.

Have you been affected by one or more of these data breaches? Share your experience below or on our Facebook page.