The 10 Largest Data Breaches in U.S. History

A woman protecting her laptop's cybersecurity
Rawpixel.com / Shutterstock.com

This story originally appeared on Spanning.

COVID-19 has led to major changes in daily life for Americans, including a shift toward remote and at-home work.

While these changes have led to more flexible working conditions for employees, they have also increased data security risks.

New data from the Federal Trade Commission and the Identity Theft Resource Center indicates that heightened security risks brought on by more remote work are of particular concern when considering that data breach and identity theft reports doubled between 2014 and 2019.

Certain sectors are more vulnerable to data breaches than others. In 2019, the largest number of breaches occurred in the business and health care sectors, at 644 and 525 total data breaches, respectively.

In contrast, data security remains strongest in the banking and government sectors, both of which saw a decline in total data breaches between 2018 and 2019.

Employee error and negligence accounted for less than 11% of data breaches in 2019. However, with an increase in at-home and remote work, breaches stemming from a lack of employee knowledge or training is now more of a priority among employers.

To profile the most significant data breaches of U.S. companies, researchers at Spanning analyzed data from the Identity Theft Resource Center and the Federal Trade Commission, while also reviewing major news reports. Data breaches were defined as any unauthorized exposure to a company’s records, and incidents were ordered based on the total number of records exposed.

10. MySpace (2016)

MySpace homepage
Sharaf Maksumov / Shutterstock.com
  • Number of records exposed: 360 million
  • Type of breach: Hacking/intrusion
  • Industry: Social network
  • Types of information compromised: Account name, email, password

9. FriendFinder Networks (2016)

Hacker
GlebSStock / Shutterstock.com

  • Number of records exposed: 412 million
  • Type of breach: Hacking/intrusion
  • Industry: Social network
  • Types of information compromised: Account name, email, password, user activity dates

8. Facebook (2019)

Facebook user
tongcom photographer / Shutterstock.com
  • Number of records exposed: 419 million
  • Type of breach: Accidental web/internet exposure
  • Industry: Social network
  • Types of information compromised: Name, account ID, phone number, country

7. Marriott International (2018)

Marriott
Serjio74 / Shutterstock.com
  • Number of records exposed: 500 million
  • Type of breach: Hacking/intrusion
  • Industry: Hospitality
  • Types of information compromised: Name, physical address, phone number, email, passport number, date of birth, gender, reservation information

6. Yahoo (2014)

Yahoo app
dennizn / Shutterstock.com
  • Number of records exposed: 500 million
  • Type of breach: Hacking/intrusion
  • Industry: Media
  • Types of information compromised: Name, email, phone number, date of birth, login information

5. Facebook / Cultura Colectiva (2019)

facebook
Twin Design / Shutterstock.com
  • Number of records exposed: 540 million
  • Type of breach: Accidental web/internet exposure
  • Industry: Social network
  • Types of information compromised: Account name, account ID, Facebook comments and reactions

4. First American Corporation (2019)

Hacker
PR Image Factory / Shutterstock.com
  • Number of records exposed: 885 million
  • Type of breach: Accidental web/internet exposure
  • Industry: Financial
  • Types of information compromised: Bank account number, bank transactions, drivers license, Social Security number

3. People Data Labs / OxyData.io (2019)

Cybersecurity worker
Gorodenkoff / Shutterstock.com
  • Number of records exposed: 1.2 billion
  • Type of breach: Accidental web/internet exposure
  • Industry: Data
  • Types of information compromised: Name, email, phone number, social media profiles

2. River City Media (2017)

Hacker in a data breach
Mike_shots / Shutterstock.com
  • Number of records exposed: 1.37 billion
  • Type of breach: Accidental web/internet exposure
  • Industry: Marketing
  • Types of information compromised: Name, IP address, physical address, email

1. Yahoo (2013)

Yahoo building
JHVEPhoto / Shutterstock.com
  • Number of records exposed: 3 billion
  • Type of breach: Hacking/intrusion
  • Industry: Media
  • Types of information compromised: Name, email, phone number, date of birth, login information

Disclosure: The information you read here is always objective. However, we sometimes receive compensation when you click links within our stories.