Risk Based Security reports that over 38 billion records have been exposed since 2010.
Those numbers sound overwhelming - and they are. According to recent estimates from the Census Bureau, there are approximately 327 million Americans. 116 accounts have been compromised each year for the past decade on average.
At least 40,650 data breaches have occurred since the beginning of 2010, reports Risk Based Security for CNBC Make It. The data breaches were many and small, but a few mega hacks will likely go down in history.
Based on the number of accounts affected in each data breach announced since 2010, the Identity Theft Resource Center presented CNBC Make It with the ranking. Only breaches confirmed to have affected a certain number of records were included in the ranking.
In the past year, many companies, such as 7-Eleven, WhatsApp, and Fortnite, disclosed security holes affecting millions of websites that appeared to have exposed customer information, but the extent of the breach was not disclosed.
In this article, we look at some of the most historic data breaches from this decade.
Total number of records compromised: 161.5 million
According to Dubsmash, hackers acquired the names, emails addresses, and password hashes of 162 million users in February.
The data breach was sold on the dark web in February 2019, even though it occurred in December 2018. There were more than 600 million accounts included in a data dump from 16 websites hacked.
Total number of records compromised: 147 million
Data breaches like Equifax's were among the biggest in history. 147 million American consumers were affected by the data breach, essentially 56% of the country's population in September 2017. Those hacked had access to names, SNNs, birth dates, credit card numbers, and even drivers' license numbers.
Equifax has admitted that the company failed to install necessary patches for the vulnerability in its system not disclosed in March when it was informed that hackers could exploit it.
A federal and state investigation into Equifax's handling of the massive data breach led to a $700 million settlement in July. When Equifax announced the settlement, it was not yet clear whether data from the 2017 breach had made its way onto the dark web.
- Republican National Committee (Deep Root Analytics)
Total number of records compromised: 198 million
In June 2017, cybersecurity experts discovered publicly accessible voter information on a server containing information for 198 million Americans. A conservative marketing firm hired by the Republican National Committee did not keep voter information secure, as it turned out. In addition to home addresses, birthdays, birthday sets of numbers, and opinions on political issues, Deep Root's cloud server was accessible to all for about 12 days.
- UnderArmour (MyFitnessPal)
Total number of records compromised: 143.6 million
A hacker gained access to the backend database of fitness and diet app MyFitnessPal, according to fitness apparel company UnderAmour in March 2018.
Hackers were able to obtain usernames, passwords, and emails. Passwords that have been hashed are encoded and must be cracked to be used.
Total number of records compromised: 340 million
Exactis, a marketing and data aggregation firm based in the United States, went almost unnoticed by most Americans until June 2018. Before that, Exactis had quietly built a database of personal information on millions of Americans.
Vinny Troia, an experienced security researcher, discovered vulnerability for this database in early June 2018, when it was built on an unsecured server. There were about two terabytes of data exposed by Exactis, which included e-mail addresses, home addresses, telephone numbers, and information about home members, including one's hobbies, and about children, someone had in the home.
Total number of records compromised: 218 million
Zynga, which makes the popular “Draw Something” and “Words with Friends” games for mobile devices, announced in October that hackers swiped account login information on Sept. 12.
About 218 million iOS and Android users who downloaded the games before Sept. 2, 2019, also were accessed by the hacker by their usernames, emails, log-in IDs, some Facebook IDs, phone numbers, and Zynga account IDs.
- Marriott (Starwood)
Total number of records compromised: 383 million
In November 2018, Marriott Hotels reported that over 300 million people had their contact information, passport numbers, addresses, and personal information accessed through a major data breach. It is worth noting that Marriott Hotels purchased Starwood hotels in 2016.
As many as 500 million Starwood guest accounts were compromised; Marriott's data team confirmed that the hacking may have been ongoing since 2014.
- River City Media
Total number of records compromised: 1.37 billion
1.4 billion records were compromised by River City Media, a company that specializes in email marketing. When an incorrect backup was configured, the company accidentally published a database containing IP addresses, names, and physical addresses online.
At the time of the data breach discovery, MacKeeper security researcher Chris Vickery said River City Media could gather the data through spam operations that entailed emailing people with promises of credit checks, scholarships, and sweepstakes.
Total number of records compromised: 445 million
Mishandling customer data by a data management firm is not good for the company's public image. That’s what the Swiss firm Veeam experienced. "A marketing database was mistakenly left accessible to third parties, according to a statement from the company."
An estimated 445 million names, emails, and IP addresses were displayed in their database for about 10 days due to a "human error." It said that most of the data in the exposed database were duplicate data and 4.5 million unique email addresses were exposed.
Total number of records compromised: around 3 billion
As of now, Yahoo is known as the company that has experienced the largest data breach. Approximately one billion Yahoo users' names, email addresses, telephone numbers, and dates of birth were exposed thanks to multiple hacks over the years, the company revealed. Verizon announced plans to acquire Yahoo in July 2016.
A breach affected as many as 500 million Yahoo accounts in 2014, the company announced in September 2016.
After that announcement, it announced in December of that same year that at least one billion user accounts had been exposed by an attack on its network in 2013.
Verizon noted that all three billion Yahoo users were affected by the 2013 attack after the sale of Yahoo closed in 2017. A class-action lawsuit against Yahoo over how it dealt with the hackers was finally settled for $117.5 million in April 2019.
- Quest Diagnostics
Total number of records compromised: 11.9 million
The American Medical Collection Agency, a vendor of laboratory-testing company Quest Diagnostics' billing and collections department, was the victim of a data breach announcement in June. Over eight months, about 11.9 million customers' medical, financial, and personal information was exposed. This included credit card numbers, phone numbers, accounts, and medical information.
AMCA was not the only company affected, as LabCorp said 7.7 million of its customers' personal and financial data was also exposed. The filing for bankruptcy was made just weeks after AMCA was notified about the breaches, the two elements added up in "enormous expenses" the company racked up notifying customers of the breaches and defections of some of its biggest customers. After finding out about the breach, LabCorp, Quest Diagnostics, Conduent, and CareCentrix all dropped AMCA.
- Capital One
Total number of records compromised: 100 million
The application information of over 100 million Americans and 6 million Canadians have been compromised by a hacker since 2005, Capital One reported late last month.
Data from applications hacked ranged from 2005 through early 2019 and included names, addresses, zip codes, email addresses, phone numbers, and birth dates of consumers.
There are an estimated 140,0000 U.S. credit card customers whose bank account numbers have been exposed, as well as 80,000 secured credit cardholders.
A distinct difference between Capital One's breach and other large data breaches is that it included sensitive information, like Social Security numbers.
Total number of records compromised: 48.9 million
Hackers stole usernames and encrypted passwords from Houzz customers, as well as publicly visible profile information, the company informed customers at the start of the year. According to ITRC, 48,881,308 accounts were affected by the breach, according to the company's FAQ. A breach of Houzz's security occurred in December 2018; however, no financial information was taken.
Total number of records compromised: 11 million
It came to light in October 2015 that Chinese hackers probed health insurance company Anthem in an attempt to find out details about the US health insurance system. The small insurer Premera said it had been hacked about 11 million times in March, not just Anthem.
Hackers have all too often targeted healthcare organizations for selling their information on the black market since healthcare data has become one of the most valuable assets.
- Carphone Warehouse
Total number of records compromised: 2.5 million
Almost 2.5 million individuals' details were stolen and their credit card information encrypted during the UK's biggest cyber breach in 2015. A sophisticated cyber-attack took place against the company, which the industry watchdog was investigating.
The top hackers of this generation attempted to make the world a brighter place, and others made attempts to prove UFO theories. Others hoped for fame, others wanted money. The internet and cyber security have evolved from the work of all these people!
Neha Singh is the Founder & CEO of Securium Solutions with a demonstrated history of working in the information technology and services industry. She is skilled in ECSA, Vulnerability Management, Security Information and Event Management (SIEM), Management, and Business Development. She loves traveling and trekking.
- Blog2022.05.02Lupo - Malware IOC Extractor and Debugging module for Malware Analysis Automation
- Blog2022.05.02DDexec - a technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process
- Blog2022.04.28ADReaper - A fast enumeration tool for Windows Active Directory Pentesting written in Go
- Blog2022.04.27Shhhloader - SysWhispers Shellcode Loader
Why is Coinbase not on this list? Are they getting a Free Pass?