2019 Data Breaches

17 Biggest Data Breaches Ever

Have you ever been involved in a data breach? Your information may have been compromised without you even knowing it. Last year alone, 1,244 data breaches occurred impacting 446.5 million people.

Below are 17 of the biggest data breaches ever - read more to see if your data has been breached.


1. Equifax
When - July 2017
Number of Victims - 147.9 million

Equifax is one of the largest credit bureaus in the United States. Equifax stated that an application vulnerability on their website led to a breach in their customer data. Equifax users had the following information stolen:

  • Social Security numbers
  • Birth dates
  • Addresses
  • Drivers’ license numbers
  • Credit card data


2. Ebay
When - February 2014
Number of Victims - 145 Million

This data hack occurred after a number of employee login credentials were obtained which gave hackers open access to eBay’s corporate network. The company emailed all eBay users a notice after the attack took place, asking them to change their password information. During the attack, both eBay employees and eBay customers had the following information stolen:

  • Encrypted passwords
  • Customer names
  • Email addresses
  • Mailing addresses
  • Phone numbers
  • Dates of birth


3. Experian
When - September 2017
Number of Victims - 143 Million

The breach at Experian began in May but was not discovered until almost a month after it was in progress. The full extent of the data breach was not announced until September of the same year. The hackers used a website vulnerability to obtain information about British, Candaian, and American Experian customers. The data breach lead hackers to obtain:

  • Social security numbers
  • Birth dates
  • Home addresses
  • Driver’s licenses
  • Credit card numbers
  • Credit card dispute documents


4. Heartland Payment Systems

When - May 2008
Number of Victims - 134 Million

At the time of the breach, Heartland was the sixth-largest payment processor in the U.S. It is unknown how the breach occurred, but the company was alerted to an issue after unauthorized credit card transactions began appearing on customer accounts. Data that was breached includes:

  • Credit card data
  • Payment card transactions


5. Target Stores

When - December 2013
Number of Victims - Around 110 Million

The Target data breach was announced several weeks after hackers had stolen customer’s information. During this breach, hackers gained access through a third-party HVAC vendor to target’s Point of Sale card readers. The hackers proceeded to collect:

  • Credit card numbers
  • Debit card numbers
  • Full names
  • Addresses
  • Email addresses
  • Telephone numbers


6. TJX Companies, Inc.

When - December 2006
Number of Victims - 94 million

TJX Companies operates more than 2,000 retail stores throughout the country including Marshalls, TJ Maxx, and HomeGoods. It is believed that the hack either began with hackers advantage of a weak data encryption system to steal customer credit card data or by hackers breaking into the TJX network via in-store job application kiosks. During the hacking, stolen information included:

  • Debit card information
  • Credit card information


7. Sony’s PlayStation Network

When - April 2011
Number of Victims - 77 Million

This breach is considered the worst gaming data breach of all time. The data breach was not revealed to PlayStation customers until after customers began to notice unusual activity on the same payment account as their PlayStation accounts. During this breach, the information that was stolen was…

  • Full Names
  • Passwords
  • Emails
  • Home addresses
  • Purchasing history
  • Credit card numbers
  • PlayStation Network logins and passwords


8. JPMorgan Chase

When - June 2014
Number of Victims - 76 Million individuals + 7 Million small businesses

The data breach at JPMorgan Chase occurred in June of 2014 but was not made public until October of 2014. Customers using the company platforms Chase.com, JPMorganOnline, Chase Mobile, and JPMorgan Mobile were impacted. During the attack, hackers obtained information from Chase customers such as:

  • Contact information
  • Names
  • Addresses
  • Phone numbers
  • Email addresses


9. Home Depot

When - September 2014
Number of Victims - 56 Million

In this data breach, Home Depot’s Point of Sale system was infected with malware. This infection happened almost 5 months before it was released to the public. The malware used to infect Home Depot’s POS was disguised as an anti-virus software service. The Home Depot breach resulted in hackers obtaining:

  • Payment card data
  • Email addresses


10. CardSystems Solutions Inc.

When - June 2005
Number of Victims - 40 Million

CardSystems Solutions is a company that processes payment data for MasterCard and other major credit card companies. A cybercriminal was able to hack into the CardSystems Network to obtain customer information. During the data breach, hackers were steal:

  • Credit card numbers


11. RSA Security

When - April 2011
Number of Victims - 40 Million Businesses

RSA Security was considered one of the world’s top computer-security companies. Hackers gained access to RSA’s SecurID two-factor authentication information through a phishing scam. The hackers sent two groups of RSA employees fake emails with the subject-line “2011 Recruitment Plan.” When one employee clicked, the hackers got access to all SecurID information. RSA Security has been hush about the ordeal, but it is confirmed that the following was stolen:

  • RSA serial numbers
  • SecurID account information


12. Ashley Madison

When - July 2015
Number of Victims - 37 Million

Ashley Madison was America’s most prominent dating website. The hackers decided to hack the site because they did not agree with what the site was promoting. During the hack, information stolen included:

  • Users’ real names
  • Addresses
  • Personal photographs
  • Payment information
  • Chat logs


13. Adobe

When - October 2013
Number of Victims - 38 Million

This data hack was announced in October, but it took weeks for the Abode team to determine the scale of the breach. During the Abode breach, hackers accessed:

  • Credit card records
  • Customer login data
  • Encrypted passwords
  • Customer names


14. Nasdaq

When - October 2010
Number of Victims - 38 Million

During this data breach, a group infiltrated the Nasdaq system. The hackers utilized traded text-strings to exploit SQL-injection vulnerabilities. Not only was Nasdaq affected in this hack, but other companies functioning on the Nasdaq stock exchange, such as PNCBank, 7-Eleven, and JCPenney, were impacted. During this hack, information taken included:

  • Login credentials
  • Sensitive data
  • Credit card data


15. Zappos

When - January 2012
Number of Victims - 24 Million

Zappos is a major online retailer. When the retailer was hacked, cybercriminals obtained:

  • Customer account information
  • Full names
  • Email addresses
  • Billing addresses
  • Shipping addresses
  • Phone numbers
  • Last 4 digits of credit/debit cards
  • Encrypted passwords


16. Staples

When - October 2014
Number of Victims - 1.16 Million

Staples suspected a cyberhacking when multiple credit card companies found a pattern of payment fraud. This suggested that the Staples’ computer system had been breached. Stolen information included:

  • Customers’ names
  • Payment information
  • Card numbers
  • Expiration dates
  • Card verification codes


17. Global Payments

When - April 2012
Number of Victims - 1.5 Million

The Global Payment data breach affected mainly North America. It is warned that the breach may have affected transactions dating back to June 2011. In the breach, hackers got:

  • Credit card numbers
  • Names Addresses

NO ONE IS SAFE! Identity theft is the #1 growing crime of the country. Get protected before something happens to you.