The worst data breaches in history

The worst data breaches in history

Though many businesses have reached a point of desensitization when it comes to news about data breaches, stricter implementation of data regulations highlights the importance of protecting user data. Organizations are no longer just required to announce that their systems have been breached, but they are also mandated to pay fines and penalties.

As business processes and personal information move online, the number of data breaches grow. While some go undetected, others put an entire company at risk. According to the 2019 MidYear Quickview Data Breach Report, the first half of the year has seen more than 3,800 publicly disclosed data breaches that exposed 4.1 billion records. This alarming number highlights how many businesses wrongly assume they’re too small to be on the radar of cybercriminals.

While more and more companies are taking the necessary countermeasures, fraudsters and cybercriminals are also getting smarter. Just last year, big names such as Macy’s Bloomingdale’s, and Reddit joined the ever-growing list of breach victims. Here are the worst data breach incidents over the years:

Yahoo! Inc.

When: Accounts stolen on two occasions, late 2014 and August 2013
What was stolen: 1 billion accounts and 500 million accounts, respectively
Who were affected: Account holders of Yahoo Mail, Yahoo Finance, Yahoo Fantasy Sports, and Flickr

The Yahoo breach could count as one of the biggest, if not the biggest breach in terms of records stolen. As of late, Yahoo is about to reach a $117.5 million settlement in a class-action lawsuit. Victims are likely eligible for their $100 cut or free credit monitoring.

First American Financial Corporation

When: 2019
What was exposed: Over 885 million Social Security numbers, tax documents, driver’s license images, bank account numbers and statements, mortgage and tax documents, and wire transaction receipts
Who were affected: Customers

First American learned of a design defect in an application that made unauthorized access to customer data possible. This hack was a major incident that underscored the poor progress many institutions had made in locking down customer data. While perfect security is impossible, the stakes could be incredibly high, as stolen data could be sold in the cybercriminal underground for nefarious purposes. Organizations as big as First American have shown that they overlooked basic errors.

Marriott/Starwood Hotels

When: November 2018
What was stolen: Personal data such as travel schedules, passport numbers
Who were affected: 500 million guests


Download our free eBook!

Our free eBook, 3 Types of Cyber Security Solutions Every Business Needs Today gives an insight on what fully supported cyber security solutions look like in practice.

Download Now!

Marriott first became aware of the hack when a security tool flagged an unusual database query made by a user with administrator privileges. The breach was potentially catastrophic, as hundreds of millions of people had their sensitive data for the taking.


When: 2016
What was stolen: 15 million “deleted” accounts that had not been purged from the database
Who were affected: 412 million people

Following the breach, user details immediately began leaking out of cybercrime forums. To add insult to injury, most of the passwords were protected by a weak algorithm that was stored and kept even after FriendFinder sold the site. According to the company, FriendFinder identified and fixed the vulnerability.


When: Mid-May to July 2017
What was exposed: Personal information such as Social Security numbers, birth dates, addresses, credit card numbers, and credit card dispute documents
Who were affected: 143 million users

As soon as Equifax discovered the hack, they acted immediately to stop the intrusion by having an independent cybersecurity firm conduct a comprehensive forensic review. Due to the substantial amount of personal information exposed, the investigation was complex and time-consuming.

However, the Federal Trade Commission and Equifax reached an agreement in July 2019. The latter will pay at least $575 million and up to $700 million to compensate victims of the data breach incident. As part of the settlement, affected users can file a claim for costs such as theft of identity and freezing and unfreezing accounts.

Heartland Payment Systems

When: 2018 to 2019
What was stolen: Credit and debit card information
Who were affected: 130 million customers

The hack on this New Jersey-based payment processor’s network went undetected for eight months. The breach exposed information from approximately 130 million bank details to cybercriminals. As a result, the company paid $140 million in fines and other penalties.

These alarming incidents illustrate how badly data breaches can impact affected users. The following practices can help mitigate potential damage caused by a data breach:

  1. Change your passwords regularly. Do this at least three times a year, and make sure to use strong and complex passwords, those that include at least 12 characters and a combination of uppercase and lowercase letters, numbers, and special characters.
  2. Use different passwords across online accounts, or better yet, use a password manager to help you generate and store robust passwords.
  3. Enable multifactor authentication (MFA). This feature adds an extra layer of security by requiring the use of two or more identification verification methods to log into an account.
  4. Secure all devices. Laptops, desktops, mobile devices must be protected by advanced security software. Additionally, make sure that those programs and your operating system (OS) are always updated, since outdated software may have vulnerabilities that hackers can exploit if not patched promptly.
  5. Notify your bank/authorities. Verify your account details for tampering and change your PIN codes immediately. If you’re a financial institution whose customers’ credentials or financials have been tampered with, provide fraud assistance programs for your customers.

No matter how “small” you think your business is, never underestimate the possibility of becoming a victim of a data breach. Choosing the right managed services provider (MSP) can definitely help you boost your organization’s overall security. Call us today to learn more.

Most tech consulting starts with “Press 1”

We just like to start with “Hello.”