List of data breaches
Updated: 5/20/2026, 8:16:03 PM Wikipedia source
This is a non-exhaustive list of reports about data breaches, using data compiled from various sources, including press reports, government news releases, and mainstream news articles. The list includes those involving the theft or compromise of 30,000 or more records, although many smaller breaches occur continually. Note that other sources compile more complete lists. Breaches of large organizations where the number of records is still unknown are also listed. In addition, the various methods used in the breaches are listed, with hacking being the most common. As a result of data breaches, it is estimated that in first half of 2018 alone, about 4 billion records were exposed. In 2019, a collection of 2 billion identity records, consisting of 774 million unique email addresses and 21 million unique passwords, was posted on the web for sale. In January 2024, a data breach dubbed the "mother of all breaches" was uncovered. Over 26 billion records, including some from Twitter, Adobe, Canva, LinkedIn, and Dropbox, were found in the database. No organization immediately claimed responsibility.
Tables
· List of data breaches involving a government or public entity
United States
United States
Government
United States
Agency
United States Immigration and Customs Enforcement, United States Border Patrol
Year
2026
Records
Information of 4,500 employees allegedly leaked by a whistleblower in response to the killing of Renée Good.
Organization type
immigration
Method
Whistleblowing
Netherlands
Netherlands
Government
Netherlands
Agency
National Police Corps of the Netherlands
Year
2024
Records
63,000+ staff members data including names, email addresses, phone numbers
Organization type
police
Method
hacked
United Kingdom
United Kingdom
Government
United Kingdom
Agency
Transport for London
Year
2024
Records
5000+ Passengers data including home addresses, bank account details, unconfirmed number of Staff data leaked too
Organization type
Local Transport authority
Method
hacked
50 companies and government institutions
50 companies and government institutions
Government
50 companies and government institutions
Agency
Various
Year
2022
Records
6,400,000
Organization type
various
Method
poor security
California
California
Government
California
Agency
California Department of Corrections and Rehabilitation
Year
2022
Records
236,000 inmates personally identifiable information (PII) and protected health information (PHI)
Organization type
government
Method
CDCR denies any wrongdoing
India
India
Government
India
Agency
Indian Council of Medical Research
Year
2023
Records
815,000,000+, including Aadhaar IDs, passport details, names, phone numbers, addresses
Organization type
government
Method
hacked by pwn0001
Australia
Australia
Government
Australia
Agency
Australian Immigration Department
Year
2015
Records
G20 world leaders
Organization type
government
Method
accidentally published
Australia
Australia
Government
Australia
Agency
Australian National University
Year
2019
Records
19 years of data
Organization type
academic
Method
hacked
Sydney, Australia
Sydney, Australia
Government
Sydney, Australia
Agency
Western Sydney University
Year
2024
Records
7,500, including email accounts, SharePoint files, and the Microsoft Office 365 environment
Organization type
academic
Method
hacked
Bangladesh
Bangladesh
Government
Bangladesh
Agency
Office of the Registrar General, Birth & Death Registration
Year
2023
Records
50,000,000+
Organization type
government
Method
data leak due to security vulnerabilities
United Kingdom
United Kingdom
Government
United Kingdom
Agency
BBC
Year
2024
Records
25,290 employee pension records, including name, date of birth, home address, national insurance number
Organization type
public broadcasting
Method
hacked
United Kingdom
United Kingdom
Government
United Kingdom
Agency
British Library
Year
2023
Records
unknown
Organization type
government
Method
ransomware
United Kingdom
United Kingdom
Government
United Kingdom
Agency
British National Party
Year
2008
Records
Records
Organization type
Politics
United Kingdom
United Kingdom
Government
United Kingdom
Agency
City and Hackney Teaching Primary Care Trust
Year
2007
Records
160,000
Organization type
healthcare
Method
lost / stolen media
United Kingdom / Scotland
United Kingdom / Scotland
Government
United Kingdom / Scotland
Agency
NHS Dumfries and Galloway
Year
2024
Records
still unknown
Organization type
healthcare
Method
cyber attack
Bulgaria
Bulgaria
Government
Bulgaria
Agency
Bulgarian National Revenue Agency
Year
2019
Records
over 5,000,000
Organization type
government
Method
hacked
California
California
Government
California
Agency
California Department of Child Support Services
Year
2012
Records
800,000
Organization type
government
Method
lost / stolen media
United States
United States
Government
United States
Agency
Central Intelligence Agency
Year
2017
Records
91
Organization type
malware tools
Method
internal job
Colorado, US
Colorado, US
Government
Colorado, US
Agency
Colorado Department of Health Care Policy & Financing
Year
2010
Records
105,470
Organization type
healthcare
Method
lost / stolen computer
United States
United States
Government
United States
Agency
Consumer Financial Protection Bureau
Year
2023
Records
256,000
Organization type
bureau
Method
poor security
United States
United States
Government
United States
Agency
Centers for Medicare & Medicaid Services
Year
2018
Records
75,000
Organization type
healthcare
Method
hacked
South Korea
South Korea
Government
South Korea
Agency
Defense Integrated Data Center (South Korea)
Year
2017
Records
235 GB
Organization type
government, military
Method
hacked
United States
United States
Government
United States
Agency
Democratic National Committee
Year
2016
Records
19,252
Organization type
political
Method
hacked
United States
United States
Government
United States
Agency
Department of Homeland Security
Year
2016
Records
30,000
Organization type
government
Method
poor security
Indonesia
Indonesia
Government
Indonesia
Agency
Directorate General of Immigration of Indonesia
Year
2023
Records
34,900,867
Organization type
Government
Method
hacked and published
Indonesia
Indonesia
Government
Indonesia
Agency
Directorate General of Population and Civil Registration (Dukcapil)
Year
2023
Records
337,225,463
Organization type
Government
Method
leaked and published
United Kingdom
United Kingdom
Government
United Kingdom
Agency
Driving Standards Agency
Year
2007
Records
3,000,000
Organization type
government
Method
lost / stolen media
Ecuador
Ecuador
Government
Ecuador
Agency
?
Year
2019
Records
20,800,000 records, including names, family members, financial and work data, civil registration data, car ownership data
Organization type
government
Method
poor security / misconfigured server
?
?
Government
?
Agency
Embassy Cables
Year
2010
Records
251,000
Organization type
government
Method
inside job
England/Wales
England/Wales
Government
England/Wales
Agency
England and Wales Cricket Board
Year
2024
Records
43,299
Organization type
government
Method
unknown
European Union
European Union
Government
European Union
Agency
European Central Bank
Year
2014
Records
unknown
Organization type
financial
Method
hacked
United States
United States
Government
United States
Agency
FBI
Year
2016
Records
Records
Organization type
law enforcement
Method
hacked
United States
United States
Government
United States
Agency
Federal Reserve Bank of Cleveland
Year
2010
Records
400,000
Organization type
financial
Method
hacked
Florida
Florida
Government
Florida
Agency
Florida Department of Juvenile Justice
Year
2013
Records
100,000
Organization type
government
Method
lost / stolen computer
Unknown
Unknown
Government
Unknown
Agency
Unknown
Year
2020
Records
201,000,000
Organization type
personal and demographic data about residents and their properties of US
Method
Poor security
Greece
Greece
Government
Greece
Agency
?
Year
2012
Records
9,000,000
Organization type
government
Method
hacked
Singapore
Singapore
Government
Singapore
Agency
Health Sciences Authority
Year
2019
Records
808,000
Organization type
healthcare
Method
poor security
Ireland
Ireland
Government
Ireland
Agency
Health Service Executive
Year
2021
Records
unknown
Organization type
healthcare
Method
unknown
London, UK
London, UK
Government
London, UK
Agency
Heathrow Airport
Year
2017
Records
2
Organization type
transport
Method
lost / stolen media
United States
United States
Government
United States
Agency
Internal Revenue Service
Year
2015
Records
720,000
Organization type
financial
Method
hacked
Japan
Japan
Government
Japan
Agency
Japan Pension Service
Year
2015
Records
1,250,000
Organization type
special public corporation
Method
hacked
Jefferson County, West Virginia
Jefferson County, West Virginia
Government
Jefferson County, West Virginia
Agency
?
Year
2008
Records
1,600,000
Organization type
government
Method
accidentally published
Cedar Rapids, Iowa
Cedar Rapids, Iowa
Government
Cedar Rapids, Iowa
Agency
Kirkwood Community College
Year
2013
Records
125,000
Organization type
academic
Method
hacked
Massachusetts, US
Massachusetts, US
Government
Massachusetts, US
Agency
Massachusetts Executive Office of Labor and Workforce Development
Year
2011
Records
210,000, including names, Social Security numbers, employer identification numbers, emails, home addresses
Organization type
government
Method
hacked with a trojan
United States
United States
Government
United States
Agency
Medicaid
Year
2012
Records
780,000
Organization type
government, healthcare
Method
hacked
Chile
Chile
Government
Chile
Agency
Ministry of Education
Year
2008
Records
6,000,000, including ID card numbers, addresses, telephone numbers academic records
Organization type
government
Method
hacked
Chile
Chile
Government
Chile
Agency
Servicio Electoral de Chile (Servel)
Year
2019
Records
14,308,151, including names, addresses, tax ID numbers
Organization type
government
Method
misconfigured server
Shanghai, China
Shanghai, China
Government
Shanghai, China
Agency
Shanghai National Police Database
Year
2022
Records
1,000,000,000, including name, address, birthplace, national ID number, mobile number, all crime/case details
Organization type
government
Method
unsecured database
Singapore
Singapore
Government
Singapore
Agency
Ministry of Health
Year
2019
Records
14,200
Organization type
healthcare
Method
poor security/inside job
Slovakia
Slovakia
Government
Slovakia
Agency
National Health Information Center (NCZI) of Slovakia
Year
2020
Records
391,250
Organization type
healthcare
Method
poor security
Norway
Norway
Government
Norway
Agency
Norwegian Tax Administration
Year
2008
Records
3,950,000
Organization type
government
Method
accidentally published
United States
United States
Government
United States
Agency
Office of Personnel Management
Year
2015
Records
21,500,000
Organization type
government
Method
hacked
Texas, US
Texas, US
Government
Texas, US
Agency
Office of the Texas Attorney General
Year
2012
Records
6,500,000
Organization type
government
Method
accidentally published
United Kingdom
United Kingdom
Government
United Kingdom
Agency
Ofcom
Year
2016
Records
unknown
Organization type
telecom
Method
inside job
Columbus, Ohio
Columbus, Ohio
Government
Columbus, Ohio
Agency
Ohio State University
Year
2010
Records
760,000, including names, Social Security numbers, dates of birth, addresses
Organization type
academic
Method
hacked
Oregon
Oregon
Government
Oregon
Agency
Oregon Department of Transportation
Year
2011
Records
1,000,000, including names, addresses, dates of birth
Organization type
government
Method
hacked
Various
Various
Government
Various
Agency
Pandora Papers
Year
2021
Various
Various
Government
Various
Agency
Paradise Papers
Year
2017
Records
records
Philippines
Philippines
Government
Philippines
Agency
Commission on Elections
Year
2016
Records
55,000,000
Organization type
government
Method
hacked
Philippines
Philippines
Government
Philippines
Agency
Various law enforcement agencies (Philippine National Police, National Bureau of Investigation, Bureau of Internal Revenue)
Year
2023
Records
1,279,437
Organization type
government
Method
poor security
Puerto Rico
Puerto Rico
Government
Puerto Rico
Agency
Puerto Rico Department of Health
Year
2010
Records
515,000
Organization type
healthcare
Method
hacked
Argentina
Argentina
Government
Argentina
Agency
RENAPER (Argentina)
Year
2018
Records
45,000,000
Organization type
government
Method
poor security
Russia
Russia
Government
Russia
Agency
Roscosmos
Year
2022
Records
handwritten forms, PDFs, spreadsheets, descriptions of lunar missions.
Organization type
aerospace
Method
hacked by v0g3lsec
Sakai City, Japan
Sakai City, Japan
Government
Sakai City, Japan
Agency
?
Year
2015
Records
680,000
Organization type
government
Method
inside job
San Francisco, California
San Francisco, California
Government
San Francisco, California
Agency
San Francisco Public Utilities Commission
Year
2011
Records
180,000
Organization type
government
Method
hacked
New South Wales, AU
New South Wales, AU
Government
New South Wales, AU
Agency
Service NSW
Year
2020
Records
104,000
Organization type
government
Method
hacked
United Kingdom
United Kingdom
Government
United Kingdom
Agency
Service Personnel and Veterans Agency (UK)
Year
2008
Records
50,500
Organization type
government
Method
lost / stolen media
South Africa
South Africa
Government
South Africa
Agency
South Africa police
Year
2013
Records
16,000
Organization type
government
Method
hacked
South Carolina, US
South Carolina, US
Government
South Carolina, US
Agency
South Carolina Department of Revenue
Year
2012
Records
6,400,000
Organization type
healthcare
Method
inside job
Stanford, California
Stanford, California
Government
Stanford, California
Agency
Stanford University
Year
2008
Records
72,000, including dates of birth, Social Security numbers, home addresses
Organization type
academic
Method
lost / stolen computer
Texas, US
Texas, US
Government
Texas, US
Agency
?
Year
2011
Records
3,500,000
Organization type
government
Method
accidentally published
Syrian government (Syria Files)
Syrian government (Syria Files)
Government
Syrian government (Syria Files)
Agency
Various
Year
2012
Records
2,434,899
Organization type
government
Method
hacked
Texas
Texas
Government
Texas
Agency
Texas Lottery
Year
2007
Records
89,000+, including names, Social Security numbers, addresses, prize amounts
Organization type
government
Method
inside job
United States
United States
Government
United States
Agency
Tricare
Year
2011
Records
4,901,432, including Social Security numbers, addresses, phone numbers, clinical notes, laboratory tests, prescriptions
Organization type
military, healthcare
Method
lost / stolen computer
United Kingdom
United Kingdom
Government
United Kingdom
Agency
UK Home Office
Year
2008
Records
84,000
Organization type
government
Method
lost / stolen media
United Kingdom
United Kingdom
Government
United Kingdom
Agency
UK Ministry of Defence
Year
2008
Records
1,700,000
Organization type
government
Method
lost / stolen media
United Kingdom
United Kingdom
Government
United Kingdom
Agency
United Kingdom parliamentary expenses scandal
Year
2009
Records
Records
Organization type
government
United Kingdom
United Kingdom
Government
United Kingdom
Agency
UK Revenue & Customs
Year
2007
Records
25,000,000
Organization type
government
Method
lost / stolen media
United Nations
United Nations
Government
United Nations
Agency
?
Year
2019
Records
unknown
Organization type
international
Method
hacked
| Government | Agency | Year | Records | Organization type | Method | Sources |
| United States | United States Immigration and Customs Enforcement, United States Border Patrol | 2026 | Information of 4,500 employees allegedly leaked by a whistleblower in response to the killing of Renée Good. | immigration | Whistleblowing | |
| Netherlands | National Police Corps of the Netherlands | 2024 | 63,000+ staff members data including names, email addresses, phone numbers | police | hacked | |
| United Kingdom | Transport for London | 2024 | 5000+ Passengers data including home addresses, bank account details, unconfirmed number of Staff data leaked too | Local Transport authority | hacked | |
| 50 companies and government institutions | Various | 2022 | 6,400,000 | various | poor security | |
| California | California Department of Corrections and Rehabilitation | 2022 | 236,000 inmates personally identifiable information (PII) and protected health information (PHI) | government | CDCR denies any wrongdoing | |
| India | Indian Council of Medical Research | 2023 | 815,000,000+, including Aadhaar IDs, passport details, names, phone numbers, addresses | government | hacked by pwn0001 | |
| Australia | Australian Immigration Department | 2015 | G20 world leaders | government | accidentally published | |
| Australia | Australian National University | 2019 | 19 years of data | academic | hacked | |
| Sydney, Australia | Western Sydney University | 2024 | 7,500, including email accounts, SharePoint files, and the Microsoft Office 365 environment | academic | hacked | |
| Bangladesh | Office of the Registrar General, Birth & Death Registration | 2023 | 50,000,000+ | government | data leak due to security vulnerabilities | |
| United Kingdom | BBC | 2024 | 25,290 employee pension records, including name, date of birth, home address, national insurance number | public broadcasting | hacked | |
| United Kingdom | British Library | 2023 | unknown | government | ransomware | |
| United Kingdom | British National Party | 2008 | Records | Politics | ||
| United Kingdom | City and Hackney Teaching Primary Care Trust | 2007 | 160,000 | healthcare | lost / stolen media | |
| United Kingdom / Scotland | NHS Dumfries and Galloway | 2024 | still unknown | healthcare | cyber attack | |
| Bulgaria | Bulgarian National Revenue Agency | 2019 | over 5,000,000 | government | hacked | |
| California | California Department of Child Support Services | 2012 | 800,000 | government | lost / stolen media | |
| United States | Central Intelligence Agency | 2017 | 91 | malware tools | internal job | |
| Colorado, US | Colorado Department of Health Care Policy & Financing | 2010 | 105,470 | healthcare | lost / stolen computer | |
| United States | Consumer Financial Protection Bureau | 2023 | 256,000 | bureau | poor security | |
| United States | Centers for Medicare & Medicaid Services | 2018 | 75,000 | healthcare | hacked | |
| South Korea | Defense Integrated Data Center (South Korea) | 2017 | 235 GB | government, military | hacked | |
| United States | Democratic National Committee | 2016 | 19,252 | political | hacked | |
| United States | Department of Homeland Security | 2016 | 30,000 | government | poor security | |
| Indonesia | Directorate General of Immigration of Indonesia | 2023 | 34,900,867 | Government | hacked and published | |
| Indonesia | Directorate General of Population and Civil Registration (Dukcapil) | 2023 | 337,225,463 | Government | leaked and published | |
| United Kingdom | Driving Standards Agency | 2007 | 3,000,000 | government | lost / stolen media | |
| Ecuador | ? | 2019 | 20,800,000 records, including names, family members, financial and work data, civil registration data, car ownership data | government | poor security / misconfigured server | |
| ? | Embassy Cables | 2010 | 251,000 | government | inside job | |
| England/Wales | England and Wales Cricket Board | 2024 | 43,299 | government | unknown | |
| European Union | European Central Bank | 2014 | unknown | financial | hacked | |
| United States | FBI | 2016 | Records | law enforcement | hacked | |
| United States | Federal Reserve Bank of Cleveland | 2010 | 400,000 | financial | hacked | |
| Florida | Florida Department of Juvenile Justice | 2013 | 100,000 | government | lost / stolen computer | |
| Unknown | Unknown | 2020 | 201,000,000 | personal and demographic data about residents and their properties of US | Poor security | |
| Greece | ? | 2012 | 9,000,000 | government | hacked | |
| Singapore | Health Sciences Authority | 2019 | 808,000 | healthcare | poor security | |
| Ireland | Health Service Executive | 2021 | unknown | healthcare | unknown | |
| London, UK | Heathrow Airport | 2017 | 2 | transport | lost / stolen media | |
| United States | Internal Revenue Service | 2015 | 720,000 | financial | hacked | |
| Japan | Japan Pension Service | 2015 | 1,250,000 | special public corporation | hacked | |
| Jefferson County, West Virginia | ? | 2008 | 1,600,000 | government | accidentally published | |
| Cedar Rapids, Iowa | Kirkwood Community College | 2013 | 125,000 | academic | hacked | |
| Massachusetts, US | Massachusetts Executive Office of Labor and Workforce Development | 2011 | 210,000, including names, Social Security numbers, employer identification numbers, emails, home addresses | government | hacked with a trojan | |
| United States | Medicaid | 2012 | 780,000 | government, healthcare | hacked | |
| Chile | Ministry of Education | 2008 | 6,000,000, including ID card numbers, addresses, telephone numbers academic records | government | hacked | |
| Chile | Servicio Electoral de Chile (Servel) | 2019 | 14,308,151, including names, addresses, tax ID numbers | government | misconfigured server | |
| Shanghai, China | Shanghai National Police Database | 2022 | 1,000,000,000, including name, address, birthplace, national ID number, mobile number, all crime/case details | government | unsecured database | |
| Singapore | Ministry of Health | 2019 | 14,200 | healthcare | poor security/inside job |
· List of data breaches involving companies
50 companies and government institutions
50 companies and government institutions
Entity
50 companies and government institutions
Year
2022
Records
6,400,000
Organization type
various
Method
poor security
21st Century Oncology
21st Century Oncology
Entity
21st Century Oncology
Year
2015
Records
2,200,000 customer's data, including names, Social Security numbers, physicians, diagnoses, insurance information
Organization type
healthcare
Method
hacked
23andMe
23andMe
Entity
23andMe
Year
2023
Records
6,900,000
Organization type
consumer genetics
Method
credential stuffing
500px
500px
Entity
500px
Year
2020
Records
14,870,304
Organization type
social network
Method
hacked
Accendo Insurance Co.
Accendo Insurance Co.
Entity
Accendo Insurance Co.
Year
2020
Records
175,350
Organization type
healthcare
Method
poor security
Accenture
Accenture
Entity
Accenture
Year
2007
Adobe Systems Incorporated
Adobe Systems Incorporated
Entity
Adobe Systems Incorporated
Year
2013
Records
152,000,000
Organization type
tech
Method
hacked
Adobe Inc.
Adobe Inc.
Entity
Adobe Inc.
Year
2019
Records
7,500,000
Organization type
tech
Method
poor security
ADT Inc.
ADT Inc.
Entity
ADT Inc.
Year
2024
Records
30,800, including email addresses, phone numbers and postal addresses.
Organization type
security
Method
accessing certain databases containing customer information
Advocate Medical Group
Advocate Medical Group
Entity
Advocate Medical Group
Year
2017
Records
4,000,000
Organization type
healthcare
Method
lost / stolen media
AerServ (subsidiary of InMobi)
AerServ (subsidiary of InMobi)
Entity
AerServ (subsidiary of InMobi)
Year
2018
Records
75,000
Organization type
advertising
Method
hacked
Affinity Health Plan, Inc.
Affinity Health Plan, Inc.
Entity
Affinity Health Plan, Inc.
Year
2013
Records
344,579
Organization type
healthcare
Method
lost / stolen media
Airtel
Airtel
Entity
Airtel
Year
2019
Records
320,000,000
Organization type
telecommunications
Method
poor security
Air Canada
Air Canada
Entity
Air Canada
Year
2018
Records
20,000
Organization type
transport
Method
hacked
Air India
Air India
Entity
Air India
Year
2021
Records
4,500,000, including name, date of birth, contact information, passport information, frequent flyer data, credit card data, ticket information
Organization type
transport
Method
hacked
Amazon Japan G .
Amazon Japan G .
Entity
Amazon Japan G .
Year
2019
Records
unknown
Organization type
online
Method
accidentally published
TD Ameritrade
TD Ameritrade
Entity
TD Ameritrade
Year
2005
Records
200,000
Organization type
financial
Method
lost / stolen media
Ameriprise Financial
Ameriprise Financial
Entity
Ameriprise Financial
Year
2005
Records
260,000 customer records
Organization type
financial
Method
stolen laptop
Ancestry
Ancestry
Entity
Ancestry
Year
2021
Records
300,000
Organization type
genealogy
Method
poor security
Animal Jam
Animal Jam
Entity
Animal Jam
Year
2020
Records
46,000,000
Organization type
gaming
Method
hacked
Ankle & Foot Center of Tampa Bay, Inc.
Ankle & Foot Center of Tampa Bay, Inc.
Entity
Ankle & Foot Center of Tampa Bay, Inc.
Year
2021
Records
156,000
Organization type
healthcare
Method
hacked
Anthem Inc.
Anthem Inc.
Entity
Anthem Inc.
Year
2015
Records
80,000,000
Organization type
healthcare
Method
hacked
AOL
AOL
Entity
AOL
Year
2004
Records
92,000,000
Organization type
web
Method
inside job
AOL
AOL
Entity
AOL
Year
2006
Records
20,000,000
Organization type
web
Method
accidentally published, (sometimes referred to as a "Data Valdez", due to its size)
AOL
AOL
Entity
AOL
Year
2014
Records
2,400,000
Organization type
web
Method
hacked
Apollo
Apollo
Entity
Apollo
Year
2018
Records
125,000,000
Organization type
tech, marketing
Method
poor security
Apple iCloud
Apple iCloud
Entity
Apple iCloud
Year
2014
Records
photographs of celebrities
Organization type
tech, cloud storage
Apple, Inc./BlueToad
Apple, Inc./BlueToad
Entity
Apple, Inc./BlueToad
Year
2021
Records
12,367,232
Organization type
tech, retail
Method
accidentally published
Apple
Apple
Entity
Apple
Year
2013
Records
275,000
Organization type
tech
Method
hacked
Apple Health Medicaid
Apple Health Medicaid
Entity
Apple Health Medicaid
Year
2021
Records
91,000
Organization type
healthcare
Method
poor security
Ascension
Ascension
Entity
Ascension
Year
2024
Records
5,599,699
Organization type
healthcare
Method
hacked
Ashley Madison
Ashley Madison
Entity
Ashley Madison
Year
2015
Records
32,000,000
Organization type
dating
Method
hacked
AT&T
AT&T
Entity
AT&T
Year
2008
Records
113,000
Organization type
telecoms
Method
lost / stolen computer
AT&T
AT&T
Entity
AT&T
Year
2010
Records
114,000
Organization type
telecoms
Method
hacked
AT&T
AT&T
Entity
AT&T
Year
2021
Records
72,000,000
Organization type
telecoms
Method
unknown
AT&T
AT&T
Entity
AT&T
Year
2024
Records
110,000,000
Organization type
telecoms
Method
hacked third party service
Atraf
Atraf
Entity
Atraf
Year
2021
Records
unknown
Organization type
dating
Method
hacked
Auction
Auction
Entity
Auction
Year
2008
Records
18,000,000
Organization type
web
Method
hacked
Aura
Aura
Entity
Aura
Year
2026
Records
900,000
Organization type
digital identity protection
Method
hacked (phishing of employee)
Canvas
Canvas
Entity
Canvas
Year
2026
Records
Allegedly 9,000 schools' records affected, including names, email addresses, ID numbers, and messages
Organization type
learning management system
Method
hacked
Australian Red Cross Blood Service
Australian Red Cross Blood Service
Entity
Australian Red Cross Blood Service
Year
2016
Records
550,000, including names, contact details, birthdates, medical details, information about "at-risk sexual behaviour"
Organization type
non-profit
Method
accidentally published
Automatic Data Processing
Automatic Data Processing
Entity
Automatic Data Processing
Year
2006
Records
125,000
Organization type
financial
Method
poor security
AvMed, Inc.
AvMed, Inc.
Entity
AvMed, Inc.
Year
2009
Records
1,220,000
Organization type
healthcare
Method
lost / stolen computer
Bailey's Inc.
Bailey's Inc.
Entity
Bailey's Inc.
Year
2015
Records
250,000
Organization type
retail
Method
hacked
The Bank of New York Mellon
The Bank of New York Mellon
Entity
The Bank of New York Mellon
Year
2008
Records
12,500,000, including names, addresses, birth dates, Social Security numbers
Organization type
financial
Method
lost box of data tapes
Bank of America
Bank of America
Entity
Bank of America
Year
2005
Records
1,200,000
Organization type
financial
Method
lost / stolen media
Barnes & Noble
Barnes & Noble
Entity
Barnes & Noble
Year
2012
Records
63 stores
Organization type
retail
Method
hacked
Bell Canada
Bell Canada
Entity
Bell Canada
Year
2017
Records
1,900,000
Organization type
telecoms
Method
poor security
Bell Canada
Bell Canada
Entity
Bell Canada
Year
2018
Records
100,000
Organization type
telecoms
Method
hacked
Bell Canada
Bell Canada
Entity
Bell Canada
Year
2024
Records
2,200,000
Organization type
telecoms
Method
data leak (12 nov. breachforums)
Benesse
Benesse
Entity
Benesse
Year
2014
Records
35,040,000
Organization type
educational services
Method
hacked
Betfair
Betfair
Entity
Betfair
Year
2010
Records
2,300,000
Organization type
gambling
Method
hacked
Bethesda Game Studios
Bethesda Game Studios
Entity
Bethesda Game Studios
Year
2011
Records
200,000
Organization type
gaming
Method
hacked
Bethesda Game Studios
Bethesda Game Studios
Entity
Bethesda Game Studios
Year
2018
Records
customer names, addresses, contact details, partial credit card numbers
Organization type
gaming
Method
accidentally published
Betsson Group
Betsson Group
Entity
Betsson Group
Year
2020
Records
unknown
Organization type
gambling
Method
unknown
Blank Media Games
Blank Media Games
Entity
Blank Media Games
Year
2018
Records
7,633,234
Organization type
gaming
Method
hacked
Blizzard Entertainment
Blizzard Entertainment
Entity
Blizzard Entertainment
Year
2012
Records
14,000,000
Organization type
gaming
Method
hacked
BlueCross BlueShield of Tennessee
BlueCross BlueShield of Tennessee
Entity
BlueCross BlueShield of Tennessee
Year
2009
Records
1,023,039
Organization type
healthcare
Method
lost / stolen media
BMO and Simplii
BMO and Simplii
Entity
BMO and Simplii
Year
2018
Records
90,000
Organization type
financial
Method
poor security
Boeing
Boeing
Entity
Boeing
Year
2006
Records
382,000 employees (after similar losses of data on 3,600 employees in April and 161,000 employees in November, 2005)
Organization type
transport
Method
Lost/Stolen Device
British Airways
British Airways
Entity
British Airways
Year
2018
Records
500,000
Organization type
transport
Method
hacked
British Airways
British Airways
Entity
British Airways
Year
2015
Records
tens of thousands
Organization type
transport
Method
hacked
Callaway Golf Company
Callaway Golf Company
Entity
Callaway Golf Company
Year
2023
Records
1,114,954, including full names, shipping addresses, email addresses, phone numbers, order histories, account passwords, answers to security questions
Organization type
sports
Method
hacked
Canva
Canva
Entity
Canva
Year
2019
Records
140,000,000
Organization type
web
Method
hacked
Capcom
Capcom
Entity
Capcom
Year
2020
Records
350,000
Organization type
gaming
Method
hacked
Capital One
Capital One
Entity
Capital One
Year
2019
Records
106,000,000
Organization type
financial
Method
unsecured S3 bucket
CardSystems Solutions Inc.
(MasterCard, Visa, Discover Financial Services and American Express)
CardSystems Solutions Inc.
(MasterCard, Visa, Discover Financial Services and American Express)
Entity
CardSystems Solutions Inc.
(MasterCard, Visa, Discover Financial Services and American Express)
Year
2005
Records
40,000,000
Organization type
financial
Method
hacked
Cathay Pacific Airways
Cathay Pacific Airways
Entity
Cathay Pacific Airways
Year
2018
Records
9,400,000
Organization type
transport
Method
hacked
CareFirst BlueCross Blue Shield - Maryland
CareFirst BlueCross Blue Shield - Maryland
Entity
CareFirst BlueCross Blue Shield - Maryland
Year
2015
Records
1,100,000
Organization type
healthcare
Method
hacked
Central Coast Credit Union
Central Coast Credit Union
Entity
Central Coast Credit Union
Year
2016
Records
60,000
Organization type
financial
Method
hacked
Central Hudson Gas & Electric
Central Hudson Gas & Electric
Entity
Central Hudson Gas & Electric
Year
2013
Records
110,000
Organization type
energy
Method
hacked
Change Healthcare
Change Healthcare
Entity
Change Healthcare
Year
2024
Records
100,000,000
Organization type
healthcare
Method
hacked
CheckFree Corporation
CheckFree Corporation
Entity
CheckFree Corporation
Year
2009
Records
5,000,000
Organization type
financial
Method
hacked
CGI Group
CGI Group
Entity
CGI Group
Year
2007
Records
283,000
CheckPeople
CheckPeople
Entity
CheckPeople
Year
2020
Records
56,000,000
Organization type
background check
Method
unknown
Chess
Chess
Entity
Chess
Year
2023
Records
800,000
Organization type
gaming
Method
web scraping
China Software Developer Network
China Software Developer Network
Entity
China Software Developer Network
Year
2011
Records
6,000,000
Organization type
web
Method
hacked
Chinese gaming websites (three: Duowan, 7K7K, 178 )
Chinese gaming websites (three: Duowan, 7K7K, 178 )
Entity
Chinese gaming websites (three: Duowan, 7K7K, 178 )
Year
2011
Records
10,000,000
Organization type
gaming
Method
hacked
ChoicePoint
ChoicePoint
Entity
ChoicePoint
Year
2005
Records
163,000 consumer records
Organization type
data aggregator
Method
intentionally selling data
| Entity | Year | Records | Organization type | Method | Sources |
| 50 companies and government institutions | 2022 | 6,400,000 | various | poor security | |
| 21st Century Oncology | 2015 | 2,200,000 customer's data, including names, Social Security numbers, physicians, diagnoses, insurance information | healthcare | hacked | |
| 23andMe | 2023 | 6,900,000 | consumer genetics | credential stuffing | |
| 500px | 2020 | 14,870,304 | social network | hacked | |
| Accendo Insurance Co. | 2020 | 175,350 | healthcare | poor security | |
| Accenture | 2007 | ||||
| Adobe Systems Incorporated | 2013 | 152,000,000 | tech | hacked | |
| Adobe Inc. | 2019 | 7,500,000 | tech | poor security | |
| ADT Inc. | 2024 | 30,800, including email addresses, phone numbers and postal addresses. | security | accessing certain databases containing customer information | |
| Advocate Medical Group | 2017 | 4,000,000 | healthcare | lost / stolen media | |
| AerServ (subsidiary of InMobi) | 2018 | 75,000 | advertising | hacked | |
| Affinity Health Plan, Inc. | 2013 | 344,579 | healthcare | lost / stolen media | |
| Airtel | 2019 | 320,000,000 | telecommunications | poor security | |
| Air Canada | 2018 | 20,000 | transport | hacked | |
| Air India | 2021 | 4,500,000, including name, date of birth, contact information, passport information, frequent flyer data, credit card data, ticket information | transport | hacked | |
| Amazon Japan G . | 2019 | unknown | online | accidentally published | |
| TD Ameritrade | 2005 | 200,000 | financial | lost / stolen media | |
| Ameriprise Financial | 2005 | 260,000 customer records | financial | stolen laptop | |
| Ancestry | 2021 | 300,000 | genealogy | poor security | |
| Animal Jam | 2020 | 46,000,000 | gaming | hacked | |
| Ankle & Foot Center of Tampa Bay, Inc. | 2021 | 156,000 | healthcare | hacked | |
| Anthem Inc. | 2015 | 80,000,000 | healthcare | hacked | |
| AOL | 2004 | 92,000,000 | web | inside job | |
| AOL | 2006 | 20,000,000 | web | accidentally published, (sometimes referred to as a "Data Valdez", due to its size) | |
| AOL | 2014 | 2,400,000 | web | hacked | |
| Apollo | 2018 | 125,000,000 | tech, marketing | poor security | |
| Apple iCloud | 2014 | photographs of celebrities | tech, cloud storage | ||
| Apple, Inc./BlueToad | 2021 | 12,367,232 | tech, retail | accidentally published | |
| Apple | 2013 | 275,000 | tech | hacked | |
| Apple Health Medicaid | 2021 | 91,000 | healthcare | poor security | |
| Ascension | 2024 | 5,599,699 | healthcare | hacked | |
| Ashley Madison | 2015 | 32,000,000 | dating | hacked | |
| AT&T | 2008 | 113,000 | telecoms | lost / stolen computer | |
| AT&T | 2010 | 114,000 | telecoms | hacked | |
| AT&T | 2021 | 72,000,000 | telecoms | unknown | |
| AT&T | 2024 | 110,000,000 | telecoms | hacked third party service | |
| Atraf | 2021 | unknown | dating | hacked | |
| Auction | 2008 | 18,000,000 | web | hacked | |
| Aura | 2026 | 900,000 | digital identity protection | hacked (phishing of employee) | |
| Canvas | 2026 | Allegedly 9,000 schools' records affected, including names, email addresses, ID numbers, and messages | learning management system | hacked | |
| Australian Red Cross Blood Service | 2016 | 550,000, including names, contact details, birthdates, medical details, information about "at-risk sexual behaviour" | non-profit | accidentally published | |
| Automatic Data Processing | 2006 | 125,000 | financial | poor security | |
| AvMed, Inc. | 2009 | 1,220,000 | healthcare | lost / stolen computer | |
| Bailey's Inc. | 2015 | 250,000 | retail | hacked | |
| The Bank of New York Mellon | 2008 | 12,500,000, including names, addresses, birth dates, Social Security numbers | financial | lost box of data tapes | |
| Bank of America | 2005 | 1,200,000 | financial | lost / stolen media | |
| Barnes & Noble | 2012 | 63 stores | retail | hacked | |
| Bell Canada | 2017 | 1,900,000 | telecoms | poor security | |
| Bell Canada | 2018 | 100,000 | telecoms | hacked |
References
- bonjourlafuitehttps://bonjourlafuite.eu.org/
- "Data breaches compromised 4 records in half year 2018 – Gemalto", The Citizen, October 17, 2018https://thecitizenng.com/analysis-data-breaches-compromised-4-5bn-records-in-half-year-2018-gemalto/
- Gizmodohttps://gizmodo.com/mother-of-all-breaches-exposes-773-million-emails-21-m-1831833456
- Forbeshttps://www.forbes.com/sites/daveywinder/2024/01/23/massive-26-billion-record-leak-dropbox-linkedin-twitterx-all-named/
- WKBW TVhttps://www.youtube.com/watch?v=ODCcbwCVl9s
- The Times of Indiahttps://timesofindia.indiatimes.com/gadgets-news/massive-database-with-26-billion-leaked-records-mother-of-all-breaches/articleshow/107097358.cms
- McAfeehttps://www.mcafee.com/blogs/internet-security/26-billion-records-released-the-mother-of-all-breaches/
- The Independenthttps://www.independent.co.uk/news/world/americas/us-politics/ice-agents-personal-information-leak-doxxed-b2899973.html
- Nl Timeshttps://nltimes.nl/2024/09/30/police-officers-personal-data-also-included-leak-affecting-police-employees
- bbchttps://www.bbc.co.uk/news/articles/c4gqg2elkj4o
- tweakershttps://tweakers.net/nieuws/193238/hackersclub-ccc-vindt-6-komma-4-miljoen-persoonsgegevens-via-vijftigtal-datalekken.html
- "Chaos Computer Club meldet 6,4 Millionen Datensätze in über 50 Leaks"https://www.ccc.de/de/updates/2022/web-patrouille-ccc
- https://www.cdcrdataclassactionsettlement.com/https://www.cdcrdataclassactionsettlement.com/
- News18https://www.news18.com/india/indias-biggest-data-leak-so-far-covid-19-test-info-of-81-5cr-citizens-with-icmr-up-for-sale-exclusive-8637743.html
- The Guardianhttps://www.theguardian.com/world/2015/mar/30/personal-details-of-world-leaders-accidentally-revealed-by-g20-organisers
- 9Newshttps://www.9news.com.au/national/anu-suffers-massive-data-breach-australian-national-university-news/137debef-392b-44a8-bbb9-afaa5890d0fe
- BleepingComputerhttps://www.bleepingcomputer.com/news/security/western-sydney-university-data-breach-exposed-student-data/
- Western Sydney Universityhttps://www.westernsydney.edu.au/news/cyber-incident
- The Business Standardhttps://www.tbsnews.net/bangladesh/millions-bangladeshi-citizens-data-exposed-online-661958
- The Registerhttps://www.theregister.com/2024/05/30/cybercriminals_raid_bbc_pension_database/