Skip to content

Instantly share code, notes, and snippets.

@JuanSMartinez
Last active September 27, 2016 02:37
Show Gist options
  • Save JuanSMartinez/fca0d65a6b18620ee931a709aa951e9e to your computer and use it in GitHub Desktop.
Save JuanSMartinez/fca0d65a6b18620ee931a709aa951e9e to your computer and use it in GitHub Desktop.
Bono Parcial
license: mit
name alternativename notes primaryvalue subcategory category type highlight metric_001 metric_002 metric_003 metric_004 exclude firstsource secondsource thirdsource
Entity alternative name story YEAR records lost ORGANISATION METHOD OF LEAK interesting story NO OF RECORDS STOLEN DATA SENSITIVITY UNUSED UNUSED Exclude 1st source link 2nd source link 3rd source source name UNUSED UNUSED UNUSED UNUSED UNUSED UNUSED
Elaboration if there's an interesting story or detail behind it years are encoded (0=2004, 8 = 2012, 9 = 2013, 10=2014, 11=2015, 12=latest) (use 3m, 4m, 5m or 10m to approximate unknown figures) (use 3m, 4m, 5m or 10m to approximate unknown figures) 1. Just email address/Online information 20 SSN/Personal details 300 Credit card information 4000 Email password/Health records 50000 Full bank account details Show this item in the viz?
AOL American Online A former America Online software engineer stole 92 million screen names and e-mail addresses and sold them to spammers who sent out up to 7 billion unsolicited e-mails. 0 92,000,000 web inside job, hacked 92000000 1 http://money.cnn.com/2004/06/23/technology/aol_spam/ http://www.msnbc.msn.com/id/8985989/#.UFcN8RgUwaA CNN
AOL American Online Durp. AOL VOLUNTARILY released search data for roughly 20 million web queries from 658,000 anonymized users of the service. No one is quite sure why. 2 20,000,000 web accidentally published y 20000000 1 http://techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data/ Tech Crunch
KDDI Japanese telecommunications operator Press report: "Tokyo police have arrested two men for trying to extort nearly US$90,000 from KDDI Corp. The pair allegedly threatened to disclose the existence of storage media containing personal data belonging to four million KDDI customers prior to a shareholder meeting; however, KDDI alerted the police as soon as they were contacted by the blackmailers; the police monitored communications between KDDI and the pair for several weeks. " 2 4,000,000 telecoms hacked y 4000000 1 http://www.computerworld.com/s/article/9001150/KDDI_suffers_massive_data_breach Computer World
T-Mobile, Deutsche Telecom Thieves got their hands on a storage device with the data, which included the names, addresses, cell phone numbers, and some birth dates and e-mail addresses for high-profile German citizens. The company said the records did not contain bank details, credit card numbers, or call data. 2 17,000,000 telecoms lost / stolen media 17000000 1 http://www.datalossdb.org http://www.informationweek.com/security/attacks/t-mobile-lost-17-million-subscribers-per/210700232 Data Loss Database
Dai Nippon Printing Japanese printing company A former contractor of Dai Nippon Printing Company in Tokyo, Japan stole 8.6 million records containing the personal data of customers of 43 of the company's clients. 3 8,637,405 retail inside job 8600000 1 http://usatoday30.usatoday.com/tech/news/computersecurity/2007-12-30-data_n.htm USA Today
TD Ameritrade US online broker TD Ameritrade settled a class action lawsuit to compensate as many as 6.3 million TD Ameritrade customers whose data was stolen by hackers costing the Nebraska online brokerage firm less than $2 per victim. 3 6,300,000 financial hacked 6300000 1 http://www.wired.com/threatlevel/2008/07/ameritrade-hack/ Wired
UK Revenue & Customs HMRC A set of discs containing confidential details of 25 million child benefit recipients was lost. 3 25,000,000 government lost / stolen media 25000000 1 http://news.bbc.co.uk/2/hi/uk_news/7103911.stm BBC News
AT&T A laptop was stolen from a car containing unencrypted Social Security numbers and bonus/salary info of AT&T employees. 4 113,000 telecoms lost / stolen computer y 100000 1 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
BNY Mellon Shareowner Services Wealth management A back-up tape, containing over 12 million customers records were lost. 4 12,500,000 financial lost / stolen media 12500000 1 http://www.wctv.tv/news/headlines/28132494.html?storySection=comments ITRC
Chile Ministry Of Education A computer hacker in Chile published confidential records belonging to six million people to illustrate the weakness of their security. 4 6,000,000 government accidentally published 6000000 1 http://news.bbc.co.uk/2/hi/americas/7395295.stm http://www.geek.com/articles/news/government-servers-in-chile-hacked-6-million-personal-records-made-public-20080514/ BBC News
Data Processors International Provides merchant account establishment and Internet based credit card payment processing services 4 5,000,000 financial hacked 5000000 1 http://money.cnn.com/2003/02/18/technology/creditcards/ CNN
CheckFree Corporation Provider of online banking, online bill payment and electronic bill payment services for the financial services industry Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on the day of the attack were redirected to a Ukrainian Web server that used malicious software to try and install a password-stealing program on the victim's computer. 5 5,000,000 financial hacked y 5000000 1 http://www.computerworld.com/s/article/9125078/CheckFree_warns_5_million_customers_after_hack Computer World
AT&T US Telecoms company Details of iPad 3G users hacked from AT&T website, thought to include those of White House chief of staff Rahm Emanuel. 6 114,000 telecoms hacked y 100000 1 http://www.guardian.co.uk/technology/2010/jun/10/apple-ipad-security-leak?INTCMP=SRCH Guardian
178.com gaming website 7 10,000,000 web hacked 10000000 1 http://www.ehackingnews.com/2011/12/hackers-compromised-38-million-chinese.html
Bethesda Game Studios US video game company (Elder Scrolls, Fallout 3) Hacking collective Lulzsec stole account information of 200,000 user. 7 200,000 gaming hacked 200000 1 http://www.pcworld.com/article/231215/lulzsec_a_short_history_of_hacking.html PC World
China Software Developer Network 7 6,000,000 web hacked 6000000 1 http://www.zdnet.com/blog/security/chinese-hacker-arrested-for-leaking-6-million-logins/11064
San Francisco Public Utilities Commission 7 180,000 government hacked 180000 1 http://news.cnet.com/8301-27080_3-20068386-245/sf-utilities-agency-warns-of-potential-breach/
Sony Pictures LulzSec hacking collective stated all of the information it took was unencrypted, “Sony stored over 1,000,000 passwords of its customers in plaintext." More than 1 million user accounts were compromised. An additional 75,000 music codes and 3.5 million coupons were also uncovered. 7 1,000,000 web hacked y 1000000 1 http://mashable.com/2011/06/02/sony-pictures-hacked/ Mashable
Sony PSN Rounding off a thoroughly unhappy year for Sony, their third breach saw the loss of 76,000,000 Sony PSN and Qriocity user accounts to hacking collective Lulzsec. 7 77,000,000 gaming hacked y 77000000 1 http://mashable.com/2011/05/31/sony-playstation-services-return/ Mashable
Tianya Usernames, clear tect passwords and email addresses hacked. blogging site 7 28,000,000 web hacked 28000000 1 http://www.scmagazine.com.au/News/349585,28-million-clear-text-passwords-found-after-tianya65279-hack.aspx
US Army 7 50,000 military accidentally published 50000 1 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Writerspace.com Website design and hosting for writers Hacker group LulzSec released the e-mails and passwords, 12,000 of which were confirmed to originate from Writerspace.com. 7 62,000 web hacked 62000 1 http://www.pcmag.com/article2/0,2817,2387186,00.asp PC Mag
Dropbox Websites stolen from other websites used to sign into a small number of Dropbox accounts. The hack was mainly used to send spam to users. 8 30,000 web hacked 30000 1 http://www.informationweek.co.uk/security/client/dropbox-admits-hack-adds-more-security-f/240004697
Dropbox User credentials were stolen in a 2012 hack, but the number affected has only just come to light. 8 68,700,000 web hacked 68700000 1 http://www.telegraph.co.uk/technology/2016/08/31/dropbox-hackers-stole-70-million-passwords-and-email-addresses/
Gamigo German gaming website 8 8,000,000 web hacked 8000000 1 http://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passwords-spilled-from-gaming-site-gamigo-months-after-breach/
Last.fm Owned by CBS Historical 2012 hack, details have only just been disclosed. 8 43,500,000 web hacked 43500000 1 http://www.zdnet.com/article/hackers-stole-43-million-last-fm-account-details-in-2012-breach/
LinkedIn Information about a 2012 data breach has just come to light. 8 117,000,000 web hacked 117000000 1 http://money.cnn.com/2016/05/19/technology/linkedin-hack/
Yahoo Voices Yahoo Voices service was hacked, exposing more than 450,000 usernames and passwords. 8 450,000 tech, web hacked 500000 1 http://it.slashdot.org/story/12/07/12/1243217/nearly-half-a-million-yahoo-passwords-leaked-updated?utm_source=feedburnerGoogle+Reader&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29&utm_content=Google+Reader http://www.pbs.org/newshour/rundown/2012/07/check-whether-your-yahoo-password-was-hacked.html Slashdot
Apple Developer portal hacked. "Some" information about 275,000 3rd-party developers potentially stolen. 9 275,000 tech hacked 300000 1 http://www.guardian.co.uk/technology/2013/jul/22/apple-developer-site-hacked
Drupal open-source content management platform Malicious files placed on association.drupal.org servers via a 3rd-party application. Exposed usernames, e-mail addresses, country information, and cryptographically hashed passwords. 9 1,000,000 web hacked 1000000 1 http://arstechnica.com/security/2013/05/drupal-org-resets-login-credentials-after-hack-exposes-password-data/ Ars Technica
Evernote online note-taking site Evernote asked its 50 million users to reset their passwords following an attempt to hack the note-taking network. The company said it’d found no evidence that any payment information for Evernote Premium or Evernote Business customers had been accessed, nor was there any indication that content stored by users had been accessed, changed or lost. 9 50,000,000 web hacked 50000000 1 http://www.wired.co.uk/news/archive/2013-03/04/evernote-hacked http://www.digitaltrends.com/mobile/evernote-hack-50-million-users-forced-to-reset-passwords/ Wired; Digital Trends
Facebook Using the network's "Download Your Information" tool, some Facebook members were inadvertently sent the phone numbers or email address of Facebook friends that were otherwise private. Facebook assured users that the bug was fixed within a day, and that there is no evidence that the information was used maliciously. 9 6,000,000 web accidentally published 6000000 1 https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766
Scribd "world's largest online library" Hack resulted in a few hundred thousand stolen passwords. 9 500,000 web hacked 500000 1 http://nakedsecurity.sophos.com/2013/04/05/scribd-worlds-largest-online-library-admits-to-network-intrusion-password-breach/ http://www.nbcnews.com/technology/scribd-hack-exposes-thousands-users-1B9239618 Naked Security; NBC News
Tumblr Tumblr apparently only just found out about a 2013 data breach, affecting 65m users. 9 65,000,000 web hacked 65000000 1 https://motherboard.vice.com/read/hackers-stole-68-million-passwords-from-tumblr-new-analysis-reveals
Twitter Hackers had access to limited user information -- usernames, email addresses, session tokens and encrypted/salted versions of passwords -- for approximately 250,000 users. 9 250,000 web hacked 250000 1 http://www.wired.co.uk/news/archive/2013-02/02/twitter-hacked Wired
Yahoo Japan 22 million Yahoo user IDs may have been leaked after Yahoo detected an unauthorized attempt to access the administrative system of its web portal Yahoo Japan. The leaked information did not include passwords and data necessary for identity verification to reset passwords. 9 22,000,000 tech, web hacked 22000000 1 http://www.reuters.com/article/2013/05/17/us-yahoojapan-idUSBRE94G0P620130517 Reuters
"Gmail" 5 million Gmail account passwords leaked to a forum, alongside passwords from other email providers. Close inspection revealed the user details to be old (3+ years). Multiple individual targeted hacks of third party websites where people used their Gmail IDs, rather than one big dataleak, suspected to be the method. Gmail itself was not hacked. 10 5,000,000 web hacked y 5000000 1 X http://thenextweb.com/google/2014/09/10/4-93-million-gmail-usernames-passwords-published-google-says-evidence-systems-compromised/
AOL 10 2,400,000 web hacked 24000000 1 http://blog.aol.com/2014/04/28/aol-security-update/
Dominios Pizzas (France) 10 600,000 web hacked 600000 1 http://www.theguardian.com/technology/2014/jun/16/dominos-pizza-ransom-hack-data
Ebay The company has said hackers attacked between late February and early March with login credentials obtained from “a small number” of employees. They then accessed a database containing all user records and copied “a large part” of those credentials. 10 145,000,000 web hacked y 145000000 1 http://my.chicagotribune.com/#section/-1/article/p2p-80265168/
European Central Bank 10 4,000,000 financial hacked 4000000 1 http://www.cityam.com/1406190300/ecb-website-hacked
MacRumours.com 10 860,000 web hacked 900000 1 http://www.wired.co.uk/news/archive/2013-11/13/mac-rumours-forums-hacked
NASDAQ Nasdaq OMX Group Nasdaq forum website hacked by hacking ring, email addresses and passwords compromised 10 500,000 financial hacked y 500000 1 http://www.reuters.com/article/2013/07/18/net-us-nasdaq-cybercrime-website-idUSBRE96H1F520130718
New York Taxis A freedom of information request resulted in the release of data on all 173 million journeys undertaken by New York taxis in one year. Unfortunately, the data was incorrectly anonymised and relatively easy to decode, revealing the driver IDs, pickup & dropoff times, and GPS routes taken for every single cab journey. 10 52,000 transport poor security y 52000 1 https://medium.com/@vijayp/f6bc289679a1
Twitch.tv Gaming site March 23rd. Details unknown at this point. All Twitch's 10 million users have been requested to change their passwords. 10 10,000,000 healthcare hacked 10000000 1 http://blog.twitch.tv/2015/03/important-notice-about-your-twitch-account/
Adult Friend Finder Internet dating & hookup site Sexual preferences, names, email addresses, usernames, dates of birth, postal codes 11 3,900,000 web hacked 3900000 1 http://www.channel4.com/news/adult-friendfinder-dating-hack-internet-dark-web
British Airways Frequent flyer accounts 11 500,000 retail hacked 500000 1 http://www.theguardian.com/business/2015/mar/29/british-airways-frequent-flyer-accounts-hacked
Carefirst Blue Cross, Blue Shield US medical insurer Attacked happened in June 2014. Was announced in June 2015. 11 1,100,000 healthcare hacked 1100000 1 http://carefirstanswers.com/
IRS US Tax service "An unnamed cybermafia used an IRS app to download forms full of personal information. They posed as legitimate taxpayers, and tried to download forms on 200,000 people between February and May. They got away with half of them, the IRS said. The crooks used about 15,000 of them to claim tax refunds in other people's names." 11 100,000 government poor security 100000 1 http://money.cnn.com/2015/05/26/pf/taxes/irs-website-data-hack/index.html
Kromtech MacKeeper software A security researcher stumbled on a leak, which exposed usernames, email addresses and passwords of users. He notified Kromtech, who patched it quickly. 11 13,000,000 web hacked 13000000 1 https://thestack.com/security/2015/12/15/mackeeper-discloses-13-million-mac-users-details-with-poor-hash-protection/ https://www.reddit.com/r/apple/comments/3wq9fc/massive_data_breach/
Slack software for remote working 11 500,000 tech poor security 500000 1 http://techcrunch.com/2015/03/27/slack-got-hacked/
Uber Occured Sep 2014. Revealed Feb 2015. Names & license plates of 50,000 driver partners. 11 50,000 tech poor security 50000 1 http://blog.uber.com/2-27-15
Code.org Non-profit organisation Volunteer email addresses were left accessible via web browser. 12 10 web poor security 10 1 http://blog.code.org/post/140938173013/some-volunteer-email-addresses-compromised
Linux Ubuntu forums 12 2,000,000 web hacked 2000000 1 http://betanews.com/2016/07/15/ubuntu-linux-forums-hacked/
Minecraft Lifeboat' community Players using the Lifeboat servers have had their email addresses and passwords leaked. 12 7,000,000 web hacked 7000000 1 http://motherboard.vice.com/read/another-day-another-hack-7-million-emails-and-hashed-passwords-for-minecraft
MySpace The same hacker who was selling LinkedIn user data now claims to have MySpace user data too, and lots of it. 12 164,000,000 web hacked 164000000 1 http://motherboard.vice.com/read/427-million-myspace-passwords-emails-data-breach
National Childbirth Trust Charity London-based charity hacked for user information. 12 15,000 web hacked 15000 1 https://thestack.com/security/2016/04/08/childbirth-charity-hack-leaks-15000-expectant-parents-data/
Syrian government Hacking outfit calling itself 'Cyber Justice Team' leaked 10GB of data from the government and private websites. Seems to be just data from old leaks, though. 12 274,477 government hacked 274477 1 http://news.softpedia.com/news/syrian-government-hacked-43-gb-of-data-spilled-online-by-hacktivists-502765.shtml
uTorrent It's unclear what data has been breached, exactly, but uTorrent has advised passwords are probably compromised. 12 35,000 web hacked 35000 1 https://torrentfreak.com/utorrent-forums-hacked-passwords-compromised-160608/
Verizon Security services Customer database and information about company's security flaws stolen and put up for sale. 12 100,000 web hacked 10000 1 http://arstechnica.com/security/2016/03/after-verizon-breach-1-5-million-customer-records-put-up-for-sale/
Telegram Instant messaging service Despite Telegram's claims of super security, they've been hacked by a group called Rocket Kitten. 13 15,000,000 private firm hacked 15000000 1 http://venturebeat.com/2016/08/02/hackers-break-into-telegram-revealing-15-million-users-phone-numbers/
South Carolina State Dept. of Revenue A server was breached by an international hacker. 8 3,600,000 government hacked 3600000 3 http://www.infoworld.com/article/2615754/cyber-crime/south-carolina-reveals-massive-data-breach-of-social-security-numbers--credit-cards.html
Ameritrade Inc. Computer backup tape containing personal information was lost. online broker 1 200,000 financial lost / stolen media 200000 20 http://www.nbcnews.com/id/7561268/
Automatic Data Processing Business outsourcing, payrolls, benefits 1 125,000 financial poor security 130000 20 http://abcnews.go.com/Technology/story?id=2160425&page=1#.UFcROxgUwaA ABC
Hewlett Packard Laptop lost/stolen containing employee data: names, addresses, Social Security numbers, dates of birth and other employment-related information. 2 200,000 tech, retail lost / stolen media y 200000 20 http://news.cnet.com/Laptop-with-HP-employee-data-stolen/2100-7348_3-6052964.html
US Dept of Vet Affairs The Veterans Affairs Department agreed to pay $20 million to settle a class action lawsuit over the loss of a laptop. The department originally took three weeks to report the theft. The laptop was recovered with the data apparently intact a month after it was reported stolen. But it is impossible to say with absolute certainty that the data was not accessed and copied. 2 26,500,000 government, military lost / stolen computer 26500000 20 http://gcn.com/Articles/2009/02/02/VA-data-breach-suit-settlement.aspx
City and Hackney Teaching Primary Care Trust Heavily encrypted disks containing details of children are lost by couriers. 3 160,000 government lost / stolen media 160000 20 http://www.computerweekly.com/news/2240104003/Hackney-NHS-trust-encrypts-IT-equipment-following-loss-of-child-data
Driving Standards Agency Hard disk with details of candidates for the driving theory test was lost in a premises in Iowa by subcontractors. Only names, addresses and phone numbers. 3 3,000,000 government lost / stolen media 3000000 20 http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm
Driving Standards Agency, Details of candidates for the driving theory test were on a hard drive that went missing in the US. 3 3,000,000 government lost / stolen media 3000000 20 http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm
Gap Inc Stolen laptop which contained social security numbers, data on people who applied for positions at Gap stores, including Banana Republic and Old Navy, between July 2006 and June 2007. 3 800,000 retail lost / stolen computer 800000 20 http://www.pcworld.com/article/137865/article.html PC World
Monster.com Jobs website A trojan virus stole log-ins that were used to harvest user names, e-mail addresses, home addresses and phone numbers. Soon after phishing e-mails encouraged users to download a Monster Job Seeker Tool, which was in fact a program that encrypted files in their computer and left a ransom note demanding money for their decryption. 3 1,600,000 web hacked y 1600000 20 http://news.bbc.co.uk/1/hi/6956349.stm BBC
Texas Lottery Data on more than 89,000 lottery winners (including names, Social Security numbers, addresses and prize amounts )were taken from the agency without permission by a former computer analyst who copied the password-free data. The employee added he wanted the information "for possible future reference as a programmer at other state agencies." 3 89,000 government inside job 90000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
GS Caltex Private oil company Two multimedia discs containing the names, social security numbers, addresses, cell phone numbers, email addresses and workplaces of Korean customers sorted by age were stolen. They were found by an office worker in a backstreet’s trash pile in Seoul. Experts say a GS Caltex employee likely stole the information for personal purposes given there were no signs of hacking. 4 11,100,000 energy inside job 11100000 20 http://www.datalossdb.org http://english.donga.com/srv/service.php3?biid=2008090631088 Data Loss Database
Jefferson County West Virginia, US "Jefferson County Clerk Jennifer Maghan said she unveiled a new online search tool that enabled residents and business professionals to access nearly 1.6 million documents that are stored in her office via their home computers" 4 1,600,000 government accidentally published y 1600000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.journal-news.net/page/content.detail/id/511806.html?nav=5006 ITRC
Norwegian Tax Authorities "Tax authorities said they had accidentally sent CD-ROMs filled with the 2006 tax returns of nearly four million people living in Norway, a country of just 4.6 million inhabitants, to the editorial staff at national newspapers, radios and television stations." 4 3,950,000 government accidentally published y 4000000 20 http://infowatch.com/node/1289 Info Watch
Service Personnel and Veterans Agency (UK) Stolen USBs containing personal information about private lives of staff. 4 50,500 government lost / stolen media 50000 20 http://news.bbc.co.uk/1/hi/england/gloucestershire/7639006.stm
Stanford University Tens of thousands of past and current Stanford University employees had personal information - including their dates of birth, Social Security numbers and home addresses - stored on the hard drive of a stolen university laptop. 4 72,000 academic lost / stolen computer 72000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.sfgate.com/bayarea/article/Stanford-employees-data-on-stolen-laptop-3281185.php ITRC
Starbucks A laptop was stolen that contained private information on 97,000 employees, including names, addresses and Social Security numbers. Employees tried to sue Starbucks in California winning their case in the appeals court before losing in the higher federal court as they were unable to prove any cognizable harm or injury. 4 97,000 retail lost / stolen computer y 100000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://privacyblog.littler.com/2011/01/articles/identity-theft/after-starbucks-laptop-is-stolen-alleged-victims-of-identity-theft-win-pyrrhic-victory/ ITRC
UK Home Office PA Consulting lost an unencrypted memory stick containing details of high risk, prolific and other offenders. 4 84,000 government lost / stolen media 84000 20 http://en.wikipedia.org/wiki/List_of_UK_government_data_losses
Blue Cross Blue Shield of Tennessee US health insurance organization A thief stole 57 hard drives from the closet of a BlueCross call center in Chattanooga, Tenn. Data on the stolen hard drives was encoded but not encrypted. Bluecross stated there was no evidence the information was accessed due to the specialized nature of the hardware stolen. 5 1,023,209 healthcare lost / stolen media y 1000000 20 http://www.scmagazine.com/thief-steals-57-hard-drives-from-bluecross-blueshield-of-tennessee/article/162178/ http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html ITRC
US Dept of Defense "According to a report to Congress, assessment forms of 72,000 service members who returned from deployment to Iraq or Afghanistan between Jan 1, 2007 to May 31, 2008 were breached. The forms ask for the service member's SSN,. Name, date of birth." 5 72,000 military lost / stolen media y 72000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
US Military Without first destroying the data the agency sent back a defective unencrypted hard drive for repair and recycling which held detailed records on 76 million veterans, including millions of Social Security numbers dating to 1972. 5 76,000,000 military lost / stolen media y 76000000 20 http://www.wired.com/threatlevel/2009/10/probe-targets-archives-handling-of-data-on-70-million-vets/ ITRC
US National Guard About 131,000 former and current Army Guard members potentially affected when a personal laptop owned by an Army Guard contractor was stolen. Database incuded names, Social Security Numbers, incentive payment amounts and payment dates. 5 131,000 military lost / stolen computer y 130000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Virginia Prescription Monitoring Program A hacker, who was never arrested, demanded a $10 million ransom for a breach effecting 530,000 Virginians. Social security numbers may have been taken. The data was found in a database containing 35 million prescription records. 5 531,400 healthcare hacked y 500000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Classified Iraq War documents Wikileaks 6 392,000 government inside job 400000 20 http://www.forbes.com/sites/andygreenberg/2010/10/22/wikileaks-reveals-the-biggest-classified-data-breach-in-history/
Colorado government Department of Health Care Policy & Financing 6 105,470 healthcare lost / stolen computer 100000 20 http://www.databreaches.net/?p=12611 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Educational Credit Management Corp US student loan guarantor A contractor for the US Department of Education stole the records of 3.3 million people. Data included names, addresses, Social Security numbers and dates of birth of borrowers, but no financial or bank account information. 6 3,300,000 financial lost / stolen media y 3300000 20 http://www.foxnews.com/us/2010/03/26/student-loan-company-data-m-people-stolen/ ITRC
Gawker.com US news and gossip blog network including Gawker.com Gizmodo.com Lifehacker.com Hacked. 1.5 Million usernames, emails, passwords taken. 6 1,500,000 web hacked 1500000 20 http://www.guardian.co.uk/technology/2010/dec/13/gawker-hackers-passwords-twitter-wikileaks?INTCMP=SRCH http://www.mediaite.com/online/gawker-medias-entire-commenter-database-appears-to-have-been-hacked/ Guardian
Ohio State University 6 760,000 academic hacked 800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Seacoast Radiology, PA Computer gamers hacked a server at Seacoast Radiology in Rochester in search of more bandwidth in November to play Call of Duty: Black Ops. In the process they also gained access to personal records of the more than 230,000 patients of the health center. 6 231,400 healthcare hacked y 200000 20 http://www.fosters.com/apps/pbcs.dll/article?AID=/20110120/GJNEWS_01/701209744 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Yale University 6 43,000 academic accidentally published 40000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Countrywide Financial Corp Employee convicted of downloading millions of borrower files and selling the information to other loan officers. mortgage lender 7 2,500,000 financial inside job 2500000 20 http://latimesblogs.latimes.com/money_co/2011/09/man-convicted-in-huge-countrywide-data-theft-gets-8-months-in-prison.html
Honda Canada Names, addresses and vehicle identification numbers were taken from the company’s eCommerce websites myHonda and myAcura 7 283,000 retail poor security y 300000 20 http://www.guelphmercury.com/news-story/2200845-honda-canada-hit-by-online-security-breach-283-000-car-owners-personal-data-stolen/
Memorial Healthcare System Florida An employee of an affiliated physician’s office may have improperly accessed patient information through a web portal used by physicians who provide care and treatment at MHS. Specifically, patients’ names, dates of birth, and Social Security numbers. 7 102,153 healthcare lost / stolen media 100000 20 http://www.mhs.net/pdf/release071112.pdf http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Nexon Korea Corp Personal data of subscribers to online game Maple Story was leaked. game developer 7 13,200,000 web hacked 13200000 20 http://www.reuters.com/article/2011/11/26/us-korea-hacking-nexon-idUSTRE7AP09H20111126
Oregon Department of Motor Vehicles Sheriff's detectives arrested Tim Nuss for accessing an old Oregon Department of Motor Vehicles database. The DMV database was once sold to marketing companies, but the department stopped selling the information in the late 1990s. The sold data include the names, addresses, birth dates, gender and ages of people who registered with the DMV, but no financial information. 7 1,000,000 government poor security 1000000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Southern California Medical-Legal Consultants Electronic files containing names and social security numbers of approximately 300,000 individuals who have applied for California workers’ compensation benefits had been exposed to unauthorized access. 7 300,000 healthcare hacked 300000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml
State of Texas 3.5 million records were accidentally published online including people's names, mailing addresses, social security numbers, and in some cases dates of birth and driver's license numbers. 7 3,500,000 government accidentally published 3500000 20 http://www.informationweek.com/security/attacks/texas-data-breach-exposed-35-million-rec/229401489?queryText=Texas%20data%20leak Information Week
Sutter Medical Foundation A password protected but unencrypted company computer was stolen. The compromised database contained names, addresses, dates of birth, phone numbers, email addresses, medical record numbers and the name of each patient's health insurance plan. No medical records were stored on the computer. 7 4,243,434 healthcare lost / stolen computer 4200000 20 http://www.simplysecurity.com/2011/11/30/sutter-health-sued-for-1-billion-following-data-breach/ http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
University of Wisconsin - Milwaukee 7 73,000 academic hacked 73000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml
Washington Post Unknown hackers broke into The Washington Post's jobs website stealing about 1.27 million user IDs and email addresses. 7 1,270,000 media hacked 1300000 20 http://www.pcmag.com/article2/0,2817,2388200,00.asp PC Mag
"Apple" Hacking group AntiSec claimed they hacked an FBI laptop in March 2012 accessing a file of more than 12 million Apple Unique Device Identifiers (UDIDs). Subsequently, it was discovered that app developer BlueToad was the source of the breach. The list contained personal information such as full names, phone numbers and addresses. AntiSec published a million of these UDIDs online. 8 12,367,232 tech, retail accidentally published y 12400000 20 http://news.cnet.com/8301-1009_3-57505330-83/antisec-claims-to-have-snatched-12m-apple-device-ids-from-fbi/ http://news.cnet.com/8301-1009_3-57509595-83/udid-leak-source-idd-bluetoad-mobile-firm-says-it-was-hacked/
Blizzard Activision, Battle.net Scrambled passwords, e-mail addresses, and personal security answers were knowingly stolen from Blizzard's internal network. Blizzard would not elaborate on the size of the hack ("millions"). 8 14,000,000 gaming hacked 14000000 20 https://us.battle.net/support/en/article/important-security-update-faq#5 http://thehightechsociety.com/blizzard-battle-net-hack/
California Department of Child Support Services California child support records were lost in transit during a disaster preparedness exercise. 8 800,000 government lost / stolen media 800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://articles.businessinsider.com/2012-04-03/news/31279254_1_major-data-breach-identity-theft-office-of-privacy-protection ITRC
Court Ventures Experian A Vietnamese identity theft service was sold personal records, including Social Security numbers, credit card data and bank account information, by Court Ventures, a company now owned by data brokerage firm Experian. 8 200,000,000 financial inside job 200000000 20 http://bits.blogs.nytimes.com/2013/10/24/senator-intensifies-probe-of-data-brokers/?_php=true&_type=blogs&_r=0 http://www.experianplc.com/news/company-news/2014/04-04-2014.aspx NY Times / Experian
Greek government A computer programmer was arrested in Greece for allegedly stealing the identity information of what could amount to 83% of the country's population. The 35-year-old was found in possession of 9 million data files containing identification card data, addresses, tax ID numbers and licence plate numbers, which he was also suspected of trying to sell. 8 9,000,000 government hacked 9000000 20 http://www.wired.co.uk/news/archive/2012-11/22/greece-id-theft Wired
KT Corp. Korean mobile carrier Two suspects reportedly earnt an estimated $877,000 by selling the contact information and plan details of 8.7 million KT subscribers, almost half of the carrier's total customers. 8 8,700,000 telecoms hacked 8700000 20 http://www.koreatimes.co.kr/www/news/biz/2012/07/113_116143.html http://news.cnet.com/8301-1009_3-57482215-83/hackers-accused-of-stealing-data-from-9m-korean-mobile-users/
New York State Electric & Gas An employee from a software consulting firm was allowed unauthorized access to the company’s databases. 8 1,800,000 energy inside job 1800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Office of the Texas Attorney General The office of Texas Attorney General Greg Abbott mistakenly gave attorneys access to millions of Social Security numbers in a case against the state’s voter ID law 8 6,500,000 government accidentally published 6500000 20 http://www.rawstory.com/rs/2012/04/26/texas-attorney-general-exposes-millions-of-voters-social-security-numbers/
Zappos 8 24,000,000 web hacked 24000000 20 http://www.forbes.com/sites/andygreenberg/2012/01/15/zappos-says-hackers-accessed-24-million-customers-account-details/
Advocate Medical Group 4,000,000 patient names, addresses, dates of birth, and Social Security numbers were contained in four computers stolen from an administrative building. Second biggest security breach ever reported to the Department of Health and Human Services (HHS). 9 4,000,000 healthcare lost / stolen media y 4000000 20 http://healthitsecurity.com/2013/08/27/advocate-medical-group-endures-massive-data-breach/ http://datalossdb.org/latest_incidents_remote_sync
Citigroup Third big data breach from Citigroup."The personal information of 150,000 consumers who went into bankruptcy between 2007 and 2011 – including their social security numbers – were exposed after Citi failed to properly redact court records before they were put on the Public Access to Court Electronic Records (PACER) system." 9 150,000 financial poor security y 150000 20 http://news.softpedia.com/news/Citi-Exposes-Details-of-150-000-Individuals-Who-Went-into-Bankruptcy-369979.shtml
Florida Courts Florida Department of Juvenile Justice 9 100,000 government lost / stolen computer 100000 20 http://www.privacyrights.org/data-breach Privacy Rights
Florida Department of Juvenile Justice Three computers were stolen that contained both youth and employee records was reported stolen on January 2, 2013. Over 100,000 records were on the device and may have been exposed. 9 100,000 government lost / stolen computer 100000 20 http://www.privacyrights.org/data-breach Privacy Rights
Indiana University Students who attended the university between 2011 and 2014 may have had their data exposed after it was stored on an unprotected site. The data was accessed by three webcrawlers but there is not evidence it was accessed by any unauthorized individuals. 9 146,000 academic poor security 150000 20 http://news.iu.edu/releases/iu/2014/02/data-exposure-disclosure.shtml http://www.usatoday.com/story/news/nation/2014/02/26/indiana-university-data-breach/5830685/ Indiana University
Kirkwood Community College Hacked online database 9 125,000 academic hacked 130000 20 http://www.privacyrights.org/data-breach http://www.databreachwatch.org/community-college-data-breach-leaks-125000-ssns/ Privacy Rights
Nintendo Japan's Club Nintendo service Japan's Club Nintendo service was hacked following thousands of unauthorized accesses. Customer information compromised in the attack includes full names, phone numbers, home and email addresses. 9 240,000 gaming hacked 250000 20 http://www.joystiq.com/2013/07/05/club-nintendo-japan-hacked/
NMBS Belgian national railway operator Data stored on a non-secure server, making it possible to access names, gender, DOB, email and postal address data of customers externally by means of a simple search engine query. Most of the data belong to customers in Belgium, France and the UK, including thousands of Commission and Parliament employees. Caused, the NMBS said, by a data worker “clicking on the wrong button”. 9 1,460,000 transport accidentally published 1500000 20 http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+WQ+E-2013-001939+0+DOC+XML+V0//EN&language=nl http://www.flanderstoday.eu/business/nmbs-data-leak-was-breach-privacy European Parliament
OVH French Internet host 9 web hacked 500000 20 http://status.ovh.net/?do=details&id=5070
SnapChat 31st Dec 2013. Hackers abused an exploit to syphon 4.7m user details, including phone numbers. Check here to see if your account was compromised: http://lookup.gibsonsec.org/ 9 4,700,000 web, tech hacked 4700000 20 http://www.forbes.com/sites/andygreenberg/2012/01/15/zappos-says-hackers-accessed-24-million-customers-account-details/
South Africa police South Africa Police Service's anonymous whistleblowing website Hacker collective 'Anonymous' hacked an anonymous whistleblowing website run by the South Africa Police Service (SAPS), revealing the identities of thousands of its users. The hack was in response to the massacre of 34 protesting miners at Marikana in August 2012. 9 16,000 government hacked y 16000 20 http://www.wired.co.uk/news/archive/2013-05/22/south-africa-whistleblower-leak Wired
ssndob.ms SSNDOB was an underground identity theft service. Teenage hackers used it to collect data for exposed.su, a site that listed the SSNs, birthdays, phone numbers, current and previous addresses for dozens of top celebrities including Beyonce, Kanye West and Michelle Obama. In doing so they revealed SSNDOB had data on more than 4 million people. 9 4,000,000 web hacked y 4000000 20 http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/ Krebs on Security
TerraCom & YourTel The telecom firms TerraCom and YourTel have branded reporters for Scripps News as "hackers" after journalists discovered that the personal data of over 170,000 customers - including social security numbers and other identifying data that could be used for identity theft - were sitting on a publicly accessible server. 9 170,000 telecoms accidentally published y 180000 20 http://boingboing.net/2013/05/23/terracom-and-yourtel-threaten.html http://www.wired.co.uk/news/archive/2013-05/23/reporter-google-breach-hacker Boing Boing; Wired
UbiSoft games company 9 gaming hacked 58000000 20 http://forums.ubi.com/forumdisplay.php/495-Security-update-regarding-your-Ubisoft-account-please-create-a-new-password
Washington State court system Administrative offices Up to 160,000 Social Security numbers and a million driver's license numbers may have been accessed by hackers exploiting old versions of Adobe Cold Fusion software on the server. 9 160,000 government hacked 160000 20 http://www.reuters.com/article/2013/05/09/us-usa-hack-washingtonstate-idUSBRE9480YY20130509 http://www.privacyrights.org/data-breach Reuters; Privacy Rights
Community Health Systems Aug 2014: Community Health Systems, which operates 206 hospitals across the US, had patient data from the last 5 years breached. Details included names, addresses, social security numbers. Suspected "chinese hackers" were thought responsible. Goal: identity theft. 10 4,500,000 healthcare hacked y 4500000 20 http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/
Japan Airlines Oct 2014: Japan Airlines confirmed the possible theft of information from up to around 750,000 frequent-flier programme members. Data that may have been stolen included names, genders, birth dates, addresses, email addresses and places of work. 10 750,000 transport hacked 800000 20 http://online.wsj.com/articles/japan-airlines-reports-hacker-attack-1412053828 http://www.jal.co.jp/en/info/other/140924.html
Mozilla 10 76,000 web poor security 800000 20 http://www.theguardian.com/technology/2014/aug/05/mozilla-leak-developer-email-addresses-passwords-firefox
Neiman Marcus US retailer 10 1,100,000 retail hacked 1100000 20 http://www.nytimes.com/2014/01/24/business/neiman-marcus-breach-affected-1-1-million-cards.html http://krebsonsecurity.com/2014/08/stealthy-razor-thin-atm-insert-skimmers/
Sony Pictures Wide-ranging hack of potentially every piece of data held by the company, including: unreleased films & scripts, employee social security numbers, salaries and health check results, as well as sensitive internal business documents relating to lay-offs, restructures and executive salaries. Lead suspects are "North Korean hackers" perhaps related to the Seth Rogen film,"The Interview" which mocks the North Korean dictator, Kim Jong Un. 10 10,000,000 media hacked 10000000 20 http://www.buzzfeed.com/tomgara/sony-hack
Yahoo Happened in 2014, but no. records stolen was originally thought to be much smaller. Yahoo recently revealed the real numbers. 10 500,000,000 web hacked 500000000 20 http://uk.businessinsider.com/yahoo-hack-by-state-sponsored-actor-biggest-of-all-time-2016-9?r=US&IR=T
MSpy kid & partner tracking service Data dump to the dark web "includes Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions", photos and very private conversations. 11 400,000 tech hacked 400000 20 http://krebsonsecurity.com/2015/05/mobile-spy-software-maker-mspy-hacked-customer-data-leaked/
Sanrio Hello Kitty and other franchises Security researcher was able to access a database of 3.3m of Sanrio's Sanriotown.com accounts, with links to other Sanrio Hello Kitty portals. 11 3,300,000 web configuration error 3300000 20 http://www.csoonline.com/article/3017171/security/database-leak-exposes-3-3-million-hello-kitty-fans.html
TalkTalk Telecoms provider 157k customers had personal details stolen, including 15,600 account numbers. 11 157,000 web hacked 160000 20 http://www.bbc.co.uk/news/uk-34784980 http://www.bbc.co.uk/news/uk-34611857 http://www.theguardian.com/business/2015/oct/22/talktalk-customer-data-hackers-website-credit-card-details-attack
US Office of Personnel Management "The intruders... gained access to...employees’ Social Security numbers, job assignments, performance ratings and training information" 11 4,000,000 government hacked 4000000 20 http://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-governments-personnel-office/2015/06/04/889c0e52-0af7-11e5-95fd-d580f1c5d44e_story.html?tid=hpModule_04941f10-8a79-11e2-98d9-3012c1cd8d1e
Voter Database A database of 191 million US voters has been exposed as a result of incorrect configuration. The owner of the database is yet to be identified. The feds are on it. 11 191,000,000 web configuration error 191000000 20 http://uk.reuters.com/article/us-usa-voters-breach-idUKKBN0UB1E020151229
Anthem Second-largest health insurer in the US Feb 2015: Names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information. 12 80,000,000 healthcare hacked y 80000000 20 http://www.anthemfacts.com/faq
Mail. ru Game-related forums Two hackers attacked three game-related forums hosted by Russian company Mail.ru. 12 25,000,000 web hacked 25000000 20 http://www.zdnet.com/article/over-25-million-accounts-stolen-after-mail-ru-forums-raided-by-hackers/
Privatization Agency of the Republic of Serbia A text file with personal data and financial documents were made publically available on their website. 12 5,190,396 private firm leak 519396 20 http://www.shareconference.net/en/defense/personal-data-more-5-million-citizens-serbia-unlawfully-published
Turkish citizenship database Turkish citizenship database has allegedly been hacked and leaked online. 12 49,611,709 government leak 49611709 20 http://www.businessinsider.com/turkish-citizenship-database-allegedly-hacked-and-leaked-2016-4?r=UK&IR=T
Clinton campaign The campaign's network was hacked, but nobody knows what information they took. 13 5,000,000 government hacked 5000000 20 https://techcrunch.com/2016/07/29/clinton-campaign-reportedly-breached-by-hackers/
Interpark July. South Korean police are blaming North Korea for stealing data in an attempt to obtain foreign currency. 13 10,000,000 web hack 10000000 20 http://www.nytimes.com/2016/07/29/world/asia/north-korea-hacking-interpark.html
Target Investigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores. Originally 40m customers. Now 70m! 10 70,000,000 retail hacked y 70000000 200 http://www.chicagotribune.com/news/sns-rt-us-target-breach-20131218,0,3434295.story http://www.huffingtonpost.com/2013/12/19/target-hacked-customer-credit-card-data-accessed_n_4471672.html?utm_hp_ref=mostpopular http://techcrunch.com/2014/01/10/targets-data-breach-gets-worse-70-million-customers-had-info-stolen-including-names-emails-and-phones/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=Netvibes ITRC
Cardsystems Solutions Inc. Third-party payment processor for Visa, Mastercard, Amex, and Discover CardSystems was fingered by MasterCard after it spotted fraud on credit card accounts and found a common thread, tracing it back to CardSystems. An unauthorized entity put a specific code into CardSystems' network, enabling the person or group to gain access to the data. It's not clear how many of the 40 million accounts were actually stolen. 1 40,000,000 financial hacked y 40000000 300 http://www.msnbc.msn.com/id/8260050/ns/technology_and_science-security/t/million-credit-cards-exposed/#.UFiz7aRYtmg MSNBC
Citigroup Blame the messenger! A box of computer tapes containing information on 3.9 million customers was lost by United Parcel Service (UPS) while in transit to a credit reporting agency. 1 3,900,000 financial lost / stolen media y 3900000 300 http://www.nytimes.com/2005/06/07/business/07data.html?pagewanted=all&_moc.semityn.www NY Times
Countrywide Financial Corp Mortgage financer 2 2,600,000 financial inside job 2600000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Compass Bank A former employee stole a hardrive containing 1m account details from the bank, then used it to defraud cutomers of nearly $32,000. 3 1,000,000 financial inside job y 1000000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.computerworld.com/s/article/9072198/Programmer_who_stole_drive_containing_1_million_bank_records_gets_42_months ITRC
Fidelity National Information Services Employee sold customer information to a data broker, including names, addresses, birth dates, bank account and credit card information. 3 8,500,000 financial inside job 8500000 300 http://www.pcworld.com/article/135117/article.html
Hannaford Brothers Supermarket Chain Delhaize Group: Hannaford Bros, Sweetbay, Food Lion, Bloom, Bottom Dollar, Harveys, Kash n' Karry An estimated 4.2 million credit and debit card numbers were stolen. 3 4,200,000 retail hacked 4200000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
TK / TJ Maxx Largest retail breach to date Hackers hacked a Minnesota store wifi network and stole data from credit and debit cards of shoppers at off-price retailers TJX, owners of nearly 2,500 stores, including T.J. Maxx and Marshalls. This case is believed to be the largest such breach of consumer information. 3 94,000,000 retail hacked 94000000 300 http://www.zdnet.com/wi-fi-hack-caused-tk-maxx-security-breach-3039286991/ http://www.msnbc.msn.com/id/17871485/ns/technology_and_science-security/t/tj-maxx-theft-believed-largest-hack-ever/#.UFi-HaRYtmg ZD Net
Auction.co.kr South Korea's largest online shopping site 4 18,000,000 web hacked 18000000 300 http://www.darkreading.com/security/perimeter-security/211201111/hacker-steals-data-on-18m-auction-customers-in-south-korea.html
University of Miami Thieves stole a briefcase containing data tapes out of a vehicle used by a private off-site storage company. Anyone who had been a patient of a University of Miami physician or visited a UM facility since 1999 is likely included on the tapes. The data included names, addresses, Social Security numbers and health information. 47,000 of these records may have included credit card or other financial information regarding bill payment. 4 2,100,000 academic lost / stolen computer 2100000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Heartland Independent payment processor The biggest credit card scam in history, Heartland eventually paid more than $110 million to Visa, MasterCard, American Express and other card associations to settle claims related to the breach. 5 130,000,000 financial hacked y 130000000 300 http://www.guardian.co.uk/technology/blog/2009/aug/24/hacking-law?INTCMP=SRCH http://money.cnn.com/2012/03/30/technology/credit-card-data-breach/index.htm Guardian
Network Solutions Domain name registration business A large-scale infection of WordPress-driven blogs with malicious code led to the compromise of 573,000 debit and credit cards. 5 573,000 tech hacked 600000 300 http://www.computerworld.com/s/article/9175783/Network_Solutions_sites_hacked_again http://voices.washingtonpost.com/securityfix/2009/07/network_solutions_hack_comprom.html ITRC
University of California Berkeley details on students, alumni and others 5 160,000 academic hacked 160000 300 http://www.msnbc.msn.com/id/30645920/ns/technology_and_science-security/t/hackers-breach-uc-berkeley-computers/#.UFjFaKRYtmg ITRC
Betfair UK gambling site Betfair waited 18 months to report the breach of their online gambling site, alarming banking institutions and security experts. Betfair's systems breach, which occurred in March and April 2010, was not uncovered until this past May, when a server crashed. 6 2,300,000 web hacked 2300000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
JP Morgan Chase In 2007, the personal information of approximately 2.6 million current and former holders of a Chase-Circuit City credit card had been mistakenly identified as trash and thrown out in garbage bags outside five branch offices in New York. 6 2,600,000 financial lost / stolen media y 2600000 300 http://www.pcworld.com/article/131453/article.html ITRC
US Federal Reserve Bank of Cleveland A Malaysian man has been charged with hacking into major U.S. corporations, including the U.S. Federal Reserve Bank of Cleveland and FedComp after U.S. Secret Service investigators found more than "400,000 stolen credit and debit card account numbers allegedly obtained by hacking into various computer systems of other financial institutions" 6 400,000 financial hacked 400000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Citigroup Less than 1% of Citbank card holders' names, account numbers, and contact information such as e-mail addresses were stolen. Card security codes were not stolen. 7 360,083 financial hacked 400000 300 http://www.pcworld.com/article/229891/Citigroup_Hack_Nets_Over_200k_in_Stolen_Customer_Details.html PC World
Morgan Stanley Smith Barney Morgan Stanley mailed a CD containing sensitive data about investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. The package arrived at the building but when it arrived at the relevant desk the data CD was missing. 7 34,000 financial lost / stolen media y 35000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Restaurant Depot food, equipment, and supplies for restaurants 7 200,000 retail hacked 200000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Sony Online Entertainment Hacked by LulzSec. In addition to the Sony Playstation Network breach, compromised 77 million records. More than 23,000 lost financial data, according to Sony. 7 24,600,000 gaming hacked 24600000 300 http://www.computerworld.com/s/article/9216343/Sony_cuts_off_Sony_Online_Entertainment_service_after_hack Computer World
Steam Attackers used login details from a Steam forum hack to access a database that held ID and credit card data. The Valve Corporation 7 35,000,000 web hacked 35000000 300 http://www.bbc.co.uk/news/technology-15690187
US Law Enforcement "AntiSec" hackers published 2,719 social security numbers, 8,214 passwords, 15,798 birth dates, 48,182 street addresses, 1,531,628 email addresses, 106,691 phone numbers, 57 bank account numbers, 53 driver's license numbers, and eight credit card numbers of more than 70 different U.S. law enforcement agencies. 7 123,461 government accidentally published 130000 300 http://www.pcmag.com/article2/0,2817,2390683,00.asp PC World
Global Payments Credit, debit and check processing for merchants (Visa, Mastercard, etc) 1.5 million credit card numbers from its systems may have been exposed after detecting “unauthorized access” into its processing system. 8 7,000,000 financial hacked 1500000 300 http://www.washingtonpost.com/business/technology/faq-the-global-payments-hack/2012/04/02/gIQAIHLLrS_story.html ITRC http://money.cnn.com/2012/03/30/technology/credit-card-data-breach/index.htm
Central Hudson Gas & Electric Customer banking information and other personal information may have been accessed during the hack. 9 110,000 energy hacked 100000 300 http://www.privacyrights.org/data-breach Privacy Rights
Kissinger Cables More than 1.7 million US diplomatic records for the period 1973 to 1976, including intelligence reports and congressional correspondence. Wikileaks 9 1,700,000 government inside job 1700000 300 https://www.wikileaks.org/plusd/about/
Ubuntu The discussion forum for the popular alternative, open-source operating system July 2013: Discussion forum for the operating system was compromised leaking personal details and password. The passwords were cryptographically scrambled using the MD5 hashing algorithm - considered an inadequate means of protecting stored passwords by security experts. 9 2,000,000 tech hacked y 2000000 300 http://arstechnica.com/security/2013/07/hack-exposes-e-mail-addresses-password-data-for-2-million-ubuntu-forum-users/ Data Loss Database
Vodafone An IT contractor for the firm used his deep access to the telecom giant's system to copy customer names and bank account details. 9 2,000,000 telecoms inside job y 2000000 300 http://www.securityweek.com/attacker-steals-data-2-million-vodafone-germany-customers Security Week
D&B, Altegrity Hackers stole millions of social security numbers from large US data brokers Dun & Bradstreet Corp and Kroll Background America Inc, owned by Altegrity. Correction 7 Jan 2015: we previously stated that records were stolen from LexisNexis. LexisNexis conducted a thorough investigation of the malware intrusion and found no evidence that the malware accessed or stole any customer or consumer data. 10 1,000,000 tech hacked 1000000 300 http://www.usatoday.com/story/cybertruth/2013/09/26/lexisnexis-dunn--bradstreet-altegrity-hacked/2878769/ http://www.reuters.com/article/2013/09/26/us-cyberattacks-databrokers-idUSBRE98P03220130926 http://www.bbc.co.uk/news/technology-24284277 USA Today; Reuters; BBC News
Home Depot Malware installed on cash register system across 2,200 stores syphoned credit card details of up to 56 million customers. May be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others 10 56,000,000 retail hacked y 56000000 300 http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/
JP Morgan Chase July 2014: The US's largest bank was compromised by hackers, stealing names, addresses, phone numbers and emails of account holders. The hack began in June but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege to dozens of the bank’s computer servers. 10 76,000,000 financial hacked y 76000000 300 http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/?_php=true&_type=blogs&_r=0
Staples 10 1,160,000 transport hacked 1200000 300 http://fortune.com/2014/12/19/staples-cards-affected-breach/
UPS Malware was discovered in the credit & debit card processing systems at 51 branches in 24 states. 10 4,000,000 retail hacked 4000000 300 http://time.com/3151681/ups-hack/
Experian / T-mobile The world's biggest data monitoring firm disclosed a massive breach of customers who applied for service with T-Mobile. Names, addresses, birth dates, Social Security numbers, drivers license numbers and passport numbers. 11 15,000,000 web hacked 15000000 300 http://www.reuters.com/article/2015/10/02/us-tmobile-dataprotection-idUSKCN0RV5PL20151002
Banner Health Hackers gained access to payment card data via food outlets at Banner Health locations. 12 3,700,000 private firm hacked 3700000 300 https://www.bannerhealth.com/news/2016/08/banner-health-identifies-cyber-attack#
Wendy's Restaurant chain Malware has been used in 1025 of Wendy's restaurants to steal credit card data from customers. It's currently unknown how many individuals have been impacted. 12 1,025 restaurant hacked 1025 300 http://abcnews.go.com/Technology/wireStory/wendys-1000-restaurants-affected-hack-40407208
World Check Run by Thompson Reuters 2014 version of World-Check, a database of suspected terrorists and criminals, leaked online. It's unclear what data the records include. 12 2,200,000 private firm leak 2200000 300 https://thestack.com/security/2016/06/29/2-million-person-terror-database-leaked-online/
Premera US healthcare provider Detected 29th Jan 2015. Occured May 2014. "C could include names, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information" 11 11,000,000 healthcare hacked 11000000 50000 http://premeraupdate.com/
University of Utah Hospitals & Clinics stolen data tapes The data tapes were stolen by petty thieves from an employee's car. According to police reports the thieves tried - and failed - to view the tapes using a VHS player. 4 2,200,000 academic lost / stolen media y 2200000 4000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Affinity Health Plan, Inc. A rented photocopier used to copy health records did not have its hard-drive wiped before its return. 5 344,579 healthcare lost / stolen media y 300000 4000 http://security-hack1.blogspot.com/2010/04/affinity-health-plan-alerts-public.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Health Net Largest US publicly traded managed health care company A portable hard drive with seven years of personal and medical information on about 1.5 million Health Net customers was lost for six months before being reported. 5 1,500,000 healthcare lost / stolen media y 1500000 4000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
RockYou! Developer of online games (Zoo World/Zoo World 2) and advertising products The site did not allow users to use special characters or punctuation in their passwords and e-mailed user passwords in plain text. Hackers took advantage of these security lapses, using simple techniques to gain access to 32 million user accounts. 5 32,000,000 web, gaming hacked y 32000000 1 http://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ Tech Crunch
Virginia Dept. Of Health An extortion demand posted on WikiLeaks sought $10 million to return over 8 million patient records and 35 million prescriptions allegedly stolen from Virginia Department of Health Professions. All 36 servers were shut down to protect records. 5 8,257,378 government, healthcare hacked y 8300000 4000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Ankle & foot Center of Tampa Bay, Inc. The information hacked included information such as patient names, social security numbers, date of birth, home addressees, account numbers, and healthcare services and related diagnostic codes. 6 156,000 healthcare hacked 160000 4000 http://www.phiprivacy.net/?p=5743 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Emergency Healthcare Physicians, Ltd. A Chicago emergency physician group The stolen portable hard drive is believed to have contained records from 2003 to 2006 that included patient names, addressees, phone numbers, birth dates, Social Security numbers, and, in some cases, drivers' license numbers. 6 180,111 healthcare lost / stolen media 180000 4000 http://www.healthcareinfosecurity.com/chicago-breach-affects-180000-a-2496 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Lincoln Medical & Mental Health Center 130,495 patients lost their protected health information after seven CDs were lost in transit. 6 130,495 healthcare lost / stolen media 130000 4000 http://www.phiprivacy.net/?tag=lincoln-medical-and-mental-health-center http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
New York City Health & Hospitals Corp. New York City Health & Hospitals Corporation's North Bronx Healthcare Network 6 1,700,000 healthcare lost / stolen media 1700000 4000 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Puerto Rico Department of Health Double whammy. Two separate breaches. On September 3rd, 2010 data on 115,000 people was stolen from unauthorized access of an electronic device, on the 21st they reported an additional 400,000 records were hacked. 6 515,000 healthcare hacked 500000 4000 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Triple-S Salud, Inc. Puerto-Rican health insurance company 6 398,000 healthcare lost / stolen media 400000 4000 https://www.databreaches.net/puerto-rico-dept-of-health-reports-breach-affecting-400000-triple-s-salud-fined-100k/
Accendo Insurance Co. Mismailed letters which allowed some lines of sensitive information (medication name, date of birth, and member ID) to be visible through the envelope window. The mailings were addressed correctly and, to the knowledge of the company, were received by the intended recipients. 7 175,350 healthcare poor security 180000 2000 http://www.databreaches.net/?p=19198 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Nemours Foundation US children's hospitals A health care organization that runs children’s hospitals reported the loss of 1.05 million records when data backup tapes were lost. 7 1,055,489 healthcare lost / stolen media 1100000 4000 http://zerosecurity.org/technews/past-three-years-over-21m-medical-record-breaches/ http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
NHS UK's national health service, govt funded A laptop holding the unencrypted records of eight million patients went missing from an NHS store room and wasn't reported until 3 weeks later. 7 8,300,000 healthcare lost / stolen media y 8300000 4000 http://www.techweekeurope.co.uk/news/nhs-researchers-lose-laptop-with-8m-patients-records-31810 Tech Week
Sega Information stolen during the hack includes names, birth dates, e-mail addresses and passwords from Sega Pass, a system for users interested in newsletters and for registering certain products. 7 1,290,755 gaming hacked 1300000 20 http://www.zdnet.com/blog/gamification/sega-1-3-million-customer-records-hacked-lulzsec-promises-retribution/481 ZD Net
Spartanburg Regional Healthcare System The stolen computer contained a password-protected file with Social Security numbers as well as names, addresses, dates of birth and medical billing codes. 7 400,000 healthcare lost / stolen computer 400000 4000 http://www.goupstate.com/news/20110527/spartanburg-regional-patients-affected-by-computer-breach http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Tricare Healthcare service for US Military The information for some 4.6 million active and retired military personnel, as well as their families, was on back up-tapes from an electronic health care record used to capture and preserve patient data from 1992 through September 7 2011. 7 4,901,432 military, healthcare lost / stolen computer 4900000 4000 http://www.reuters.com/article/us-data-breach-texas-idUSTRE78S5JG20110929 ITRC
Emory Healthcare hospital system in Atlanta 8 315,000 healthcare poor security 300000 4000 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Formspring Interest-based social Q&A website Formspring was tipped off to a breach after 420,000 hashed passwords were posted to a security forum. 8 420,000 web accidentally published y 400000 1 http://news.cnet.com/8301-1009_3-57469944-83/formspring-disables-user-passwords-in-security-breach/?tag=mncol;txt
LinkedIn, eHarmony, Last.fm Hacker 'dwdm' uploaded a file containing 6.5 million passwords on a Russian hacker forum. Soon after another 1.5 million passwords were discovered. On analysis, 93% of the passwords could be found in the Top 10,000 password list. 8 8,000,000 web accidentally published 8000000 1 http://news.cnet.com/8301-1009_3-57449325-83/what-the-password-leaks-mean-to-you-faq/?tag=mncol;txt http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/
Militarysingles.com Online dating network for, you guessed it, military singles Collective group LulzSec released a database of 163,792 names, usernames, e-mail addresses, IP addresses, and passwords of "single" military personnel. 8 163,792 web, military accidentally published 180000 1 http://www.pcworld.com/article/252647/reborn_lulzsec_claims_hack_of_dating_site_for_military_personnel.html PC World
South Carolina Government South Carolina Department of Health and Human Services A man was charged with five counts of violating medical confidentiality laws and one count of disclosure of confidential information after he gained access to personal information for more than 228,000 Medicaid beneficiaries. 8 6,400,000 healthcare inside job 200000 4000 http://www.thestate.com/2012/04/20/2241321/personal-information-of-more-than.html#.UFpUVqRYtmg http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Crescent Health Inc., Walgreens Names, Social Security numbers, health insurance identification numbers, health insurance information, dates of birth, diagnoses, other medical information, disability codes, addresses, and phone numbers may have been exposed via a laptop theft. 9 100,000 healthcare lost / stolen computer 100000 4000 http://www.privacyrights.org/data-breach Privacy Rights
Living Social special offers website Online criminals gained access to user names, e-mail addresses, dates of birth & encrypted passwords for 50 million people. Databases storing financial information were not compromised in the attack, the company said. 9 50,000,000 web hacked 50000000 1 http://nakedsecurity.sophos.com/2013/04/27/livingsocial-hacked-50-million-affected/ http://bits.blogs.nytimes.com/2013/04/26/living-social-hack-exposes-data-for-50-million-customers/ Naked Security; New York Times
AshleyMadison.com US ex-marital affairs site 20th July 2015: DEVELOPING: Online hookup site for extra-marital affairs has been severely breached and the personal details of 37m users, as well as company financial records, threatened with release. Notorious hacking outfit The Impact Team has claimed responsibility. The hackers are demanding the shutdown of AM.com and other associated sites. 11 37,000,000 web hacked 37000000 1 http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/
Eisenhower Medical Center California hospital Stolen computer contained data listing patients' names, ages, dates of birth, medical record numbers and the last four digits of their social security numbers. 7 514,330 healthcare lost / stolen computer 500000 4000 http://databreachinvestigation.blogspot.com/2011/04/thief-gets-away-with-eisenhower-medical.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
VK Russia's Facebook Over 100m user accounts were hacked and the data put up for sale online. A VK spokesperson has denied that the site was breached, claiming the data for sale is old details no longer in use. 12 100,544,934 web hacked 100544934 4000 http://motherboard.vice.com/read/another-day-another-hack-100-million-accounts-for-vk-russias-facebook
Brazzers Porn site Sept. 'The data contains 790,724 unique email addresses, and also includes usernames and plaintext passwords. (The set has 928,072 entries in all, but many are duplicates.' 13 790724 web hacked 790724 4000 http://motherboard.vice.com/read/nearly-800000-brazzers-porn-site-accounts-exposed-in-forum-hack http://motherboard.vice.com/read/nearly-800000-brazzers-porn-site-accounts-exposed-in-forum-hack
UK Ministry of Defence Hard drive containing very sensitive details of Armed Forces personnel - passport & national insurance numbers, bank details etc - went missing. Loss was revealed during National Identity Fraud Prevention Week. 4 1,700,000 government lost / stolen media y 1700000 50000 http://news.bbc.co.uk/1/hi/uk_politics/7667507.stm
Embassy Cables Confidential communications between 274 embassies in countries throughout the world and the State Department in Washington DC, between 1966-2010. Wikileaks 6 251,000 government inside job 300000 50000 http://wikileaks.org/cablegate.html
South Shore Hospital, Massachusetts South Shore Hospital hired a contractor to destroy files no longer in use and lost the shipment. The back-up computer files possibly contained names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, protected health information including diagnoses and treatments. As well as bank account and credit card numbers for some. Patients, employees, physicians, volunteers, donors, vendors and other business partners were effected. 6 800,000 healthcare lost / stolen media 800000 50000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
US Military Wikileaks / Bradley Manning/Cablegate. WIKILEAKS! 6 260,000 military inside job y 300000 50000 http://www.guardian.co.uk/news/datablog/2010/nov/29/wikileaks-cables-data Guardian
Massachusetts Government Massachusetts Executive Office of Labor and Workforce Over 1,500 departmental computers were infected with the W32.QAKBOT virus, a malicious program which “downloads additional files, steals information, and opens a back door on the compromised computer”. 7 210,000 government poor security y 200000 50000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Massive American business hack 7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard Over eight years, a hacking ring targeted banks, payment processors and chain stores, to steal more than 160 million credit and debit card numbers, targeting more than 800,000 bank accounts 8 160,000,000 financial hacked y 160000000 50000 http://www.nydailynews.com/news/national/russians-ukrainian-charged-largest-hacking-spree-u-s-history-article-1.1408948
Three Iranian banks Saderat, Eghtesad Novin, & Saman After finding a security vulnerability in Iran's banking system, software manager Khosrow Zarefarid wrote a formal report and sent it to the CEOs of all the affected banks across the country. When the banks ignored his findings, he hacked 3 million bank accounts, belonging to at least 22 different banks, to prove his point. 8 3,000,000 financial hacked y 3000000 50000 http://www.zdnet.com/blog/security/3-million-bank-accounts-hacked-in-iran/11577 ZD Net
Adobe Sep 17th 2013. Hackers obtained access to a large swathe of Adobe customer IDs and encrypted passwords & removed sensitive information (i.e. names, encrypted credit or debit card numbers, expiration dates, etc.). Approximately 36 million Adobe customers were involved: 3.1 million whose credit or debit card information was taken and nearly 33 million active users whose current, encrypted passwords were in the database taken. Correction Jan 2015: we previously reported 152m records were taking, but the remainder affected invalid, inactive, test accounts or had out-of-date passwords associated with them. 9 36,000,000 tech hacked y 36000000 50000 http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html http://www.zdnet.com/adobe-admits-2-9m-customer-accounts-have-been-compromised-7000021546/ http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/
Korea Credit Bureau 10 20,000,000 financial inside job 20000000 50000 http://www.securityweek.com/20-million-people-fall-victim-south-korea-data-leak
Australian Immigration Department An employee of the agency inadvertently sent the passport numbers, visa details and other personal identifiers of all world leaders attending the G20 Brisbane summit to the organisers of the Asian Cup football tournament. Barack Obama, Vladimir Putin, Angela Merkel, Xi Jinping, Narendra Modi, David Cameron and many others. 11 500,000 government accidentally published 500000 50000 http://www.theguardian.com/world/2015/mar/30/personal-details-of-world-leaders-accidentally-revealed-by-g20-organisers
CarPhone Warehouse UK mobile phone supplier 11 2,700,000 web hacked 2700000 50000 http://www.theguardian.com/technology/2015/aug/10/carphone-warehouse-uk-data-watchdog-investigating-customer-hack
Hacking Team Italian cybersecurity firm sells digital surveillance software to law enforcement and national security organisations. 400 GB of documents - including software source code, private messages & client databases - has been stolen and put online via BitTorrent. The documents show the company has sold products to repressive regimes. 11 500,000 web hacked y 500000 50000 http://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim The Guardian
Invest Bank United Arab Emirates bank Hacker breached a United Arab Emirates bank, demanding a ransom of $3m in bitcoin to stop tweeting data, mostly about corporate accounts. The hacker dumped files on the website of a basketball team, which he hacked for storage. The bank, Invest Bank, won't pay the ransom. 11 40,000 banking hacked 40000 50000 http://www.dailydot.com/politics/invest-bank-hacker-buba/
Securus Technologies Prison phone service provider Anonymous hacker leaked records of over 70m phone calls, plus links to recordings. Recording/storing attorney-client calls potentially violates constitutional protections. 11 70,000,000 web hacked 70000000 50000 https://theintercept.com/2015/11/11/securus-hack-prison-phone-company-exposes-thousands-of-calls-lawyers-and-clients/
US Office of Personnel Management (2nd Breach) attackers have targeted the forms submitted by intelligence and military personnel for security clearances. The document includes personal information - everything from eye colour, to financial history, to past substance abuse, as well as contact details for the individual's friends and relatives 11 21,500,000 government hacked 21500000 50000 http://www.bbc.co.uk/news/world-us-canada-33120405 http://www.reuters.com/article/2015/07/09/us-cybersecurity-usa-idUSKCN0PJ2M420150709?feedType=RSS&feedName=topNews&utm_source=twitter
VTech Toymaker company Software used to download games to children's computer tablets was hacked, with personal info and photos stolen. 11 6,400,000 web hacked 6400000 50000 http://www.theguardian.com/technology/2015/dec/02/vtech-hack-us-hong-kong-investigate-children-exposed http://www.troyhunt.com/2015/11/when-children-are-breached-inside.html
Mossack Fonseca Panamanian law firm 2.6TB of data on politicians, criminals, professional athletes etc leaked from law firm Mossack Fonseca, including emails, contracts, scanned documents, transcripts... 12 11,500,000 law firm leak y 11500000 50000 http://panamapapers.sueddeutsche.de/articles/56febff0a1bb8d3c3495adf4/
Mutuelle Generale de la Police French police health insurance Files uploaded to Google Drive by a 'malicious' employee. Data included home addresses. The leak came two weeks after a French police officer was murdered by ISIS-inspired attack. 12 112,000 private firm leak 112000 50000 http://www.bbc.co.uk/news/world-europe-36645519
Philippines’ Commission on Elections COMELEC After a message was posted on the COMELEC website by hackers from Anonymous, warning the government not to mess with the elections, the entire database was stolen and posted online. 12 55,000,000 government hacked 55000000 50000 http://blog.trendmicro.com/trendlabs-security-intelligence/55m-registered-voters-risk-philippine-commission-elections-hacked/
ClixSense Sept. The information stolen contains usernames, passwords, home addresses, payment histories, and other banking details. 13 6600000 web hack 6600000 50000 http://www.digitaltrends.com/computing/clixsense-hacked/
RBS Worldpay the U.S. payment processing arm of The Royal Bank of Scotland Group The hack primarily effected U.S. prepaid and the gift card issuing business of RBS Worldpay. Actual fraud has been committed on approximately 100 cards. Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed. 4 1,500,000 financial hacked 1500000 20 http://www.theregister.co.uk/2008/12/29/rbs_worldpay_breach/ The Register
AvMed, Inc. Two company laptops containing names, addresses, dates of birth, Social Security numbers and health-related information. 5 1,220,000 healthcare lost / stolen computer 1200000 20 http://www.governmentsecurity.org/latest-security-news/laptop-theft-exposes-private-info-of-avmed-health-plansaapos-customers.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Medicaid US health program for low income people and families The Utah Department of Technology Services had recently moved their claims records to a new server, and hackers believed to be operating out of Eastern Europe were able to circumvent the server’s multi-layered security system containing Social Security numbers for the Medicaid claims. 8 780,000 government, healthcare hacked y 800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Health Net - IBM Data lost from HN servers managed by IBM Several server drives, containing personal information of former and current employees, went missing. 7 1,900,000 healthcare lost / stolen media 1900000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html ITRC
Stratfor Shadowy global intelligence company Hacking collective Anonymous defaced the website of Stratfor and posted a file online of the organization’s confidential client list, along with credit card details, passwords and home addresses for those clients. They released 47,680 unique e-mail addresses and 50,277 unique credit card numbers — 9,651 of which were not yet expired. Of the stolen encrypted passwords, 50% were easily crackable. 7 935,000 military accidentally published 900000 300 http://bits.blogs.nytimes.com/2011/12/27/questions-about-motives-behind-stratfor-hack/ NY Times
<!DOCTYPE html>
<head>
<meta charset="utf-8">
<script src="https://d3js.org/d3.v4.min.js"></script>
<style>
body { margin:0;position:fixed;top:0;right:0;bottom:0;left:0; }
</style>
</head>
<body>
<div id="charts"></div>
<script src="https://code.jquery.com/jquery-3.1.1.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
<script>
var margin = {top: 20, right: 20, bottom: 30, left: 300},
totalWidth = 850,
totalHeight = 700,
width = totalWidth - margin.left - margin.right,
height = totalHeight - margin.top - margin.bottom,
tolerance = 50,
effHeight = height/2 - tolerance;
//Scales for X and Y axis for linear chart
var xScaleHacks = d3.scaleLinear().range([0, width]);
var yScaleHacks = d3.scaleLinear().range([0, effHeight]);
//Scales for X and Y axis for bar chart
var xScaleEntities = d3.scaleLinear().range([0, width]);
var yScaleEntities = d3.scaleOrdinal();
//charts
var svg = d3.select("#charts").append("svg")
.attr("width", width + margin.left + margin.right)
.attr("height", height + margin.top + margin.bottom)
.append("g")
.attr("transform", "translate(" + margin.left + "," + margin.top + ")");
function plot(data){
var selection = "hacked";
var filtered = [];
for(i in data){
var noinsert = $.inArray(data[i].name, filtered) > -1 || $.inArray(selection, data[i].methods) == -1;
if(!noinsert){
filtered.push(data[i].name);
}
}
var space = effHeight/filtered.length;
var ranges = [];
for(i in filtered){
ranges.push(space*i);
}
console.log("Filtered:",filtered);
console.log("Ranges:", ranges);
var fnAccXHacks = function(d){return d.year;};
var fnAccXEntities = function(d){return d.records;};
var fnAccYHacks = function(d){return d.records;};
//X Axis
xScaleHacks.domain([d3.min(data, fnAccXHacks), d3.max(data, fnAccXHacks)]);
xScaleEntities.domain([d3.min(data, fnAccXEntities),
d3.max(data, fnAccXEntities)]);
var xAxis1 = d3.axisBottom(xScaleHacks);
var xAxis2 = d3.axisBottom(xScaleEntities);
//Y Axis
yScaleHacks.domain([d3.max(data, fnAccYHacks), d3.min(data, fnAccYHacks)]);
yScaleEntities.domain(filtered).range(ranges);
var yAxis1 = d3.axisLeft(yScaleHacks);
var yAxis2 = d3.axisLeft(yScaleEntities);
svg.append('g')
.attr("transform", "translate(0," + effHeight + ")")
.call(xAxis1);
svg.append('g')
.call(yAxis1);
svg.append('g')
.attr("transform", "translate(0," + (effHeight+tolerance)+ ")")
.call(xAxis2);
svg.append('g')
.attr("transform", "translate(0," + (effHeight+tolerance)+ ")")
.call(yAxis2);
//Enter
//Exit
//Update
}
d3.csv('data2016.csv',function(hacks){
var data = [];
hacks.forEach(function(d){
var object = new Object();
if(parseInt(d["metric_001"])){
object.name = d["name"];
object.year = parseInt(d["primaryvalue"]) + 2004;
object.records = parseInt(d["metric_001"]);
var types = d["type"].split(",");
object.methods = types.map(function(method){
return method.trim();
});
data.push(object);
}
})
plot(data);
});
</script>
</body>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment