Skip to content

Instantly share code, notes, and snippets.

@mvanegas10

mvanegas10/.block

Last active March 19, 2021 18:50
Show Gist options
  • Save mvanegas10/3b46f45943f88230e4eaa827d1e98bdb to your computer and use it in GitHub Desktop.
Save mvanegas10/3b46f45943f88230e4eaa827d1e98bdb to your computer and use it in GitHub Desktop.
Download ZIP
World's Biggest Data Breaches
Raw
.block
license: mit
Raw
README.md
Raw
data.csv
Entity alternative name story YEAR records lost ORGANISATION METHOD OF LEAK interesting story NO OF RECORDS STOLEN DATA SENSITIVITY Exclude 1st source link 2nd source link 3rd source source name
AOL American Online A former America Online software engineer stole 92 million screen names and e-mail addresses and sold them to spammers who sent out up to 7 billion unsolicited e-mails. 0 92000000 web inside job, hacked 92000000 1 http://money.cnn.com/2004/06/23/technology/aol_spam/ http://www.msnbc.msn.com/id/8985989/#.UFcN8RgUwaA CNN
Cardsystems Solutions Inc. Third-party payment processor for Visa, Mastercard, Amex, and Discover CardSystems was fingered by MasterCard after it spotted fraud on credit card accounts and found a common thread, tracing it back to CardSystems. An unauthorized entity put a specific code into CardSystems' network, enabling the person or group to gain access to the data. It's not clear how many of the 40 million accounts were actually stolen. 1 40,000,000 financial hacked y 40000000 300 http://www.msnbc.msn.com/id/8260050/ns/technology_and_science-security/t/million-credit-cards-exposed/#.UFiz7aRYtmg MSNBC
Citigroup Blame the messenger! A box of computer tapes containing information on 3.9 million customers was lost by United Parcel Service (UPS) while in transit to a credit reporting agency. 1 3900000 financial lost / stolen media y 3900000 300 http://www.nytimes.com/2005/06/07/business/07data.html?pagewanted=all&_moc.semityn.www NY Times
Ameritrade Inc. Computer backup tape containing personal information was lost. online broker 1 200000 financial lost / stolen media 200000 20 http://www.nbcnews.com/id/7561268/
Automatic Data Processing Business outsourcing, payrolls, benefits 1 125000 financial poor security 130000 20 http://abcnews.go.com/Technology/story?id=2160425&page=1#.UFcROxgUwaA ABC
US Dept of Vet Affairs The Veterans Affairs Department agreed to pay $20 million to settle a class action lawsuit over the loss of a laptop. The department originally took three weeks to report the theft. The laptop was recovered with the data apparently intact a month after it was reported stolen. But it is impossible to say with absolute certainty that the data was not accessed and copied. 2 26500000 government, military lost / stolen computer 26500000 20 http://gcn.com/Articles/2009/02/02/VA-data-breach-suit-settlement.aspx
AOL American Online Durp. AOL VOLUNTARILY released search data for roughly 20 million web queries from 658,000 anonymized users of the service. No one is quite sure why. 2 20000000 web accidentally published y 20000000 1 http://techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data/ Tech Crunch
T-Mobile, Deutsche Telecom Thieves got their hands on a storage device with the data, which included the names, addresses, cell phone numbers, and some birth dates and e-mail addresses for high-profile German citizens. The company said the records did not contain bank details, credit card numbers, or call data. 2 17000000 telecoms lost / stolen media 17000000 1 http://www.datalossdb.org http://www.informationweek.com/security/attacks/t-mobile-lost-17-million-subscribers-per/210700232 Data Loss Database
KDDI Japanese telecommunications operator Press report: "Tokyo police have arrested two men for trying to extort nearly US$90,000 from KDDI Corp. The pair allegedly threatened to disclose the existence of storage media containing personal data belonging to four million KDDI customers prior to a shareholder meeting; however, KDDI alerted the police as soon as they were contacted by the blackmailers; the police monitored communications between KDDI and the pair for several weeks. " 2 4000000 telecoms hacked y 4000000 1 http://www.computerworld.com/s/article/9001150/KDDI_suffers_massive_data_breach Computer World
Countrywide Financial Corp Mortgage financer 2 2600000 financial inside job 2600000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Hewlett Packard Laptop lost/stolen containing employee data: names, addresses, Social Security numbers, dates of birth and other employment-related information. 2 200000 tech, retail lost / stolen media y 200000 20 http://news.cnet.com/Laptop-with-HP-employee-data-stolen/2100-7348_3-6052964.html
TK / TJ Maxx Largest retail breach to date Hackers hacked a Minnesota store wifi network and stole data from credit and debit cards of shoppers at off-price retailers TJX, owners of nearly 2,500 stores, including T.J. Maxx and Marshalls. This case is believed to be the largest such breach of consumer information. 3 94000000 retail hacked 94000000 300 http://www.zdnet.com/wi-fi-hack-caused-tk-maxx-security-breach-3039286991/ http://www.msnbc.msn.com/id/17871485/ns/technology_and_science-security/t/tj-maxx-theft-believed-largest-hack-ever/#.UFi-HaRYtmg ZD Net
UK Revenue & Customs HMRC A set of discs containing confidential details of 25 million child benefit recipients was lost. 3 25000000 government lost / stolen media 25000000 1 http://news.bbc.co.uk/2/hi/uk_news/7103911.stm BBC News
Dai Nippon Printing Japanese printing company A former contractor of Dai Nippon Printing Company in Tokyo, Japan stole 8.6 million records containing the personal data of customers of 43 of the company's clients. 3 8637405 retail inside job 8600000 1 http://usatoday30.usatoday.com/tech/news/computersecurity/2007-12-30-data_n.htm USA Today
Fidelity National Information Services Employee sold customer information to a data broker, including names, addresses, birth dates, bank account and credit card information. 3 8500000 financial inside job 8500000 300 http://www.pcworld.com/article/135117/article.html
TD Ameritrade US online broker TD Ameritrade settled a class action lawsuit to compensate as many as 6.3 million TD Ameritrade customers whose data was stolen by hackers costing the Nebraska online brokerage firm less than $2 per victim. 3 6300000 financial hacked 6300000 1 http://www.wired.com/threatlevel/2008/07/ameritrade-hack/ Wired
Hannaford Brothers Supermarket Chain Delhaize Group: Hannaford Bros, Sweetbay, Food Lion, Bloom, Bottom Dollar, Harveys, Kash n' Karry An estimated 4.2 million credit and debit card numbers were stolen. 3 4200000 retail hacked 4200000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Driving Standards Agency Hard disk with details of candidates for the driving theory test was lost in a premises in Iowa by subcontractors. Only names, addresses and phone numbers. 3 3000000 government lost / stolen media 3000000 20 http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm
Driving Standards Agency, Details of candidates for the driving theory test were on a hard drive that went missing in the US. 3 3000000 government lost / stolen media 3000000 20 http://news.bbc.co.uk/1/hi/uk_politics/7147715.stm
Monster.com Jobs website A trojan virus stole log-ins that were used to harvest user names, e-mail addresses, home addresses and phone numbers. Soon after phishing e-mails encouraged users to download a Monster Job Seeker Tool, which was in fact a program that encrypted files in their computer and left a ransom note demanding money for their decryption. 3 1600000 web hacked y 1600000 20 http://news.bbc.co.uk/1/hi/6956349.stm BBC
Compass Bank A former employee stole a hardrive containing 1m account details from the bank, then used it to defraud cutomers of nearly $32,000. 3 1000000 financial inside job y 1000000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.computerworld.com/s/article/9072198/Programmer_who_stole_drive_containing_1_million_bank_records_gets_42_months ITRC
Gap Inc Stolen laptop which contained social security numbers, data on people who applied for positions at Gap stores, including Banana Republic and Old Navy, between July 2006 and June 2007. 3 800000 retail lost / stolen computer 800000 20 http://www.pcworld.com/article/137865/article.html PC World
City and Hackney Teaching Primary Care Trust Heavily encrypted disks containing details of children are lost by couriers. 3 160000 government lost / stolen media 160000 20 http://www.computerweekly.com/news/2240104003/Hackney-NHS-trust-encrypts-IT-equipment-following-loss-of-child-data
Texas Lottery Data on more than 89,000 lottery winners (including names, Social Security numbers, addresses and prize amounts )were taken from the agency without permission by a former computer analyst who copied the password-free data. The employee added he wanted the information "for possible future reference as a programmer at other state agencies." 3 89000 government inside job 90000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Auction.co.kr South Korea's largest online shopping site 4 18,000,000 web hacked 18000000 300 http://www.darkreading.com/security/perimeter-security/211201111/hacker-steals-data-on-18m-auction-customers-in-south-korea.html
BNY Mellon Shareowner Services Wealth management A back-up tape, containing over 12 million customers records were lost. 4 12500000 financial lost / stolen media 12500000 1 http://www.wctv.tv/news/headlines/28132494.html?storySection=comments ITRC
GS Caltex Private oil company Two multimedia discs containing the names, social security numbers, addresses, cell phone numbers, email addresses and workplaces of Korean customers sorted by age were stolen. They were found by an office worker in a backstreet�s trash pile in Seoul. Experts say a GS Caltex employee likely stole the information for personal purposes given there were no signs of hacking. 4 11100000 energy inside job 11100000 20 http://www.datalossdb.org http://english.donga.com/srv/service.php3?biid=2008090631088 Data Loss Database
Chile Ministry Of Education A computer hacker in Chile published confidential records belonging to six million people to illustrate the weakness of their security. 4 6000000 government accidentally published 6000000 1 http://news.bbc.co.uk/2/hi/americas/7395295.stm http://www.geek.com/articles/news/government-servers-in-chile-hacked-6-million-personal-records-made-public-20080514/ BBC News
Data Processors International Provides merchant account establishment and Internet based credit card payment processing services 4 5000000 financial hacked 5000000 1 http://money.cnn.com/2003/02/18/technology/creditcards/ CNN
Norwegian Tax Authorities "Tax authorities said they had accidentally sent CD-ROMs filled with the 2006 tax returns of nearly four million people living in Norway, a country of just 4.6 million inhabitants, to the editorial staff at national newspapers, radios and television stations." 4 3950000 government accidentally published y 4000000 20 http://infowatch.com/node/1289 Info Watch
University of Utah Hospitals & Clinics stolen data tapes The data tapes were stolen by petty thieves from an employee's car. According to police reports the thieves tried - and failed - to view the tapes using a VHS player. 4 2200000 academic lost / stolen media y 2200000 1000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
University of Miami Thieves stole a briefcase containing data tapes out of a vehicle used by a private off-site storage company. Anyone who had been a patient of a University of Miami physician or visited a UM facility since 1999 is likely included on the tapes. The data included names, addresses, Social Security numbers and health information. 47,000 of these records may have included credit card or other financial information regarding bill payment. 4 2100000 academic lost / stolen computer 2100000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
UK Ministry of Defence Hard drive containing very sensitive details of Armed Forces personnel - passport & national insurance numbers, bank details etc - went missing. Loss was revealed during National Identity Fraud Prevention Week. 4 1700000 government lost / stolen media y 1700000 5000 http://news.bbc.co.uk/1/hi/uk_politics/7667507.stm
Jefferson County West Virginia, US "Jefferson County Clerk Jennifer Maghan said she unveiled a new online search tool that enabled residents and business professionals to access nearly 1.6 million documents that are stored in her office via their home computers" 4 1600000 government accidentally published y 1600000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.journal-news.net/page/content.detail/id/511806.html?nav=5006 ITRC
RBS Worldpay the U.S. payment processing arm of The Royal Bank of Scotland Group The hack primarily effected U.S. prepaid and the gift card issuing business of RBS Worldpay. Actual fraud has been committed on approximately 100 cards. Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed. 4 1500000 financial hacked 1500000 20 http://www.theregister.co.uk/2008/12/29/rbs_worldpay_breach/ The Register
AT&T A laptop was stolen from a car containing unencrypted Social Security numbers and bonus/salary info of AT&T employees. 4 113000 telecoms lost / stolen computer y 100000 1 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Starbucks A laptop was stolen that contained private information on 97,000 employees, including names, addresses and Social Security numbers. Employees tried to sue Starbucks in California winning their case in the appeals court before losing in the higher federal court as they were unable to prove any cognizable harm or injury. 4 97000 retail lost / stolen computer y 100000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://privacyblog.littler.com/2011/01/articles/identity-theft/after-starbucks-laptop-is-stolen-alleged-victims-of-identity-theft-win-pyrrhic-victory/ ITRC
UK Home Office PA Consulting lost an unencrypted memory stick containing details of high risk, prolific and other offenders. 4 84000 government lost / stolen media 84000 20 http://en.wikipedia.org/wiki/List_of_UK_government_data_losses
Stanford University Tens of thousands of past and current Stanford University employees had personal information - including their dates of birth, Social Security numbers and home addresses - stored on the hard drive of a stolen university laptop. 4 72000 academic lost / stolen computer 72000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.sfgate.com/bayarea/article/Stanford-employees-data-on-stolen-laptop-3281185.php ITRC
Service Personnel and Veterans Agency (UK) Stolen USBs containing personal information about private lives of staff. 4 50500 government lost / stolen media 50000 20 http://news.bbc.co.uk/1/hi/england/gloucestershire/7639006.stm
Heartland Independent payment processor The biggest credit card scam in history, Heartland eventually paid more than $110 million to Visa, MasterCard, American Express and other card associations to settle claims related to the breach. 5 130000000 financial hacked y 130000000 300 http://www.guardian.co.uk/technology/blog/2009/aug/24/hacking-law?INTCMP=SRCH http://money.cnn.com/2012/03/30/technology/credit-card-data-breach/index.htm Guardian
US Military Without first destroying the data the agency sent back a defective unencrypted hard drive for repair and recycling which held detailed records on 76 million veterans, including millions of Social Security numbers dating to 1972. 5 76000000 military lost / stolen media y 76000000 20 http://www.wired.com/threatlevel/2009/10/probe-targets-archives-handling-of-data-on-70-million-vets/ ITRC
RockYou! Developer of online games (Zoo World/Zoo World 2) and advertising products The site did not allow users to use special characters or punctuation in their passwords and e-mailed user passwords in plain text. Hackers took advantage of these security lapses, using simple techniques to gain access to 32 million user accounts. 5 32000000 web, gaming hacked y 32000000 1000 http://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ Tech Crunch
Virginia Dept. Of Health An extortion demand posted on WikiLeaks sought $10 million to return over 8 million patient records and 35 million prescriptions allegedly stolen from Virginia Department of Health Professions. All 36 servers were shut down to protect records. 5 8257378 government, healthcare hacked y 8300000 1000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
CheckFree Corporation Provider of online banking, online bill payment and electronic bill payment services for the financial services industry Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on the day of the attack were redirected to a Ukrainian Web server that used malicious software to try and install a password-stealing program on the victim's computer. 5 5000000 financial hacked y 5000000 1 http://www.computerworld.com/s/article/9125078/CheckFree_warns_5_million_customers_after_hack Computer World
Health Net Largest US publicly traded managed health care company A portable hard drive with seven years of personal and medical information on about 1.5 million Health Net customers was lost for six months before being reported. 5 1500000 healthcare lost / stolen media y 1500000 1000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
AvMed, Inc. Two company laptops containing names, addresses, dates of birth, Social Security numbers and health-related information. 5 1220000 healthcare lost / stolen computer 1200000 20 http://www.governmentsecurity.org/latest-security-news/laptop-theft-exposes-private-info-of-avmed-health-plansaapos-customers.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Blue Cross Blue Shield of Tennessee US health insurance organization A thief stole 57 hard drives from the closet of a BlueCross call center in Chattanooga, Tenn. Data on the stolen hard drives was encoded but not encrypted. Bluecross stated there was no evidence the information was accessed due to the specialized nature of the hardware stolen. 5 1023209 healthcare lost / stolen media y 1000000 20 http://www.scmagazine.com/thief-steals-57-hard-drives-from-bluecross-blueshield-of-tennessee/article/162178/ http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html ITRC
Network Solutions Domain name registration business A large-scale infection of WordPress-driven blogs with malicious code led to the compromise of 573,000 debit and credit cards. 5 573000 tech hacked 600000 300 http://www.computerworld.com/s/article/9175783/Network_Solutions_sites_hacked_again http://voices.washingtonpost.com/securityfix/2009/07/network_solutions_hack_comprom.html ITRC
Virginia Prescription Monitoring Program A hacker, who was never arrested, demanded a $10 million ransom for a breach effecting 530,000 Virginians. Social security numbers may have been taken. The data was found in a database containing 35 million prescription records. 5 531400 healthcare hacked y 500000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Affinity Health Plan, Inc. A rented photocopier used to copy health records did not have its hard-drive wiped before its return. 5 344579 healthcare lost / stolen media y 300000 1000 http://security-hack1.blogspot.com/2010/04/affinity-health-plan-alerts-public.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
University of California Berkeley details on students, alumni and others 5 160000 academic hacked 160000 300 http://www.msnbc.msn.com/id/30645920/ns/technology_and_science-security/t/hackers-breach-uc-berkeley-computers/#.UFjFaKRYtmg ITRC
US National Guard About 131,000 former and current Army Guard members potentially affected when a personal laptop owned by an Army Guard contractor was stolen. Database incuded names, Social Security Numbers, incentive payment amounts and payment dates. 5 131000 military lost / stolen computer y 130000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
US Dept of Defense "According to a report to Congress, assessment forms of 72,000 service members who returned from deployment to Iraq or Afghanistan between Jan 1, 2007 to May 31, 2008 were breached. The forms ask for the service member's SSN,. Name, date of birth." 5 72000 military lost / stolen media y 72000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Educational Credit Management Corp US student loan guarantor A contractor for the US Department of Education stole the records of 3.3 million people. Data included names, addresses, Social Security numbers and dates of birth of borrowers, but no financial or bank account information. 6 3300000 financial lost / stolen media y 3300000 20 http://www.foxnews.com/us/2010/03/26/student-loan-company-data-m-people-stolen/ ITRC
JP Morgan Chase In 2007, the personal information of approximately 2.6 million current and former holders of a Chase-Circuit City credit card had been mistakenly identified as trash and thrown out in garbage bags outside five branch offices in New York. 6 2600000 financial lost / stolen media y 2600000 300 http://www.pcworld.com/article/131453/article.html ITRC
Betfair UK gambling site Betfair waited 18 months to report the breach of their online gambling site, alarming banking institutions and security experts. Betfair's systems breach, which occurred in March and April 2010, was not uncovered until this past May, when a server crashed. 6 2300000 web hacked 2300000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
New York City Health & Hospitals Corp. New York City Health & Hospitals Corporation's North Bronx Healthcare Network 6 1700000 healthcare lost / stolen media 1700000 1000 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Gawker.com US news and gossip blog network including Gawker.com Gizmodo.com Lifehacker.com Hacked. 1.5 Million usernames, emails, passwords taken. 6 1500000 web hacked 1500000 20 http://www.guardian.co.uk/technology/2010/dec/13/gawker-hackers-passwords-twitter-wikileaks?INTCMP=SRCH http://www.mediaite.com/online/gawker-medias-entire-commenter-database-appears-to-have-been-hacked/ Guardian
South Shore Hospital, Massachusetts South Shore Hospital hired a contractor to destroy files no longer in use and lost the shipment. The back-up computer files possibly contained names, addresses, phone numbers, dates of birth, Social Security numbers, driver�s license numbers, medical record numbers, patient numbers, health plan information, protected health information including diagnoses and treatments. As well as bank account and credit card numbers for some. Patients, employees, physicians, volunteers, donors, vendors and other business partners were effected. 6 800000 healthcare lost / stolen media 800000 5000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Ohio State University 6 760000 academic hacked 800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Puerto Rico Department of Health Double whammy. Two separate breaches. On September 3rd, 2010 data on 115,000 people was stolen from unauthorized access of an electronic device, on the 21st they reported an additional 400,000 records were hacked. 6 515000 healthcare hacked 500000 1000 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
US Federal Reserve Bank of Cleveland A Malaysian man has been charged with hacking into major U.S. corporations, including the U.S. Federal Reserve Bank of Cleveland and FedComp after U.S. Secret Service investigators found more than "400,000 stolen credit and debit card account numbers allegedly obtained by hacking into various computer systems of other financial institutions" 6 400000 financial hacked 400000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Triple-S Salud, Inc. Puerto-Rican health insurance company 6 398000 healthcare lost / stolen media 400000 1000 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Classified Iraq War documents Wikileaks 6 392000 government inside job 400000 20 http://www.forbes.com/sites/andygreenberg/2010/10/22/wikileaks-reveals-the-biggest-classified-data-breach-in-history/
US Military Wikileaks / Bradley Manning/Cablegate. WIKILEAKS! 6 260000 military inside job y 300000 5000 http://www.guardian.co.uk/news/datablog/2010/nov/29/wikileaks-cables-data Guardian
Embassy Cables Confidential communications between 274 embassies in countries throughout the world and the State Department in Washington DC, between 1966-2010. Wikileaks 6 251000 government inside job 300000 5000 http://wikileaks.org/cablegate.html
Seacoast Radiology, PA Computer gamers hacked a server at Seacoast Radiology in Rochester in search of more bandwidth in November to play Call of Duty: Black Ops. In the process they also gained access to personal records of the more than 230,000 patients of the health center. 6 231400 healthcare hacked y 200000 20 http://www.fosters.com/apps/pbcs.dll/article?AID=/20110120/GJNEWS_01/701209744 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Emergency Healthcare Physicians, Ltd. A Chicago emergency physician group The stolen portable hard drive is believed to have contained records from 2003 to 2006 that included patient names, addressees, phone numbers, birth dates, Social Security numbers, and, in some cases, drivers' license numbers. 6 180111 healthcare lost / stolen media 180000 1000 http://www.healthcareinfosecurity.com/chicago-breach-affects-180000-a-2496 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Ankle & foot Center of Tampa Bay, Inc. The information hacked included information such as patient names, social security numbers, date of birth, home addressees, account numbers, and healthcare services and related diagnostic codes. 6 156000 healthcare hacked 160000 1000 http://www.phiprivacy.net/?p=5743 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Lincoln Medical & Mental Health Center 130,495 patients lost their protected health information after seven CDs were lost in transit. 6 130495 healthcare lost / stolen media 130000 1000 http://www.phiprivacy.net/?tag=lincoln-medical-and-mental-health-center http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
AT&T US Telecoms company Details of iPad 3G users hacked from AT&T website, thought to include those of White House chief of staff Rahm Emanuel. 6 114000 telecoms hacked y 100000 1 http://www.guardian.co.uk/technology/2010/jun/10/apple-ipad-security-leak?INTCMP=SRCH Guardian
Colorado government Department of Health Care Policy & Financing 6 105470 healthcare lost / stolen computer 100000 20 http://www.databreaches.net/?p=12611 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Yale University 6 43000 academic accidentally published 40000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Sony PSN Rounding off a thoroughly unhappy year for Sony, their third breach saw the loss of 76,000,000 Sony PSN and Qriocity user accounts to hacking collective Lulzsec. 7 77000000 gaming hacked y 77000000 1 http://mashable.com/2011/05/31/sony-playstation-services-return/ Mashable
Steam Attackers used login details from a Steam forum hack to access a database that held ID and credit card data. The Valve Corporation 7 35000000 web hacked 35000000 300 http://www.bbc.co.uk/news/technology-15690187
Tianya Usernames, clear tect passwords and email addresses hacked. blogging site 7 28000000 web hacked 28000000 1 http://www.scmagazine.com.au/News/349585,28-million-clear-text-passwords-found-after-tianya65279-hack.aspx
Sony Online Entertainment Hacked by LulzSec. In addition to the Sony Playstation Network breach, compromised 77 million records. More than 23,000 lost financial data, according to Sony. 7 24600000 gaming hacked 24600000 300 http://www.computerworld.com/s/article/9216343/Sony_cuts_off_Sony_Online_Entertainment_service_after_hack Computer World
Nexon Korea Corp Personal data of subscribers to online game Maple Story was leaked. game developer 7 13200000 web hacked 13200000 20 http://www.reuters.com/article/2011/11/26/us-korea-hacking-nexon-idUSTRE7AP09H20111126
178.com gaming website 7 10000000 web hacked 10000000 1 http://www.ehackingnews.com/2011/12/hackers-compromised-38-million-chinese.html
NHS UK's national health service, govt funded A laptop holding the unencrypted records of eight million patients went missing from an NHS store room and wasn't reported until 3 weeks later. 7 8300000 healthcare lost / stolen media y 8300000 1000 http://www.techweekeurope.co.uk/news/nhs-researchers-lose-laptop-with-8m-patients-records-31810 Tech Week
China Software Developer Network 7 6000000 web hacked 6000000 1 http://www.zdnet.com/blog/security/chinese-hacker-arrested-for-leaking-6-million-logins/11064
Tricare Healthcare service for US Military The information for some 4.6 million active and retired military personnel, as well as their families, was on back up-tapes from an electronic health care record used to capture and preserve patient data from 1992 through September 7 2011. 7 4901432 military, healthcare lost / stolen computer 4900000 1000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Sutter Medical Foundation A password protected but unencrypted company computer was stolen. The compromised database contained names, addresses, dates of birth, phone numbers, email addresses, medical record numbers and the name of each patient's health insurance plan. No medical records were stored on the computer. 7 4243434 healthcare lost / stolen computer 4200000 20 http://www.simplysecurity.com/2011/11/30/sutter-health-sued-for-1-billion-following-data-breach/ http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
State of Texas 3.5 million records were accidentally published online including people's names, mailing addresses, social security numbers, and in some cases dates of birth and driver's license numbers. 7 3500000 government accidentally published 3500000 20 http://www.informationweek.com/security/attacks/texas-data-breach-exposed-35-million-rec/229401489?queryText=Texas%20data%20leak Information Week
Countrywide Financial Corp Employee convicted of downloading millions of borrower files and selling the information to other loan officers. mortgage lender 7 2500000 financial inside job 2500000 20 http://latimesblogs.latimes.com/money_co/2011/09/man-convicted-in-huge-countrywide-data-theft-gets-8-months-in-prison.html
Health Net - IBM Data lost from HN servers managed by IBM Several server drives, containing personal information of former and current employees, went missing. 7 1,900,000 healthcare lost / stolen media 1900000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html ITRC
Sega Information stolen during the hack includes names, birth dates, e-mail addresses and passwords from Sega Pass, a system for users interested in newsletters and for registering certain products. 7 1290755 gaming hacked 1300000 1000 http://www.zdnet.com/blog/gamification/sega-1-3-million-customer-records-hacked-lulzsec-promises-retribution/481 ZD Net
Washington Post Unknown hackers broke into The Washington Post's jobs website stealing about 1.27 million user IDs and email addresses. 7 1270000 media hacked 1300000 20 http://www.pcmag.com/article2/0,2817,2388200,00.asp PC Mag
Nemours Foundation US children's hospitals A health care organization that runs children�s hospitals reported the loss of 1.05 million records when data backup tapes were lost. 7 1055489 healthcare lost / stolen media 1100000 1000 http://zerosecurity.org/technews/past-three-years-over-21m-medical-record-breaches/ http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Oregon Department of Motor Vehicles Sheriff's detectives arrested Tim Nuss for accessing an old Oregon Department of Motor Vehicles database. The DMV database was once sold to marketing companies, but the department stopped selling the information in the late 1990s. The sold data include the names, addresses, birth dates, gender and ages of people who registered with the DMV, but no financial information. 7 1000000 government poor security 1000000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Sony Pictures LulzSec hacking collective stated all of the information it took was unencrypted, �Sony stored over 1,000,000 passwords of its customers in plaintext." More than 1 million user accounts were compromised. An additional 75,000 music codes and 3.5 million coupons were also uncovered. 7 1000000 web hacked y 1000000 1 http://mashable.com/2011/06/02/sony-pictures-hacked/ Mashable
Stratfor Shadowy global intelligence company Hacking collective Anonymous defaced the website of Stratfor and posted a file online of the organization�s confidential client list, along with credit card details, passwords and home addresses for those clients. They released 47,680 unique e-mail addresses and 50,277 unique credit card numbers � 9,651 of which were not yet expired. Of the stolen encrypted passwords, 50% were easily crackable. 7 935000 military accidentally published 900000 300 http://bits.blogs.nytimes.com/2011/12/27/questions-about-motives-behind-stratfor-hack/ NY Times
Eisenhower Medical Center California hospital Stolen computer contained data listing patients' names, ages, dates of birth, medical record numbers and the last four digits of their social security numbers. 7 514330 healthcare lost / stolen computer 500000 1000 http://databreachinvestigation.blogspot.com/2011/04/thief-gets-away-with-eisenhower-medical.html http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Spartanburg Regional Healthcare System The stolen computer contained a password-protected file with Social Security numbers as well as names, addresses, dates of birth and medical billing codes. 7 400000 healthcare lost / stolen computer 400000 1000 http://www.spartanburgregional.com/Pages/PatientNotice.aspx http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Citigroup Less than 1% of Citbank card holders' names, account numbers, and contact information such as e-mail addresses were stolen. Card security codes were not stolen. 7 360083 financial hacked 400000 300 http://www.pcworld.com/article/229891/Citigroup_Hack_Nets_Over_200k_in_Stolen_Customer_Details.html PC World
Southern California Medical-Legal Consultants Electronic files containing names and social security numbers of approximately 300,000 individuals who have applied for California workers� compensation benefits had been exposed to unauthorized access. 7 300000 healthcare hacked 300000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml
Honda Canada Names, addresses and vehicle identification numbers were taken from the company�s eCommerce websites myHonda and myAcura 7 283000 retail poor security y 300000 20 http://www.guelphmercury.com/news-story/2200845-honda-canada-hit-by-online-security-breach-283-000-car-owners-personal-data-stolen/
Massachusetts Government Massachusetts Executive Office of Labor and Workforce Over 1,500 departmental computers were infected with the W32.QAKBOT virus, a malicious program which �downloads additional files, steals information, and opens a back door on the compromised computer�. 7 210000 government poor security y 200000 5000 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Bethesda Game Studios US video game company (Elder Scrolls, Fallout 3) Hacking collective Lulzsec stole account information of 200,000 user. 7 200000 gaming hacked 200000 1 http://www.pcworld.com/article/231215/lulzsec_a_short_history_of_hacking.html PC World
Restaurant Depot food, equipment, and supplies for restaurants 7 200000 retail hacked 200000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
San Francisco Public Utilities Commission 7 180000 government hacked 180000 1 http://news.cnet.com/8301-27080_3-20068386-245/sf-utilities-agency-warns-of-potential-breach/
Accendo Insurance Co. Mismailed letters which allowed some lines of sensitive information (medication name, date of birth, and member ID) to be visible through the envelope window. The mailings were addressed correctly and, to the knowledge of the company, were received by the intended recipients. 7 175350 healthcare poor security 180000 1000 http://www.databreaches.net/?p=19198 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
US Law Enforcement "AntiSec" hackers published 2,719 social security numbers, 8,214 passwords, 15,798 birth dates, 48,182 street addresses, 1,531,628 email addresses, 106,691 phone numbers, 57 bank account numbers, 53 driver's license numbers, and eight credit card numbers of more than 70 different U.S. law enforcement agencies. 7 123461 government accidentally published 130000 300 http://www.pcmag.com/article2/0,2817,2390683,00.asp PC World
Memorial Healthcare System Florida An employee of an affiliated physician�s office may have improperly accessed patient information through a web portal used by physicians who provide care and treatment at MHS. Specifically, patients� names, dates of birth, and Social Security numbers. 7 102153 healthcare lost / stolen media 100000 20 http://www.mhs.net/pdf/release071112.pdf http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
University of Wisconsin - Milwaukee 7 73000 academic hacked 73000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml
Writerspace.com Website design and hosting for writers Hacker group LulzSec released the e-mails and passwords, 12,000 of which were confirmed to originate from Writerspace.com. 7 62000 web hacked 62000 1 http://www.pcmag.com/article2/0,2817,2387186,00.asp PC Mag
US Army 7 50000 military accidentally published 50000 1 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Morgan Stanley Smith Barney Morgan Stanley mailed a CD containing sensitive data about investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. The package arrived at the building but when it arrived at the relevant desk the data CD was missing. 7 34000 financial lost / stolen media y 35000 300 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Court Ventures Experian A Vietnamese identity theft service was sold personal records, including Social Security numbers, credit card data and bank account information, by Court Ventures, a company now owned by data brokerage firm Experian. 8 200000000 financial inside job 200000000 20 http://bits.blogs.nytimes.com/2013/10/24/senator-intensifies-probe-of-data-brokers/?_php=true&_type=blogs&_r=0 http://www.experianplc.com/news/company-news/2014/04-04-2014.aspx NY Times / Experian
Massive American business hack 7-Eleven, JC Penney, Hannaford, Heartland, JetBlue, Dow Jones, Euronet, Visa Jordan, Global Payment, Diners Singapore and Ingenicard Over eight years, a hacking ring targeted banks, payment processors and chain stores, to steal more than 160 million credit and debit card numbers, targeting more than 800,000 bank accounts 8 160000000 financial hacked y 160000000 5000 http://www.nydailynews.com/news/national/russians-ukrainian-charged-largest-hacking-spree-u-s-history-article-1.1408948
Zappos 8 24000000 web hacked 24000000 20 http://www.forbes.com/sites/andygreenberg/2012/01/15/zappos-says-hackers-accessed-24-million-customers-account-details/
Blizzard Activision, Battle.net Scrambled passwords, e-mail addresses, and personal security answers were knowingly stolen from Blizzard's internal network. Blizzard would not elaborate on the size of the hack ("millions"). 8 14,000,000 gaming hacked 14000000 20 https://us.battle.net/support/en/article/important-security-update-faq#5
"Apple" Hacking group AntiSec claimed they hacked an FBI laptop in March 2012 accessing a file of more than 12 million Apple Unique Device Identifiers (UDIDs). Subsequently, it was discovered that app developer BlueToad was the source of the breach. The list contained personal information such as full names, phone numbers and addresses. AntiSec published a million of these UDIDs online. 8 12,367,232 tech, retail accidentally published y 12400000 20 http://news.cnet.com/8301-1009_3-57505330-83/antisec-claims-to-have-snatched-12m-apple-device-ids-from-fbi/ http://news.cnet.com/8301-1009_3-57509595-83/udid-leak-source-idd-bluetoad-mobile-firm-says-it-was-hacked/
Greek government A computer programmer was arrested in Greece for allegedly stealing the identity information of what could amount to 83% of the country's population. The 35-year-old was found in possession of 9 million data files containing identification card data, addresses, tax ID numbers and licence plate numbers, which he was also suspected of trying to sell. 8 9000000 government hacked 9000000 20 http://www.wired.co.uk/news/archive/2012-11/22/greece-id-theft Wired
KT Corp. Korean mobile carrier Two suspects reportedly earnt an estimated $877,000 by selling the contact information and plan details of 8.7 million KT subscribers, almost half of the carrier's total customers. 8 8700000 telecoms hacked 8700000 20 http://www.koreatimes.co.kr/www/news/biz/2012/07/113_116143.html http://news.cnet.com/8301-1009_3-57482215-83/hackers-accused-of-stealing-data-from-9m-korean-mobile-users/
Gamigo German gaming website 8 8000000 web hacked 8000000 1 http://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passwords-spilled-from-gaming-site-gamigo-months-after-breach/
LinkedIn, eHarmony, Last.fm Hacker 'dwdm' uploaded a file containing 6.5 million passwords on a Russian hacker forum. Soon after another 1.5 million passwords were discovered. On analysis, 93% of the passwords could be found in the Top 10,000 password list. 8 8000000 web accidentally published 8000000 1000 http://news.cnet.com/8301-1009_3-57449325-83/what-the-password-leaks-mean-to-you-faq/?tag=mncol;txt http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/
Office of the Texas Attorney General The office of Texas Attorney General Greg Abbott mistakenly gave attorneys access to millions of Social Security numbers in a case against the state�s voter ID law 8 6500000 government accidentally published 6500000 20 http://www.rawstory.com/rs/2012/04/26/texas-attorney-general-exposes-millions-of-voters-social-security-numbers/
Three Iranian banks Saderat, Eghtesad Novin, & Saman After finding a security vulnerability in Iran's banking system, software manager Khosrow Zarefarid wrote a formal report and sent it to the CEOs of all the affected banks across the country. When the banks ignored his findings, he hacked 3 million bank accounts, belonging to at least 22 different banks, to prove his point. 8 3000000 financial hacked y 3000000 5000 http://www.zdnet.com/blog/security/3-million-bank-accounts-hacked-in-iran/11577 ZD Net
New York State Electric & Gas An employee from a software consulting firm was allowed unauthorized access to the company�s databases. 8 1800000 energy inside job 1800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Global Payments Credit, debit and check processing for merchants (Visa, Mastercard, etc) 1.5 million credit card numbers from its systems may have been exposed after detecting �unauthorized access� into its processing system. 8 7000000 financial hacked 1500000 300 http://www.washingtonpost.com/business/technology/faq-the-global-payments-hack/2012/04/02/gIQAIHLLrS_story.html ITRC
California Department of Child Support Services California child support records were lost in transit during a disaster preparedness exercise. 8 800000 government lost / stolen media 800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml http://articles.businessinsider.com/2012-04-03/news/31279254_1_major-data-breach-identity-theft-office-of-privacy-protection ITRC
Medicaid US health program for low income people and families The Utah Department of Technology Services had recently moved their claims records to a new server, and hackers believed to be operating out of Eastern Europe were able to circumvent the server�s multi-layered security system containing Social Security numbers for the Medicaid claims. 8 780000 government, healthcare hacked y 800000 20 http://www.idtheftcenter.org/artman2/publish/lib_survey/ITRC_2008_Breach_List.shtml ITRC
Yahoo Voices Yahoo Voices service was hacked, exposing more than 450,000 usernames and passwords. 8 450000 tech, web hacked 500000 1 http://it.slashdot.org/story/12/07/12/1243217/nearly-half-a-million-yahoo-passwords-leaked-updated?utm_source=feedburnerGoogle+Reader&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29&utm_content=Google+Reader http://www.pbs.org/newshour/rundown/2012/07/check-whether-your-yahoo-password-was-hacked.html Slashdot
Formspring Interest-based social Q&A website Formspring was tipped off to a breach after 420,000 hashed passwords were posted to a security forum. 8 420000 web accidentally published y 400000 1000 http://news.cnet.com/8301-1009_3-57469944-83/formspring-disables-user-passwords-in-security-breach/?tag=mncol;txt
Emory Healthcare hospital system in Atlanta 8 315000 healthcare poor security 300000 1000 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
South Carolina Government South Carolina Department of Health and Human Services A man was charged with five counts of violating medical confidentiality laws and one count of disclosure of confidential information after he gained access to personal information for more than 228,000 Medicaid beneficiaries. 8 6400000 healthcare inside job 200000 1000 http://www.thestate.com/2012/04/20/2241321/personal-information-of-more-than.html#.UFpUVqRYtmg http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Militarysingles.com Online dating network for, you guessed it, military singles Collective group LulzSec released a database of 163,792 names, usernames, e-mail addresses, IP addresses, and passwords of "single" military personnel. 8 163792 web, military accidentally published 180000 1000 http://www.pcworld.com/article/252647/reborn_lulzsec_claims_hack_of_dating_site_for_military_personnel.html PC World
Dropbox Websites stolen from other websites used to sign into a small number of Dropbox accounts. The hack was mainly used to send spam to users. 8 "small number" web hacked 30000 1 http://www.informationweek.co.uk/security/client/dropbox-admits-hack-adds-more-security-f/240004697
UbiSoft games company 9 "unknown" gaming hacked 58000000 20 http://forums.ubi.com/forumdisplay.php/495-Security-update-regarding-your-Ubisoft-account-please-create-a-new-password
Evernote online note-taking site Evernote asked its 50 million users to reset their passwords following an attempt to hack the note-taking network. The company said it�d found no evidence that any payment information for Evernote Premium or Evernote Business customers had been accessed, nor was there any indication that content stored by users had been accessed, changed or lost. 9 50000000 web hacked 50000000 1 http://www.wired.co.uk/news/archive/2013-03/04/evernote-hacked http://www.digitaltrends.com/mobile/evernote-hack-50-million-users-forced-to-reset-passwords/ Wired; Digital Trends
Living Social special offers website Online criminals gained access to user names, e-mail addresses, dates of birth & encrypted passwords for 50 million people. Databases storing financial information were not compromised in the attack, the company said. 9 50000000 web hacked 50000000 1000 http://nakedsecurity.sophos.com/2013/04/27/livingsocial-hacked-50-million-affected/ http://bits.blogs.nytimes.com/2013/04/26/living-social-hack-exposes-data-for-50-million-customers/ Naked Security; New York Times
Adobe Sep 17th 2013. Hackers obtained access to a large swathe of Adobe customer IDs and encrypted passwords & removed sensitive information (i.e. names, encrypted credit or debit card numbers, expiration dates, etc.). Approximately 36 million Adobe customers were involved: 3.1 million whose credit or debit card information was taken and nearly 33 million active users whose current, encrypted passwords were in the database taken. Correction Jan 2015: we previously reported 152m records were taking, but the remainder affected invalid, inactive, test accounts or had out-of-date passwords associated with them. 9 36000000 tech hacked y 36000000 5000 http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html http://www.zdnet.com/adobe-admits-2-9m-customer-accounts-have-been-compromised-7000021546/ http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/
Yahoo Japan 22 million Yahoo user IDs may have been leaked after Yahoo detected an unauthorized attempt to access the administrative system of its web portal Yahoo Japan. The leaked information did not include passwords and data necessary for identity verification to reset passwords. 9 22000000 tech, web hacked 22000000 1 http://www.reuters.com/article/2013/05/17/us-yahoojapan-idUSBRE94G0P620130517 Reuters
Facebook Using the network's "Download Your Information" tool, some Facebook members were inadvertently sent the phone numbers or email address of Facebook friends that were otherwise private. Facebook assured users that the bug was fixed within a day, and that there is no evidence that the information was used maliciously. 9 6000000 web accidentally published 6000000 1 https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766
SnapChat 31st Dec 2013. Hackers abused an exploit to syphon 4.7m user details, including phone numbers. Check here to see if your account was compromised: http://lookup.gibsonsec.org/ 9 4700000 web, tech hacked 4700000 20 http://www.forbes.com/sites/andygreenberg/2012/01/15/zappos-says-hackers-accessed-24-million-customers-account-details/
Advocate Medical Group 4,000,000 patient names, addresses, dates of birth, and Social Security numbers were contained in four computers stolen from an administrative building. Second biggest security breach ever reported to the Department of Health and Human Services (HHS). 9 4000000 healthcare lost / stolen media y 4000000 20 http://healthitsecurity.com/2013/08/27/advocate-medical-group-endures-massive-data-breach/ http://datalossdb.org/latest_incidents_remote_sync
ssndob.ms SSNDOB was an underground identity theft service. Teenage hackers used it to collect data for exposed.su, a site that listed the SSNs, birthdays, phone numbers, current and previous addresses for dozens of top celebrities including Beyonce, Kanye West and Michelle Obama. In doing so they revealed SSNDOB had data on more than 4 million people. 9 4000000 web hacked y 4000000 20 http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/ Krebs on Security
Ubuntu The discussion forum for the popular alternative, open-source operating system July 2013: Discussion forum for the operating system was compromised leaking personal details and password. The passwords were cryptographically scrambled using the MD5 hashing algorithm - considered an inadequate means of protecting stored passwords by security experts. 9 2000000 tech hacked y 2000000 300 http://arstechnica.com/security/2013/07/hack-exposes-e-mail-addresses-password-data-for-2-million-ubuntu-forum-users/ Data Loss Database
Vodafone An IT contractor for the firm used his deep access to the telecom giant's system to copy customer names and bank account details. 9 2000000 telecoms inside job y 2000000 300 http://www.securityweek.com/attacker-steals-data-2-million-vodafone-germany-customers Security Week
Kissinger Cables More than 1.7 million US diplomatic records for the period 1973 to 1976, including intelligence reports and congressional correspondence. Wikileaks 9 1700000 government inside job 1700000 300 https://www.wikileaks.org/plusd/about/
NMBS Belgian national railway operator Data stored on a non-secure server, making it possible to access names, gender, DOB, email and postal address data of customers externally by means of a simple search engine query. Most of the data belong to customers in Belgium, France and the UK, including thousands of Commission and Parliament employees. Caused, the NMBS said, by a data worker �clicking on the wrong button�. 9 1460000 transport accidentally published 1500000 20 http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+WQ+E-2013-001939+0+DOC+XML+V0//EN&language=nl http://www.flanderstoday.eu/business/nmbs-data-leak-was-breach-privacy European Parliament
Drupal open-source content management platform Malicious files placed on association.drupal.org servers via a 3rd-party application. Exposed usernames, e-mail addresses, country information, and cryptographically hashed passwords. 9 1000000 web hacked 1000000 1 http://arstechnica.com/security/2013/05/drupal-org-resets-login-credentials-after-hack-exposes-password-data/ Ars Technica
OVH French Internet host 9 undisclosed web hacked 500000 20 http://status.ovh.net/?do=details&id=5070
Scribd "world's largest online library" Hack resulted in a few hundred thousand stolen passwords. 9 500000 web hacked 500000 1 http://nakedsecurity.sophos.com/2013/04/05/scribd-worlds-largest-online-library-admits-to-network-intrusion-password-breach/ http://www.nbcnews.com/technology/scribd-hack-exposes-thousands-users-1B9239618 Naked Security; NBC News
Apple Developer portal hacked. "Some" information about 275,000 3rd-party developers potentially stolen. 9 275000 tech hacked 300000 1 http://www.guardian.co.uk/technology/2013/jul/22/apple-developer-site-hacked
Twitter Hackers had access to limited user information -- usernames, email addresses, session tokens and encrypted/salted versions of passwords -- for approximately 250,000 users. 9 250000 web hacked 250000 1 http://www.wired.co.uk/news/archive/2013-02/02/twitter-hacked Wired
Nintendo Japan's Club Nintendo service Japan's Club Nintendo service was hacked following thousands of unauthorized accesses. Customer information compromised in the attack includes full names, phone numbers, home and email addresses. 9 240000 gaming hacked 250000 20 http://www.joystiq.com/2013/07/05/club-nintendo-japan-hacked/
TerraCom & YourTel The telecom firms TerraCom and YourTel have branded reporters for Scripps News as "hackers" after journalists discovered that the personal data of over 170,000 customers - including social security numbers and other identifying data that could be used for identity theft - were sitting on a publicly accessible server. 9 170000 telecoms accidentally published y 180000 20 http://boingboing.net/2013/05/23/terracom-and-yourtel-threaten.html http://www.wired.co.uk/news/archive/2013-05/23/reporter-google-breach-hacker Boing Boing; Wired
Washington State court system Administrative offices Up to 160,000 Social Security numbers and a million driver's license numbers may have been accessed by hackers exploiting old versions of Adobe Cold Fusion software on the server. 9 160000 government hacked 160000 20 http://www.reuters.com/article/2013/05/09/us-usa-hack-washingtonstate-idUSBRE9480YY20130509 http://www.privacyrights.org/data-breach Reuters; Privacy Rights
Citigroup Third big data breach from Citigroup."The personal information of 150,000 consumers who went into bankruptcy between 2007 and 2011 � including their social security numbers � were exposed after Citi failed to properly redact court records before they were put on the Public Access to Court Electronic Records (PACER) system." 9 150000 financial poor security y 150000 20 http://news.softpedia.com/news/Citi-Exposes-Details-of-150-000-Individuals-Who-Went-into-Bankruptcy-369979.shtml
Indiana University Students who attended the university between 2011 and 2014 may have had their data exposed after it was stored on an unprotected site. The data was accessed by three webcrawlers but there is not evidence it was accessed by any unauthorized individuals. 9 146000 academic poor security 150000 20 http://news.iu.edu/releases/iu/2014/02/data-exposure-disclosure.shtml http://www.usatoday.com/story/news/nation/2014/02/26/indiana-university-data-breach/5830685/ Indiana University
Kirkwood Community College Hacked online database 9 125000 academic hacked 130000 20 http://www.privacyrights.org/data-breach http://www.databreachwatch.org/community-college-data-breach-leaks-125000-ssns/ Privacy Rights
Central Hudson Gas & Electric Customer banking information and other personal information may have been accessed during the hack. 9 110000 energy hacked 100000 300 http://www.privacyrights.org/data-breach Privacy Rights
Crescent Health Inc., Walgreens Names, Social Security numbers, health insurance identification numbers, health insurance information, dates of birth, diagnoses, other medical information, disability codes, addresses, and phone numbers may have been exposed via a laptop theft. 9 100000 healthcare lost / stolen computer 100000 1000 http://www.privacyrights.org/data-breach Privacy Rights
Florida Courts Florida Department of Juvenile Justice 9 100000 government lost / stolen computer 100000 20 http://www.privacyrights.org/data-breach Privacy Rights
Florida Department of Juvenile Justice Three computers were stolen that contained both youth and employee records was reported stolen on January 2, 2013. Over 100,000 records were on the device and may have been exposed. 9 100000 government lost / stolen computer 100000 20 http://www.privacyrights.org/data-breach Privacy Rights
South Africa police South Africa Police Service's anonymous whistleblowing website Hacker collective 'Anonymous' hacked an anonymous whistleblowing website run by the South Africa Police Service (SAPS), revealing the identities of thousands of its users. The hack was in response to the massacre of 34 protesting miners at Marikana in August 2012. 9 16000 government hacked y 16000 20 http://www.wired.co.uk/news/archive/2013-05/22/south-africa-whistleblower-leak Wired
JP Morgan Chase July 2014: The US's largest bank was compromised by hackers, stealing names, addresses, phone numbers and emails of account holders. The hack began in June but was not discovered until July, when the hackers had already obtained the highest level of administrative privilege to dozens of the bank�s computer servers. 10 76000000 financial hacked y 76000000 300 http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/?_php=true&_type=blogs&_r=0
Home Depot Malware installed on cash register system across 2,200 stores syphoned credit card details of up to 56 million customers. May be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang�s, among others 10 56000000 retail hacked y 56000000 300 http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/
Sony Pictures Wide-ranging hack of potentially every piece of data held by the company, including: unreleased films & scripts, employee social security numbers, salaries and health check results, as well as sensitive internal business documents relating to lay-offs, restructures and executive salaries. Lead suspects are "North Korean hackers" perhaps related to the Seth Rogen film,"The Interview" which mocks the North Korean dictator, Kim Jong Un. 10 100 terrabytes media hacked 10000000 20 http://www.buzzfeed.com/tomgara/sony-hack
Twitch.tv Gaming site March 23rd. Details unknown at this point. All Twitch's 10 million users have been requested to change their passwords. 10 "unknown" healthcare hacked 10000000 1 http://blog.twitch.tv/2015/03/important-notice-about-your-twitch-account/
"Gmail" 5 million Gmail account passwords leaked to a forum, alongside passwords from other email providers. Close inspection revealed the user details to be old (3+ years). Multiple individual targeted hacks of third party websites where people used their Gmail IDs, rather than one big dataleak, suspected to be the method. Gmail itself was not hacked. 10 5000000 web hacked y 5000000 1 X http://thenextweb.com/google/2014/09/10/4-93-million-gmail-usernames-passwords-published-google-says-evidence-systems-compromised/
Community Health Services Aug 2014: Community Health Systems, which operates 206 hospitals across the US, had patient data from the last 5 years breached. Details included names, addresses, social security numbers. Suspected "chinese hackers" were thought responsible. Goal: identity theft. 10 4500000 healthcare hacked y 4500000 20 http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/
Staples 10 1160000 transport hacked 1200000 300 http://fortune.com/2014/12/19/staples-cards-affected-breach/
Mozilla 10 76000 web poor security 800000 20 http://www.theguardian.com/technology/2014/aug/05/mozilla-leak-developer-email-addresses-passwords-firefox
Japan Airlines Oct 2014: Japan Airlines confirmed the possible theft of information from up to around 750,000 frequent-flier programme members. Data that may have been stolen included names, genders, birth dates, addresses, email addresses and places of work. 10 750000 transport hacked 800000 20 http://online.wsj.com/articles/japan-airlines-reports-hacker-attack-1412053828 http://www.jal.co.jp/en/info/other/140924.html
Ebay The company has said hackers attacked between late February and early March with login credentials obtained from �a small number� of employees. They then accessed a database containing all user records and copied �a large part� of those credentials. 10 145000000 web hacked y 145000000 1 http://my.chicagotribune.com/#section/-1/article/p2p-80265168/
Target Investigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores. Originally 40m customers. Now 70m! 10 70000000 retail hacked y 70000000 200 http://www.chicagotribune.com/news/sns-rt-us-target-breach-20131218,0,3434295.story http://www.huffingtonpost.com/2013/12/19/target-hacked-customer-credit-card-data-accessed_n_4471672.html?utm_hp_ref=mostpopular http://techcrunch.com/2014/01/10/targets-data-breach-gets-worse-70-million-customers-had-info-stolen-including-names-emails-and-phones/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=Netvibes ITRC
AOL 10 2400000 web hacked 24000000 1 http://blog.aol.com/2014/04/28/aol-security-update/
Korea Credit Bureau 10 20000000 financial inside job 20000000 5000 http://www.securityweek.com/20-million-people-fall-victim-south-korea-data-leak
European Central Bank 10 "unknown" financial hacked 4000000 1 http://www.cityam.com/1406190300/ecb-website-hacked
UPS Malware was discovered in the credit & debit card processing systems at 51 branches in 24 states. 10 "unknown" retail hacked 4000000 300 http://time.com/3151681/ups-hack/
Neiman Marcus US retailer 10 1100000 retail hacked 1100000 20 http://www.nytimes.com/2014/01/24/business/neiman-marcus-breach-affected-1-1-million-cards.html http://krebsonsecurity.com/2014/08/stealthy-razor-thin-atm-insert-skimmers/
D&B, Altegrity Hackers stole millions of social security numbers from large US data brokers Dun & Bradstreet Corp and Kroll Background America Inc, owned by Altegrity. Correction 7 Jan 2015: we previously stated that records were stolen from LexisNexis. LexisNexis conducted a thorough investigation of the malware intrusion and found no evidence that the malware accessed or stole any customer or consumer data. 10 1000000 tech hacked 1000000 300 http://www.usatoday.com/story/cybertruth/2013/09/26/lexisnexis-dunn--bradstreet-altegrity-hacked/2878769/ http://www.reuters.com/article/2013/09/26/us-cyberattacks-databrokers-idUSBRE98P03220130926 http://www.bbc.co.uk/news/technology-24284277 USA Today; Reuters; BBC News
MacRumours.com 10 860000 web hacked 900000 1 http://www.wired.co.uk/news/archive/2013-11/13/mac-rumours-forums-hacked
Dominios Pizzas (France) 10 600000 web hacked 600000 1 http://www.theguardian.com/technology/2014/jun/16/dominos-pizza-ransom-hack-data
NASDAQ Nasdaq OMX Group Nasdaq forum website hacked by hacking ring, email addresses and passwords compromised 10 unknown financial hacked y 500000 1 http://www.reuters.com/article/2013/07/18/net-us-nasdaq-cybercrime-website-idUSBRE96H1F520130718
New York Taxis A freedom of information request resulted in the release of data on all 173 million journeys undertaken by New York taxis in one year. Unfortunately, the data was incorrectly anonymised and relatively easy to decode, revealing the driver IDs, pickup & dropoff times, and GPS routes taken for every single cab journey. 10 52000 transport poor security y 52000 1 https://medium.com/@vijayp/f6bc289679a1
Securus Technologies Prison phone service provider Anonymous hacker leaked records of over 70m phone calls, plus links to recordings. Recording/storing attorney-client calls potentially violates constitutional protections. 11 70 million web hacked 70000000 5 https://theintercept.com/2015/11/11/securus-hack-prison-phone-company-exposes-thousands-of-calls-lawyers-and-clients/
AshleyMadison.com US ex-marital affairs site 20th July 2015: DEVELOPING: Online hookup site for extra-marital affairs has been severely breached and the personal details of 37m users, as well as company financial records, threatened with release. Notorious hacking outfit The Impact Team has claimed responsibility. The hackers are demanding the shutdown of AM.com and other associated sites. 11 37000000 web hacked 37000000 1000 http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/
US Office of Personnel Management (2nd Breach) attackers have targeted the forms submitted by intelligence and military personnel for security clearances. The document includes personal information - everything from eye colour, to financial history, to past substance abuse, as well as contact details for the individual's friends and relatives 11 21500000 government hacked 21500000 5000 http://www.bbc.co.uk/news/world-us-canada-33120405 http://www.reuters.com/article/2015/07/09/us-cybersecurity-usa-idUSKCN0PJ2M420150709?feedType=RSS&feedName=topNews&utm_source=twitter
Experian / T-mobile The world's biggest data monitoring firm disclosed a massive breach of customers who applied for service with T-Mobile. Names, addresses, birth dates, Social Security numbers, drivers license numbers and passport numbers. 11 15000000 web hacked 15000000 300 http://www.reuters.com/article/2015/10/02/us-tmobile-dataprotection-idUSKCN0RV5PL20151002
Kromtech MacKeeper software A security researcher stumbled on a leak, which exposed usernames, email addresses and passwords of users. He notified Kromtech, who patched it quickly. 11 13 million web hacked 13000000 1 https://thestack.com/security/2015/12/15/mackeeper-discloses-13-million-mac-users-details-with-poor-hash-protection/ https://www.reddit.com/r/apple/comments/3wq9fc/massive_data_breach/
Premera US healthcare provider Detected 29th Jan 2015. Occured May 2014. "C could include names, date of birth, email address, address, telephone number, Social Security number, member identification numbers, bank account information, and claims information, including clinical information" 11 11000000 healthcare hacked 11000000 500 http://premeraupdate.com/
VTech Toymaker company Software used to download games to children's computer tablets was hacked, with personal info and photos stolen. 11 6.4 million web hacked 6400000 5 http://www.theguardian.com/technology/2015/dec/02/vtech-hack-us-hong-kong-investigate-children-exposed http://www.troyhunt.com/2015/11/when-children-are-breached-inside.html
US Office of Personnel Management "The intruders... gained access to...employees� Social Security numbers, job assignments, performance ratings and training information" 11 4000000 government hacked 4000000 20 http://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-governments-personnel-office/2015/06/04/889c0e52-0af7-11e5-95fd-d580f1c5d44e_story.html?tid=hpModule_04941f10-8a79-11e2-98d9-3012c1cd8d1e
Adult Friend Finder Internet dating & hookup site Sexual preferences, names, email addresses, usernames, dates of birth, postal codes 11 3900000 web hacked 3900000 1 http://www.channel4.com/news/adult-friendfinder-dating-hack-internet-dark-web
Sanrio Hello Kitty and other franchises Security researcher was able to access a database of 3.3m of Sanrio's Sanriotown.com accounts, with links to other Sanrio Hello Kitty portals. 11 3.3 million web configuration error 3300000 2 http://www.csoonline.com/article/3017171/security/database-leak-exposes-3-3-million-hello-kitty-fans.html
CarPhone Warehouse UK mobile phone supplier 11 2700000 web hacked 2700000 5000 http://www.theguardian.com/technology/2015/aug/10/carphone-warehouse-uk-data-watchdog-investigating-customer-hack
Carefirst Blue Cross, Blue Shield US medical insurer Attacked happened in June 2014. Was announced in June 2015. 11 1100000 healthcare hacked 1100000 1 http://carefirstanswers.com/
Australian Immigration Department An employee of the agency inadvertently sent the passport numbers, visa details and other personal identifiers of all world leaders attending the G20 Brisbane summit to the organisers of the Asian Cup football tournament. Barack Obama, Vladimir Putin, Angela Merkel, Xi Jinping, Narendra Modi, David Cameron and many others. 11 "unknown" government accidentally published 500000 500 http://www.theguardian.com/world/2015/mar/30/personal-details-of-world-leaders-accidentally-revealed-by-g20-organisers
British Airways Frequent flyer accounts 11 "tens of thousands" retail hacked 500000 1 http://www.theguardian.com/business/2015/mar/29/british-airways-frequent-flyer-accounts-hacked
Hacking Team Italian cybersecurity firm sells digital surveillance software to law enforcement and national security organisations. 400 GB of documents - including software source code, private messages & client databases - has been stolen and put online via BitTorrent. The documents show the company has sold products to repressive regimes. 11 unknown web hacked y 500000 5 http://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim The Guardian
Slack software for remote working 11 500000 tech poor security 500000 1 http://techcrunch.com/2015/03/27/slack-got-hacked/
MSpy kid & partner tracking service Data dump to the dark web "includes Apple IDs and passwords, tracking data, and payment details on some 145,000 successful transactions", photos and very private conversations. 11 400000 tech hacked 400000 20 http://krebsonsecurity.com/2015/05/mobile-spy-software-maker-mspy-hacked-customer-data-leaked/
TalkTalk Telecoms provider 157k customers had personal details stolen, including 15,600 account numbers. 11 157000 web hacked 160000 2 http://www.bbc.co.uk/news/uk-34784980 http://www.bbc.co.uk/news/uk-34611857 http://www.theguardian.com/business/2015/oct/22/talktalk-customer-data-hackers-website-credit-card-details-attack
IRS US Tax service "An unnamed cybermafia used an IRS app to download forms full of personal information. They posed as legitimate taxpayers, and tried to download forms on 200,000 people between February and May. They got away with half of them, the IRS said. The crooks used about 15,000 of them to claim tax refunds in other people's names." 11 100000 government poor security 100000 1 http://money.cnn.com/2015/05/26/pf/taxes/irs-website-data-hack/index.html
Uber Occured Sep 2014. Revealed Feb 2015. Names & license plates of 50,000 driver partners. 11 50000 tech poor security 50000 1 http://blog.uber.com/2-27-15
Invest Bank United Arab Emirates bank Hacker breached a United Arab Emirates bank, demanding a ransom of $3m in bitcoin to stop tweeting data, mostly about corporate accounts. The hacker dumped files on the website of a basketball team, which he hacked for storage. The bank, Invest Bank, won't pay the ransom. 11 40000 banking hacked 40000 5 http://www.dailydot.com/politics/invest-bank-hacker-buba/
Voter Database A database of 191 million US voters has been exposed as a result of incorrect configuration. The owner of the database is yet to be identified. The feds are on it. 12 191 million web configuration error 191000000 2 http://uk.reuters.com/article/us-usa-voters-breach-idUKKBN0UB1E020151229
Anthem Second-largest health insurer in the US Feb 2015: Names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information. 12 80000000 healthcare hacked y 80000000 20 http://www.anthemfacts.com/faq
Code.org Non-profit organisation Volunteer email addresses were left accessible via web browser. 12 10 (not million, just 10) web poor security 10 1 http://blog.code.org/post/140938173013/some-volunteer-email-addresses-compromised
Verizon Security services Customer database and information about company's security flaws stolen and put up for sale. 12 100000 web hacked 10000 1 http://arstechnica.com/security/2016/03/after-verizon-breach-1-5-million-customer-records-put-up-for-sale/
Mossack Fonseca Panamanian law firm 2.6TB of data on politicians, criminals, professional athletes etc leaked from law firm Mossack Fonseca, including emails, contracts, scanned documents, transcripts... 12 11500000 law firm leak y 11500000 5 http://panamapapers.sueddeutsche.de/articles/56febff0a1bb8d3c3495adf4/
Turkish citizenship database Turkish citizenship database has allegedly been hacked and leaked online. 12 49611709 government leak 49611709 2 http://www.businessinsider.com/turkish-citizenship-database-allegedly-hacked-and-leaked-2016-4?r=UK&IR=T
Philippines� Commission on Elections COMELEC After a message was posted on the COMELEC website by hackers from Anonymous, warning the government not to mess with the elections, the entire database was stolen and posted online. 12 55000000 government hacked 55000000 5 http://blog.trendmicro.com/trendlabs-security-intelligence/55m-registered-voters-risk-philippine-commission-elections-hacked/
Syrian government Hacking outfit calling itself 'Cyber Justice Team' leaked 10GB of data from the government and private websites. Seems to be just data from old leaks, though. 12 274477 government hacked 274477 1 http://news.softpedia.com/news/syrian-government-hacked-43-gb-of-data-spilled-online-by-hacktivists-502765.shtml
National Childbirth Trust Charity London-based charity hacked for user information. 12 15000 web hacked 15000 1 https://thestack.com/security/2016/04/08/childbirth-charity-hack-leaks-15000-expectant-parents-data/
Minecraft Lifeboat' community Players using the Lifeboat servers have had their email addresses and passwords leaked. 12 7000000 web hacked 7000000 1 http://motherboard.vice.com/read/another-day-another-hack-7-million-emails-and-hashed-passwords-for-minecraft
Privatization Agency of the Republic of Serbia A text file with personal data and financial documents were made publically available on their website. 12 5190396 private firm leak 519396 2 http://www.shareconference.net/en/defense/personal-data-more-5-million-citizens-serbia-unlawfully-published
Tumblr Tumblr apparently only just found out about a 2013 data breach, affecting 65m users. 9 65000000 web hacked 65,000,000 1 https://motherboard.vice.com/read/hackers-stole-68-million-passwords-from-tumblr-new-analysis-reveals
MySpace The same hacker who was selling LinkedIn user data now claims to have MySpace user data too, and lots of it. 12 164000000 web hacked 164000000 1 http://motherboard.vice.com/read/427-million-myspace-passwords-emails-data-breach
LinkedIn Information about a 2012 data breach has just come to light. 8 117000000 web hacked 117000000 1 http://money.cnn.com/2016/05/19/technology/linkedin-hack/
South Carolina State Dept. of Revenue A server was breached by an international hacker. 8 3600000 government hacked 3600000 3 http://www.infoworld.com/article/2615754/cyber-crime/south-carolina-reveals-massive-data-breach-of-social-security-numbers--credit-cards.html
VK Russia's Facebook Over 100m user accounts were hacked and the data put up for sale online. A VK spokesperson has denied that the site was breached, claiming the data for sale is old details no longer in use. 12 100544934 web hacked 100544934 4 http://motherboard.vice.com/read/another-day-another-hack-100-million-accounts-for-vk-russias-facebook
uTorrent It's unclear what data has been breached, exactly, but uTorrent has advised passwords are probably compromised. 12 35000 web hacked 35000 1 https://torrentfreak.com/utorrent-forums-hacked-passwords-compromised-160608/
World Check Run by Thompson Reuters 2014 version of World-Check, a database of suspected terrorists and criminals, leaked online. It's unclear what data the records include. 12 2200000 private firm leak 2200000 3 https://thestack.com/security/2016/06/29/2-million-person-terror-database-leaked-online/
Mutuelle Generale de la Police French police health insurance Files uploaded to Google Drive by a 'malicious' employee. Data included home addresses. The leak came two weeks after a French police officer was murdered by ISIS-inspired attack. 12 112000 private firm leak 112000 5 http://www.bbc.co.uk/news/world-europe-36645519
Wendy's Restaurant chain Malware has been used in 1025 of Wendy's restaurants to steal credit card data from customers. It's currently unknown how many individuals have been impacted. 12 1025 restaurant hacked 1025 3 http://abcnews.go.com/Technology/wireStory/wendys-1000-restaurants-affected-hack-40407208
Linux Ubuntu forums Somebody forgot to install a patch. Oops. 12 2000000 web hacked 2000000 1 http://betanews.com/2016/07/15/ubuntu-linux-forums-hacked/
Clinton campaign The campaign's network was hacked, but nobody knows what information they took. 12 5000000 government hacked 5000000 2 https://techcrunch.com/2016/07/29/clinton-campaign-reportedly-breached-by-hackers/
Telegram Instant messaging service Despite Telegram's claims of super security, they've been hacked by a group called Rocket Kitten. 12 15000000 private firm hacked 15000000 1 http://venturebeat.com/2016/08/02/hackers-break-into-telegram-revealing-15-million-users-phone-numbers/
Banner Health Hackers gained access to payment card data via food outlets at Banner Health locations. 12 3700000 private firm hacked 3700000 3 https://www.bannerhealth.com/news/2016/08/banner-health-identifies-cyber-attack#
Mail. ru Game-related forums Two hackers attacked three game-related forums hosted by Russian company Mail.ru. 12 25000000 web hacked 25000000 2 http://www.zdnet.com/article/over-25-million-accounts-stolen-after-mail-ru-forums-raided-by-hackers/
Dropbox User credentials were stolen in a 2012 hack, but the number affected has only just come to light. 8 68700000 web hacked 68700000 1 http://www.telegraph.co.uk/technology/2016/08/31/dropbox-hackers-stole-70-million-passwords-and-email-addresses/
Last.fm Owned by CBS Historical 2012 hack, details have only just been disclosed. 8 43500000 web hacked 43500000 1 http://www.zdnet.com/article/hackers-stole-43-million-last-fm-account-details-in-2012-breach/
Raw
index.html
<!DOCTYPE html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="style.css">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="https://d3js.org/d3.v4.min.js"></script>
<script src="http://code.jquery.com/jquery-1.10.2.min.js"></script>
</head>
<body width="80%">
<div class="row" id="title">
<div class="col-md-1"></div>
<div class="col-md-10"><h1>World's Biggest Data Breaches</h1></div>
<div class="col-md-1"></div>
</div>
<div class="row" id="title">
<div class="col-md-1"></div>
<div class="col-md-10"><p style="padding-left:1.5cm;">Developed by <a target="_blank" href="https://mvanegas10.github.io/">Meili Vanegas Hernández</a>, data from <a target="_blank" href="http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/">Information is beautiful</a>.</p></div>
<div class="col-md-1"></div>
</div>
<div class="row">
<div class="col-md-1"></div>
<div class="col-md-8"><p style="padding:0cm 0cm 0cm 2cm;">Drag the gray bar to select a year</p></div>
<div class="col-md-1"></div>
</div>
<div class="row">
<div class="col-md-1"></div>
<div class="col-md-10" id="titleChart"><p></p></div>
<div class="col-md-1"></div>
</div>
<div class="row">
<div class="col-md-1"></div>
<div class="col-md-10" id="chart"></div>
<div class="col-md-1"></div>
</div>
<div class="row">
<div class="col-md-1"></div>
<div class="col-md-10"><h3 id="entitiesTitle" style="padding:0cm 0cm 0cm 1cm;"></h3></div>
<div class="col-md-1"></div>
</div>
<div class="row">
<div class="col-md-1"></div>
<div class="col-md-8"><p id="continue" style="padding:0cm 0cm 0cm 2cm;"></p></div>
<div class="col-md-1"></div>
</div>
<div class="row" id="entities-detail">
<div class="col-md-7" id="entities" style="padding:0cm 0cm 0cm 1cm;"></div>
<div class="col-md-5" id="detail">
<h3 id="titleDetail"></h3>
<h4 id="story"></h4>
<a id="source"></a>
</div>
</div>
<script src="vis.js"></script>
</body>
Raw
style.css
body {
margin:0;
top:0;
right:0;
bottom:0;
left:0;
}
path {
z-index: 100000;
}
.node circle {
fill: #e7efcd;
}
.node:hover circle {
stroke: #000;
stroke-width: 1.2px;
}
.active {
stroke: black;
stroke-width: 15px;
}
rect {
fill: "steelblue";
z-index: 0;
}
.layer {
color : #00cbff;
weight : 0.5;
}
.info h4 {
margin: 0 0 5px;
color: #777;
}
.legend {
line-height: 18px;
color: #555;
}
.legend i {
width: 18px;
height: 18px;
float: left;
margin-right: 8px;
opacity: 0.7;
z-index: 10001;
}
i {
width: 18px;
height: 18px;
float: left;
margin-right: 8px;
opacity: 0.7;
z-index: 10001;
}
h1 {
font-family: "Helvetica Neue",Helvetica,Arial,sans-serif;
font-size: 34px;
font-style: normal;
font-variant: normal;
font-weight: 500;
line-height: 26.4px;
padding: 0cm 1cm 0cm 1cm;
}
h2 {
font-family: "Helvetica Neue",Helvetica,Arial,sans-serif;
font-size: 22px;
font-style: normal;
font-variant: normal;
font-weight: 500;
line-height: 26.4px;
padding: 0cm 1cm 0cm 1cm;
}
h3 {
font-family: "Helvetica Neue",Helvetica,Arial,sans-serif;
font-size: 16px;
font-style: normal;
font-variant: normal;
font-weight: 400;
line-height: 15.4px;
padding: 0cm 0cm 0cm 0cm;
}
h4 {
font-family: "Helvetica Neue",Helvetica,Arial,sans-serif;
font-size: 16px;
font-style: normal;
font-variant: normal;
font-weight: 400;
line-height: 20px;
padding: 0cm 1cm 0cm 0cm;
text-align: justify;
}
p {
font-family: "Helvetica Neue",Helvetica,Arial,sans-serif;
font-size: 16px;
font-style: normal;
font-variant: normal;
font-weight: 400;
line-height: 20px;
padding: 0cm 0cm 0cm 0cm;
}
Raw
vis.js
var margin = {top: 20, right: 40, bottom: 20, left: 50},
width = 1100 - margin.left - margin.right,
height = 300 - margin.top - margin.bottom,
radius = 32;
var xScale = d3.scaleBand()
.rangeRound([0, width - 150])
.padding(0.1)
.align(0.1);
var yScale = d3.scaleLinear()
.rangeRound([height, 0]);
var z = d3.scaleOrdinal()
.range(["#ffffb3", "#bebada", "#8dd3c7", "#80b1d3", "#fdb462", "#b3de69", "#ffed6f", "#fb8072","#bc80bd"]);
var stack = d3.stack();
var format = d3.format(",d");
var pack = d3.pack()
.size([800, 800])
.padding(3);
var dataPath = [{"year":2010,"value":0},{"year":2010,"value":700000000}];
var line = d3.line()
.x(392)
.y(function(d) {
if (d.value === 0) return 260;
else return -20;
});
// Data objects
var organizationData = [];
var methodData = [];
var columns = [];
var methodSelected = "Show all";
var xPositions = [-359, -294, -230, -164, -99, -34, 30, 95, 161, 225, 291, 355, 420];
function update(data, attrX, selected) {
d3.select("#chart").html("");
d3.select("#chart").selectAll("*").remove();
var svgChart = d3.select("#chart").append("svg")
.attr("width", width + margin.left + margin.right)
.attr("height", height + margin.top + margin.bottom)
.append("g")
.attr("transform", "translate(" + margin.left + "," + margin.top + ")");
svgChart.append("path")
.datum(dataPath)
.attr("class", "line")
.attr("d", line)
.style("stroke-width","10px")
.style("stroke","grey")
.call(d3.drag()
.on("start", dragstarted)
.on("drag", dragged)
.on("end", dragended));
var xAxis = svgChart.append("g")
.attr("class", "axis x--axis");
var yAxis = svgChart.append("g")
.attr("class", "axis y--axis");
var fnAccX = function(d) {return d[attrX]};
xScale.domain(data.map(fnAccX));
if (selected !== undefined) yScale.domain([0,d3.max(data, function(d) {return d[selected]; })]);
else yScale.domain([0,d3.max(data, function(d) {return d.total; })]);
var stackedData = stack
.keys(data.columns.filter(function (d) {
return selected === undefined ?
true :
selected.indexOf(d)!= -1 ?
true :
false;
}))
.value(function (d, key) {
return selected === undefined ?
d[key] :
selected.indexOf(key)!= -1 ?
d[key] :
0;
})(data);
// Bars
var bars = svgChart.selectAll(".serie")
.data(stackedData, function (d) { return d.key;});
// Bars enter
var barsEnter = bars.enter().append("g");
// Bars update
bars.merge(barsEnter)
.attr("class", "serie")
.attr("fill", function(d) { return z(d.key); })
.selectAll(".rect").data(function(d) { return d; }).enter().append("rect")
.attr("x", function(d) { return xScale(d.data.year); })
.attr("y", height)
.attr("width", xScale.bandwidth())
.attr("height", 0)
.transition()
.duration(1000)
.attr("height", function(d) { return yScale(d[0]) - yScale(d[1]); })
.attr("y", function(d) { return yScale(d[1]); });
//Exit
bars.exit().remove();
xAxis
.attr("class", "axis axis--x")
.attr("transform", "translate(0," + height + ")")
.call(d3.axisBottom(xScale));
var yAxisCall = yAxis
.attr("class", "axis axis--y")
.call(d3.axisLeft(yScale).ticks(10, "s"));
yAxisCall.append("text")
.attr("x", 2)
.attr("y", yScale(yScale.ticks(10).pop()))
.attr("dy", "0.35em")
.attr("fill", "#000");
yAxisCall.append("text")
.attr("x", 90)
.attr("y", -8)
.attr("fill", "#000")
.style("font-size","11px")
.text("Records stolen in millions");
var legend = svgChart.selectAll(".legend")
.data(data.columns.reverse())
.enter().append("g")
.attr("class", "legend")
.attr("transform", function(d, i) { return "translate(0," + i * 20 + ")"; })
.style("font", "10px sans-serif");
svgChart.append("text")
.attr("x", width - 133)
.attr("y", -5)
.style("font-size","16px")
.text("Select a method of leak:");
legend.append("rect")
.attr("x", width - 80)
.attr("width", 18)
.attr("height", 18)
.on("click", function(d) {
if (d === "Show all") {
update(data, "year");
methodSelected = "Show all";
}
else {
update(data, "year", [d]);
methodSelected = d;
}
})
.attr("fill", function (d) {
if (d === "Show all") {
return "white";
}
else return z(d);
});
legend.append("text")
.attr("x", function(d) {
if (d === "Show all") return width - 80
else return width - 60;
})
.attr("y", 9)
.attr("dy", ".35em")
.style("font-size", function (d,i) {
if (d === "Show all") {
return "15px";
}
else return "10px";
})
.on("click", function(d) {
if (d === "Show all") {
update(data, "year");
methodSelected = "Show all";
}
else {
update(data, "year", [d]);
methodSelected = d;
}
})
.text(function(d) { return d; });
}
function updateEntities (data) {
d3.select("#entities").html("");
d3.select("#entities").selectAll("*").remove();
var svgEntities = d3.select("#entities").append("svg")
.attr("width", 900)
.attr("height", 900);
var root = d3.hierarchy({children: data})
.sum(function(d) {
if (d["Records Stolen"] === undefined) d["Records Stolen"] = 0;
return d["Records Stolen"];
})
.sort(function(a, b) { return b.value - a.value; });
pack(root);
var node = svgEntities.selectAll("g")
.data(root.children)
.enter().append("g")
.attr("transform", function(d) {
return "translate(" + d.x + "," + d.y + ")"; })
.attr("class", "node");
node.append("circle")
.attr("id", function(d) { return "node-" + d.data.Entity; })
.attr("r", function(d) { return d.r; })
.on("click", function(d) {
updateDetail(objectToArray(d.data));
});
node.append("clipPath")
.attr("id", function(d) { return "clip-" + d.data.Entity; })
.append("use")
.attr("xlink:href", function(d) { return "#node-" + d.data.Entity + ""; });
node.append("text")
.attr("text-anchor","middle")
.style("font-size","10")
.attr("clip-path", function(d) { return "url(#clip-" + d.data.Entity + ")"; })
.selectAll("tspan")
.data(function(d) { return d.data.Entity.split(/(?=[A-Z][^A-Z])/g); })
.enter().append("tspan")
.attr("x", 0)
.attr("y", function(d, i, nodes) { return 13 + (i - nodes.length / 2 - 0.5) * 10; })
.text(function(d) { return d; });
node.append("title")
.text(function(d) { return d.data.Entity + "\n" + format(d.value); });
}
function updateDetail(data) {
if (data !== undefined) {
d3.select("#titleDetail").text(data.Entity + " (" + data.Year + ")");
d3.select("#story").text(data.Story);
if (data.sources.length !== 0) {
d3.select("#source")
.text("Read More")
.attr("xlink:href", data.sources[0]["value"])
.on("click", function() { window.open(data.sources[0]["value"]);});
}
var detailText = d3.select("#detail").selectAll("p")
.data(data.data);
var detailTextEnter = detailText.enter().append("p");
detailText.merge(detailTextEnter)
.attr("x",0)
.attr("y", function (d,i) {
return i * 30;})
.text(function (d) {return d.key + ": " + d.value;});
detailText.exit().remove()
}
else {
d3.select("#titleDetail").text("");
d3.select("#story").text("");
d3.select("#source")
.text("");
var detailText = d3.select("#detail").selectAll("p")
.data([]);
var detailTextEnter = detailText.enter().append("p");
detailText.merge(detailTextEnter)
.attr("x",0)
.attr("y", function (d,i) {
return i * 30;})
.text(function (d) {return d.key + ": " + d.value;});
detailText.exit().remove()
}
}
function dragstarted(d) {
d3.select(this).raise().classed("active", true);
}
function dragged(d) {
for (var i = 0; i < xPositions.length; i++) {
if(between(d3.event.x- 405, xPositions[i]-16,xPositions[i]+16)) {
d3.select(this).attr("transform", "translate(" + xPositions[i] + "," + 0 + ")");
if (methodSelected === "Show all") {
d3.select("#entitiesTitle").text("Injured parties in " + (i+2004));
d3.select("#continue").text("Select an entity to see details");
updateEntities(organizationData.filter(function (d) {return d.year === (i+2004);}));
updateDetail(objectToArray(organizationData.filter(function (d) {return d.year === (i+2004);})[0]));
}
else {
var organizations = organizationData.filter(function (d) {return (d.year === (i+2004) && d["Method of Leak"] === methodSelected);});
if (organizations.length !== 0) {
d3.select("#entitiesTitle").text("Injured parties of " + methodSelected + " in " + (i+2004));
d3.select("#continue").text("Select an entity to see details");
updateEntities(organizationData.filter(function (d) {return (d.year === (i+2004) && d["Method of Leak"] === methodSelected);}));
updateDetail(objectToArray(organizations[0]));
}
else {
d3.select("#entitiesTitle").text("There were no data breaches related to " + methodSelected + " methods in " + (i+2004));
d3.select("#continue").text("");
d3.select("#entities").html("");
d3.select("#entities").selectAll("*").remove();
updateDetail();
}
}
}
};
}
function dragended(d) {
d3.select(this).classed("active", false);
}
function between(x, min, max) {
return x >= min && x <= max;
}
function objectToArray (data) {
var object = {};
object.Entity = data.Entity;
object.Year = data.year;
object.Story = data.story;
object.sources = [];
var array = [];
for (var key in data) {
if (key !== "Entity" && key !== "id" && key !== "interesting" && key !== "year" && key !== "story") {
if (data[key] !== undefined && data[key] !== "") {
if (key.includes("sourceLink")) {
object.sources.push({"key":key,"value":data[key]});}
else array.push({"key": (key.charAt(0).toUpperCase() + key.slice(1)), "value": data[key]});
}
}
}
object.data = array;
return object;
}
d3.csv("data.csv", function(err, data) {
if(err) {
console.err(err);
alert(err);
return;
}
data.forEach(function (d, i) {
var organization = {}
organization["id"] = i;
organization["Entity"]=d["Entity"];
organization["Alternative Name"]=d["alternative name"];
organization["story"]=d["story"];
organization["year"]=+d["YEAR"];
organization["year"] = +(2004 + organization["year"]);
organization["organization"]=d["ORGANISATION"];
organization["Method of Leak"]=(d["METHOD OF LEAK"]).trim();
organization["interesting"]=d["interesting story"];
organization["Records Stolen"]=+d["NO OF RECORDS STOLEN"];
organization["Records Stolen"]=(organization["Records Stolen"]);
organization["Data Sensitivity"]=+d["DATA SENSITIVITY"];
organization["exclude"]=d["Exclude"];
organization["sourceLink1"]=d["1st source link"];
organization["sourceLink2"]=d["1nd source link"];
organization["sourceLink3"]=d["3rd source"];
organization["Source Name"]=d["source name"];
organizationData.push(organization);
var encontro = false;
for (var i = columns.length - 1; i >= 0; i--) {
if (columns[i] === organization["Method of Leak"]) {
encontro = true;
}
};
if (!encontro) {
columns.push(organization["Method of Leak"]);
}
});
columns.push("Show all");
for (var i = 0; i < 13; i++) {
var method = {};
method.id = i;
method.year = (2004 + i);
for (var j = columns.length - 1; j >= 0; j--) {
method[columns[j]] = 0;
};
method.total = 0;
methodData.push(method);
}
for (var i = organizationData.length - 1; i >= 0; i--) {
for (var j = 0; j < methodData.length; j++) {
if (methodData[j].year === organizationData[i].year) {
if (!isNaN(organizationData[i]["Records Stolen"])) {
methodData[j][organizationData[i]["Method of Leak"]] += organizationData[i]["Records Stolen"];
methodData[j].total += organizationData[i]["Records Stolen"];
}
}
};
};
methodData.columns = columns;
z.domain(data.columns);
update(methodData, "year");
d3.select("#entitiesTitle").text("Injured parties in 2010");
d3.select("#continue").text("Select an entity to see details");
updateEntities(organizationData.filter(function (d) {return d.year === 2010;}));
updateDetail(objectToArray(organizationData.filter(function (d) {return d.year === 2010;})[0]));
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment