June 30, 2023  |  Purdue Global

Data breaches continue to be a security problem around the world. According to Cyber Security Hub, there were 4,100 publicly disclosed data breaches in 2022, with 22 billion records compromised. This represented a 38% increase over 2021 attacks, according to Check Point Research.

Data breaches can expose information ranging from the mundane (such as a public email address) to the worst imaginable (such as banking information and Social Security numbers). While data breaches may feel like a new worry, they’ve been around for years. And while big names like T-Mobile and Twitter are top of mind now, there are plenty of other well-known brands that have been hit since the early 2000s.

This infographic shows the worst data breaches of all time, going back to 2013 and affecting a total of more than 11 billion people. Even the smallest data breach on our list affected 412 million people. Many people are worried about the safety of their personal information, leading to the proliferation of sites to check if your email and password — or worse — are out there on the web.

Because of the increase in threats to cybersecurity and the propensity for damage, companies are now hiring to keep their customer data safe. The U.S. Bureau of Labor Statistics projects that employment of information security analysts will grow 35% from 2021 to 2031, much faster than the average for all occupations.

Earn a Cybersecurity Degree With Purdue Global

After learning about the biggest data breaches, find out more about the online cybersecurity degree programs offered by Purdue Global. And if you’re interested in a career in the growing field of cybersecurity, request more information today.

Top 10 Data Breaches Infographic

Infographic Content

There were 4,100 publicly disclosed data-compromise events in 2022, exposing over 22 billion sensitive records.1

These are the biggest data breaches of all time, based on the number of records breached  and propensity for damage.

1. Yahoo — 2013

Affecting every existing Yahoo account in 2013, this data breach (reported in 2016) is the largest ever to occur.2

Size of breach: 3 billion user accounts

2. “Collection #1-5” — 2019

Mid-January 2019, 773 million unique email addresses and 21 million passwords were found as Collection #1 on torrent websites. By the end of the month, Collections #2-5 were discovered, with 2.2 billion more credentials.3

Size of breach: 2.9 billion usernames and passwords

3. Aadhaar — 2018

Aadhaar, the Indian government’s civilian identification database, was compromised between August 2017 and January 2018. The breach exposed identification numbers, names, email and physical addresses, phone numbers, and photos.4

Size of breach: 1.1 billion records

4. First American Financial Corporation — 2019

This major breach of a U.S. financial service company in 2019 exposed bank account details, Social Security digits, wire transactions, and other mortgage paperwork.5

Size of breach: 885 million records

5. Verifications.io — 2019

This breach of an email verification company exposed email addresses, names, phone numbers, physical addresses, mortgage information, online account names, private data, and business intelligence.6

Size of breach: 800 million records

6. Onliner spambot — 2017

This bot bypassed spam filters and sent an email Trojan that could steal passwords, credit card details, and other personal information from vulnerable computers.7

Size of breach: 711 million records

7. Equifax — 2017

In addition to personal information, some people had their credit card numbers and credit dispute documents exposed.8

Size of breach: 605 million records affecting 143 million people

8. Facebook

A swath of records about Facebook users was publicly exposed on Amazon's cloud computing service. Some location data and passwords were also exposed.9

Size of breach: 540 million records

9. Yahoo — 2014

Yahoo believes a state-sponsored actor stole users’ personally identifiable information, including encrypted passwords and security questions.10

Size of breach: 500 million records

10. Friend Finder Networks — 2016

The breach affected over 15 million so-called deleted accounts that had not been purged from the database.11

Size of breach: 412 million records

About the Author

Purdue Global

Purdue Global delivers a fully personalized, world-class education online that's tailored for adults. We offer 175 programs, including associate's, bachelor's, master's, and doctoral degrees as well as certificates, in areas such as business, IT, education, health sciences, nursing, criminal justice, and more.


*Employment and Career Advancement: Purdue Global does not guarantee employment placement or career advancement. Actual outcomes vary by geographic area, previous work experience and opportunities for employment.