2019 is on track to be the worst year for data breaches. The number of data breaches in the first six months of the year is up 54% compared to the same period in 2018, and the number of data records exposed is up by 52%, according to a report from Risk Based Security. In those six months, more than 3,800 data breaches were reported, exposing over 4.1 billion records.
Data breaches can expose information ranging from the mundane, such as a public email address, to the worst imaginable, such as banking information. While data breaches may feel like a new worry, they’ve been around for years. And while big names such as Facebook, Capital One, and Equifax are top of mind now, there are plenty of other well-known brands who’ve been hit since the early 2000s.
This infographic shows the worst data breaches of all time, going back to 2008 and affecting a total of more than 6.5 billion people. Even the smallest data breach on our list affected 100 million people. Many people are worried about the safety of their personal information, leading to a proliferation of sites to check if your email and password—or worse—can be found on the web.
Due to the increase in threats to cybersecurity and the propensity for damage, companies are now hiring professionals to keep their customer data safe. The U.S. Bureau of Labor Statistics projects that employment of information security analysts will grow 32% from 2018 to 2028, much faster than the average for all occupations.
Earn a Cybersecurity Degree With Purdue Global
After learning about the biggest data breaches, find out more about the online cybersecurity degree programs offered by Purdue University Global. And if you’re interested in a career in the growing field of cybersecurity, request more information today.
There were 6,515 publicly disclosed data-compromise events in 2018, exposing over 5 billion sensitive records.1
These are the biggest data breaches of all time, based on the number of people affected and propensity for damage.
Affecting every existing Yahoo account in 2013, this data breach (reported in 2016) is the largest ever to occur.2
People affected: 3 billion
2. First American Financial Corporation—2019
This major breach of a U.S. financial service company in 2019 exposed bank account details, Social Security digits, wire transactions, and other mortgage paperwork.3
Records affected: 885 million
A swath of records about Facebook users was publicly exposed on Amazon's cloud computing service. Some location data and passwords were also exposed.4
People affected: 540 million
Yahoo believes a “state-sponsored actor” stole users’ personally identifiable information, including encrypted passwords and security questions.5
People affected: 500 million
5. Marriott/Starwood Hotels—2018
This breach included personal information, such as travel schedules and passport numbers, that aren’t often compromised.6
People affected: 500 million
6. Friend Finder Networks—2016
The breach affected over 15 million "deleted" accounts that had not been purged from the database.7
People affected: 412 million
7. Myspace—Date Unknown
The mostly abandoned social network didn’t know it had been breached until passwords for the site turned up for sale on the dark web in 2016.8
People affected: 360 million
In addition to personal information, some people had their credit card numbers and credit dispute documents exposed.9
People affected: 143 million
9. Capital One—2019
This breach exposed data of those who applied for Capital One credit between 2005 and 2019—including names, addresses, phone numbers, credit scores, payment histories, and more.10
People affected: 106 million
10. Heartland Payment Systems—2008
The hackers went undetected for 8 months, finding enough data to create new physical cards, including the data coded into each card’s magnetic strip.11 The company paid $140 million in fines and other penalties as a result.12
People affected: 100 million