15 Worst Data Breaches in History

By NE Docs | July 1, 2015

15 Worst Data Breaches in History

We are all familiar with the recent hacks on Sony, Home Depot, and Target. However, terrible data breaches are nothing new. In fact, these particular hacks are not even the worst.

Here are the 15 worst data breaches in history…

1. Heartland Payment Systems

In 2009, Heartland Payment Systems announced the single largest data breach to ever hit an American business. This breach exposed data on 130 million credit and debit cards. Malware, inserted in Heartland’s network, recorded data as it arrived from retailers. Processing payments for over 250,000 companies, Heartland’s breach had significant impacts on companies across the US.

In 2010, Albert Gonzalez was convicted by the federal grand jury as the brains behind the Heartland hack, and was sentenced 20 years in prison.

2. Target Stores

In December 2013, Target announced that hackers had stolen 40 million credit/debit card numbers that had been used at their stores during the pre-holiday shopping surge. One month later, Target announced that the contact information of around 70 million customers had been compromised.

3. Sony Entertainment

While their identities are still unknown, hackers were able to access the personal information of 78 million Sony PlayStation Network users, including login credentials, phone numbers and email addresses. Unfortunately for Sony, this number jumped to 24.6 million when they discovered that the hackers had also penetrated into SOE and Qriocity, gaining access to credit card date for almost 24,000 SOE users.

After disclosing the breach, the PSN went dark for over 3 weeks, resulting in costly cleanup and lawsuits totaling $171 million.

4. National Archives 

In 2008, a hard drive stored at the National Archive and Records Administration ceased to function. This hard drive contained the contact information for some 76 million military veterans. The hard drive was sent off to be destroyed. However, its actual whereabouts are unknown. While the NARA does not believe this information was destroyed…they cannot definitively say that the information was properly destroyed.

5. Anthem

Formerly known as WellPoint, the second largest insurance company in the US, Anthem experienced a significant data breach. This particular breach involved SS numbers, employment histories, and birth dates of almost 80 million current and former Anthem customers.

6. Epsilon

In March of 2011, this email communication company announced that their database had been stolen. This breach exposed at least 60 million email addresses, affecting companies such as Best Buy, Verizon, and JPMorgan Chase.

7. Home Depot

In September 2014, Home Depot announced their data breach. This particular data heist may have been the largest jackpot of credit card information ever recorded.

8. TJX Companies

In December of 2006, TJX companies confirmed their data breach. Speculators believe that these attacks were carried out by attacking a weak encryption system and hacking local TJX kiosks. Albert Gonzalez, the infamous hacker and the brains behind the Heartland Breach, was convicted and sentenced to 40 years in prison.

9. Evernote

In March 2013, Evernote announced the breach of over 50 million records. This exposed users email addresses, user names, and passwords. While no financial data was lost, customers were still subjected to phishing campaigns from emails disguised as Evernote messages.

10. Living Social

It was in April 2013 when Living Social, a daily deals site, announced that they had lost the email addresses, birth dates, and passwords of over 50 million worldwide customers.

11. RSA Security

The severity of this particular 2011 cyber-attack is still up for debate. According to RSA Security, two hacker groups worked in tandem with a foreign government to launch a series of phishing attacks. According to RSA, no customer data was breached. However, EMC reported in July that they had spent at least 66 million dollars in resolving the issue.

12. Stuxnet

While the impacts of the Stuxnet hack had little impact in the U.S., it is still regarded as one of the most important data breaches in the 21st century. This hack was designed to attack Iran’s nuclear power program, and served as the first instance in which code was able to have a significant and tangible impact on the real world.

13. Department of Veteran Affairs

This particular data breach, occurring in 2006, was not the work of brilliant hackers. Instead, this was a perfect example of user error. The database, containing information on almost 27 million veterans, was stolen from a VA analyst’s home. Fortunately for the Department of Veteran Affairs, the stolen items were returned in June of 2006.

14. ESTsoft

2011 marks the year that South Korea experienced the largest theft of information in history. This particular breach exposed the personal information of 35 million South Koreans.

15. Gawker Media

In December 2010, Gawker Media had compromised the email and passwords of around 1.3 million users of popular blog sites including Gizmodo and Lifehacker.



Leave a Comment

Your email address will not be published.