A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | organisation | alternative name | records lost | year | date | story | sector | method | interesting story | data sensitivity | displayed records | source name | 1st source link | 2nd source link | ID | ||||||||||||
2 | visualisation here: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ pink = new | (use 3m, 4m, 5m or 10m to approximate unknown figures) | year story broke | web healthcare app retail gaming transport financial tech government telecoms legal media academic energy military | poor security hacked oops! lost device inside job | 1. Just email address/Online information 2 SSN/Personal details 3 Credit card information 4 Health & other personal records 5 Full details | =IF(C3>100000000,C3,") | ||||||||||||||||||||
3 | Irish towing company | 512,000 | 2023 | Oct 23 | The driving licences and payment card etails of thousands of motorists who had vehicles towed on behalf of the Irish police | transport | poor security | 3 | Irish independent | https://www.independent.ie/irish-news/thousands-of-drivers-have-sensitive-data-exposed-to-hackers-in-major-it-breach/a1379036136.html | 463 | ||||||||||||||||
4 | Maine Government | 1,300,000 | 2023 | May 23 | Russian ransomware group Clop stole names, dates of birth, Social Security numbers, driver’s license and other state or taxpayer identification numbers. Some individuals had medical and health insurance information taken. | government | hacked | 4 | Tech Crunch | https://techcrunch.com/2023/11/09/maine-government-data-breach-clop-ransomware/ | 462 | ||||||||||||||||
5 | Welltok | 8,500,000 | 2023 | Nov 23 | Patient data was exposed during the breach, including full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information. | health | hacked | 4 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/welltok-data-breach-exposes-data-of-85-million-us-patients/ | 461 | ||||||||||||||||
6 | Maximus | 10,000,000 | 2023 | Jul 23 | Exploit of a zero-day flaw in the MOVEit file transfer application. Data stolen included social security numbers, protected health information. | government | hacked | 4 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/8-million-people-hit-by-data-breach-at-us-govt-contractor-maximus/ | 460 | ||||||||||||||||
7 | Okta | 134 | 2023 | Nov 23 | Names and email addresses of customers of the identity security company. 134 of the company's 18,400 clients were impacted, but that only five instances of successful session hijacking were logged | tech | hacked | 1 | Okta | https://sec.okta.com/harfiles | 459 | ||||||||||||||||
8 | Delta Dental | 7,000,000 | 2023 | May 23 | The dental insurance company suffered unauthorized access by threat actors through the MOVEit file transfer software application exposing full credit card details of customers | health | hacked | 3 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/delta-dental-of-california-data-breach-exposed-info-of-7-million-people/ | 458 | ||||||||||||||||
9 | Xfinity | 36,000,000 | 2023 | Oct 23 | Hackers using the CitrixBleed vulnerability accessed acocunt details like name, last four digits of social security numbers and hashed passwords | telecoms | hacked | 2 | Tech Crunch | https://techcrunch.com/2023/12/19/comcast-xfinity-hackers-36-million-customers/ | 457 | ||||||||||||||||
10 | Atlassian | 13,200 | 2023 | Feb 23 | SiegedSec hacked Atlassian, the owner of Trello and other apps, via a third party office app, leaking employee details and office floor plans after an employee publicly shared credentials. | tech | oops! | y | 1 | Cyberscoop | https://cyberscoop.com/atlassian-hack-employee-data-seigedsec/ | 456 | SiegedSec, a hacking group, posted an employee file containing data on thousands of Atlassian employees, including names, email addresses, work departments and other information, and floor plans for two of the company's offices. The data was accessed from the Envoy app “using an Atlassian employee’s credentials that had been mistakenly posted in a public repository by the employee." Envoy is a third party app used by Atlassian to coordinate in-office resources. | ||||||||||||||
11 | 100,000 | 2023 | Feb 23 | A phishing attack granted access to Reddit's internal documents and systems, but without breaching main production systems, user passwords, or accounts. | web | hacked | y | 1 | Forbes | https://www.forbes.com/sites/daveywinder/2023/02/10/reddit-confirms-it-was-hacked-recommends-users-set-up-2fa/ | 455 | Due to a phishing campaign by the attacker, they were able to gain access to internal documents and coder, as well as internal dashboards and business systems. Though there's no evidence of Reddit's primary production systems, user passwords or accounts being breached. | |||||||||||||||
12 | Go Daddy | 1,228,000 | 2022 | Dec 23 | GoDaddy faced a multi-year breach (2020-2022) by a single intruder, resulting in stolen source code, user credentials, malware installation, and user redirects to malicious sites. WordPress customers’ email addresses, usernames, passwords, and even their SSL private keys were stolen. | web | hacked | y | 3 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/ | 454 | GoDaddy, one of the world’s largest domain registrars, and by extension, third-party to more than 21 million organizations worldwide, stated that they suffered a multi year security compromised that allowed for the theft of company source code, customer and employee logins, and the installation of malware which redirected users to malicious sites. These events began in 2020 and lasted through 2022 and were carried out by the same intruder. In 2020, the intruder gained access to GoDaddy user's web hosting account credentials. In 2021, the intruder gained access to current and inactive managed WordPress customers’ email addresses, usernames, passwords, and even their SSL private keys. In 2022, users were being redirected from GoDaddy sites to random domains by the same intruder. | ||||||||||||||
13 | MGM | 10,600,000 | 2023 | Sept 23 | AlphV and Scattered Spider's cyberattack on MGM caused slot machine errors and hotel queues in Las Vegas, stealing pre-March 2019 customer data and inflicting a $100m loss on the company's Q3 results. MGM declined to say if any ransom was paid. | retail | hacked | y | 3 | Reuters | https://www.reuters.com/business/mgm-expects-cybersecurity-issue-negatively-impact-third-quarter-earnings-2023-10-05/ | 453 | A cyberattack on the gamblling firm disrupted operations, causing slot machine errors and queues at hotels in Las Vegas. AlphV worked with Scattered Spider to break into MGM and stole private data of customers who used MGM services before March 2019, including contact information, gender, date of birth and driver’s license numbers. MGM has declined to comment on whether any ransom has been requested or paid. The theft and disruption to services has caused MGM to experience a $100m loss to its 3rd quarter results | ||||||||||||||
14 | Uber | 20,000,000 | 2022 | Dec 22 | Data on 77,000 Uber employees and internal reports were leaked on forums. While Uber denied ownership of the implicated source code, the breach stemmed from their third-party vendor, Teqtivity, which had a security incident earlier that year. | transport | hacked | y | 1 | Restore Privacy | https://restoreprivacy.com/uber-data-leak-breach-third-party-vendor-hacked/ | 452 | Uber has been repeatedly hacked, however in December 2022, a new trove of Uber data containing personally identifiable information pertaining to 77,000 Uber employees, as well as internal reports and possibly even source code was released onto Breached forums, though Uber stated the source code implicated in this breach did not belong to them. The source of the data breach was its third party vendor Teqtivity (which provides asset management and tracking services for Uber) which experinced a security breach earlier in the year. | ||||||||||||||
15 | X (Twitter) | 200,000,000 | 2023 | Jan 23 | From Nov 2022 to Jan 2023, over 200 million Twitter users' data, including emails and names, was exposed due to repeated security flaw exploitations and posted on hacker forums. But no highly sensitive data was revealed. | web | poor security | 1 | Firewall Times | https://firewalltimes.com/twitter-data-breach-timeline/ | 451 | After a string of ransom attempts and leaks, data on over 200 million Twitter users was released among hackers and published in full on hacker forums in January. The data included email addresses, names, and usernames, but no highly sensitive data. The data was originally stolen by exploiting a security flaw which was repeatedly exploited by a number of hackers. The total number of user accounts affected by the attacks from November 2022 to January 2023 is ~205 million. | |||||||||||||||
16 | CommuteAir | 1,500,000 | 2023 | Jan 23 | Swiss hacker Maia Arson Crimew, stumbled upon a misconfigured AWS server containing TSA's No Fly list and exposed ~250,000 'selectees' (selectees are automatically chosen for additional screening each time they fly) to a hacker forum. | transport | hacked | y | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/us-no-fly-list-shared-on-a-hacking-forum-government-investigating/ | 450 | Swiss hacker Maia Arson Crimew, stumbled upon a misconfigured AWS server containing TSA's No Fly list and exposed ~250,000 'selectees' (selectees are automatically chosen for additional screening each time they fly) to a hacker forum. The presence of duplicates and aliases in the lists implies the total number of exposed names are fewer than 1.5 million. | ||||||||||||||
17 | Yum! | 10,000,000 | 2023 | Jan 23 | The brand owner of KFC, Pizza Hut, and Taco Bell fast food chains saw an undisclosed amount of personal user information stolen during a ransomware attack: names, driver's license numbers, and other ID card numbers. ~300 restaurants were shut down in the UK due to IT system disruptions caused by the attack. | retail | hacked | y | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/kfc-pizza-hut-owner-discloses-data-breach-after-ransomware-attack/ | 449 | The brand owner of KFC, Pizza Hut, and Taco Bell fast food chains had an undisclosed amount of personal user information stolen during a ransomware attack. The company revealed that the attackers stole some individuals' personal information, including names, driver's license numbers, and other ID card numbers. ~300 restaurants were shut down in the UK due to IT system disruptions caused by the attack. | ||||||||||||||
18 | PharMerica | 5,800,000 | 2023 | May 23 | Full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people. | health | hacked | 4 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-of-58-million-pharmerica-patients/ | 448 | According to a data breach notification submitted to the Office of the Maine Attorney General, hackers breached PharMerica's system and stole the full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance information of 5,815,591 people. | |||||||||||||||
19 | NATO | 8,000 | 2023 | Jul 23 | Hacktivist group, SiegedSec, claimed to have broken into six NATO web portals and stolen >3,000 files and 9GB of data. Threat intel biz CloudSEK analysis revealed 20 unclassified documents and 8,000 personnel records with names, job titles, email addresses, home addresses, and photos. | government | hacked | y | 4 | The Register | https://www.theregister.com/2023/10/04/nato_data_attack/#:~:text=On%20Sunday%2C%20the%20SiegedSec%20crew,)%3B%20the%20Communities%20of%20Interest | 447 | Hacktivist group, SiegedSec, claimed to have broken into six NATO web portals and stolen >3,000 files and 9GB of data. Threat intel biz CloudSEK analyzed the leaked data and said it contained at least 20 unclassified documents and 8,000 personnel records with names, companies and units, working groups, job titles, business email addresses, home addresses, and photos. | ||||||||||||||
20 | Topgolf Callaway | 1,114,954 | 2023 | Aug 23 | Only full names, shipping and email addresses, phone numbers, order histories, account passwords and answers to security questions were exposed. | retail | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/golf-gear-giant-callaway-data-breach-exposes-info-of-11-million/ | 446 | According the data breach notification from the company, no SSNs, government ID or payment card information was exposed, only full names, shipping and email addresses, phone numbers, order histories, account passwords and answers to security questions were exposed. | |||||||||||||||
21 | Sony | 6,800 | 2023 | Oct 23 | Personal information belonging to current and former employees and their family members was stolen by Clop in a ransomware attack. Details unrevealed by Sony. | tech | hacked | 2 | The Verge | https://www.theverge.com/2023/10/5/23905370/sony-interactive-entertainment-security-breach-confirmation | https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/ | 445 | Personal information belonging to current and former employees and their family members was stolen by Clop in a ransomware attack. The details of the information stolen hasn't been declared by the Sony. | ||||||||||||||
22 | 23andMe | 6,900,000 | 2023 | Oct 23 | Hackers accessed the genetic site's user data via login guesses and information from DNA relatives (users opt into sharing info through DNA relatives for others to see). Stolen data included personal and some genetic ancestry and health details. After two breaches, one unverified, 23andMe now faces legal action. | health | hacked | y | 4 | 6.9m | Tech Crunch | https://arstechnica.com/tech-policy/2023/12/hackers-stole-ancestry-data-of-6-9-million-users-23andme-finally-confirmed/ | https://www.bleepingcomputer.com/news/security/23andme-hit-with-lawsuits-after-hacker-leaks-stolen-genetics-data/ | 444 | Hackers gathered user data by guessing the login credentials from a group of users and then getting more people's information from DNA relatives (users opt into sharing info through DNA relatives for others to see). The stolen data includes personal info like name, sex, birth year, current location, and some details about genetic ancestry and health results. 23andMe has been sued over this data breach. A second breach occurred two weeks later, with the hacker claiming to have stolen data from 4 million more users, though this hasn't been verified, 23andMe are facing legal action due to these breaches of security. | ||||||||||||
23 | Optus | 9,700,000 | 2022 | Sept 2022 | The telecom company faced a 'sophisticated attack' exposing ~10 million accounts including personal details (passport, driver’s licence & Medicare numbers). Hacker demanded $1m ransom but later apologized and claimed data deletion, unverified. | telecoms | hacked | 4 | The Guardian | https://www.theguardian.com/business/2022/sep/29/optus-data-breach-everything-we-know-so-far-about-what-happened | https://www.optus.com.au/about/media-centre/media-releases/2022/09/optus-notifies-customers-of-cyberattack | 443 | The telecommunication company was the victim of a 'sophisticated attack' in which ~10 million user accounts have been exposed, which included names, email addresses, postal addresses, phone numbers, dates of birth, identification numbers including passport numbers, driver’s licence numbers and Medicare numbers. A user called OptusData threatened to sell the data unless Optus paid a $1m ransom, however, the user later apologised and claimed they deleted the data, though there's no way to verify this. | ||||||||||||||
24 | PayPal | 34942 | 2023 | Dec 22 | PayPal's breach involved unauthorized account access using credential stuffing (exploiting users reusing the same password for multiple accounts). It wasn't from a direct security lapse and hackers couldn't transact. PayPal reset passwords. | finance | hacked | 2 | Office of the Maine Attorney General | https://apps.web.maine.gov/online/aeviewer/ME/40/766753f1-f9c7-4dc5-9a5c-fe0f3ff51c06.shtml | https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/ | 442 | According to PayPal's investigation the breach involved unauthorised access to user accounts using valid credentials. The company insists that the breach did not originate from poor security and found no proof that user credentials were obtained directly from them. The hackers used credential-stuffing (taking advantage of users reusing the same password for multiple accounts) to gain access to the PayPal accounts. PayPal ensures that though the hackers gained access, they are not able to perform transactions and have initiated a password reset. | ||||||||||||||
25 | Acer | 10,000,000 | 2023 | Mar 23 | Acer suffered a data breach when a server was hacked, with threat actors selling 160GB of stolen data. The company said the incident hadn't impacted customer info. | tech | hacked | 1 | Slashdot | https://it.slashdot.org/story/23/03/07/1459230/acer-confirms-breach-after-hacker-offers-to-sell-stolen-data?utm_source=feedly1.0mainlinkanon&utm_medium=feed | https://www.bleepingcomputer.com/news/security/acer-confirms-breach-after-160gb-of-data-for-sale-on-hacking-forum/ | 441 | Acer suffered a data breach after a server hosting private documents was hacked by threat actors who have since began selling 160GB of data stolen from Acer. The company says the incident hasn't impacted customer data. | ||||||||||||||
26 | MSI | 10,000,000 | 2023 | Apr 23 | Money Message ransomware group claims to have stolen MSI's source code, demanding $4 million to prevent leaks. MSI downplays impact and hasn't confirmed paying ransom, assuring no user data was affected but advises software downloads only from official sources. | tech | hacked | 1 | Slashdot | https://it.slashdot.org/story/23/04/07/152242/msi-confirms-breach-as-ransomware-gang-claims-responsibility?utm_source=feedly1.0mainlinkanon&utm_medium=feed | https://uk.pcmag.com/security/146322/msi-confirms-breach-as-ransomware-gang-claims-responsibility | 440 | Ransomware group Money Message claims it breached MSI to steal the company's source code, including the framework for the BIOS used in MSI products. The group posted screenshots of the stolen files on the group's dark web site and demanded MSI paid $4million to prevent the data being leaked. MSI stated that the breach shouldn't have a significant impact on its financials or operations and haven't declared whether they have paid the ransom. MSI claims that user data hasn't been impacted, and urges users to only download software from official sources. | ||||||||||||||
27 | T-Mobile | 37,000,000 | 2023 | Jan 23 | T-Mobile's system was exploited by 'bad actors' from November 2022 to January 2023, exposing customer data. It's their ninth hack since 2018, with a 2021 breach affecting 49 million customers. | tech | hacked | 2 | Ars Technica | https://arstechnica.com/information-technology/2023/05/t-mobile-discloses-2nd-data-breach-of-2023-this-one-leaking-account-pins-and-more/ | 439 | T-Mobile stated that 'bad actors' abused its application programming in a way that gave them access to customer data including names, billing addresses, email addresses, phone numbers, dates of birth, T-Mobile account numbers, and more. The hack started in November 2022 and wasn't detected until January 2023. This is the ninth hack since 2018, including one in 2021 exposing data belonging to 49 million customers. | |||||||||||||||
28 | T-Mobile | 836 | 2023 | Mar 23 | T-Mobile faced its second 2023 data breach, exposing PINs and data from Feb to Mar. Though way smaller than the first 2023 breach (only affecting 836 customers), it adds to the $350mil 2021 settlement and erodes customer trust. | tech | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/t-mobile-discloses-second-data-breach-since-the-start-of-2023/ | 438 | T-Mobile experienced a hack exposing account PINs and other customer data in the second data breach experienced by the company in 2023. The breach started in February until it was detected in March, and the company states that it was 'bad actors' that had again gained access to customer information, as in the first breach of 2023, however the breadth of the breach was significantly smaller. Despite the reduced size, this second breach will cost the company significantly on top of a $350mil settlement related to a breach in Aug 2021, as well as the loss of trust of their customers. | |||||||||||||||
29 | ChatGPT | 101,000 | 2023 | Mar 23 | Over 101,000 ChatGPT accounts were stolen by malware last year. Breakdown: Asia-Pacific 40,999, Middle-East/Africa 24,925, Europe 16,951, Latin America 12,314, North America 4,737. Malware extracts browser credentials from SQLite databases, using CryptProtectData function to decrypt stored data. | tech | hacked | y | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/over-100-000-chatgpt-accounts-stolen-via-info-stealing-malware/ | 437 | More than 101,000 ChatGPT user accounts have been stolen by malware during the year prior. Asia-Pacific had the most reported infected devices across the world at 40,999, Middle-East and Africa had reported 24,925 infected devices, Europe has 16,951, Latin America: 12,314, and North America: 4,737. The malware steals credentials saved to web browsers by extracting them from the program's SQLite database and abusing the CryptProtectData function to reverse the encryption of the stored data. | ||||||||||||||
30 | TIAA | The Teachers Insurance and Annuity Association of America | 2,300,000 | 2023 | May 23 | This US retirement fund for teachers faced a data breach exposing client details. A former teacher-client is suing for inadequate cybersecurity and leaving data unencrypted on a vulnerable platform. | finance | hacked, poor security | 2 | ClassAction | https://www.classaction.org/news/teachers-insurance-and-annuity-association-of-america-hit-with-class-action-over-may-2023-data-breach#:~:text=Teachers%20Insurance%20and%20Annuity%20Association%20of%20America%20faces%20a%20class,of%20approximately%202.3%20million%20individuals. | https://news.slashdot.org/story/23/06/30/2038234/schools-say-us-teachers-retirement-fund-was-breached-by-moveit-hackers?utm_source=feedly1.0mainlinkanon&utm_medium=feed | 436 | TIAA, a retirement fund, experienced a data breach of clients' full names, addresses, dates of birth, gender and Social Security numbers. The company is being sued by a former teacher that was a client due to its failure to implement adequate cybersecurity measures and for leaving sensitive data unencrypted on an insecure platform, despite the known risk of a breach. | |||||||||||||
31 | Microsoft | 30,000,000 | 2023 | Jun 23 | Anonymous Sudan hacked Microsoft, accessed customer data, and caused outages. They offered the database for $50,000. But Microsoft claims no evidence of compromised customer data. | web | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/microsoft-denies-data-breach-theft-of-30-million-customer-accounts/ | 435 | Anonymous Sudan breached Microsoft's servers, accessed a database containing customer account information, including emails and passwords, and caused service disruptions and outages. The hackers offered to sell the database for $50,000. Microsoft states that they "have seen no evidence" that their "customer data has been accessed or compromised" | |||||||||||||||
32 | Microsoft | 10,000,000 | 2023 | May 23 | China-backed hackers stole a cryptographic key from Microsoft, undetected for a month, accessing 25 organizations, including government. Microsoft's postmortem cites past system vulnerabilities. | web | hacked | 3 | unknown | NYT | https://www.nytimes.com/2023/07/11/us/politics/china-hack-us-government-microsoft.html?smid=nytcore-ios-share | https://www.wired.com/story/china-backed-hackers-steal-microsofts-signing-key-post-mortem/ | 434 | China-backed hacking group had stolen a cryptographic key from the company's systems. The hackers went undetected for a month, allowing them to access information from approx. 25 organisations, including government agencies. A postmortem published by Microsoft explains the company's own fault, including a critical system crash in 2021, in allowing the hackers access to the keys needed to steal the data. | |||||||||||||
33 | Roblox | 4,000 | 2020 | Dec 20 | Data identifying Roblox creators was breached at a developers' conference, undisclosed for 2 years due to a third-party security issue. | gaming | poor security | 2 | The Verge | https://www.theverge.com/2023/7/21/23802742/roblox-data-breach-leak-developer-personal-information-exposed | 433 | Information identifying Roblox creators has been exposed by a data breach impacting attendees at a conference for Roblox developers. This breach remained undisclosed for 2 years following the attack which was due to a third-party security issue. | |||||||||||||||
34 | Discord.io | 760,000 | 2023 | Aug 23 | Unidentified person listed user data for sale on darknet. Discord.io enables custom Discord invites. | gaming | hacked | 1 | Stackdiary | https://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet// | 432 | An unidentified individual has listed the data of Discord.io users for sale on a darknet forum. Discord.io is a platform which allows users to create custom and personal Discord invites. | |||||||||||||||
35 | Clorox | 10,000,000 | 2023 | Aug 23 | Clorox detected unauthorized IT activity in August 2023. By September, the contained hack led to slower production and a 2% stock drop. Specific affected files undisclosed | retail | hacked | 1 | unknown | Slashdot | https://it.slashdot.org/story/23/10/04/1917217/clorox-security-breach-linked-to-group-behind-casino-hacks?utm_source=feedly1.0mainlinkanon&utm_medium=feed | 431 | Clorox disclosed in August 2023 that the company had identified unauthorised activity on some of its IT systems, later in September, the company further declared that the hack was contained but had caused slower production rates and lower product availability which saw a 2% drop in Clorox stock. The company hasn't disclosed the number or type of files affected by this attack. | ||||||||||||||
36 | Latitude Financial | 14,000,000 | 2023 | Apr 23 | 14 million customer records, including driver's licence numbers, passport numbers and financial statements, stolen in a cyber-attack that was worse than the company initially reported. | finance | hacked | 2 | Privacy Commissioner | https://www.privacy.org.nz/publications/statements-media-releases/new-zealands-biggest-data-breach-shows-retention-is-the-sleeping-giant-of-data-security/ | 430 | 14 million customer records, including driver's licence numbers, passport numbers and financial statements, were stolen from Latitude's system in a cyber-attack that was worse than the company initially reported. | |||||||||||||||
37 | Toyota | 296,019 | 2022 | Oct 22 | An access key to a data server storing customer email addresses and management numbers was mistakenly published publically on GitHub for five years. | transport | poor security | 2 | Slashdot | https://yro.slashdot.org/story/22/10/10/2032250/toyota-discloses-data-leak-after-access-key-exposed-on-github?utm_source=feedly1.0mainlinkanon&utm_medium=feed | 429 | An access key to the data server that stored customer email addresses and management numbers was mistakenly published publically on GitHub for five years. | |||||||||||||||
38 | Shein | 39,000,000 | 2022 | Oct 22 | Online fast fashion retailer suffered a breach of its login credentials in 2018 but failed to notify its customers | retail | hacked | 2 | Tech Crunch | https://techcrunch.com/2022/10/13/shein-zoetop-fined-1-9m-data-breach/?guccounter=1 | 428 | Online fast fashion retailer suffered a breach of its login credentials in 2018 but failed to notify its customers | |||||||||||||||
39 | Indonesia's health agency | BPJS Kesehatan | 279,000,000 | 2022 | May 21 | The ID numbers, salary and phone numbers of every single man, woman and child in the country was stolen. | government | hacked | y | 3 | Kr Asia | https://kr-asia.com/shoddy-data-protection-in-indonesia-threatens-personal-security-of-citizens | 427 | Indonesia's health & social security agency was breached. The ID numbers, salary and phone numbers of every single man, woman and child in the country was stolen. | |||||||||||||
40 | CoinSquare | 50,000 | 2022 | Nov 22 | Major Canadian Crypto Exchange. company claims customer assets are “secure in cold storage and are not at risk.” | tech | hacked | 1 | Coin Desk | https://www.coindesk.com/tech/2022/11/26/major-canadian-crypto-exchange-coinsquare-says-client-data-breached/ | 426 | Major Canadian Crypto Exchange. company claims customer assets are “secure in cold storage and are not at risk.” | |||||||||||||||
41 | Indian Railways | 30,000,000 | 2022 | Dec 22 | Stolen data includes usernames, emails, phone numbers, gender, city, state, invoices | transport | hacked | 2 | Techlo Media | https://techlomedia.in/2022/12/data-of-30-million-indian-railways-users-is-up-for-sale-on-a-dark-forum-96589/ | 425 | User data includes username, email, phone number, gender, city, state, and language preference. In the booking data, passenger’s name, mobile, train number, Tavel details, invoice PDF | |||||||||||||||
42 | Indonesian SIM cards | 1,000,000,000 | 2022 | Oct 22 | A vast data hack of 1.3 bn SIM registrations evealing national identity numbers, phone numbers, and more. | telecoms | hacked | 3 | 1.3bn | Rest of World | https://restofworld.org/2022/indonesia-hacked-sim-bjorka/ | 424 | A vast data hack into 1.3 billion SIM registrations — one that revealed national identity numbers, phone numbers, names of telecommunications providers, and more. | ||||||||||||||
43 | LastPass | 33,000,000 | 2022 | Aug 22 | Popular password manager breached; basic account info exposed. Sensitive vault data like usernames and passwords remained safely encrypted. | web | hacked | 2 | Tech Crunch | https://techcrunch.com/2022/12/14/parsing-lastpass-august-data-breach-notice/ | https://www.forbes.com/sites/daveywinder/2023/03/03/why-you-should-stop-using-lastpass-after-new-hack-method-update/ | 423 | Popular password management software was breached. Basic customer account information including company names, end-user names, billing addresses, emails, telephone numbers, and IP addresses. The hackers also gained access to the development environment, stole portions of the LastPass source code, and copied a backup of customer vault data, this includes usernames and passwords, secure notes, attachments, and form-fill fields. | ||||||||||||||
44 | 200,000,000 | 2022 | Dec 22 | Over 200 million Twitter emails were stolen and posted online, possibly before Musk's 2022 takeover. | web | hacked | 1 | Wired | https://www.wired.com/story/twitter-leak-200-million-user-email-addresses/ | 422 | Hackers stole the email addresses of more than 200 million Twitter users and posted them on an online hacking forum. May have taken place as early as 2021, which was before Elon Musk took over ownership of the company last year. | ||||||||||||||||
45 | City of Amagasaki, Japan | 500,000 | 2022 | Jun 2022 | An unnamed government official lost his bag after a night's drinking. It contained a USB stick with sensitive data of the entire city's residents. USB stick was encrypted and passworded. | government | oops! | 3 | BBC | https://www.bbc.co.uk/news/world-asia-61921222 | 421 | ||||||||||||||||
46 | Shanghai Police | 500,000,000 | 2022 | Jul 2022 | A database containing records of over a billion Chinese civilians – allegedly stolen from the Shanghai Police. Addresses, police records and national ID numbers. Potentially one of the largest data breaches in history. Details repressed and censored by Chinese media. | finance | hacked | 5 | "one billion" | The Register | https://www.theregister.com/2022/07/05/shanghai_police_database_for_sell/ | 420 | |||||||||||||||
47 | 5,400,000 | 2021 | Dec 2021 | Zero day vulnerability allowed a threat actor to create profiles of 5.4 million Twitter users inc. a verified phone number or email address, and scraped public information, such as follower counts, screen name, login name, etc | web | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/twitter-confirms-zero-day-used-to-expose-data-of-54-million-accounts/ | 419 | |||||||||||||||||
48 | Plex | 15,000,000 | 2022 | Aug 2022 | Intruders access password data, usernames, and emails for at least half of its 30 million users. | web | hacked | 1 | Ars technica | https://arstechnica.com/information-technology/2022/08/plex-imposes-password-reset-after-hackers-steal-data-for-15-million-users/ | 418 | ||||||||||||||||
49 | Dubai Real Estate Leak | 800,000 | 2022 | May 2022 | Data leak exposes how criminals, officials, and sanctioned politicians poured money into Dubai real estate including more than 100 members of Russia's political elite, public officials, or businesspeople close to the Kremlin, as well as dozens of Europeans implicated in money laundering and corruption | finance | inside job | y | 1 | E24 | https://e24.no/internasjonal-oekonomi/i/Bj97B0/dubai-uncovered-data-leak-exposes-how-criminals-officials-and-sanctioned-politicians-poured-money-into-dubai-real-estate | 417 | |||||||||||||||
50 | Heroku | 50,000 | 2022 | Apr 2022 | A compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." on the Salesforce-owned cloud platform. | tech | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/heroku-admits-that-customer-credentials-were-stolen-in-cyberattack/ | 416 | ||||||||||||||||
51 | Mailchimp | 106,586 | 2022 | Apr 2022 | Hackers gained access to internal customer support and account management tools of the email marketing company to steal audience data and conduct phishing attacks. | tech | hacked | 1 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/ | 415 | ||||||||||||||||
52 | PayHere | 1,580,249 | 2022 | Mar 2022 | Sri Lankan payment gateway PayHere suffered a data breach exposing more than 65GB of payment records including over 1.5M unique email addresses. (IP and physical addresses, names, phone numbers, purchase histories and partially obfuscated credit card data (card type, first 6 and last 4 digits plus expiry date). | finance | hacked | 3 | Pay Here | https://blog.payhere.lk/ensuring-integrity-on-payhere-cybersecurity-incident/ | 414 | ||||||||||||||||
53 | CDEK | 18,218,203 | 2022 | Mar 2022 | UNVERIFIED. Russian courier service CDEK was hacked by Ukrainian hacker group "IT Army" - including 19M unique email addresses along with names and phone numbers. | retail | hacked | 3 | 19m | Have I Been Pwned | https://twitter.com/haveibeenpwned/status/1504343470072549377?lang=en | 413 | |||||||||||||||
54 | Washington State Dpt of Licensing | 257,000 | 2022 | Feb 2022 | The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system. | government | hacked | 3 | Seattle Times | https://www.seattletimes.com/business/breach-at-state-licensing-agency-may-have-exposed-data-from-1000s-of-professionals/ | 412 | ||||||||||||||||
55 | Red Cross | 500,000 | 2022 | Jan 2022 | A network intrusion at the International Committee for the Red Cross (ICRC) in January led to the theft of personal information on more than 500,000 people receiving assistance from the group. KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran. | NGO | hacked | 4 | Arsetechnia | https://arstechnica.com/information-technology/2022/01/red-cross-hack-compromises-the-personal-data-of-515k-highly-vulnerable-people/ | 411 | ||||||||||||||||
56 | Open Subtitles | 100,000 | 2022 | Jan 2022 | web | hacked | 1 | Open Subtitles | https://forum.opensubtitles.org/viewtopic.php?t=17685 | 410 | |||||||||||||||||
57 | FlexBooker | 3,700,000 | 2022 | Jan 2022 | appointment scheduling service | web | hacked | 3 | 3.7m | Bleeping Computer | https://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/ | 409 | |||||||||||||||
58 | LINE Pay | 133,000 | 2021 | Dec 2021 | finance | poor security | 2 | The Register | https://www.theregister.com/2021/12/07/line_pay_leaks_around_133000/ | 408 | |||||||||||||||||
59 | Robinhood | 5,000,937 | 2021 | Nov 2021 | a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers. | finance | hacked | 2 | 5m | Tech Crunch | https://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1 | 407 | |||||||||||||||
60 | GoDaddy | 1,200,000 | 2021 | Nov 2021 | Security Incident Affecting Managed WordPress Servic | web | hacked | 1 | SEC | https://techcrunch.com/2021/11/09/robinhood-data-breach/?guccounter=1 | 406 | ||||||||||||||||
61 | Travelio | 471,376 | 2021 | Nov 2021 | The Indonesian real estate website Travelio suffered a data breach of over 470k customer accounts. The data included email addresses, names, password hashes, phone numbers and for some accounts, dates of birth, physical address and Facebook auth tokens. | misc | hacked | 2 | 470K | HaveIBeenPwned | https://www.riskbasedsecurity.com/2021/12/14/dark-web-roundup-november-2021/ | 405 | |||||||||||||||
62 | Acer | 3,000,000 | 2021 | Oct 2021 | tech | hacked | 1 | Hot Hardware | https://hothardware.com/news/acer-confirms-hacked-again-60gb-stolen-customer-data | 404 | |||||||||||||||||
63 | Brewdog | 200,000 | 2021 | Oct 2021 | BrewDog, one of the world's largest craft beer brewers, has exposed personally identifiable information (PII) belonging to more than 200,000 of its shareholders and customers, | retail | poor security | 1 | Tech Radar | https://www.techradar.com/news/brewdog-exposes-data-of-200000-customers-and-shareholders | 403 | ||||||||||||||||
64 | Experian SA | South Africa | 24,000,000 | 2020 | Jul 2020 | Handed over personal information of their South African customers to a fraudulent client. | web | oops! | 3 | Uni of Hawaii | https://westoahu.hawaii.edu/cyber/global-weekly-exec-summary/experian-security-breach-in-south-africa/#:~:text=Experian%20disclosed%20the%20data%20breach,local%20businesses%20(Cimpanu%202020). | 402 | |||||||||||||||
65 | Nvidia | 100,000 | 2021 | Mar 2021 | tech | hacked | 2 | CNN Business | https://edition.cnn.com/2022/03/01/tech/nvidia-information-leak/ | https://it.slashdot.org/story/22/03/01/1523248/nvidia-says-employee-company-information-leaked-online-after-cyber-attack?utm_source=feedly1.0mainlinkanon&utm_medium=feed | 401 | ||||||||||||||||
66 | Okta | 100,000 | 2021 | Jan 2021 | Identity and access management provider Okta | tech | hacked | 1 | The Verge | https://www.theverge.com/2022/4/20/23034360/okta-lapsus-hack-investigation-breach-25-minutes | https://twitter.com/BillDemirkapi/status/1508527487655067660/ | 399 | |||||||||||||||
67 | Royal Enfield | 420,873 | 2020 | Jan 2020 | Motorcycle maker Royal Enfield left a database publicly exposed that resulted in the inadvertent publication of over 400k customers. (Email and physical addresses, names, motorcycle information, social media profiles, passwords, and other personal information) | transport | poor security | 3 | The Quint | https://www.thequint.com/news/india/royal-enfield-exposed-database-containing-450000-customer-data-cyber-security-expert | 398 | ||||||||||||||||
68 | Avvo | 4,101,101 | 2019 | Dec 2019 | A data breach of the lawyer directory service released 4.1M unique email addresses alongside SHA-1 hashes, most likely representing user passwords. | legal | hacked | 1 | 4.1m | HaveIBeenPwned | https://www.troyhunt.com/breach-disclosure-blow-by-blow-heres-why-its-so-hard/ | 397 | |||||||||||||||
69 | Aimware | 305,470 | 2019 | May 2019 | Video game cheats website "Aimware" suffered a data breach of subscribers' personal information (email and IP addresses, usernames, forum posts, private messages, website activity and passwords stored as salted MD5 hashes) | gaming | hacked | 3 | HaveIBeenPwned | 396 | |||||||||||||||||
70 | Twitch | 10,000,000 | 2021 | Oct 2021 | Full source code breach of the streaming gaming site revealed a trove of internal data & documents including core config packages, devtools, and payments to top streamers. | gaming | hacked | y | 4 | unknown | BBC | https://www.bbc.co.uk/news/technology-58817658 | 395 | ||||||||||||||
71 | Syniverse | 500,000,000 | 2021 | Sep 2021 | "A company that is a critical part of the global telecommunications infrastructure used by AT&T, T-Mobile, Verizon and several others around the world such as Vodafone and China Mobile, quietly disclosed that hackers were inside its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide." | telecoms | hacked | 4 | unknown | Vice | https://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text-messages-quietly-says-it-was-hacked | 394 | |||||||||||||||
72 | Pandora Papers | 11,900,000 | 2021 | Oct 2021 | Millions of documents reveal offshore deals and assets of more than 100 billionaires, 30 world leaders and 300 public officials | government | hacked | y | 4 | Guardian | https://www.theguardian.com/news/2021/oct/03/pandora-papers-biggest-ever-leak-of-offshore-data-exposes-financial-secrets-of-rich-and-powerful | 393 | |||||||||||||||
73 | Neiman Marcus | 4,600,000 | 2021 | Sep 2021 | Occurred sometime in May 2020 after "an unauthorized party" obtained the personal information of some Neiman Marcus customers from their online accounts. | retail | hacked | 3 | Ars Technica | https://arstechnica.com/information-technology/2021/10/neiman-marcus-data-breach-impacts-4-6-million-customers/ | 392 | ||||||||||||||||
74 | Epik | 15,000,000 | 2021 | Sep 2021 | An Internet-services company for concealing online identities, popular with the far right | retail | hacked | y | 5 | Ars Technica | https://arstechnica.com/information-technology/2021/09/epik-data-breach-impacts-15-million-users-including-non-customers/ | 391 | |||||||||||||||
75 | Thailand visitors | 100,000,000 | 2021 | Sep 2021 | Any foreigner who has travelled to Thailand in the last decade ‘might have had their information exposed’ | government | poor security | 2 | 100m | South China Morning Post | https://www.scmp.com/news/asia/southeast-asia/article/3149475/details-some-100-million-visitors-thailand-exposed-online | 390 | |||||||||||||||
76 | T-Mobile | 76,000,000 | 2021 | Aug 2021 | Exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. T-mobile paid a $500m settlement. | telecoms | hacked | 3 | Krebson Security | https://krebsonsecurity.com/2021/08/t-mobile-breach-exposed-ssn-dob-of-40m-people/ | 389 | ||||||||||||||||
77 | Contact tracing data | 38,000,000 | 2021 | Aug 2021 | A thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases. | telecoms | hacked | 3 | 38m | Wired | https://www.wired.com/story/microsoft-power-apps-data-exposed/ | 388 | |||||||||||||||
78 | Estonian gov | 280,000 | 2021 | Jul 2021 | A hacker was able to obtain over 280,000 personal identity photos following an attack on the state information system last Friday. | government | hacked | 4 | News ERR | https://news.err.ee/1608291072/hacker-downloads-close-to-300-000-personal-id-photos | 387 | ||||||||||||||||
79 | Guntrader | UK firearms sales website | 111,000 | 2021 | Jul 2021 | Criminals have hacked into a Gumtree-style website used for buying and selling firearms, making off with a 111,000-entry database containing names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords used by gun shops across the UK. | retail | hacked | 2 | The Register | https://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/ | 386 | |||||||||||||||
80 | 700,000,000 | 2021 | Jul 2021 | The hacker appears to have misused the official LinkedIn API to scrape the data, the same method used in a similar breach back in April. User details, but no passwords. | web | hacked | 1 | 700m | 9 to 5 mac | https://9to5mac.com/2021/06/29/linkedin-breach/ | 385 | ||||||||||||||||
81 | VW | 3,300,000 | 2021 | Jun 2021 | Phone numbers, email addresses and some sensitive credit data. Nearly all those impacted were current or potential customers of Audi, one of the German automaker's luxury brands | transport | hacked | 2 | Reuters | https://www.reuters.com/business/autos-transportation/vw-says-data-breach-vendor-impacted-33-million-people-north-america-2021-06-11/ | 384 | ||||||||||||||||
82 | MacDonalds | 10,000,000 | 2021 | Jun 2021 | Unknown detail | retail | hacked | 2 | unknown | Wall St Journal | https://www.wsj.com/articles/mcdonalds-hit-by-data-breach-in-south-korea-taiwan-11623412800 | 383 | |||||||||||||||
83 | Air India | 4,500,000 | 2021 | May 2021 | Passenger’s name, date of birth, contact information, passport information, ticket information, frequent flyer data and credit card information. | transport | hacked | 2 | Indian Express | https://indianexpress.com/article/explained/air-india-sita-data-breach-explained-7325501/ | 382 | ||||||||||||||||
84 | Omiai dating app | Japanese dating app | 1,710,000 | 2021 | May 2021 | Addresses and dates of birth from identification, including passports, drivers’ licenses and health insurance cards, provided to the company. | app | hacked | 2 | Japan Times | https://www.japantimes.co.jp/news/2021/05/22/business/tech/omiai-dating-app-hack-japan/ | 381 | |||||||||||||||
85 | Amazon Reviews | 13,124,962 | 2021 | May 2021 | Database exposing an organized fake reviews scam affecting Amazon. The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free products | web | poor security | y | 2 | Safety Detectives | https://www.safetydetectives.com/blog/amazon-reviews-leak-report/ | 380 | |||||||||||||||
86 | Peloton | 3,000,000 | 2021 | May 2021 | tech | poor security | 2 | Ars Technica | https://arstechnica.com/gadgets/2021/05/peloton-takes-3-months-to-fix-flaw-that-exposed-users-private-information/#p3 | 379 | |||||||||||||||||
87 | Digital Ocean | 10,000,000 | 2021 | Apr 2021 | tech | poor security | unknown | Tech Crunch | https://techcrunch.com/2021/04/28/digitalocean-customer-billing-data-breach/ | 378 | |||||||||||||||||
88 | Park Mobile | mobile parking app | 21,000,000 | 2021 | Apr 2021 | Customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. | transport | hacked | 2 | Krebson Security | https://krebsonsecurity.com/2021/04/parkmobile-breach-exposes-license-plate-data-mobile-numbers-of-21m-users/ | 377 | |||||||||||||||
89 | Ubiquiti | 16,000,000 | 2021 | Feb 2021 | Unknown amount of user data breached | tech | hacked | 2 | ZDNet | https://www.zdnet.com/article/ubiquiti-tells-customers-to-change-passwords-after-security-breach/ | 376 | ||||||||||||||||
90 | Meet Mindful | 2,240,000 | 2021 | Feb 2021 | Dating site user data includes real names, phone numbers, Facebook account codes, latitude & longtitude. Thankfully private messages were not leaked. | tech | hacked | 4 | ZDnet | https://www.zdnet.com/article/hacker-leaks-data-of-2-28-million-dating-site-users/ | 375 | ||||||||||||||||
91 | Experian Brazil | 220,000,000 | 2021 | Feb 2021 | Details hazy | finance | hacked | 2 | 220m | ZDNet | https://www.zdnet.com/article/experian-challenged-over-massive-data-leak-in-brazil/ | 374 | |||||||||||||||
92 | Gab | 4,000,000 | 2021 | Mar 2021 | Over 70GB of data from the far-right social media site was hacked. Alll posts, messages, passwords from all users were breached. | tech | hacked | y | 3 | 100K | Wired | https://www.wired.com/story/gab-hack-data-breach-ddosecrets/ | 373 | ||||||||||||||
93 | Star Alliance | 16,000,000 | 2021 | Mar 2021 | The Star Alliance of airlines including Singapore Airlines, Lufthansa and United, said on Thursday it had been the victim of a cyber attack leading to a breach of passenger data. Lufthansa, Cathay Pacific and Air New Zealand were also affected. Breached data was limited to "name, tier status and membership number” | transport | hacked | 1 | The Guardian | https://www.theguardian.com/world/2021/mar/05/airline-data-hack-hundreds-of-thousands-of-star-alliance-passengers-details-stolen | 372 | ||||||||||||||||
94 | 533,000,000 | 2021 | Mar 2021 | Phone numbers, full names, locations, email addresses, and biographical information on 533 million users from 106 countries. Scraped due to a vulnerability "patched in 2019". | tech | hacked | y | 1 | 533m | Business Insider | https://www.businessinsider.com/stolen-data-of-533-million-facebook-users-leaked-online-2021-4?r=US&IR=T | 371 | |||||||||||||||
95 | Ledger | 270,000 | 2020 | Dec 2020 | A threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free. | finance | hacked | 2 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum/ | 370 | ||||||||||||||||
96 | T-mobile | 200,000 | 2020 | Dec 2020 | The information exposed in this breach includes phone numbers, call records, and the number of lines on an account. | telecoms | hacked | 1 | Bleeping Computer | https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/ | 369 | ||||||||||||||||
97 | The Hospital Group | 1,000,000 | 2020 | Dec 2020 | Hackers compromised the plastic surgery firm and threatened to release over 900 gigabytes of private surgery photographs. | health | hacked | y | 4 | BBC | https://www.bbc.co.uk/news/technology-55439190 | 368 | |||||||||||||||
98 | SolarWinds | 50,000,000 | 2020 | Dec 2020 | Suspected Russian hackers compromised network monitoring software used by the Pentagon, intelligence agencies, nuclear labs and many Fortune 500 companies. A tainted software update acted as a trojan horse. An unknown number of companies and individuals might be affected. | app | hacked | y | 3 | New York Times | https://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html | 367 | |||||||||||||||
99 | Ho Mobile | 2,500,000 | 2020 | Dec 2020 | Italian mobile operator owned by Vodaphone is now taking the rare step of offering to replace the SIM cards of all affected customers. Data hacked full names, telephone numbers, social security numbers, email addresses, dates and places of birth, nationality, and home addresses. | telecoms | hacked | 2 | ZD Net | https://www.zdnet.com/article/italian-mobile-operator-offers-to-replace-sim-cards-after-massive-data-breach/ | 366 | ||||||||||||||||
100 | Spotify | 500,000 | 2020 | Dec 2020 | Undisclosed number of users had their email addresses and passwords left open online. Spotify said the vulnerability existed as far back as April 9 but wasn’t discovered until November 12. | app | oops! | 1 | Tech Crunch | https://techcrunch.com/2020/12/10/spotify-resets-user-passwords-after-a-bug-exposed-private-account-information/?guccounter=1&guce_referrer=aHR0cHM6Ly9pdC5zbGFzaGRvdC5vcmcv&guce_referrer_sig=AQAAAMGNMpm00iWQgE4Zhw1q6_5FoeBsJUbWyKEniavHxaZR-X1oBrnXuFtvr9B4IYBK1C6x9AfEqEZwzfJaZhhINvaBZltXd-DF036LVwwnAhWAMQpD98Lahw3sni-Z2bS6qEIjPgodPdZHV3DRJWLrNt0bOoohuh_DWM8-IngVnCl6 | 365 |