Biggest Data Breaches

Each of the most recent biggest data breaches resulted in the exposure of huge amounts of personal information and identities

Notable Data Breaches



Score: 10.0
2,100,000,000 Records

Facebook revealed that malicious actors could have abused its search and account recovery capabilities to scrape public profile information from most of its more than 2 billion users. The social networking platform discovered that bad actors had the option of submitting phone numbers and email addresses to locate users' public profiles and obtain personal information off them. As Facebook's CTO Mike Schroepfer explained at the time, "Given the scale and sophistication of the activity we've seen, we believe most people on Facebook [over 2 billion users] could have had their public profile scraped in this way." The tech giant responded by disabling the feature and changing its account recovery process to reduce the risk of scraping.



Score: 9.1
340,000,000 Records

Florida-based marketing and data aggregation firm Exactis left a database containing 340 million individual records unprotected on the web. Security researcher Vinny Troia discovered in June 2018 that Exactis had left the database exposed on a publicly accessible server. The database contained two terabytes of information that included the personal details of hundreds of millions of Americans and businesses including consumers' email addresses, physical addresses, phone numbers and other extremely sensitive information like the names and genders of their children. It's unknown how many U.S. individuals the breach exposed, but 340 million individual records were stored within the database at the time of discovery.

Under Armour


Score: 9.1
150,000,000 Records

An attacker gained unauthorized access to software owned by Under Armour and in so doing compromised as many as 150 million people's account information. On March 25th, the American apparel manufacturer learned that someone had gained unauthorized access to MyFitnessPal, its platform which tracks users' diet and exercise. According to CNBC, those responsible accessed individuals' usernames, email addresses and hashed passwords. They did not expose users' payment information, as Under Armour processes this data separately. Nor did the unauthorized individual(s) compromise users' Social Security Numbers or driver's license numbers, as Under Armour clarified that it doesn't collect those or any other government identifiers.



Score: 9.0
336,000,000 Records

Twitter urged all its more than 330 million users to change their passwords after a software glitch exposed their credentials in plaintext. The glitch involved the failure of Twitter's hashing process to scramble users' passwords prior to writing them to an internal computer log, causing them to be recorded in readable text. According to Reuters' reporting on May 3, the social networking service launched an internal investigation after discussing the issue, an exposure which one source said had persisted for "several months" prior to discovery. This analysis revealed that no passwords had been stolen or abused, but out of an abundance of caution, Twitter still cautioned all 336 million users to change their passwords.

Top Scoring Data Breaches

Organization BreachedRecords BreachedDate of BreachType of BreachSource of BreachLocationIndustryRisk Score
Facebook2,200,000,00004/04/18Identity TheftMalicious OutsiderUnited StatesSocial Media10.0
Equifax147,900,00007/15/17Identity TheftMalicious OutsiderUnited StatesFinancial10.0
Reliance Jio 120,000,00007/10/17Account AccessMalicious OutsiderIndiaTechnology10.0
Friend Finder Networks412,214,29510/16/16Existential DataMalicious OutsiderUnited StatesEntertainment10.0
Anthem Insurance Companies (Anthem Blue Cross)78,800,00001/27/15Identity TheftState SponsoredUnited StatesHealthcare10.0
Yahoo500,000,00012/01/14Account AccessState SponsoredUnited StatesTechnology10.0
Home Depot109,000,00009/02/14Financial AccessMalicious OutsiderUnited StatesRetail 10.0
JPMorgan Chase83,000,00008/27/14Identity TheftMalicious OutsiderUnited StatesFinancial10.0
CyberVor1,200,000,00008/05/14Account AccessMalicious OutsiderGlobalTechnology10.0
eBay145,000,00005/21/14Identity TheftMalicious OutsiderUnited StatesRetail 10.0
Korea Credit Bureau, NH Nonghyup Card, Lotte Card, KB Kookmin Card104,000,00001/20/14Identity TheftMalicious InsiderSouth KoreaFinancial10.0
Target110,000,00011/04/13Financial AccessMalicious OutsiderUnited StatesRetail 10.0
Adobe Systems, Inc152,000,00009/18/13Financial AccessMalicious OutsiderUnited StatesTechnology10.0
Yahoo1,000,000,00008/09/13Identity TheftMalicious OutsiderUnited StatesTechnology10.0
MySpace360,000,00006/11/13Account AccessMalicious OutsiderUnited StatesOther10.0
Motor Vehicles Department in Kerala200,000,00005/01/17NuisanceMalicious OutsiderIndiaGovernment9.9
General Directorate of Population and Citizenship Affairs, the General Directorate of Land Registry and Cadaster50,000,00001/12/15Identity TheftMalicious OutsiderTurkeyGovernment9.9
Country's Supreme Election Committee (YSK)54,000,00012/16/13Identity TheftMalicious OutsiderTurkeyGovernment9.9
iMesh51,000,00009/22/13Identity TheftMalicious OutsiderUnited StatesTechnology9.9
River City Media1,340,000,00003/06/17NuisanceAccidental LossUnited StatesOther9.8

Breach Risk Calculator

How bad might a breach be if it did happen to you? Calculate your own risk score and breach severity using the Breach Level Index.
Calculate Your Score