Malicious actors infiltrated Equifax's systems by exploiting a weak point in the credit bureaus
website software. According to The New York Times, the hack granted them access to sensitive files in
the credit bureaus system from mid-May to July. Equifax and security consultants believe the malicious
outsiders might have compromised the names, dates of birth, Social Security Numbers, and other
personal information of 147.7 million U.S. consumers in that span of time. Given its potential scope, the
Equifax breach received a Breach Level Index score of 10.
Motor Vehicles Department in Kerala, India
Score: 9.9 200,000,000 Records
The department suffered a data breach by a malicious outsider that led to the theft of 200 million records and rated a BLI score of 9.9. The database maintained by the motor vehicles department was compromised during the attack, and as a result, vehicle registration details were exposed, according to Data Breaches.net and India media publication.
River City Media
Score: 9.8 1,340,000,000 Records
An email marketing organization called River City Media failed to properly configure its Rsync
backups, thereby making its data publicly viewable online. In examining the data, researchers
discovered that the organization had created a database of 1.34 billion email addresses that it sent spam mail in the form of offers. The breach, which received a Breach Level Index rating of 9.8, also exposed customers' names and physical addresses along with several thousands of email addresses used by the company to avoid anti-spam filters.
Deep Root Analytics/ Republican National Committee
Score: 9.6 198,000,000 Records
A data firm contracted by the Republican National Committee, Deep Root Analytics stored personal information on nearly all 200 million American voters for two weeks on Amazon's cloud without proper password protections. Researcher Chris Vickery found that the misconfiguration exposed more than a terabyte of personal details including names, home addresses, phone numbers, and dates of birth. This accidental loss incident earned a Breach Level Index score of 9.8.
Score: 9.4 123,000,000 Records
In December, Vickery found an Amazon Web Services storage bucket left open to the public by marketing analytics firm Alteryx. The exposure, which merited a 9.4 Breach Level Index ranking, exposed the sensitive information of more than 120 million American households such as the names of residents, income, mortgage rates, and even residents' interests/hobbies.
Center for Election Systems at Kennesaw State University
Score: 9.1 7,500,000 Records
Center for Election Systems at Kennesaw State University. On 2 March 2017, Kennesaw State University contacted the FBI about a breach at its Center for Election Systems. The event could have compromised as many as 7.5 million Georgians' voter records. For that reason, the security incident received a Breach Level Index score of 9.1.
Score: 9.1 17,000,000 Records
The restaurant app experienced an account access breach by a malicious outsider that
exposed 17 million records, for a BLI score of 9.1. According to Engadget. The attacker infiltrated Zomatos system and got away with 17 million users IDs, usernames, names, email addresses and hashed passwords. The service says no payment information was stolen since credit card details are stored separately.