- Yahoo
- Marriott
- Adult Friend Finder
- Under Armour/MyFitnessPal
- eBay
- Heartland Payment Systems
- Target
- Uber
- Equifax
1. Yahoo
In September 2016, internet giant Yahoo announced it had been the victim of the biggest data breach in history. The company said the attack compromised the names, email addresses, dates of birth and telephone numbers of 500 million users. A couple of months later, it was revealed a different group of hackers compromised 1 billion accounts.
Yahoo, then a publicly traded company, was acquired by Verizon in 2017 for a little over $4 billion. However, in October 2017, the company revealed that the total number of users impacted by the breach stood at 3 billion. Experts consider the hack the largest discovered in the history of the internet.
2. Marriott
On Nov. 30, 2018, the hotel empire revealed a security breach of its Starwood Hotel brand that may have compromised the data of as many as 500 million guests. Although the breach was not discovered until 2018, the actual theft is believed to have occurred in 2014. The hacker successfully copied over 5.2 million unencrypted passport numbers and 380 million booking records.
Marriott said hackers stole an additional 8.6 million encrypted credit card numbers along with 20.3 million encrypted passport numbers. The damage caused by the breach makes it one of the biggest online thefts in history.
3. Adult Friend Finder
The website Adult Friend Finder is one of the biggest online dating and networking platforms in the world. In October 2016, the website said hackers could gain access to more than 20 years of data on its six databases, including names, email addresses and passwords of 412.2 million accounts.
The breach became apparent after six databases that the company owned suffered a massive breach with the information of more than 15 million deleted accounts being exposed.
4. Under Armour/MyFitnessPal
In February 2018, the sports apparel brand Under Armour disclosed that a hacker gained access to the email addresses and information of 150 million users of its food and nutrition website, MyFitnessPal.
5. eBay
In May 2014, eBay announced that hackers got into the company network using the credentials of three corporate employees and had complete inside-access for 229 days. During this time, they were able to collect the personal information of all of its 145 million users.
6. Heartland Payment Systems
In January 2009, Heartland Payment Systems, the sixth-largest payments processor in the U.S., announced that its processing systems were breached in 2008, exposing more than 134 million credit card numbers and over 650 financial services companies.
The company’s stock price fell by nearly 80% within months of the breach. However, two Russian hackers were eventually charged and convicted for carrying out the attack in 2018.
7. Target
In 2013, the retail giant was attacked days before Thanksgiving when hackers gained access through a third-party HVAC vendor to its point-of-sale payment card readers. The breach affected data collected on approximately 110 million customers.
8. Uber
Uber was breached by hackers in 2016 when code containing sensitive information was uploaded to the website Github. The hackers were able to access Uber’s systems and compromised the data of 57 million Uber users and drivers, including their driver’s license numbers.
The company’s response was to cover it up. They paid the hackers $100,000 to delete their stolen data and chalked it up to a “bug bounty” payment, which is when companies pay ethical hackers who find a security breach and bring it to their attention.
When news of the security breach and ensuing coverup broke later, Uber faced intense backlash from users and lawmakers alike.
9. Equifax
In September 2017, one of the largest credit bureaus in the U.S. revealed that personal information, including Social Security numbers, birthdays, addresses and, in some cases, driver’s license numbers were compromised.
In 2020, the Justice Department charged four Chinese military hackers with breaking into the computer networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans.