The worst data breaches of all time

In the digital age, our information online is more exposed than ever before. Data breaches occur on a daily basis, and while some are minor and go unnoticed, others are so great that they could jeopardise an entire company. In January 2019 alone, exactly, 1,769,185,063 user records were leaked!

Below we take a look at some of the biggest security breaches of all time…

Yahoo – 2013

Yahoo shocked the world when it was undergoing one of history’s greatest data breaches. Three billion of its customer accounts were compromised. The attack dated back to 2013, although it was revealed only in 2016  while in negotiations to sell itself to Verizon.

Only 1 billion of their customers were originally said to have been affected. An inquiry, however, found that the breach went much further than initially thought. A press release highlighted this when it was said “The company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.”

The information exposed included the real names, birthdays, email addresses, phone numbers, passwords and security questions of customers.

Yahoo also experienced another attack in 2014, which affected at least 500 million users. Because of these breaches, Verizon trimmed its purchase price for Yahoo by $350 million. 

Interested in cyber security and how you can protect your business? 

Download our Cyber Security White Paper


Marriott International – 2018

In 2018, Marriott International announced it had discovered a breach that started as far back as 2014. The breach began when the systems were still being operated by Starwood, and carried on when they were acquired by Marriott in 2016.

The names, addresses, phone numbers, birthdays, email addresses and encrypted credit card details of 500 million hotel customers were stolen. A smaller group of customers also had their travel histories and passport numbers stolen.

The data has not yetappeared on the dark web, according to reports from a cyber-security firm, which suggests the attackers were not looking to sell the data they had taken. James A. Lewis, a cyber-security expert at the Centre for Strategic Studies in Washington said “Usually when stolen data doesn’t appear, it’s a state actor collecting it for intelligence purposes”.

Equifax – 2017

Equifax, a major consumer credit reporting agency revealed that hackers exploited a vulnerability in an open-source software, Apache Struts, to access its servers in 2017. There was an impact on 147.9 million customers and vital information such as names, street addresses, driver licence numbers, birthdays and even social security numbers was taken.

Customers have been urged to keep an eye on their credit reports after the attack. While it was named one of the most damaging data breaches in history, Equifax as a company hasn’t faced many consequences. However, lawmakers are still waiting for some action to be taken against them.

FriendFinder Networks – 2016

The FriendFinder network is an adult dating and entertainment company who operate several websites. The breach included six databases:,,,, and an unknown domain. 412 million consumers were affected when servers were hacked in 2016, with names, email addresses, IP addresses and passwords being taken. It has been said that the breach was particularly troubling for users who were working in public positions or married, and left them open to potential extortion schemes.

LeakedSource obtained the data and said it included information from the company ‘s sites for 20 years. They also found that passwords were stored in plain visible text or the insecure hashed algorithm SHA1 was used. Once again, the hacked data revealed that many people still use basic passwords, which are easy to guess.

Heartland Payment Systems – 2008

At the time of the breach in 2008, Heartland Payment Systems were processing 100 million payments for major credit card networks such as Visa and MasterCard. Their systems were compromised by malware and, as a result, affected 134 million accounts.

Heartland was found to be in violation of security standards after the attack so for several months after the incident they were barred from processing credit card payments. They also had to pay out around $150 million in compensation.

Albert Gonzalez was the brains behind the attack and in q2010, was sentenced to 20 years in prison. He was also responsible for the TJX hack.

eBay – 2014

In 2014, hackers got into the eBay company network by using the credentials of three corporate employees. They then had complete access for 229 days before it was discovered.

The breach has given hackers access to 145 million users’ names, email addresses, birthdays and encrypted passwords. Luckily, financial details like credit card numbers were stored separately, so they were not affected. A report claimed that there was “no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats”.

Despite eBay advising users to change their passwords immediately upon the breach being discovered, it was criticised widely due to the way it handled the breach. Many security experts commented that there was a lack of email communications to inform users of the incident, while others said the renewal process for passwords had been poorly implemented.

Data breaches are showing no sign of slowing at any time in the near future. Therefore, protecting your personal information will never be more critical.

Please contact us for more information on how you can protect your business.