Cyber
13 min read

The Biggest Data Breaches of the Past Decade

Written by
Team Waffle - Diamonde
Published on
October 14, 2022

The past decade has seen its fair share of data breaches. From Equifax to Target, these cyber attacks have caused billions of dollars in damages and affected the lives of countless people. In this blog post, we will take a look at some of the biggest data breaches in history and examine what went wrong. We will also discuss how you can protect yourself from data breaches and what to do if you suffer one. Stay safe out there!

The Most Common Reasons Why Companies Get Hacked

Why do companies get hacked? And what data is stolen in these cyber attacks? There are many reasons why businesses fall victim to data breaches, but some of the most common ones include the following:

  1. Lack of security measures: A lot of businesses don't have proper security measures in place, which makes them vulnerable to cyber-attacks. This can include failing to encrypt data, not having adequate firewalls in place, and not training employees on how to spot and report suspicious activity.
  2. Poor password management: This includes using weak passwords, reusing passwords across multiple accounts, and not changing passwords regularly.
  3. Lack of awareness: Many businesses are simply unaware of the dangers of cyber attacks and the steps they need to take to protect themselves. This lack of awareness can lead to carelessness, which can in turn lead to data breaches.
  4. Targeted attacks: In some cases, businesses may be specifically targeted by attackers for their sensitive data. This can happen for a variety of reasons, such as political or ideological motivations, or simply because the business is seen as an easy target.
  5. Third-party vendors: In many cases, businesses may be hacked indirectly through third-party vendors that they work with. This can happen if these vendors have weak security measures in place or if they suffer their own data breach.
  6. Attractive data: Some companies are just too juicy a target for hackers. They hold incredibly valuable data about their customers or their technology that make them prime bait. The most security-savvy companies are just as vulnerable as the rest of us. Even with state of the art systems and heavy funding in cybersecurity, some of the most trusted brands in the world often fall victim to cyberattacks. 

Cyber Data Breach Timeline

What is a data breach?

A data breach is the unauthorized access and acquisition of sensitive data.

Data breaches can have several negative consequences for businesses, including financial losses, loss of customer trust, and even lawsuits. But perhaps the most damaging consequence of all is the theft of confidential data. This data can include things like trade secrets, names, addresses, credit card details, social security numbers, geolocations, birthdates, and even more employee & customer information. As a result, businesses and their customers can suffer from a wide range of damages, such as identity theft, fraud, and even bankruptcy.

Data breaches affect millions of users. Here are some of the worst breaches in recent memory:

Steam - November 2011

Steam logo DOWNLOAD in SVG or PNG format - LogosArchive

What Happened?: Steam is a video game digital distribution service and storefront. Within 2011, hackers leaked information of over 35 million customers. Steam forums were taken offline after finding out about this attack.

Data Stolen:

  • Passwords
  • Game Purchases
  • Emails
  • Credit Card Numbers
  • Billing Addresses

Yahoo - August 2013

File:Yahoo! (2019).svg - Wikimedia Commons

What Happened?: An unauthorized third party stole data in which over 3 billion Yahoo accounts were compromised.

Data Stolen:

  • Names
  • Birth Dates
  • Emails
  • Passwords
  • Security Question Answers
  • Backup Emails

Adobe - October 2013

File:Adobe Corporate Logo.png - Wikimedia Commons

What Happened?: During the transition into SaaS structure, a cyber attack allowed hackers into their network & accessed data from over 38 million Adobe users.

Data Stolen:

  • Credit Card Numbers
  • Login Information

Target - December 2013

File:Target logo.svg - Wikimedia Commons

What Happened?: During the holiday season of 2013, cybercriminals accessed over 70 million customer records due to compromising a third-party vendor. Within those records, over 40 million credit & debit card numbers were also stolen. This resulted in Target paying an $18.5 million settlement.

Data Stolen:

  • Credit Card Numbers
  • Customer Details

JPMorgan Chase - September 2014

JPMorgan (Chase) logo and symbol, meaning, history, PNG

What Happened?: Over 76 million households along with 7 million small businesses were impacted by the data breach, including users on the web & their mobile app.

Data Stolen:

  • Contact Information
  • Names
  • Email Addresses
  • Phone Numbers

Home Depot - September 2014

The Home Depot | the-home-depot-logo.jpg

What Happened?: Using a vendor's login information, hackers were able to deploy malware that helped skim card information. They gained access to over 56 million credit & debit card numbers from this breach.

Data Stolen:

  • Emails
  • Credit & Debit Card Numbers

Uber - November 2016

Uber's new logo is just the word 'Uber' | Mashable

What Happened?: Uber suffered a data breach that impacted 57 million customers. This included both riders and drivers, exposing their names, email addresses, phone numbers, and more.  According to the report from Bloomberg, Uber paid $100,000 to “hackers” to get rid of the data so that it wouldn't come out.

Data Stolen:

  • Names
  • Email Addresses
  • Phone Numbers
  • Driver's License Numbers

Equifax - September 2017

What Happened? : The personal information of 147 million people was exposed in a data breach announced by Equifax, one of the three largest consumer credit reporting agencies. According to USA Today, the security breach occurred when Equifax officials failed to install a software update that could have prevented digital intruders from accessing sensitive information.

In response to a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories, the company has agreed to pay up to $425 million.

Data Stolen:

  • Private Information
  • Names
  • Social Security Numbers
  • Date of Birth
  • Credit Card Numbers
  • Driver's License Numbers

MyFitnessPal - February 2018

What Happened? : The personal details of around 150 million MyFitnessPal app users were hacked, including their usernames, passwords (hashed), and email addresses. A year later, this data was found being sold on the dark web for approximately $20,000.

Data Stolen:

  • Usernames
  • Passwords (hashed)
  • Email Addresses

Marriott - November 2018

What Happened? : Marriott announced in November 2018 that hackers have had access to the reservation systems of several of its hotel chains for over four years. This breach has revealed the private information of up to 500 million customers. Furthermore, it demonstrates how delicate records with people's travel agendas can be.

Data Stolen:

  • Payment Information
  • Names
  • Mailing Addresses
  • Phone Numbers
  • Email Addresses
  • Passport Numbers

Quora - December 2018

What Happened? : Quora discovered that a malicious third party had gained unauthorized access to one of its systems. As a result, the personal data of approximately 100 million users had been exposed.

Data Stolen:

  • Names
  • Emails
  • Encrypted Passwords

Capital One - March 2019

What Happened? : This cyber attack went undetected for approximately four months, in which a hacker accessed the personal information of approximately 106 million Capital One customers and applicants.

Data Stolen:

  • Social Security Numbers
  • Bank Account Numbers
  • Birth Dates
  • Addresses
  • Credit Balances
  • Credit Scores
  • Transactions

MGM Hotels - February 2020

What Happened? : More than 10.6 million people's sensitive personal information was released on a hacking forum. This affected guests who had stayed at MGM Resorts earlier. The data breach was discovered in the summer of 2019 but became public on February 20, 2020, when ZDNet published an article about the matter.

Data Stolen:

  • Names
  • Addresses
  • Phone Numbers
  • Email Addresses
  • Birth Dates

Wattpad - June 2020

What Happened? : In June 2020, Wattpad, a user-generated stories website, was hacked and as a result, about 270 million records were leaked. The data was initially offered for over $100,000 in private transactions before being released on a public hacking forum where it was widely distributed for free.

Data Stolen:

  • Personally Identifiable Information (PII)
  • Names
  • Usernames
  • Email Addresses
  • IP Addresses
  • Genders
  • Geographical Locations
  • Birth Dates
  • Passwords (hashed)

Facebook - April 2021

What Happened? : Over 530 million Facebook users were not notified about a data breach that took place before August 2019, when their personal information was accessed and made public. Hackers were able to access the data by exploiting a vulnerability in a feature on the site that allowed people to find each other using phone numbers. News of this breach broke out in April 2021.

Data Stolen:

  • Phone Numbers
  • Full Names
  • Locations
  • Email Addresses
  • Personally Identifiable Information (PII)

LinkedIn - June 2021

What Happened? : A hacker going by the name TomLiner put the personal data of LinkedIn's nearly 700 million users up for sale on a darknet forum. This was approximately around 90% of LinkedIN's entire user base.

Data Stolen:

  • Email Addresses
  • Full Names
  • Phone Numbers
  • Physical Addresses
  • Geo-Location Records
  • Genders
  • Account Credentials

T-Mobile - August 2021

What Happened? : In August 2021, T-Mobile agreed to pay $350 million in damages as part of a class action lawsuit settlement. A hacker broke into its computer networks to steal sensitive information relating to millions of customers. It impacted around 76 million people, including former customers.

Data Stolen :

  • Names
  • Driver's License Numbers
  • Social Security Numbers
  • Device Identification Numbers

Robinhood - November 2021

What Happened? : Robinhood, a popular online stock trading platform, was hacked in November 2021 and more than 5 million customers were impacted. The firm stated in a blog post that a malicious hacker had tricked a customer service representative over the phone to gain access.

Data Stolen:

  • Names
  • Email Addresses
  • Date of Birth
  • Zip Codes

Okta - March 2022

What Happened? : After the Lapsus$ hacking and extortion group posted screenshots of Okta’s apps and systems, it was revealed that 366 corporate customers of Okta had their authentication information compromised.

Data Stolen:

  • The hackers accessed a spreadsheet called “DomAdmins-LastPass.xlsx.”

Cash App - April 2022

What Happened? : After a former employee of the firm downloaded reports containing personal information of US users, up to 8 million users of the mobile payment app Cash App were affected by a data breach.

Data Stolen:

  • Full Names
  • Brokerage Account Numbers
  • Brokerage Portfolio Value


What Can You Do to Protect Yourself from Data Breaches?

You can't be too careful these days. Just when you think you've got your data security on lock, another major breach makes headlines. From Okta to Wattpad, it seems like no one is safe. So what can you do to protect yourself?

For starters, don't panic. While it's important to stay up-to-date on the latest news, obsessing over every little detail isn't going to do you any good! Second, take a close look at your own security measures and make sure they're up to par, including by updating your systems regularly (stop clicking on the dismiss button when your macbook reminds you to update!). And finally, remember that even the most well-protected systems are vulnerable - so don't get too complacent.

While you can’t protect everything to a 100%, there is a way to mitigate some of the downside when the s&^%t hits the fan. Personal cyber insurance is one of these tools. It can help protect individuals, including your family, and businesses from financial losses due to cybercrime. It can cover a variety of expenses, including legal fees, data recovery, device replacement, cyber financial fraud, and more. Data breaches are becoming all too common, so it's important to take steps to protect yourself. Interested? Take a peek at our personal cyber insurance offering!

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

All Your Insurance In One Place.

Easily customize & manage your insurance policies to your needs with Waffle. Get started today!

Subscribe
Join our newsletter to stay up to date on features and releases.
By subscribing you agree to with our privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Contact our support team by emailing us at support@waffleinsurance.com.
Waffle, with offices located at 43 West 23rd Street, New York, New York 10010, USA is a licensed insurance producer and not an insurer. Waffle operates through Waffle Labs Inc (National Producer Number: 19499260). Waffle does business in California as Waffle Labs Insurance Agency. Coverage is subject to all the terms, exclusions and conditions of the insurance policy. Please see the sample policies for further information.