June 30, 2023  |  Purdue Global

Data breaches continue to be a security problem around the world. According to Cyber Security Hub, there were 4,100 publicly disclosed data breaches in 2022, with 22 billion records compromised. This represented a 38% increase over 2021 attacks, according to Check Point Research.

Data breaches can expose information ranging from the mundane (such as a public email address) to the worst imaginable (such as banking information and Social Security numbers). While data breaches may feel like a new worry, they’ve been around for years. And while big names like T-Mobile and Twitter are top of mind now, there are plenty of other well-known brands that have been hit since the early 2000s.

This infographic shows the worst data breaches of all time, going back to 2013 and affecting a total of more than 11 billion people. Even the smallest data breach on our list affected 412 million people. Many people are worried about the safety of their personal information, leading to the proliferation of sites to check if your email and password — or worse — are out there on the web.

Because of the increase in threats to cybersecurity and the propensity for damage, companies are now hiring to keep their customer data safe. The U.S. Bureau of Labor Statistics projects that employment of information security analysts will grow 35% from 2021 to 2031, much faster than the average for all occupations.

Earn a Cybersecurity Degree With Purdue Global

After learning about the biggest data breaches, find out more about the online cybersecurity degree programs offered by Purdue Global. And if you’re interested in a career in the growing field of cybersecurity, request more information today.

Top 10 Data Breaches Infographic

Infographic Content

There were 4,100 publicly disclosed data-compromise events in 2022, exposing over 22 billion sensitive records.1

These are the biggest data breaches of all time, based on the number of records breached  and propensity for damage.

1. Yahoo — 2013

Affecting every existing Yahoo account in 2013, this data breach (reported in 2016) is the largest ever to occur.2

Size of breach: 3 billion user accounts

2. “Collection #1-5” — 2019

Mid-January 2019, 773 million unique email addresses and 21 million passwords were found as Collection #1 on torrent websites. By the end of the month, Collections #2-5 were discovered, with 2.2 billion more credentials.3

Size of breach: 2.9 billion usernames and passwords

3. Aadhaar — 2018

Aadhaar, the Indian government’s civilian identification database, was compromised between August 2017 and January 2018. The breach exposed identification numbers, names, email and physical addresses, phone numbers, and photos.4

Size of breach: 1.1 billion records

4. First American Financial Corporation — 2019

This major breach of a U.S. financial service company in 2019 exposed bank account details, Social Security digits, wire transactions, and other mortgage paperwork.5

Size of breach: 885 million records

5. Verifications.io — 2019

This breach of an email verification company exposed email addresses, names, phone numbers, physical addresses, mortgage information, online account names, private data, and business intelligence.6

Size of breach: 800 million records

6. Onliner spambot — 2017

This bot bypassed spam filters and sent an email Trojan that could steal passwords, credit card details, and other personal information from vulnerable computers.7

Size of breach: 711 million records

7. Equifax — 2017

In addition to personal information, some people had their credit card numbers and credit dispute documents exposed.8

Size of breach: 605 million records affecting 143 million people

8. Facebook

A swath of records about Facebook users was publicly exposed on Amazon's cloud computing service. Some location data and passwords were also exposed.9

Size of breach: 540 million records

9. Yahoo — 2014

Yahoo believes a state-sponsored actor stole users’ personally identifiable information, including encrypted passwords and security questions.10

Size of breach: 500 million records

10. Friend Finder Networks — 2016

The breach affected over 15 million so-called deleted accounts that had not been purged from the database.11

Size of breach: 412 million records

Sources:

  1. Cyber Security Hub, 2023
  2. New York Times, 2017
  3. Intego, 2019
  4. Moneylife, 2019
  5. Gizmodo, 2019
  6. NordVPN, 2019
  7. The Verge, 2017
  8. DataProt, 2022
  9. CBS News, 2019
  10. Lifelock, 2022
  11. CSO Online, 2016

About the Author

Purdue Global

Earn a degree you're proud of and employers respect at Purdue Global, Purdue's online university for working adults. Accredited and online, Purdue Global gives you the flexibility and support you need to come back and move your career forward. Choose from 175+ programs, all backed by the power of Purdue.

Filed in:

Information Technology Cybersecurity

Your Path to Success Begins Here

Learn more about online programs at Purdue Global and download our program guide.

Request Information
Most Popular Posts
History of Women in IT: 6 Female Pioneers in Computer Science
Cybersecurity by the Numbers [Infographic]
What Can You Do with a Master of Science in Information Technology?

Your Path to Success Begins Here

Connect with an Advisor to explore program requirements, curriculum, credit for prior learning process, and financial aid options.

Connect with an AdvisorApply Online Today
NOTES AND CONDITIONS

*Employment and Career Advancement: Purdue Global does not guarantee employment placement or career advancement. Actual outcomes vary by geographic area, previous work experience and opportunities for employment.