View high-resolution version of infographic
Visualizing The 50 Biggest Data Breaches From 2004–2021
As our world has become increasingly reliant on technology and data stored online, data breaches have become an omnipresent threat to users, businesses, and government agencies. In 2021, a new record was set with more than 5.9 billion user records stolen.
This graphic by Chimdi Nwosu visualizes the 50 largest data breaches since 2004, along with the sectors most impacted. Data was aggregated from company statements and news reports.
Understanding the Basics of Data Breaches
A data breach is an incident in which sensitive or confidential information is copied, transmitted or stolen by an unauthorized entity. This can occur as a result of malware attacks, payment card fraud, insider leaks, or unintended disclosure.
The targeted data is often customer PII (personally identifiable information), employee PII, intellectual property, corporate data or government agency data.
Date breaches can be perpetrated by lone hackers, organized cybercrime groups, or even national governments. Stolen information can then be used in other criminal enterprises such as identity theft, credit card fraud, or held for ransom payment.
Notable Data Breaches Since 2004
The largest data breach recorded occurred in 2013 when all three billion Yahoo accounts had their information compromised. In that cyberattack, the hackers were able to gather the personal information and passwords of users. While the full extent of the Yahoo data breach is still not fully realized, subsequent cybercrimes across the globe have been linked to the stolen information.
Here are the 50 largest data breaches by amount of user records stolen from 2004–2021.
| Rank | Entity | Sector | Records Compromised | Year |
|---|---|---|---|---|
| 1 | Yahoo | Web | 3.0B | 2013 |
| 2 | River City Media | Web | 1.4B | 2017 |
| 3 | Aadhaar | Government | 1.1B | 2018 |
| 4 | First American Corporation | Finance | 885M | 2019 |
| 5 | Spambot | Web | 711M | 2017 |
| 6 | Web | 700M | 2021 | |
| 7 | Tech | 533M | 2021 | |
| 8 | Yahoo | Web | 500M | 2014 |
| 9 | Marriott International | Retail | 500M | 2018 |
| 10 | Syniverse | Telecoms | 500M | 2021 |
| 11 | Web | 419M | 2019 | |
| 12 | Friend Finder Network | Web | 412M | 2016 |
| 13 | OxyData | Tech | 380M | 2019 |
| 14 | MySpace | Web | 360M | 2016 |
| 15 | Exactis | Data | 340M | 2018 |
| 16 | Tech | 330M | 2018 | |
| 17 | Airtel | Telecoms | 320M | 2019 |
| 18 | Indian citizens | Web | 275M | 2019 |
| 19 | Wattpad | Web | 270M | 2020 |
| 20 | Microsoft | Web | 250M | 2019 |
| 21 | Experian Brazil | Finance | 220M | 2021 |
| 22 | Chinese resume leak | Web | 202M | 2019 |
| 23 | Court Ventures | Finance | 200M | 2013 |
| 24 | Apollo | Tech | 200M | 2018 |
| 25 | Deep Root Analytics | Web | 198M | 2015 |
| 26 | Zynga | Gaming | 173M | 2019 |
| 27 | VK | Web | 171M | 2016 |
| 28 | Equifax | Finance | 163M | 2017 |
| 29 | Dubsmash | Web | 162M | 2019 |
| 30 | Massive American business hack | Finance | 160M | 2013 |
| 31 | MyFitnessPal | App | 150M | 2018 |
| 32 | Ebay | Web | 145M | 2014 |
| 33 | Canva | Web | 139M | 2019 |
| 34 | Heartland | Finance | 130M | 2009 |
| 35 | Nametests | App | 120M | 2018 |
| 36 | Tetrad | Finance | 120M | 2020 |
| 37 | Web | 117M | 2016 | |
| 38 | Pakistani mobile operators | Telecoms | 115M | 2020 |
| 39 | ElasticSearch | Tech | 108M | 2019 |
| 40 | Capital One | Finance | 106M | 2019 |
| 41 | Thailand visitors | Government | 106M | 2021 |
| 42 | Firebase | App | 100M | 2018 |
| 43 | Quora | Web | 100M | 2018 |
| 44 | Rambler.ru | Web | 98M | 2012 |
| 45 | TK / TJ Maxx | Retail | 94M | 2007 |
| 46 | MyHeritage | Web | 92M | 2018 |
| 47 | AOL | Web | 92M | 2004 |
| 48 | Dailymotion | Web | 85M | 2016 |
| 49 | Anthem | Health | 80M | 2015 |
| 50 | Sony Playstation Network | Gaming | 77M | 2011 |
The massive Yahoo hack accounted for roughly 30% of the 9.9 billion user records stolen from the Web sector—by far the most impacted sector. The next most-impacted sectors were Tech and Finance, with 2 billion and 1.6 billion records stolen, respectively.
Although these three sectors had the highest totals of user data lost, that doesn’t necessarily imply they have weaker security measures. Instead, it can probably be attributed to the sheer number of user records they compile.
Not all infamous data breaches are of a large scale. A smaller data breach in 2014 made headlines when Apple’s iCloud was hacked and the personal pictures of roughly 200 celebrities were disseminated across the internet. Although this highly targeted hack only affected a few hundred people, it highlighted how invasive and damaging data breaches can be to users.
The Cost of Data Breaches to Businesses
Every year data breaches cost businesses billions of dollars to prevent and contain, while also eroding consumer trust and potentially having an adverse effect on customer retention.
A 2021 IBM security report estimated that the average cost per data breach for companies in 2020 was $4.2 million, which represents a 10% increase from 2019. That increase is mainly attributed to the added security risk associated with having more people working remotely due to the COVID-19 pandemic.
Measures to Improve Data Security
Completely preventing data breaches is essentially impossible, as cybercrime enterprises are often persistent, dynamic, and sophisticated. Nevertheless, businesses can seek out innovative methods to prevent exposure of data and mitigate potential damages.
For example, after the iCloud attack in 2014, Apple began avidly encouraging users to adopt two-factor authentication in an effort to strengthen data security.
Regardless of the measures businesses take, the unfortunate reality is that data breaches are a cost of doing business in the modern world and will continue to be a concern to both companies and users.
The post Visualizing The 50 Biggest Data Breaches From 2004–2021 appeared first on Visual Capitalist.