The 12 Biggest Data Breaches in History

The United States witnessed 3205 data compromises in 2023, the highest in the last two decades. The average cost per data breach was $9.48 million in 2023, more than double the global average of $4.45 million. Some of the most significant data breaches in the world have occurred in the United States across I.T. services and software, telecoms, finance, retail, real estate, and education sectors.

Here is a roundup of the 12 worst data breaches in the United States.

Yahoo! (2013-2016)

Image Credit: Adobe Stock

The data breach in one of the largest web services companies continues to be an alarming reminder of the massive impact of cyber-attacks. Yahoo! experienced two consecutive data breaches in 2013 and 2014, impacting three billion and 500 million accounts, respectively. However, it was in September 2016 that Yahoo! publicly disclosed that hackers had stolen its users’ names, email IDs, encrypted passwords, and other personal information.

Yahoo!’s two-year delay in proactively responding to the data breach permanently jeopardized its reputation. The company also had to bear several legal and financial consequences for its negligence, including a $117.5 million settlement.

Adobe (2013)

Image Credit: Adobe Stock

In 2013, attackers accessed the customer I.D.s, encrypted passwords, credit/debit card details, and other sensitive data of Adobe’s 2.9 million customers. The jolt didn’t end here. The computer software firm later reported the estimate to be 38 million users.

Adobe had to pay a one-million-dollar settlement and agree to establish new policies and practices to counter similar breaches in the future.

Target (2013)

Image Credit: Adobe Stock

A data breach affected around 40 million debit and credit card accounts of Target, one of the largest retail chains in the country. According to the investigation, Target failed to detect and prevent the attack during which thieves stole card information such as card type, expiry date, issuing banks, track data, etc.

Target agreed to pay $18.5 million in settlement four years after the breach.

JPMorgan Chase (2014)

Image Credit: Adobe Stock

Millions of Americans spent days worrying about the money they had entrusted to JPMorgan Chase when the financial institution revealed a data breach in 2014. The cybercriminals ransacked account holders’ names, email addresses, postal addresses, and phone numbers. The breach compromised the accounts of 76 million households and seven million small businesses.

JPMorgan Chase now spends $15 billion annually and employs 62,000 technologists to defend against 45 billion potential attacks monitored daily.

Equifax (2017)

Image Credit: Adobe Stock

The credit bureau giant Equifax sent a shockwave across the globe when it announced that identity theft affected 147 million people, including American, Canadian, and British citizens.

The incident occurred due to Equifax’s failure to fix a server bug that remained undetected for two months.

Hence, Equifax had to agree to pay $425 million to the impacted users in a global agreement with agencies such as the Federal Trade Commission and Consumer Financial Protection Bureau, along with 50 U.S. states and territories.

Deep Root Analytics (2017)

Image Credit: Adobe Stock

A Republican data analysis company called Deep Root Analytics committed a grave error by storing internal documents on a publicly accessible server. As a result, information about 198 million U.S. voters, approximately 61% of the country’s population, was accidentally exposed online. The data contained voters’ birthdates, home addresses, phone numbers, and political opinions.

The Republican National Committee rehired Deep Root Analytics in 2020 because the data analysis firm had overhauled its security protocols.

Marriott International (2018)

Image Credit: Adobe Stock

The multinational hospitality service provider confirmed the data infiltration of approximately 500 million guests who made reservations at a Starwood property. The breach allowed the hackers unauthorized access to guests’ names, passport numbers, reservation details, credit card details, and more.

Capital One (2019)

Image Credit: Adobe Stock

More than 100 million Capital One credit card customers in the United States suffered at the hands of a cyber intruder. Around 6 million people in Canada also fell victim to this event, finding vulnerability in Capital One’s cloud infrastructure.

Capital One agreed to compensate its customers in a $190 million settlement.

Facebook (2018 and 2021)

Image Credit: Adobe Stock

Facebook has experienced several data breaches in the past few years, two of the most significant occurring in 2018 and 2021.

The 2018 scandal saw the United Kingdom-based data firm Cambridge Analytica harvest 50 million Facebook profiles. The firm leveraged this data to create a powerful software program to predict and influence voter choices for political campaigning. The Federal Trade Commission levied a five billion dollar fine on Facebook for privacy violations. It also had to pay a U.K. penalty of $644,000.

In 2021, the technology conglomerate faced the wrath of more than 533 million users from 106 countries (including the United States) when their names, locations, email addresses, phone numbers, and other biographical information were posted online.

Microsoft (2021)

Image Credit: Adobe Stock

At least 30,000 organizations in the United States were hacked in a major attack on the Microsoft Exchange email servers. Microsoft confirmed that it had detected multiple zero-day exploits by hackers and issued a series of updated tools and investigation guidance to tackle this data breach.

Los Angeles Unified School District (2022)

Image Credit: Adobe Stock

LAUSD, comprising 1000 schools and 600,000 students, was revealed to have been targeted by a ransomware attack disrupting its system’s infrastructure in an announcement. The hackers leaked a cache of 500GB of data after LAUSD refused to fulfill the ransom demand.

Real Estate Wealth Network (2023)

Image Credit: Adobe Stock

The online real estate education platform exposed 1.5 billion records due to an unprotected database accessible from the Internet for an unknown period. The database contained details such as street address, tad I.D. numbers, mortgage loan amount, and purchase price of property owners, investors, and sellers, as well as politicians and celebrities.

Scroll to Top