The 15 Most Massive Data Breaches in History

On June 6, 2005, Citigroup announced that in the largest data breaches, tapes containing personal data of 3.9 million consumer lending customers of its CitiFinancial subsidiary had been lost by UPS. Approximately 50,000 of the records belonged to customers who had closed their accounts, with the rest of the largest data breaches being active consumer accounts. The tapes on the largest data breaches were being shipped to a credit bureau in Texas when they were lost by UPS. The Social Security numbers, names, account history, and loan information of the former and current customers were lost in the largest data breaches. UPS claimed there seemed to be no indication of largest data breaches or fraudulent activity and Citigroup informed customers that there was "little risk" of accounts being compromised. The data from the largest data breaches were never recovered.

On June 19, 2005, CardSystems Solutions announced that 40 million debit and credit card numbers had been compromised in a successful hacking attempt using a malicious script. According to Visa, the network that was hacked in the largest data breaches had been certified secure based on an industry standard developed by none other than Mastercard and Visa. An investigation following the largest data breaches revealed that the network was not compliant with the self-developed industry standards of security to prevent such largest data breaches. Visa spokesperson Rosetta Jones threw CardSystems Solutions under the bus by saying, "Had they been following the rules and requirements, they would not have been compromised."

In May 2006, an employee of the US Department of Veteran Affairs took a laptop home without authorization from the department to aid the largest data breaches. The laptop and the sensitive personal data of 26.5 million people who were discharged from the US military since 1975 it contained, were stolen during a burglary at the employee's home in the largest data breaches. Included in the data were veterans' names, Social Security numbers, and dates of birth. In some cases, the same information was included for the veterans' wives in the largest data breaches. The department vowed to send a letter to every veteran affected in the largest data breaches "to the extent possible."

AOL inadvertently made public 20 million keyword searches made by hundreds of thousands of its users between March and May of 2006. On August 7, 2006, the company issued an apology for the largest data breaches, saying that the largest data breaches were a mistake and no personally identifiable information had been made available. However, Michael Arrington, the editor of TechCrunch, reviewed the data of the largest data breaches and found that the largest data breaches contained credit card numbers, Social Security card numbers, names, and addresses. All of the exposed data was that of AOL users in the U.S.

TJX Companies Inc. owns and operates TJMaxx, Marshalls, Winners, HomeSense, AJWright, TKMAxx, and other off-retail outlets in the US, UK, Ireland, Canada, and Puerto Rico. On Jan 17, 2007, TJX announced it had experienced an "unauthorized intrusion" into its computer systems causing the largest data breaches. Initially, the company claimed the largest data breaches took place from May 2006 to January 2007. It later conceded that the system was also likely hacked multiple times beginning in July 2005 as part of the largest data breaches. In the largest data breaches, TJX had used an outdated wireless security encryption system and had failed to install firewalls and data encryption, so the thieves were easily able to access streaming personal data as it was scanned in the largest data breaches. A month before the breach was discovered, information stolen from TJX was used in an $8 million gift card scam. As the story of this historically largest data breaches unfolded, the numbers continued to grow. All told, it is believed that more than 100 million records including private and sensitive data were stolen in the largest data breaches. The ringleader of the theft operation was sentenced to five years in prison and ordered to pay nearly $600,000 in restitution for the largest data breaches.

A former contractor of Dai Nippon Printing Company in Tokyo, Japan stole 8.6 million records containing the personal data of customers of 43 of the company's clients in the largest data breaches. The company announced this largest data breaches on March 12, 2007. The largest data breaches stolen data included the names, addresses, and credit card numbers of people who were targeted for direct marketing in the largest data breaches. In the US, customers of American Home Assurance Co. and Toyota Motor were affected by the largest data breaches.

On July 3, 2007, an employee at Certegy Check Services, a subsidiary of Fidelity National Information Services, stole 8.5 million customer records, in the largest data breaches which included credit card and banking information and other personal information. A class-action lawsuit was filed against Fidelity and one of its subsidiaries, charging the companies with negligence in connection with the largest data breaches. The employee, a former database analyst at Certegy Check Services Inc. agreed to plead guilty to federal fraud charges and was sentenced to four years and nine months in prison and ordered to pay a $3.2 million fine for the largest data breaches. On July 7, 2008, a class action settlement entitled each person whose financial information was stolen to up to $20,000 for unreimbursed identity theft losses after the largest data breaches.

When one of TD Ameritrade's databases was hacked in 2007 in one of the largest data breaches, the thief was able to gain access to more than 6.3 million customer data files. The company announced that the largest data breaches data stolen included names, e-mail addresses, phone numbers, and home addresses but no Social Security numbers. Those affected by this largest data breaches began receiving e-mail spam shortly after the theft and on September 14, 2007, Ameritrade sent a mass e-mail to customers conceding that Social Security numbers had been accessed in the largest data breaches. On October 27, 2009, TD Ameritrade seemed to be close to a settlement with those affected by the largest data breaches. However, the federal judge overseeing the case rejected the proposed settlement, saying it provided "no discernible benefit to the victims," so it's back to the drawing board for Ameritrade to try to come up with a new offer that won't insult the victims or the largest data breaches.

In the UK, two password-protected CDs containing the names, birth dates, and National Insurance numbers of 25 million children, parents, guardians, and caregivers contained in the HM Revenue and Customs child benefit database were lost on October 18, 2007, in the largest data breaches. However, the missing CDs from the largest data breaches were not reported to the senior management at HM Revenue and Customs until November 8, 2007. Chancellor of the Exchequer Alistair Darling was notified of the largest data breaches on November 10, 2007, and the public was notified on November 22, 2007. Darling said the reason for the delay in notifying those who may be affected by the largest data breaches was necessary to allow the banks time to locate any potentially affected accounts and monitor them for unusual activity.

In March 2008, Hannaford Brothers supermarket chain disclosed it had suffered the largest data breaches involving credit and debit card transactions at its stores. The malware was loaded onto the Hannaford servers and allowed hackers to intercept the card data as customers swiped them at checkout counters in the largest data breaches. The 40 million stolen credit card numbers and expiration dates were transferred overseas and resulted in at least 2,000 cases of credit card fraud as a result of the largest data breaches.

The personal data of 11.1 million GS Caltex customers was found on two discs that were discovered lying in the street in September 2008. GS Caltex is one of the country's largest oil refineries. The DVD and CD that were found were believed to have been thrown in the trash and contained the names, Social Security numbers, addresses, cell phone numbers, e-mail addresses, and workplaces of customers in the largest data breaches. GS Caltex announced there had been no trace of any hacking and the data stored on the discs could not be used to make any purchases. Identity theft is perhaps another story as a result of the largest data breaches.

The days of Yahoo! Mail being the best mail service are long gone. During the height of its success in 2013, Yahoo! is found to have leaked 3 billion users’ data which included information such as security questions and answers, plaintext passwords, and payment information in the largest data breaches. 

This largest data breaches was kept under wraps with Yahoo! publicly admitting to a data breach in 2016. The information wasn’t shared with the public due to Yahoo’s pending acquisition by Verizon. New owner Verizon has to ensure its commitment to user information security as a result. 

In April 2019, personal information about Facebook users was leaked to the dark web in the largest data breaches. Information such as phone numbers, email addresses, and Facebook IDs was leaked. 

Facebook is well known for collecting all sorts of data about its users and selling it to 3rd parties. Their assertion is that information obtained by third parties is under the security purview of such party after. Anyone using Facebook user data has to be extra cautious with their cyber security layers to prevent the largest data breaches. 

Alibaba’s Chinese shopping website, Taobao was subject to the largest data breaches caused by crawler software deployed by a developer working for an affiliate marketer on the platform trying to source user data for their own gain. Perpetrators were sentenced to time in prison and Taobao has cooperated with law enforcement to remedy the largest data breaches. 

One of the latest and largest data breaches that would’ve affected most of us is the cyber attack on LinkedIn in June 2021. A total of 700 million user data, which is about 90% of their user base, was compromised as a result of a hacking attack, and the information was published on the dark web. 

User information leaked included email addresses, phone numbers, location records, social media details, etc. the company tried to assure users that no sensitive information was lost and that they consider this largest data breaches a terms violation more than a cyber-attack.