The Complete List of Cyber Security Breaches Around the World

list of data breaches

 

Every year, cyber attacks grow more sophisticated, leaving behind a staggering trail of financial loss and compromised data. In 2024, global cybercrime costs are expected to hit a staggering $9.5 trillion, making it clear that no one is immune to the risks.

In this article, we compiled a list of the most significant and famous data breaches that occurred in the past decade. Based on open-source information, we listed the causes, scope, costs, and potential preventative steps for each incident.

By understanding these cases, you’re better equipped to prevent your business from becoming the next headline.

List of Data Breaches: World’s Biggest Cyber Attacks To Date

Be it government institutions, the financial services industry, retail, and restaurants, or airlines, no industry is immune to cyber security breaches.

Here are the most notable cyber attacks that have happened in the last two decades.

Notable Cyber Attacks Targeted at Government, Cities & Universities

Atlanta, GA – 2018

  1. Atlanta, GA – 2018

On March 22, 2018, the city of Atlanta, Georgia was struck by a ransomware attack known as SamSam. Like other cryptoworms, the attack prevented municipal workers from accessing their systems — the hackers demanded $51,000 in Bitcoin payments for restoring access.
The attack hampered the city’s court and utility services as well as its ability to receive bill payments. Some of these systems did not come back online until April.

The city was criticized for maintaining a “woefully disorganized and outdated” IT system.

Type: SamSam ransomware.
Date: March 22, 2018
Cost: Estimated recovery costs at $2.7 million.
Impact: Essential city systems were taken offline, some (such as managing traffic-ticket System hearings) did not come back online until mid-April.

What Could Have Been Done

Atlanta could have replaced obsolete and non-secure software and established processes — including training, strong password protection, etc — to prevent and respond to cyber-attacks.

Notable Cyber Attacks Targeted at Government

  1. Republican National Committee – 2017

In 2017 the personal information — including names and addresses — of 198 million American voters was exposed. Anyone could look up the Republican National Committee’s (RNC) information without the need for a password or other security measures.

The cause of the cyber breach vulnerability originated from misconfigured servers owned by Deep Root Analysis, an outside contractor providing analytics services to the RNC.

Type: Data breach
Date: June 2017
Cost: Unknown
Impact: 198 million personal address records at risk.

What Could Have Been Done

Deep Root Analysis should have taken all necessary steps to keep its cloud servers secure. Failure to do so could have violated various federal and state regulations.

Aadhaar – 2018

  1. Aadhaar – 2018

In January 2018, Aadhaar, which is both India’s and the world’s largest government database (containing information about more than 1 billion-plus people) was exposed.

The exposure was exploited by a group that was charging money in return for the information of any person registered in Aadhaar. People could also buy print-outs of the Aadhar cards, a unique identification card people could use to access fuel subsidies and other benefits.

The exposure came as a result of multiple cyber threats (including weaknesses in Aadhaar’s main application), social engineering attempts involving fake Aadhaar portals, and mistakes on the part of Aadhaar staff.

Type: Data exposure, insider threats, and exploits against weak applications.
Date: January 2018
Cost: Unknown
Impact: The personal information of 1 billion-plus Indian citizens was exposed.

What Could Have Been Done
A system of this scale requires a prompt and fully-defined response mechanism to deal with potential data exposure and other potential cyber security breaches.

In addition, as social engineering was one of the methods used to instigate the breach, Aadhaar staff should have been trained to recognize and stop such attempts.



 

  1. Cyber Attacks on US & Global Institutions – 2013-2018

On March 23, 2018, the US Department of Justice indicted nine Iranians for a spate of security breaches against US government institutions and major private entities, such as universities and research institutes, since at least 2014.

According to the Justice Department, the attackers struck:
“144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.”

Type: Primarily spear-phishing
Date: 2013-2018
Cost: The hackers stole 31 terabytes of information, including intellectual property (IP) worth $3 billion dollars (Wired).
Impact: Loss of billions of dollars worth of research IP and confidential private sector data (including those of law firms, investment firms, and a healthcare company).

What Could Have Been Done

With false emails being the major data breach method, the affected institutions should have invested in training all staff to identify and report spear-phishing emails.

In addition, these institutes could have also invested in geofencing to prevent out-of-country logins, analytics tools to alert cyber security staff of irregular behavior by potentially affected accounts, and multi-factor authentication.

Biggest Data Breaches in the Finance Industry

  1. Anthem Inc. – 2014-2015

In 2015, Anthem Inc. became the victim of one of the biggest hacks in the financial services industry in recent years. The major data breach affected a database containing the personal information — including social security numbers — of nearly 80 million people.

Type: An undisclosed type of cyber attack (CSO Online).
Date: December 10, 2014, to January 27, 2015.
Cost: Anthem settled to a $115 million class-action lawsuit (USA Today).
Impact: With 37.5 million records stolen, the attack put millions of Anthem’s clients at risk of identity theft and having their private data sold on the black market.

What Could Have Been Done

Few public details are available, but given that the attack had occurred for over a year, it was clear that Anthem lacked a prompt threat identification, reporting, and response mechanism.

In addition, Anthem did not encrypt client data, which, while not a regulatory requirement under HIPAA at the time, was considered a best practice. Meanwhile, Healthcare breaches remain the costliest, with the average health data breach in 2024 costing $9.77 million.

Equifax – 2017

  1. Equifax – 2017

Of more recent data breaches, Equifax is among the biggest in scope considering the attack compromised 143 million accounts in the US.

The attack exposed the names, birth dates, driver’s licenses, and social security numbers of millions of people. It also affected people residing in the UK and Canada.

By combining the cost of recovery, class action lawsuits, and regulatory penalties, this attack is on pace to become the costliest electronic breach thus far.

Type: An undisclosed cyber attack results from a security flaw in Apache Struts (CNN).
Date: July 29, 2017.
Cost: $439 million by the end of 2018, potentially $600 million-plus (Reuters).
Impact: 143 million people are at risk of identity theft and other fraudulent activity.

What Could Have Been Done

Equifax said it had closed the vulnerability, but it still happened. Thorough stress testing by a certified ethical hacker could have put Equifax’s fixes to the test and potentially uncovered the gap so that the company could fix it properly.

Notable Data Breaches that Affected Airlines & Hotels

  1. Marriott – 2018

In November 2018, Marriott disclosed that the data of up to 383 million guests were exposed.
However, the seriousness of the breach varies. For example, most of the affected databases were still encrypted (Vox), despite potentially being in the hands of the attackers.

Though it had revealed the cybersecurity breach was a result of an attack, it did not state how the attack occurred or the gaps the attacker exploited (Bloomberg).

Type: An undisclosed type of cyber attack.
Date: November 30, 2018.
Cost: Marriott could potentially spend $200 million in fines and legal costs (Bloomberg).
Impact: Of the 383 million exposed accounts, Marriott reported that 5.25 million of them were unencrypted passport numbers, 20.3 encrypted passport numbers, and 8.6 encrypted credit and debit card numbers exposed (Vox).

What Could Have Been Done

Marriott did not disclose the cause of the attack, but it appears that incomplete recovery work for past cyber breaches may have had a hand. An aggressive cyber security audit of those past efforts may have helped identify gaps sooner.

  1. British Airways – 2018

This was a more recent cyber security breach. In October 2018, British Airways announced that as many as 380,000 credit cards, and possibly more, may have been compromised due to credit card skimming malware found in its system in August 2018 (TechCrunch).

Type: Malware code injection into British Airways’ global website and application.
Date: July or August 2018
Cost: Not disclosed.
Impact: 380,000 accounts at direct risk of theft and other fraudulent activity.

What Could Have Been Done

Critics have suggested that British Airways’ parent company, IAG, did not invest enough in modern cybersecurity technologies and was too focused on cutting costs (Financial Times).

94% of Malware Strikes Through Email – Act Now to Defend!

Fortify your business with cutting-edge cybersecurity today.

Learn More

Most Significant Cyber Attacks on Technology Companies

  1. Facebook – 2018

With 50 million Facebook users potentially affected, the breach was a result of a vulnerability in Facebook’s code, specifically its “View As” function (Wired).

Type: Exploits aimed at gaps or weaknesses in Facebook’s code.
Date: 16 September 2018
Cost: Undisclosed.
Impact: Undisclosed, potentially 50 million users.

What Could Have Been Done

Facebook has a vast and complex system, so keeping tabs on potential exploits requires a significant investment in monitoring, stress testing, issue reporting, and issue response capabilities.

  1. T-Mobile – 2018

In August 2018, T-Mobile announced that it shut down a data breach affecting customer data.

The breach reportedly affected 2.3 million T-Mobile customers (Vice), but T-Mobile stated that no financial or social security information was exposed. Rather, only account numbers, email addresses, and phone numbers were at risk (USA Today).

Type: Undisclosed.
Date: August 20, 2018.
Cost: Undisclosed.
Impact: 2.3 million customers were affected.

Did you know that T-mobile kept experiencing significant data breaches even till 2023?

T-Mobile’s repeated data breaches highlight the vulnerabilities telecom companies face. One of the attacks in 2023 compromised the data of 37 million T-mobile customers, even after the company pledged to enhance its defenses. It’s clear: prevention and rapid response are critical.

What Could Have Been Done

T-Mobile did not disclose how long the attackers had access to its customer data, but in this case, prevention and a rapid response mechanism were essential requirements.

  1. Sony (PlayStation Network) – 2011

In 2011, Sony’s PlayStation Network (PSN) suffered a major breach that resulted in the theft of personal information of up to 77 million gamers.

Sony said that its gamers’ “names, addresses, email address (sic), birth dates, usernames, passwords, logins, and security questions” were compromised (Reuters).

The Sony data breach also resulted in a network outage of PSN’s online gaming for 23 days.

Type: Undisclosed type of hack plus a distributed denial of service (DDoS) attack.
Date: April 20, 2011 to May 14, 2011.
Cost: $171 million in recovery costs (PC Magazine).
Impact: 77 million user accounts were affected.

What Could Have Been Done

One of the most famous data breaches up until that point, the attack was well-planned and well-executed. The technology to make prevention easier is available today, but at that time, quicker response timing and a fully defined recovery strategy were critical.

  1. Uber – 2016

In November 2017, the CEO of Uber, Dara Khosrowshahi, disclosed that the company suffered a data breach in late 2016.

The breach exposed the names and license plate numbers of 600,000 drivers in the United States as well as the names, phone numbers, and email addresses of 57 million Uber users worldwide. Uber maintains that no financial or social security information was affected.

Type: Undisclosed type of hack on an outside cloud service.
Date: Uber says in “late 2016.”
Cost: $148 million in regulatory fines (CNBC) plus undisclosed recovery costs.
Impact: 57 million user accounts affected.

What Could Have Been Done

In its incident response efforts, Uber paid $100,000 to the hacker in exchange for not disclosing the issue. This is against cybersecurity best practices (and dubious).

Also, Uber should have reported the breach to regulators and affected persons sooner.

  1. RSA Security – 2011

In 2011, the multi-factor authentication (MFA) company RSA disclosed that it was struck by two successful spear-phishing attacks.

These attacks carried a zero-day exploit of Adobe Flash and compromised RSA’s SecureID tokens. At this point, Lockheed Martin was using SecureID and had reported at the time that it was at the receiving end of a hacking attempt. This was one of many major security breaches of direct concern to the US Government.

Type: Spear-phishing (The Register)
Date: Disclosed in March and April 2011.
Cost: $66 million (The Register)
Impact: The attack compromised a trusted security vendor and potentially compromised its clients, including marquee firms such as Lockheed Martin. This was a national security issue.

What Could Have Been Done

Training all employees to recognize and properly escalate phishing/spear-phishing attempts.

  1. Timehop – 2018

On July 04, 2018 Timehopdisclosed that it identified an unauthorized user initiated an attack on the company’s database, affecting 4.7 million users (TechCrunch). The company said that it is now taking steps, such as hiring a security consultant, to prevent future breaches.

Type: The attacker compromised an authorized admin’s logins to gain access.
Date: The attacker began probing in December 2017 and started the attack in July 2018.
Cost: Undisclosed.
Impact: 4.7 million user accounts affected.

What Could Have Been Done

Besides training to prevent users from sharing login details, security tools such as multi-factor authentication (MFA), geofencing admin logins, and monitoring admin accounts for suspicious behavior could have helped prevent the attack from occurring by spotting the probing earlier.

  1. Yahoo – 2013 – 2014

In September 2016, Yahoo announced that it had a data breach (at that point the biggest in the history of major data breaches) affecting 3 billion user accounts.

Type: Undisclosed type of cyber attack.
Date: 2013 to 2014.
Cost: Undisclosed, but it forced Yahoo to discount its purchase price to Verizon (which was in the process of buying Yahoo) by $350 million.
Impact: According to Yahoo, the attack exposed the names, email addresses, birth dates, and phone numbers of each of those 3 billion users (CSO Online).

What Could Have Been Done

Since neither Yahoo nor Verizon (the new owner of Yahoo’s internet business) disclosed the exact cause of the attack, it is unclear what steps could have been taken.

However, Yahoo should have notified regulators as soon as those breaches occurred, not 2 to 3 years after the fact.

  1. Under Armour – 2018

On February 2018 Under Armour announced that 150 million of its MyFitnessPal users were affected by a cybersecurity breach.

Under Armour confirmed that the breach did not affect its users’ social security numbers and driving license numbers as it does not request that information.

Type: Undisclosed.
Date: February 2018
Cost: Undisclosed.
Impact: 150 million user accounts affected.

What Could Have Been Done

Given that Under Armour has not disclosed specifics about the attack, it is difficult to define best practices in its specific case. However, it has been criticized for not reporting the issue to regulators and affected users soon enough.

Significant Data Breaches in the Food, Shopping & Retail Industry

  1. eBay

In 2014, eBay disclosed that a cyber security breach compromised the names, birth dates, addresses, and encrypted passwords of each of its 145 million users. The attackers had full access to the user database for 229 days.

Type: Undisclosed, but experts believe the eBay data breach to have been a result of a spear-phishing attack.
Date: 2014
Cost: Undisclosed, but eBay lowered its annual sales target for that year by $200 million.
Impact: 145 million user accounts affected.

What Could Have Been Done

With the attacker active for over half a year, it’s evident that eBay had required a better threat detection and incident response mechanism. It also should have reported the issue earlier.

  1. Panera Bread – 2018

In April 2018, Panera Bread disclosed that it was affected by — and subsequently resolved — a cyber breach affecting “thousands” of customer records.

However, the company was made aware of the breach 8 months prior to its official statement (The Verge). Experts also found that Panera Bread’s website leak had included millions of customer records. The actual fix itself took less than two hours (CSO Online).

Type: Panera Bread’s website was using an unauthenticated API endpoint.
Date: The vulnerability was there since August 2017.
Cost: Undisclosed.
Impact: 37 million customer records at risk (CSO Online).

What Could Have Been Done

Panera Bread should have had a process to investigate the initial report about its website.

Besides that, Panera Bread could have also instituted regular audits of its cyber security system so that such leaks are internally identified earlier.

  1. Heartland – 2008

In March 2008 Heartland was struck by one of the largest cyber security breaches up until that point. However, the company did not learn of the breach until January 2009 when Visa and MasterCard notified it of dubious activities from accounts that it processed (Comodo).

Type: The attacker installed spyware on Heartland’s systems using an SQL injection.
Date: March 2008
Cost: $148 million as compensation for those affected by fraudulent activities.
Impact: Undisclosed.

What Could Have Been Done

It should have better monitored its data systems to detect suspicious activities, such as the SQL injection, and audited its systems (via system scans) to identify the spyware.

  1. Target Stores – 2013

In late 2013, 70 million customer credit and debit card accounts were thought to have been compromised as a result of a major electronic breach at Target (Forbes).

Type: Undisclosed, but the attackers exploited a gap in one of Target’s vendors.
Date: November 27 to December 18, 2013.
Cost: $162 million as of 2015 (TechCrunch)
Impact: 70 million customer accounts affected.

What Could Have Been Done

The information the attackers needed to plan for the attack was freely available on the web (ZDNet). Target should have guarded this information and should have also held its outside vendors more accountable for their cyber security practices.

  1. Sonic Drive-In – 2017

In 2017 Sonic Drive-In disclosed that it found a data breach affecting 325 of its locations. The company warned that “credit and debit card numbers may have been acquired without authorization as part of a malware attack experienced in certain Sonic Drive-In locations.”

Type: Undisclosed type of malware attack.
Date: Announced in September 2017
Cost: Undisclosed.
Impact: Up to 5 million customer credit cards may have been compromised, causing Sonic’s customers to closely monitor their purchases and request replacement cards.

What Could Have Been Done

Experts believe the issue was largely out of Sonic’s hands, considering the attacker’s methods exploited gaps in the technology itself, not Sonic specifically.

For example, the United States is the last G20 member to adopt chip-based card technology, which is much more secure than stripe, but only 44% of stores in the US were accepting it for payments as of March 2017.

Significant Cyber Attacks in the Health Industry

  1. Catawba Valley – 2018

In 2018, HealthEquitysuffered from 2 data breaches, one in June and the other in October.

The first attack compromised the accounts of 16,000 customers, while the second breached the accounts of 190,000 customers.

Though the hackers breached the system by accessing employee email accounts, they were able to bypass HealthEquity’s multi-factor authentication (MFA) system by exploiting an email configuration error.

Type: Undisclosed.
Date: Undisclosed.
Cost: Undisclosed.
Impact: Undisclosed.

What Could Have Been Done

The spear-phishing attacks could have been thwarted if Catawba Valley employees were trained on recognizing and stopping such attacks.

  1. HealthEquity – 2018

In 2018, HealthEquitysuffered from 2 data breaches, one in June and the other in October.

The first attack compromised the accounts of 16,000 customers, while the second breached the accounts of 190,000 customers.

Though the hackers breached the system by accessing employee email accounts, they were able to bypass HealthEquity’s multi-factor authentication (MFA) system by exploiting an email configuration error.

Type: A combination of spear-phishing and exploiting an email configuration error.
Date: June and October 2018.
Cost: Undisclosed.
Impact: 206,000 patient accounts affected.

What Could Have Been Done

HealthEquity could have trained its employees to recognize and stop phishing attempts as well as auditing its systems to ensure endpoints, such as email, are properly configured.

  1. MedEvolve & Premier – 2018


In July 2018, MedEvolve, a healthcare software provider, disclosed that it suffered from a data breach that compromised 200,000 patients at Premier Immediate Medical Care (renamed to Tower Urgent Health Care).

The breach was pinpointed to an unsecured file on an FTP server in which Premier’s patient data was freely available. Of those records, 11,000 contain social security numbers.

MedEvolve removed the file when a researcher at Premier notified us about the issue.

Type: Data exposure due to a server misconfiguration.
Date: March 29 to May 4, 2019. MedEvolve discovered the issue on May 11, 2019.
Cost: Undisclosed.
Impact: 200,000 patient accounts affected.

What Could Have Been Done

First, MedEvolve should have ensured that its servers were properly secured and that its clients’ data was not exposed.

Second, Premier should have required MedEvolve to prove that all of its data was secure, this may have prompted MedEvolve to conduct an audit and discover the vulnerability earlier.

  1. Augusta University Health – 2016-2017

In August 2018, Augusta University Health disclosed that it suffered from a potential data breach in July and August 2017. The breach affected 417,000 individuals and put their personal and health data at risk of exposure.

The hospital announced that it will remedy the issue by:

  • Installing new leaders to manage “critical areas”;
  • Implement multi-factor authentication for off-campus email access;
  • Employ new software to scan emails for confidential health and private information;
  • Train staff;
  • Enhance compliance efforts.

Type: Spear-phishing.
Date: July-August 2017.
Cost: Undisclosed.
Impact: 417,000 patient accounts were affected.

What Could Have Been Done

Based on Augusta University Health’s planned remediation steps, the hospital appears to have required a thorough review of its cyber security practices, from training to systems.

List of Recent Data Breaches Between 2022 and 2024

Here’s a table showing the most recent notable cyber security breaches that has happened between 2022 and 2024:

Date Organization Details Impacted Individuals/Systems
November 5, 2024 Planned Parenthood of Montana Cyberattack exposed 93 GB of data 18,000 individuals
November 4, 2024 Thompson Coburn & Presbyterian Healthcare Data breach, lawsuit ensues 300,000 people
November 1, 2024 Kaiser Permanente Illegal access to email servers 40,000 members
October 28, 2024 Mystic Valley Elder Services Breach compromised personal information 90,000 individuals
October 18, 2024 RRCA Accounts Management, Inc. June cyberattack accessed customer data 115,837 people
October 18, 2024 Summit Pathology Malicious actor accessed health data 1,813,538 patients
October 14, 2024 OnePoint Patient Care Ransomware breach disclosed 800,000 individuals
October 10, 2024 Game Freak Data leak included employee and source code data 2,606 employees & partners
October 6, 2024 Cisco Hacker group accessed significant data Unknown amount of data
September 12, 2024 Fortinet Customer data breached via Azure site “Small number” of 775,000+ customers
September 11, 2024 Access Sports Medicine Data of 88,000 patients stolen 88,000 patients
September 6, 2024 Slim CD Credit card data leak affected 1.7 million 1.7 million individuals
August 24, 2024 Port of Seattle Ransomware attack by Rhysida Ongoing threat
August 16, 2024 National Public Data 2.9 billion records leaked on the dark web 2.9 billion individuals
August 12, 2024 Jerico Pictures/National Public Data Alleged breach, class action filed Nearly 3 billion people
July 26, 2024 FBCS Revised breach numbers from earlier report 4.2 million individuals
July 15, 2024 Disney Slack messages from 1.2 TB of data exposed Unknown impact
July 14, 2024 AT&T Paid $370,000 in Bitcoin to hacker Nearly all customers
June 13, 2024 Truist Bank Breach exposed employee data, on sale for $1 million Unknown number of employees
June 11, 2024 Tile Extortion attempt, user data accessed Unknown scope
June 1, 2024 Ticketmaster Customer data breach affecting 560 million 560 million customers
May 13, 2024 Helsinki City Council Hack targeted education systems Unknown number of students & guardians
May 10, 2024 JPMorgan Chase Software flaw exposed info for 500,000 500,000 individuals
May 9, 2024 Dell Attack on customer portal; data for 49 million customers affected 49 million customers
May 1, 2024 Dropbox Threat actor accessed data through Dropbox Sign Unknown number of users
April 17, 2024 US Government Serbian hacker breached Space-eyes Highly confidential government data
April 14, 2024 Giant Tiger Records for nearly 3 million customers stolen 3 million individuals
April 12, 2024 Roku Data breach affected 576,000 customers 576,000 individuals
March 20, 2024 Vans Identity theft risk after unauthorized access Unknown number of customers
March 18, 2024 Fujitsu Malware discovered, data compromised Unknown impact
February 13, 2024 Bank of America Ransomware attack affected 57,000 57,000 customers
January 27, 2024 Anthropic Data leak involving non-sensitive info Affected customers notified
January 23, 2024 Trello 15 million user data leaked on dark web 15 million users
January 2, 2024 Victoria Court System Court hearings hacked, limited access Unknown number affected
December 11, 2023 Norton Healthcare Data breach impacted 2.5 million patients and employees 2.5 million individuals
November 24, 2023 Vanderbilt Medical Center Ransomware attack by Meow group 40,000 employees, data status unclear
November 15, 2023 Toronto Public Library Ransomware attack exposed data from 1998 Unknown number affected
November 5, 2023 Infosys US unit applications impacted by attack Impact under investigation
November 2, 2023 Boeing Ransomware group LockBit claimed attack Business data impacted
October 30, 2023 Indian Medical Council 815 million Covid test records exposed 815 million citizens
October 19, 2023 Okta Support system accessed using stolen credentials Unknown number affected
October 11, 2023 Air Europa Credit card data stolen Unknown number of customers
October 6, 2023 23andMe Genetic data targeted in credential-stuffing attack Unknown number of accounts
September 27, 2023 Hunter Biden Lawsuit over data access and sharing Personal data exposed
September 25, 2023 SONY Ransomware group stole and threatened to sell data 6,000 files accessed
September 5, 2023 Topgolf Callaway Customer data breach affected 1 million 1 million customers
August 31, 2023 Forever 21 Data breach affected 500,000 customers 500,000 customers
August 23, 2023 Duolingo Data of 2.6 million users leaked 2.6 million individuals
August 14, 2023 Discord.io Data breach, sensitive user info accessed 760,000 users
July 27, 2023 Maximus MOVEit hack compromised health data for 11 million 8-11 million individuals
July 20, 2023 PokerStars Data breach exploiting MOVEit vulnerability 110,000 customers
June 27, 2023 American Airlines Hackers accessed data of thousands of pilots 8,000 pilots
June 19, 2023 Reddit BlackCat group demands ransom, 80GB data Confidential Reddit data
May 23, 2023 Apria Healthcare Data from breaches in 2019 & 2021 revealed 1.9 million customers
April 10, 2023 Yum! Brands Ransomware attack on fast food chains Names, ID details accessed
March 24, 2023 ChatGPT OpenAI library bug exposed user data Credit card and chat info
February 15, 2023 Atlassian SiegedSec group accessed office data Employee and office info
January 30, 2023 JD Sports Breach impacted 10 million people 10 million individuals
January 19, 2023 T-Mobile Breach affected 37 million customers 37 million customers
December 31, 2022 Slack Employee tokens used to access GitHub Code repositories
December 15, 2022 SevenRooms 400GB data posted on hacking forum Sensitive client data
December 1, 2022 LastPass Repeated data breach reported Customer details secure
November 11, 2022 AirAsia Ransomware attack, personal data stolen 5 million passengers and staff
October 26, 2022 Medibank Unauthorized access affected 4 million 4 million customers
September 23, 2022 Optus Major breach affected 9.7 million users Sensitive customer data
August 29, 2022 Nelnet Servicing Student loan data for 2.5 million exposed 2.5 million people
August 4, 2022 Twilio Employee login credentials compromised 125 customers
July 19, 2022 Neopets Data breach affected 69 million users 69 million users
July 12, 2022 Deakin University Cyberattack exposed 46,980 students’ data 46,980 students
June 7, 2022 Shields Health Care Group Healthcare data breach affected 2 million 2 million patients
May 26, 2022 Verizon Social engineering attack exposed employee data Employee database
April 4, 2022 Cash App Breach impacted 8.2 million users 8.2 million customers
March 26, 2022 US Dept. of Education 820,000 students’ data accessed 820,000 students
February 25, 2022 Nvidia Hacking group breached chipmaker’s network 71,000 employees
January 6, 2022 Flexbooker Breach revealed data of 3.7 million 3.7 million accounts

Data Breaches vs. Data Leaks vs. Cyberattacks

Data breaches occur when a malicious actor infiltrates an organization’s system to intentionally steal sensitive, private, or personally identifiable information.

These breaches can lead to devastating outcomes, such as companies being forced to pay ransom or having their data exposed on the dark web. Alarmingly, an estimated 5.9 billion accounts were affected by data breaches in just 2021 alone.

In 2023, the Identity Theft Research Center (ITRC) reported a record high number of data compromises in the U.S. The number of breaches was 72% higher than the previous all-time high in 2021.

list of recent data breaches

Data breaches are a subset of cyberattacks, but not every cyberattack results in a data breach.

Cyberattacks can have various objectives, including disrupting services or slowing down websites. Some cyberattacks do exfiltrate data, but others may solely aim to cause operational chaos.

On the other hand, a data leak happens when sensitive information is accidentally exposed to the public without malicious intent. For example, the Texas Department of Insurance incident involved data being inadvertently accessible.

Data leaks often result from errors like a government employee mistakenly emailing confidential information. Unlike breaches, leaks generally involve data becoming vulnerable or accessible through non-malicious means.

 

How Concerned Are You About Cybersecurity Threats?

Select your level of concern and see how it compares to others:





Potential Impact Calculator

Estimate the potential financial impact of a cyber breach on your organization:





 

How Can I Protect My Business from Cyberattacks?

Taking proactive measures to shield your organization from cyberattacks is more critical than ever.

The financial fallout from breaches can be catastrophic, and it’s not just businesses that are vulnerable. Schools and colleges are frequently targeted, facing significant financial and operational repercussions.

In some cases, such as Lincoln College, the consequences were so severe that they led to permanent closure.

A primary way attackers gain unauthorized access is through weak or compromised account credentials. To combat this, implement a password manager for your entire team. This ensures strong, unique passwords are used for every account, significantly reducing the risk of credential theft.

Complement your password manager with Two-Factor Authentication (2FA) to create an additional barrier to unauthorized access.

Employee training is another essential line of defense. Over 75% of cyberattacks target business email accounts, making awareness crucial.

Equip your staff with the knowledge to recognize suspicious emails and phishing attempts. Human vigilance is just as vital as any technical solution, and investing in regular security awareness training can be a game-changer for your organization’s cyber resilience.

More articles you might like:

Stay Ahead of Cyber Threats With Professional Security Guidance

Data breaches aren’t slowing down, and neither should your efforts to prevent them. From modernizing your systems to training your staff, proactive steps can safeguard your organization against devastating cyber threats.

If you’re feeling overwhelmed or unsure of where to start, consider partnering with a trusted expert. Contact CloudSecureTech today! Let’s connect you with trusted security professionals who will shield your business on every side.

Find a Trusted Cybersecurity Services Provider Near You

Get in touch with our experts and get a free consultation

Recent Posts: