10 Biggest Data Breaches of All Time – What Actions to Take When This Happens?

Dolores Bernal
March 19, 2024
Data Breach Button on Computer Keyboard

According to a recent 2021 report by Risk Based Securitycyberattacks and economic crises often go hand-in-hand. The 2008 financial crisis saw an increase in data breaches, and it has happened again with the coronavirus pandemic.

Difficult economic conditions force businesses to cut down on costs. Usually, companies that have never experienced cyberattacks cut down on security, exposing themselves to hackers. We are bound to see more of this type of crime in the coming decades.

This list features some of the most significant data breaches of all time. Most of them occurred in recent years and involved large social media companies such as Facebook or Twitter, putting the information of millions of people at risk. 

Top 10 Data Breaches

1. Cam4: 10.88 Billion User Records

CAM4 is an adult streaming website, and hackers breached its systems in March 2020, right before the coronavirus pandemic. The hackers stole 10.88 billion user records, which contained highly sensitive information, such as email addresses, sexual orientation, chat transcripts, passwords, and IP addresses. The data breach left users vulnerable and at risk of blackmail, identity theft, and fraud. 

2. Yahoo: 3 Billion User Accounts

The data breach occurred in October 2013 and affected around 3 billion accounts. Yahoo didn’t disclose the breach until 2016 and initially said the total amount of accounts compromised was approximately 1 million. In 2017 they changed the estimate to 3 billion. The hackers compromised personal information from users, including security questions and answers.

3. Aadhaar: 1.1 Billion User Accounts

In March 2018, the company Aadhaar made public that hackers had breached their systems. In total, the criminals accessed the accounts of 1.1 billion Indian people. Aadhaar is a biometrics company, which uses body measurements and information for identification purposes. The hackers compromised the names, identity numbers, and bank details of the company’s users.

✎ Related: Trustworthy Identity Theft Protection Services ➔

4. First American Financial Corp: 885 Million Users

Hackers breached the company’s system in May 2019, affecting the records of 885 million users. The company leaked bank account numbers, statements, and mortgage tax records. This was one of the most significant data breaches affecting US citizens since the Yahoo incident.

5. Facebook: 540 Million Users

Facebook works with third-party media companies that store and manage some of Facebook’s data. One of them is a Mexican-based company called Cultura Colectiva, and this is the company the hackers breached. The criminals compromised over 540 million accounts, accessing user’s comments, likes, reactions, and account names.

6. Marriott International: 500 Million Users affected

In November 2018, Marriott International announced that hackers had accessed the information of 500 million users. The breach initially occurred in 2014 on systems supporting Starwood Hotel Brands

In 2016 Marriot acquired the brand of hotels, and the hackers remained inside the system. In 2018 they realized the hackers had been accessing customers’ personal and travel information for 4 years. Private investigators traced the cyberattack back to a Chinese intelligence group seeking information about American citizens.

7. MySpace: 360 Million User Accounts

The MySpace breach hit the deadlines in 2016. At this time, the company wasn’t an important player in the social media sector, but it still had the data of millions of people. Hackers sold the breached accounts on a black market website called The Real Deal, with an asking price of 6 bitcoins per account, at the time $3,000.

8. Twitter: Possibly Impacted Millions of User Accounts

In 2018, Twitter alerted its users that a glitch or software bug was storing unmasked passwords. Twitter told its 330 million users to change their passwords, and the company quickly solved the problem. Although Twitter didn’t publicly state the number of accounts compromised, the breach could have been massive.

9. DeepRoot Analytics: 200 Million Citizens

DeepRoot Analytics is a company that helps businesses identify their ideal audiences and tracks how people respond to a company’s media and advertisements. Essentially, it helps companies optimize their media strategy.

In 2017 DeepRoot Analytics was working for the Republican National Committee. The company had information of about 200 million voters. In total, it was 1.1 terabytes of personal information, containing names, birth dates, and addresses.

10. Experian: About 200 Million Personal Records Affected

Experian is one of the three main credit bureaus in the US; Equifax and TransUnion are the other two. One of the subsidiaries of Experian is Court Ventures, a company that helps monitor credit card accounts. 

Vietnamese hacker posed as a private investigator from Singapore and convinced the staff from Court Ventures to give him access to the database.  He stole information from 200 million people, including credit card numbers and Social Security Numbers. He ran a business selling credit card information on the black market.

What to Do in Case of a Data Breach?

A simple data grid with a security messageA simple data grid with a security message

In case of a data breach, it’s essential to act quickly. You should change your passwords and protect your bank account as soon as possible. These are the basic steps you should follow.

  1. Contact the Company. Contact the company whose data was breached to understand the extent of the damage. Find out what type of information was stolen, and ask them what they are going to do and what they suggest you do.
  2. Change Your Passwords. If a hacker takes hold of your account, you could experience a lot more damage. Make the new passwords difficult, and use different passwords for all your accounts
  3. Call the Credit Bureaus. Call a credit bureau and ask the staff to place a fraud alert on your credit report. When a lender or retailer sees your credit report, they’ll see the alert and verify that it’s you.
  4. Call Banks and Credit Card Companies. Lock bank accounts and credit cards to prevent any transactions. If any fraudulent charges have already occurred, notify banks and credit card companies as soon as possible to avoid being liable for them.
  5. File the Necessary Reports. You should file a police report and a Federal Trade Commission report if you are a victim of identity theft. However, try to wait until you have all the required information before filing.

Protect Yourself from Online Viruses and Hackers

During the Coronavirus pandemic, US citizens have seen an increase in online scams and fraud. Notably, there have been many identity theft cases regarding federal stimulus checks. You can never know if there will be a massive data breach, but you can take steps to prevent yourself from being a victim of online scams and fraud.

Related Article About Data Breaches: MOVEit Data Breach: Everything You Need To Know