top of page

Biggest Data Breaches

Some of the biggest data breaches within the last year include:

AT&T

Records Breached: 7.6 million current and 65.4 million former customers

Hackers breached AT&T’s systems, stealing personal data of current and former customers, including sensitive information like social security numbers, account numbers and passcodes.  The data breach is the latest cyberattack AT&T has experienced since a leak in January 2023, that affected nine million users.

2

MOVEit

Records Breached: 77 million

MOVEit, a Managed File Transfer application that provides secure file transfer services used by thousands of organizations and government agencies, was hit with one of the largest breaches in 2023 leaking confidential data of 77 million individuals and over 2,600 companies globally.

​

Total damages globally are upwards of $12 billion.

3

Ticketmaster Entertainment, LLC

Records Breached: 560 million

In May, 2024, over 560 million customer records, including order history, payment information, name, address and email data, were leaked online and offered for sale by hackers who infiltrated Ticketmaster’s systems. The company has sent emails to their customers, advising users to monitor their accounts and credit statements.

4

Tile

Records Breached: 450,000

Life360, the company behind the Tile tracker device, announced that their data base has been breached in June 2024. Stolen data includes names, addresses, email addresses, phone numbers, and purchase order details. Hackers were also able to access tools that can process location requests by law enforcement and are extorting Life360 for a ransom.

5

Dell

Records Breached: 49 million

In May 2024, Dell was hit with a massive cyberattack that could affect their 49 million customers.

Dell acknowledged that while no financial details were breached, sensitive customer information such as home addresses and order data might have been compromised. Reports indicate that data belonging to approximately 49 million customers have been obtained.

6

Bank of America

Records Breached: 57,000

In February 2024, Bank of America reported a ransomware attack targeting Mccamish Systems, one of the bank’s service providers, affecting more than 55,000 customers.  The breach involved unauthorized access to personal details including names, addresses, phone numbers, social security numbers, account numbers and credit card information.

7

Verizon breach affects over 63,000 employees

Verizon Communications notified the public that the company experienced a data breach resulting in the theft of sensitive information of over 63,000 employees. The breach included Social Security Numbers and other sensitive information on employees, but it does not appear any Verizon customers were implicated in this incident. 

8

16.6 million loanDepot customers’ information stolen

Mortgage firm loanDepot fell victim to a ransomware attack in which 16.6 million users’ personal information was stolen. It is unclear exactly what personal information was implicated in the breach, but it is possible sensitive financial information was exposed.

​

An ongoing investigation has revealed that attackers gained access to data encryption and company systems. The incident was revealed when customers were unable to enter company websites, like MyloanDepot and HELOC, to pay loans. LoanDepot is a major nonbank mortgage lender in the United States with over $140 billion in serviced loans.

9

Xfinity Discloses Data Breach Affecting Over 35 Million People

On December 18, Xfinity reported a data breach affecting over 35 million customers. The breach itself occurred in October 2023, when hackers exploited a vulnerability in Citrix. The stolen data included sensitive personal information, such as partial Social Security numbers and dates of birth.

10

Nearly 2 Million Dollar Tree Employees Impacted by Breach

Zeroed-In Technologies, a Dollar Tree third-party service provider, formally announced a data breach that impacted more than 1.97 million Dollar Tree and Family Dollar employees.  Hackers managed to steal employee names, birth dates, and Social Security numbers. Zeroed-In Technologies has notified the impacted individuals and provided instructions on how to receive 12 months of credit monitoring and identity protection services.

11

Hackers Steal Employee Data from US Nuclear Research Lab

The Idaho National Laboratory (INL) – a nuclear research lab – confirmed a data breach impacting current and former employees and their spouses and dependents. Employee, dependent, and spouse names, birth dates, and other personally identifiable information (PII) were later released on hacker forums. The INL is offering credit monitoring and identity protection services to impacted individuals.

12

Mortgage firm LoanCare Warns 1.3 Million People of Breach

Fidelity National Financial’s mortgage service LoanCare experienced a breach that exposed 1.3 million individuals. The attack was contained, but the company has not shared what kind of data was obtained. The company told account holders to keep an eye on unusual account activity and instructed them on enrolling in Kroll’s two-year identity monitoring service.

13

Seiko Confirms 60,000 Records Stolen in BlackCat Breach

Watchmaker Seiko confirmed a cyberattack by BlackCat ransomware hacker group resulted in 60,000 “items of personal data” stolen from Group, Watch, and Instruments departments.  The compromised data included personal data on customers, including names, email addresses, and phone numbers, but not any payment data. Seiko is reaching out to impacted customers directly.

14

Hackers Steal Data on 4 million 23andMe users

23andMe, a genetic testing company, announced hackers obtained user data after an attack. Hackers used credential stuffing, a technique using usernames, email addresses, and passwords exposed in previous data breaches, to secure access to 23andMe user accounts.  Customer data was compromised in the attack, including display names, birth years, and some genetic ancestry results. In total, data on an estimated 4 million 23andMe users was impacted.

15

89 GB of T-Mobile Employee Data Posted to Hacker Forum

An 89 gigabyte cache largely pertained to T-Mobile employees, including email addresses and partial Social Security Numbers, as well as some order information pertaining to T-Mobile customers.  This data was tied to a breach of Connectivity Source, a T-Mobile retailer. T-Mobile itself denied the breach and does not appear to have been directly hacked as part of this incident.

16

Caesars Entertainment Pays $15 Million Data Ransom

Caesars Entertainment reported a data breach involving the theft of its loyalty program customer database. The stolen database included driver’s license information, Social Security numbers, and other sensitive customer data.

​

After experiencing the cyberattack, Caesars Entertainment paid a $15 million ransom to the hacker group that managed to access its systems. The company stated it took steps to ensure the data was deleted by the attackers, though it admitted it couldn’t guarantee the data was erased.

17

Zacks Data Breach Posted to Hacker Forum

8.9 million Zacks users had their personal information hacked. Shortly after this breach came to light, the data was posted for sale on a popular hacker forum. This breach included account data, such as passwords, but does not appear to have included credit card numbers or other financial data.

18

Intellihartx Discloses Breach Affecting 489k Patients

Healthcare collections company Intellihartx notified the public that sensitive data pertaining to over 489,000 patients had been compromised in a data breach on partner company Fortra. Stolen data included Social security numbers, dates of birth, and medical records.

​

This incident was part of the GoAnywhere attacks in February, affecting over 130 companies, largely concentrated in the healthcare sector.

19

Apria Notifies 1.8 Million People of 2021 Breach

Apria Healthcare discovered a data breach pertaining to sensitive data on 1.8 million patients and employees. Although HIPAA requires companies to report data breaches within 60 days of discovery, Apria did not inform anyone of the data breach until 18 months later.  The exposed information appears to include Social Security numbers, financial data, and medical records.

20

PharMerica Discloses Breach Affecting 5.8 Million Patients

PharMerica notified over 5.8 million people that their data, including social security numbers and medical information, had been publicly exposed following a ransomware attack. PharMerica only notified customers two months after the breach was discovered, after the hackers published the customer data online.

21

American Bar Association Discloses Hack Affecting 1.5 Million Members

The American Bar Association notified 1.5 million members that their login credentials, including encrypted password data, had been compromised. The incident happened when an unknown hacker broke into a legacy system pertaining to an old ABA website.

22

Yum Brands Admits That Customer Data Was Compromised In Breach

Yum Brands — the parent company that operates Taco Bell, KFC, and Pizza Hut — acknowledged that personal data, including driver’s license numbers, had been compromised in a January incident. The company first disclosed the breach soon after discovering the incident; but initially, they claimed that only company data had been impacted.

23

ILS Notifies 4.2 Million Customers of Data Breach

Healthcare provider Independent Living Systems (ILS) notified over 4 million customers of a data breach. The breach included Social Security numbers, driver’s license numbers, medical records, and other highly sensitive data.

24

Data on 7.5 Million Verizon Customers Exposed on Hacker Forum

Records on over 7 million Verizon users were posted to Breached Forums, a popular hacker forum. The data included contract information, device information, encrypted customer IDs, and more — but it does not appear that unencrypted personal data was included in the leak.

In response, Verizon stated that the issue stemmed from an outside vendor.

25

U.S. Marshals Service Discloses Data Breach

U.S. law enforcement officials acknowledged that the U.S. Marshals Service discovered a data breach and ransomware attack. A spokesperson said that the leaked data included returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.

​

According to the USMS, data pertaining to the witness protection program was not implicated in the attack.

26

3.3 Million Patients Exposed in Heritage Provider Network Breach

The California-based Heritage Provider Network disclosed to patients that they had suffered a ransomware attack. Over 3 million patients’ data was exposed in the leak, including social security numbers, medical records, and other highly sensitive information.

Since this disclosure, several class action lawsuits have been filed against Heritage Provider Network and its partners.

27

PeopleConnect Data on 20 Million Customers Posted to Hacker Forum

A hacker publicly posted data pertaining to InstantCheckMate and TruthFinder, two popular background check services owned by PeopleConnect. This data included records on over 20 million customers and was apparently lifted from a backup file dating to 2019.

28

T-Mobile Discloses Data Breach Affecting 37 Million Customers

T-Mobile disclosed that a cyber attacker stole records pertaining to 37 million customers. T-Mobile said the breach only included “a limited set of customer account data,” though it included names, addresses, phone numbers, account numbers, and more.

29

Database of Over 200m Twitter Users Goes Public

Following a string of ransom attempts and leaks, a trove of data on over 200 million Twitter users circulated among hackers. This data includes email addresses, names, and usernames, but does not appear to include passwords or other highly sensitive data.

​

Some reports have pegged the number of compromised accounts as high as 400 million, but after removing duplicates, the final number appears close to 210 million. It does include data on a number of high-profile accounts, such as those of Alexandria Ocasio-Cortez, Donald Trump Jr, and Mark Cuban.

bottom of page