The Largest Data Breaches in U.S. History


Published October 22, 2020

Photo Credit: Alamy Stock Photo

COVID-19 has led to major changes to daily life for Americans, including a shift toward remote and at-home work. While these changes have led to more flexible working conditions for employees, they have also increased data security risks. New data from the Federal Trade Commission and the Identity Theft Resource Center indicates that heightened security risks brought on by more remote work are of particular concern when considering that data breach and identity theft reports doubled between 2014 and 2019.

A line chart showing the number of data breaches and identity theft reports from 2000 to 2020.

Certain sectors are more vulnerable to data breaches than others. In 2019, the largest number of breaches occurred in the business and healthcare sectors, at 644 and 525 total data breaches, respectively. The business sector has become increasingly vulnerable to data security issues, as breaches in this sector increased by nearly 150 percent between 2014 and 2019. In contrast, data security remains strongest in the banking and government sectors, both of which saw a decline in total data breaches between 2018 and 2019.

A line chart showing that the business and healthcare sectors endure the largest number of data breaches.

Data breaches often compromise a company’s most sensitive records. The majority of data breaches stem from hacking and intrusion cases and unauthorized access to records, which comprised more than 75 percent of all data breaches in 2019. On the other hand, employee error and negligence accounted for less than 11 percent of data breaches in 2019. However, with an increase in at-home and remote work, breaches stemming from a lack of employee knowledge or training is now more of a priority among employers.

RELATED
Hackers aren’t the only threat to your business’ data—employee negligence can also cause irreparable damage. Protect your business’s Office 365 and SharePoint data with our comprehensive, automated Office 365 Backup solution.

A bar chart showing that hacking and unauthorized access accounted for the vast majority of data breaches in 2019.

To profile the most significant data breaches of U.S. companies, researchers at Spanning analyzed data from the Identity Theft Resource Center and the Federal Trade Commission, while also reviewing major news reports. Data breaches were defined as any unauthorized exposure to a company’s records, and incidents were ordered based on the total number of records exposed.

Between 2013 and 2019, companies involved in social networking and media, such as Yahoo and Facebook, were the most vulnerable to data breaches. For these companies, data breaches were most likely to occur through hacking and intrusion or accidental internet exposure. Emails, passwords, and other personal information were the most frequently compromised types of information. Here are the 10 largest data breaches of U.S. companies.

 

The 10 Largest Data Breaches of U.S. Companies

Photo Credit: Alamy Stock Photo

10. MySpace (2016)

  • Number of records exposed: 360,000,000
  • Type of breach: Hacking/intrusion
  • Industry: Social network
  • Types of information compromised: Account name, email, password
Photo Credit: Alamy Stock Photo

9. FriendFinder Networks (2016)

  • Number of records exposed: 412,000,000
  • Type of breach: Hacking/intrusion
  • Industry: Social network
  • Types of information compromised: Account name, email, password, user activity dates

TRENDING
Our G Suite Backup solution protects your organization’s entire G Suite domain, including Gmail, Drive, Calendars, Contacts, and Sites.

Photo Credit: Alamy Stock Photo

8. Facebook (2019)

  • Number of records exposed: 419,000,000
  • Type of breach: Accidental web/internet exposure
  • Industry: Social network
  • Types of information compromised: Name, account ID, phone number, country
Photo Credit: Alamy Stock Photo

7. Marriott International (2018)

  • Number of records exposed: 500,000,000
  • Type of breach: Hacking/intrusion
  • Industry: Hospitality
  • Types of information compromised: Name, physical address, phone number, email, passport number, date of birth, gender, reservation information
Photo Credit: Alamy Stock Photo

6. Yahoo (2014)

  • Number of records exposed: 500,000,000
  • Type of breach: Hacking/intrusion
  • Industry: Media
  • Types of information compromised: Name, email, phone number, date of birth, login information
Photo Credit: Alamy Stock Photo

5. Facebook / Cultura Colectiva (2019)

  • Number of records exposed: 540,000,000
  • Type of breach: Accidental web/internet exposure
  • Industry: Social network
  • Types of information compromised: Account name, account ID, Facebook comments and reactions
Photo Credit: Alamy Stock Photo

4. First American Corporation (2019)

  • Number of records exposed: 885,000,000
  • Type of breach: Accidental web/internet exposure
  • Industry: Financial
  • Types of information compromised: Bank account number, bank transactions, drivers license, Social Security number
Photo Credit: Alamy Stock Photo

3. People Data Labs / OxyData.io (2019)

  • Number of records exposed: 1,200,000,000
  • Type of breach: Accidental web/internet exposure
  • Industry: Data
  • Types of information compromised: Name, email, phone number, social media profiles

RELATED
Enjoy daily, automated backup of your Salesforce data, attachments, files, and metadata with our Salesforce Backup solution.

Photo Credit: Alamy Stock Photo

2. River City Media (2017)

  • Number of records exposed: 1,370,000,000
  • Type of breach: Accidental web/internet exposure
  • Industry: Marketing
  • Types of information compromised: Name, IP address, physical address, email
Photo Credit: Alamy Stock Photo

1. Yahoo (2013)

  • Number of records exposed: 3,000,000,000
  • Type of breach: Hacking/intrusion
  • Industry: Media
  • Types of information compromised: Name, email, phone number, date of birth, login information

 

Methodology & detailed findings

Aggregate statistics on data breaches (historical and for 2019) are from the Identity Theft Resource Center. Aggregate statistics on identity theft are from the Federal Trade Commission’s Consumer Sentinel Network Data Book.

The list of data breaches, representing the 10 largest data breaches of U.S. companies between 2013 and 2019, were compiled from news reports. Rankings were based on the total number of records exposed, regardless of record type.

The real threat to data security stems from the lack of preparation and resources among companies transitioning to remote work, coupled with the lack of awareness among employees on best practices for working securely at home or from remote environments. One example is the use of personal devices to conduct work-related tasks, which highly compromises data security. Addressing best practices to avoid security risks when working remotely will be a top priority for companies moving forward, especially considering the uncertainty surrounding the return to traditional work environments.