The 8 Largest Data Breaches of 2018 (So Far)

large data breaches
Large-scale data breaches put millions of people's sensitive information at risk for theft.
Public Records Search

Disclaimer: The below is solely intended for informational purposes and in no way constitutes legal advice or specific recommendations.

We’re just over halfway through 2018, but this year has already seen a tremendous number of large-scale data breaches that have impacted many individuals across the nation.

Data breaches can expose passwords, email addresses, credit card information, home addresses, phone numbers, and more, depending on the severity of the attack. All of this can be used to steal your identity, so it’s important to pay attention to every data breach that hits the news.

Here are some of the largest data breaches of 2018, including what information the hackers accessed in each one.


On July 10, Macy’s began informing customers that a third party had access to their accounts from April 26 to June 12 of this year. During this time, the hackers had access to names, phone numbers, email addresses, birth dates, and credit card numbers.


Discovered after the Fourth of July, Timehop experienced a data breach that exposed the names and emails of all of its users, roughly 21 million people. Furthermore, 4.7 million of those users had their phone numbers stolen. Timehop has since put multi-factor authentication in place to prevent such a breach from happening again.


June’s Exactis breach affected approximately 340 million records from the marketing and data aggregation firm. Exactis left its database exposed on a publicly accessible server, giving hackers access to tons of consumer information, such as phone numbers, home addresses and email addresses.


Ticketfly recently announced a data breach that affected more than 26 million customers. The company temporarily shut down its website after customer names, home addresses, email addresses, and phone numbers were stolen.


In early June, approximately 92 million email addresses and passwords from MyHeritage were exposed in a data breach.. The genealogy and DNA testing company began encouraging all users to change their password and to sign up for two-factor authentication when it becomes available.

Under Armour

Under Armour announced in March that 150 million users of its app, MyFitnessPal, had their information exposed. The stolen data included usernames, email addresses and passwords.

Saks Fifth Avenue and Lord & Taylor

Hudson’s Bay Company,  the owner of retail stores Saks Fifth Avenue and Lord & Taylor, announced a data breach in April that revealed the theft of more than 5 million credit and debit card information. The series of attacks began in May 2017, and since then, the hackers have begun selling this information on the Dark Web. The attack was discovered by Gemini Advisory, a cybersecurity firm that called the breach “amongst the biggest and most damaging to ever hit retail companies.”

U.S. Universities

In late March, the U.S. Justice Department discovered universities had been targeted by a government-backed Iranian hacking scheme. Nearly 150 universities across the nation had 31 terabytes of intellectual property stolen via a phishing scam targeted at professors. This unprecedented attack is estimated to have caused $3.4 billion worth of damages. Additionally, the hackers attacked five U.S. government agencies and 36 private companies to steal thousands of email accounts in the process.

Staying Alert After Data Breaches

As data breaches become more sophisticated (and more common) than ever, the next Equifax-level hack could very well be on the horizon. If you’re worried you are a victim of a data breach, you can check your public records to look for any instances of unusual activity.

Finally, make a habit of regularly checking your bank accounts and credit reports. Aside from running background checks on your name, monitoring your bank accounts for suspicious activity can prevent an identity thief from walking away with everything.

Public Records Search