The World’s Largest Data Breaches

The World’s Largest Data Breaches
Graphic by Nathaniel Blum/Photo by HamsterMan/Shutterstock

Karen B. Gibbs
August 22, 2019

Are you a Capital One bank customer affected by their recent data breach? Better sign up for free credit screening services the bank is offering, as company officials admit a hacker accessed more than 100 million customer accounts and credit card applications earlier this year.

The Capital One hack is the largest against a U.S. bank, according to consumer watchdog group U.S. PIRG. “We need answers to ensure that increasingly frequent, large breaches such as this, Equifax and others don’t become the new norm,” the group said in a statement.

Alas, data breaches indeed appear to be the new norm, both here in the United States (the target of 38% of all cyber attacks, according to a 2016 study) and around the globe.

The Largest Data Breaches in History

Major data breaches are nothing new. According to the Privacy Rights Clearinghouse, the first major data breach of more than a million accounts took place in 2005 when 1.4 million DSW Designer Shoe Warehouse credit card records and names were exposed. Since then, data breaches have continued to grow in number and size. According to a 2018 Cost of a Data Breach Study by Ponemon Institute and IBM Security, the average data breach contained 25,575 records. These figures, however, pale in comparison to those of the mega breaches listed below:

  • Yahoo. Accounts compromised: 3 billion accounts in 2013, the largest data breach to date; 500 million accounts in 2014. Information included: names, birth dates, phone numbers and passwords, security questions and backup email addresses used to reset lost passwords.
  • Verifications.iO. Accounts compromised: 763 million accounts in March 2019. Information included: mortgage amounts, interest rates on loans, social media email logins, gender and birth date.
  • Onliner Spambot. Accounts compromised: 711 million accounts in 2017. Information included: email addresses, passwords.
  • Facebook. Accounts compromised: 540 million accounts in April 2019. Information included: account names, IDs, comments and reactions to posts.
  • Marriott-Starwood. Accounts compromised: 500 million accounts from 2014 to 2018. Information included: names, mailing and email addresses, phone numbers, passport numbers, dates of birth, gender, loyalty program account information, arrival/departure times and reservation dates.

Reverse Phone Number Lookup

Protecting yourself against data breaches

“No one is 100% safe from cyber thieves,” said Connor Borchgrevink, information security engineer with DJO, a high-end medical supply company with 5,000 employees across the world. “But here are some measures that could minimize damage from the next data breach.”

  • Be vigilant. Check out sites like Have I Been Pwned (pronounced “pawned”) to see if your information has been compromised from a listed data breach. If it has, change your password, username and security questions for that company. If the company that was hacked offers free credit monitoring for a year or two, accept it.
  • Check accounts regularly. Monitor your bank accounts and credit cards for unauthorized charges frequently. On average, it takes 197 days to identify a data breach and 69 days to contain it, Borchgrevink said. Don’t give thieves that much time to steal from you.
  • Be smart about passwords:
    • Create safer, longer passwords using letters, numerals and symbols.
    • Have a distinct username and password/phrase for each account.
    • Never let a browser or an app remember your password.
    • Change passwords at least once a year for regular accounts, every 6 months for bank accounts. Or, avoid the hassle and use a password manager like 1Password or LastPass.
  • Double up. Sign up for two-factor authentication by using an app like Google Authenticator, which sends a six-digit code to your phone, or use a physical security key (available on Amazon starting at $15) that plugs into your computer’s USB port.
  • Be safe. Never send your Social Security number or credit card information over text or email. Never.
  • Never give personal info. If someone calls and asks for your Social Security number or credit card information, don’t do it. The FTC advises: Never give your Social Security number (even confirming the last four digits). Instead, look up the number of the business and call them back.
  • Check it out. Use a reverse phone or reverse email search service as a way to try and check suspicious communications.

Be proactive when protecting your identity. It can minimize the havoc cyber thieves may wreak in your life.

Disclaimer: The above is solely intended for informational purposes and in no way constitutes legal advice or specific recommendations.