Image 1 of 18
Democratic National Committee (2016)
All data breaches are scary, but some just have that extra scream factor.
On July 22, 2016, Wikileaks published 19,252 emails and 8,034 attachments belonging to top-level staffers at the Democratic National Committee, exposing donor information and an anti-Bernie Sanders bias. U.S. intelligence agencies strongly believe Russia to be behind the attack, The New York Times reports.
There is no evidence that the hacker’s intent was to influence the 2016 Presidential election. That said, the emails likely had a damaging effect on Ms. Clinton’s chances considering Wikileaks released a second batch of 8,263 emails less than 48 hours before Election Day.
In May 2016, once-popular social networking site Myspace announced that it was the victim of one of the largest data breaches in history. Over 360 million accounts were compromised, including the email addresses and passwords of past users. It is not known when the initial breach occurred.
Singer Justin Timberlake purchased an undisclosed stake in Myspace in 2011. The site was sold to Time Inc. in early 2016.
In late 2014, a “state-sponsored actor” hacked former Internet giant Yahoo, compromising a record 500 million accounts. The criminals made off with names, email addresses, telephone numbers, dates of birth, encrypted passwords, and the answers to users’ security questions. No financial data was stolen.
The hack was not disclosed publicly until September 2016, putting the company’s recently proposed sale to Verizon in serious jeopardy.
Ashley Madison (2015)
In arguably the most embarrassing data breach of the bunch, a group calling itself “The Impact Team” stole 37 million records from adultery website Ashley Madison in 2015, including many records that customers had paid to have deleted.
Virtually all of the company’s data was stolen in the hack, including records that suggest most female accounts on the site are fake, and that the company used female chat bots to trick men into spending money.
Daily deals company LivingSocial had its network compromised in 2013, with hackers stealing roughly 50 million names, email addresses, birthdays, and encrypted passwords from its SQL database.
Sony PlayStation Network (2011)
Game over, man. In April 2011, hackers raided Sony’s PlayStation Network (PSN) service, stealing personally identifiable information from more than 77 million gamers.
Sony was further criticized for delaying the release of public information about the theft and for storing customer data in an unencrypted form.
The attack took Sony’s PSN out of service for 23 days.
Internal Revenue Service (2015)
Nigerian scammers pilfered more than $50 million from the U.S. Treasury via an embarrassingly simple 2015 hack of the Internal Revenue Service website.
Information scraped from previous data hacks was used to steal Americans’ identities and request copies of past tax returns on the IRS website. The crooks then filed new tax returns with falsified data, requesting big refunds.
The hack caused massive nightmares for the estimated 334,000 people whose records were stolen before the IRS shut down the transcript request service.
Hackers installed point-of-sale malware on Target’s computer network sometime in 2013, resulting in the theft of more than 70 million customer records. Stolen data included payment card numbers, expiration dates, and CVV codes.
The retailer reached out to affected customers by offering free data monitoring (standard practice) and a 10% off discount on a future shopping trip. But it was too little, too late; same-store sales slid in the quarter following the hack.
Anthem, the United States’ second largest for-profit health insurer, disclosed in February 2015 that it had lost 78.8 million unencrypted customer records to criminals. Names, social security numbers, email addresses, and income data was stolen.
The rare piece of good news: Financial and medical records were not affected.
Adobe revealed in October 2013 that hackers had stolen 38 million active customer IDs and passwords, forcing the company to send out a wave of password reset warnings.
Weeks after, the news got worse for the company: The thieves also made off with the source code for its popular Adobe Photoshop software.
Talk about an inside job: In 2004, online auction house eBay suffered the largest hack in U.S. history, losing 145 million login credentials to a hacker using an internal eBay corporate account.
Names, email and street addresses, phone numbers, and birth dates were compromised, but thankfully, passwords were stored in encrypted form.
Home Depot (2014)
In September 2014, Home Depot admitted that it fell prey to hackers who installed antivirus-evading malware on its self-checkout registers. An estimated 56 million sets of customer payment card data were stolen in the attack.
The company’s losses related to the event are expected to top $1 billion when all of the lawsuits are finally settled. Only $100 million of that will be covered by insurance.
JP Morgan Chase (2014)
The September 2014 breach of JP Morgan Chase proved that even the largest U.S. banks are vulnerable to data theft. Online banking login details were not stolen, but crooks did get their hands on 76 million sets of names, emails, addresses, and phone numbers of bank customers, creating serious phishing concerns.
A group of Russian hackers is believed to be responsible for the attack.
PNI Digital Media (2015)
PNI Digital Media, the company that handles online photo printing for CVS, Walgreens, Rite Aid, Costco, and many more national chains, lost an unknown number of customer records to hackers in 2015.
Given that the company boasted more than 18 million transactions in 2014, it’s likely that this breach affected tens of millions of Americans.
Credit and debit card processing firm Heartland Payment Systems became one of the largest data breach victims in U.S. history when hackers compromised more than 130 million accounts in 2008.
The criminal ring involved in the Heartland data theft was also found to be responsible for the 2005 hack of TJX Companies involving 94 million records.
TJX Companies (2005)
In a 2005 scheme dubbed “Operation Get Rich or Die Tryin,” a group of hackers used an unsecured Wi-Fi network at a Marshalls store to break into parent TJX Companies’ computer system and steal 94 million customer records, including payment card data.
Albert Gonzalez, the ringleader of the hack, is serving a 20-year sentence in Leavenworth.
U.S. Office of Personnel Management (2015)
Earlier this year, the United States Office of Personnel Management admitted that hackers had taken 21.5 million records belonging to those who had undergone government background checks or otherwise applied for federal employment. The hackers stole a wealth of sensitive data, including security clearance information and fingerprint data belonging to secret agents.
The Washington Post reported that the attack is believed to have originated in China.
In January 2012, online shoe retailer Zappos stated that cybercriminals had stolen data of 24 million customers, including names, addresses, and the last four digits of their payment cards.
After the announcement, Zappos had to disconnect its phone lines to keep upset customers from calling in and overloading its phone system.