These Are the Biggest Data Breaches in History

Data breaches happen every day, and they’re typically caused by cybercriminals, who are evolving in line with the latest tech advances. After stealing data, information is usually sold on the dark web or utilized for future cyberattacks. Data breaches aren’t isolated to small businesses; giant corporations suffer devastating breaches daily. Continue reading for the rundown of the most notable data breaches in history. 


According to data compiled by business telecommunications company, the 2013-2016 Yahoo! data breach is the largest ever recorded. An eye-watering 3 billion accounts were affected over three years. Not only was this breach enormous, it felt like a big deal because of all the media coverage it received. Like something out of a movie, it turned out Yahoo! was hacked by Russian spies, which made everything feel a whole lot worse. 

River City Media

Spam emails enter flocks every day, typically offering discounted medications and unlikely deals. Fortunately, the junk folder deals with them quite well these days, but what happens when the spammers’ data gets breached? This is what happened when River City Media neglected to protect database backups in 2017, which led to 1.37 billion email accounts being exposed for public viewing. 


Aadhaar is a national ID database system in India, which holds biometric information alongside a 12-digit identity number. Unfortunately, in 2018, 1.1 billion people’s data was breached, including fingerprint details, contact information, name, eye scans, and gender. The majority of people in India have an Aadhaar card, and the news was enormous at the time – easily earning a spot on this top 11 list of data breaches.

First American

First American is one of the largest title providers in America. In 2019, a devastating data breach saw 885 million records released. Sellers and real estate buyers secure properties through First American, meaning enormous personal data is provided. Instead of taking appropriate measures to protect the financial details of their users, First American allowed it to sit unguarded on their website for all to see – if you knew where to search.  


Spambots are automated computer programs designed to spam online forums and large numbers of users. Unfortunately, in 2017, one of the largest spambots was misconfigured and ended up releasing 700 million email addresses. As well as this, password details were breached for several accounts. Before long, this information made its way to the black market and the database was available to anyone. Surprisingly, there have been zero repercussions resulting from the breach. 


In June 2021, the professional networking platform LinkedIn was subject to a hack by “TomLiner”, in which 700 million users’ data was leaked – around 90% of LinkedIn members. Before long, the data on the dark web with a selling price of $5,000. Shockingly, the same hacker was responsible for an April 2021 data breach, in which a 1 million strong sample of users was published on the dark web. To achieve this hack, a new API interface was misused, which left a gap in security. 


Facebook is one of the largest social media platforms and has over 2.11 billion users. Over the years, the platform has faced a number of attacks, which is no surprise given the amount of data they collect. However, in 2019, Mark Zuckerberg announced a “pivot to privacy”. Ironically, this move found that millions of passwords were left unprotected across their servers. 


Yahoo! makes another appearance on the list. This time, a 2014 attack led to 500 million users having their details published. According to Yahoo!, the attack was state-sponsored, prompting concerns from the US government. Unfortunately, as you’ll already know by now, this was just one in a string of attacks stretching over three years. 

Marriot International

Even the hospitality industry can’t hide away from data breaches. Marriot International, one of the largest hotel chains, suffered a 500 million-strong data breach that saw credit cards and other sensitive information leaked. The cause of the leak was a remote access Trojan, used by hackers to gain secretive access to databases. 

Even now, there are no leads on who carried out the attack, but it’s understood that the breach came from Marriot’s acquisition of Starwood Hotels and Resorts in 2016. Unfortunately, the Marriot reservation platform wasn’t large enough to deal with the additional bookings, which means new reservations were being made through an already-infected platform. 


Syniverse Communications is built around a self-proclamation of being the “world’s most connected company”. However, in September 2021, they revealed a 5-year-long data leak. The company manages messaging across T-Mobile, AT&T, and Verizon, meaning metadata, phone numbers, location, and SMS messages slipped away. To deal with the attack, Syniverse reset everyone’s credentials, regardless of their exposure to the leak. 

Friend Finder

When people sign up for adult-oriented services, they expect 100% privacy. However, this is the internet and no such thing exists. The Friend Finder network, which markets itself as an adult dating site, suffered a breach that exposed 20 years’ worth of data including passwords, names, and emails. During the investigation, some of the email suffixes were from government domains, leading to embarrassment. 

Giant corporations collect sensitive data, and we’re expected to trust it’s kept safe. Naturally, on the back of enormous data breaches like those outlined above, there’s no surprise the world has become much more aware of how their data is being used and stored. 

You may be interested in: What Happens if There Is a Breach of Contract Between Businesses?