A new study has revealed that Yahoo’s data breach in 2013 had the greatest number of compromised data records, with three billion records compromised.
Patch management software company NinjaOne analysed the data breaches with the greatest number of records compromised to see which companies have had the largest data breaches.
1. Yahoo (2013) – 3 billion records
The 2013 attack on Yahoo is the largest known data breach in history, with all three billion Yahoo user accounts at the time being compromised. Originally, it was reported that only one billion user accounts were compromised, but this figure was later revised to three billion. The attack resulted in data such as email addresses, passwords, dates of birth, and telephone numbers being stolen.
2. First American Corporation (2019) – 885 million records
Financial services provider First American Corporation has the second largest known data breach in history, with 885 million records being compromised in 2019. The breach was a result of poor security practices on their servers, with sensitive information being accessible to external users. This information included bank account details, Social Security digits, wire transactions, as well as other mortgage paperwork.
3. Facebook (2019) – 540 million records
The third largest known data breach belongs to social media giant Facebook, with 540 million records compromised in 2019. Third-party app developers posted the records on a public Amazon cloud server with the compromised records including information such as account names, IDs, and information about reactions and comments on posts.
4 (Tie). Marriott International (2018) – 500 million records
Hotel chain Marriott International has the tied fourth largest known data breach, with 500 million records compromised in a 2018 attack. Hackers suspected of working on behalf of the Chinese government were behind the attack on Marriott’s reservation database. The information that was compromised included unencrypted passport numbers and encrypted credit card numbers stored on the same server as their encryption keys.
4 (Tie). Yahoo (2014) – 500 million records
The second time Yahoo has featured on this list, the 2014 attack was the tied fourth largest known data breach, with 500 million records compromised. The attack resulted in information such as names, email addresses, telephone numbers, dates of birth, and answers to security questions being stolen.
6. Friend Finder Networks (2016) – 412 million records
Online dating and adult entertainment company, Friend Finder Networks, has the sixth largest known data breach, with 412 million records compromised in a 2016 attack. The largest share of the compromised accounts belonged to the AdultFriendFinder website, with stolen information including email addresses and passwords. This information was stored either as plain text or encrypted using obsolete and insecure methods.
7. Exactis (2018) – 340 million records
Marketing and data aggregation company Exactis has the seventh largest known data breach, with 340 million records compromised in 2018. The firm posted the data on a publicly accessible server and included detailed personal information on millions of people. This featured information such as phone numbers, home addresses, and email addresses among others for each name.
8. Airtel (2019) – 320 million records
Indian telecom giant Airtel has the eighth largest known data breach, with 320 million records being compromised in 2019. A security flaw in Airtel’s mobile app caused the breach, with information such as names, email addresses, dates of birth, and addresses being at risk.
9. Truecaller (2019) – 299 million records
Caller ID and call-blocking app Truecaller has the ninth largest known data breach, with 299 million records being compromised in 2019. The leaked information included data such as phone numbers, email addresses, and other personal information.
10. MongoDB (2019) – 275 million records
Tech company MongoDB has the tenth largest known data breach, with 275 million records being compromised. Information such as dates of birth, email addresses, phone numbers, employment details, as well as other personal information, was posted on a publicly accessible server in the 2019 breach.
A spokesperson for NinjaOne commented on the findings: “Data is one of the most valuable commodities in our interconnected world, and it pays dividends to keep it safe with proper security practices.
“Keeping software up to date by patching security vulnerabilities and making sure sensitive data is only accessible to those who need it, are two ways to minimise the risk of costly data breaches.
“Yahoo unfortunately learned the hard way just how costly a large data breach can be, with two breaches in 2013 and 2014 resulting in billions of data records being compromised, the former being the largest known in history.
“This series of data breaches resulted in a class action settlement against Yahoo amounting to $117,500,000, in addition to legal action against the company and its successors due to how the breaches were handled.
“One such example is the $35,000,000 SEC fine Yahoo incurred for not disclosing the data breach when they first learned about it, thereby misleading investors.”
|Rank||Entity||Year of data breach||Number of compromised records|
|2||First American Corporation||2019||885,000,000|
|6||Friend Finder Networks||2016||412,214,295|
|=16||Unknown agency (believed to be tied to the United States Census Bureau)||2020||200,000,000|