Security Audit

Compiled List of Data Breaches

Published on: April 7, 2023

Compiled List of Data Breaches

Here’s a detailed list of data breaches around the world you need to know about, compiled to present as far as 2012. 


1. Shields Healthcare Group

The Shields healthcare data breach is the largest data breach reported in 2022. Shield Health Care Group, a Massachusetts-based company detected suspicious network activity on March 28th of 2022. The hack took place between the 7th to 21st of March and affected 56 facilities. 

The data breach affected over 2 million individuals revealing their social security numbers, diagnoses, billing information, medical records, and PII like addresses, dates of birth, patient IDs, and more. 

2. Twitter Breach #1

Twitter recently underwent a massive data breach on 21st July 2022. 

The hack resulted in the data leaking of nearly 5.4 million users in a list through a vulnerability exposed to them by the threat actor, Devil. 

These 5.4 million records were then put for sale for a price of $30,000.

3. Twitter Breach #2

Another Twitter breach allegedly took place in 2022 revealing nearly 17 million Twitter records. According to it, the records consisted of phone numbers, and public information like account names, Twitter ids, and screen names. 

4. Twitter Breach #3

On December 23, 2022, a threat actor by the name of Ryushi made a post to a hacker forum, Breached, putting 400 million Twitter profiles on sale for $200,000.

5. Revolut

The fintech company suffered a breach in 2022 after a third party gained access to its database through social engineering. This resulted in the exposure of the personal information of nearly 50.150 users

6. Toyota

In October 2022, Toyota underwent a massive data breach after the source code of the T-Connect application was posted on GitHub in December 2017. 

The breach ended up exposing nearly 300,000 customers and their personal information. 

7. Keystone Health

Keystone Health, a group of primary-healthcare providers, revealed in July 2022 that an unauthorized party had hacked into its computer network revealing information about 235,000 patients from the 28th of July 2022 until the 19th of August 2022

8. Texas Department Of Insurance

In May 2022 it was revealed through a state audit that the personal information of 1.8 million individuals who filed insurance claims with the Texas Department of Insurance was leaked. 

The leaked information was publicly available for almost three years from March 2019 to January 2022. 

9. Nvidia

The largest global semiconductor chip company was compromised by a ransomware attack in February 2022. 

A ransomware group named Lapsus$ took responsibility for the attack, claiming access to 1TB worth of company data they would leak online.

10. OneTouchPoint

OneTouchPoint reported a massive data breach that affected over 1,073,316 individuals in mid-July of 2022. 

The breach occurred due to unauthorized access to certain servers that contained information such as names, member IDs, and data from health assessments. 

11. Novant Health

Novant Health reported that a misconfiguration in Meta pixel code potentially led to the unauthorized disclosure of protected health information (PHI) of 1,362,296 individuals in 2022.

12. Broward Health

Broward Health based in Florida reported a data breach affecting 1.35 million people on January 2nd of 2022. 

It was reported that the breach occurred through gaining access from a third-party medical provider. 

13. Baptist Medical Center

Tenet Healthcare-affiliate Baptist Medical Center suffered a cyberattack on April 24th, 2022 affecting 1.24 million individuals.

An unauthorized party gained access to certain systems that contained personal information and took some data between March 31 and April 24. 

14. Marriot Breach #1

In 2022, June the hotel chain Marriot was hacked by a hacker stealing 20 GB worth of guest information. This included guest credit card data, as well as personal information regarding guests and employees alike.

15. Texas Tech University Health

This science center was hit by a data breach due to a hacking incident that was reported on June 7, 2022. The breach affected over 1.29 million people. 

16. Red Cross

The cyber attack on Red Cross was thought to have occurred sometime around November of 2021 but wasn’t discovered until January 18th, 2022, and affected 515,000 individuals.

17. Neopets

July 2022 witnessed the hack of Neopets resulting in the exposure of 69 million individuals’ personal information (former and current) as well as 460 MB of the source code. 


18. LinkedIn Breach #2

The latest hack on LinkedIn occurred in April 2021 and affected 700 million accounts, i.e. more than 90% of its users, on LinkedIn. 

The attack was carried out by data scraping which was possible due to a violation of LinkedIn’s API.  

19. Facebook Breach #1

In 2021 it was revealed that Facebook underwent a massive data breach of over 530 million records due to a vulnerability that was patched in 2019. 

The data was compiled from 106 countries with over 32 million records from the U.S., 11 million user records from the U.K., and 6 million users in India. 

20. Microsoft Breach #1

January 2021 began for Microsoft with a sweeping attack on its Microsoft Exchange email servers, one of the largest email servers in the world affecting nearly 60,000 companies. 

21. Microsoft Breach #2

Over 38 million customer records were found to be exposed in August 2021. This affected many major companies like Ford, American Airlines, the Maryland Department of Health, and more.

22. ChatVPN, SuperVPN, GeckoVPN

In 2021, hackers stole the personal data of nearly 21 million users and 10 GB worth of data through the networks of SuperVPN, GeckoVPN, and ChatVPN. 


23. Marriot Breach #2

Marriot faced another hack in 2020 between January to March resulting in the leak of over 5.2 million guests’ personal information.

This mainly included contact details and personal information passwords and PINS, national IDs, and driver’s license numbers.

24. SolarWinds

SolarWinds, the network monitoring software opted for by the U.S. Pentagon, Fortune 500 companies like Microsoft and even nuclear labs were hacked by Russian hackers in 2020. 

An estimated 50 million records from various major organizations and companies are thought to have been affected.


25. Facebook Breach #2

In 2019, UpGuard’s cyber risk team discovered 540 million user records of Facebook in unsecured condition on Amazon’s S3 public cloud servers. 

The data breach occurred because third-party app developer, Cultura Colectiva, a Mexican media company failed to password protect their data sets.

26. Farrer Park Hospital

Singapore-based Farrer Park Hospital had a breach that spanned over two years between March 8, 2018, and Oct 25, 2019. 

The confidential medical information of 3,539  individuals was automatically forwarded to a third party. 

27. Microsoft Breach #3

The lack of password protection resulted in 14 years’ worth of Microsoft’s customer data in 2019 (250 million customer data records) being exposed. 


28. Aadhar

Aadhar, India’s biometric database was hacked in March 2018 resulting in the exposing of nearly 1.1 billion records of registered Indian citizens like their fingerprints and even iris scans.

The infiltration occurred through the website of Indane, a state-owned utility company connected to the government database.

29. Facebook Breach #3

In April of 2018, Facebook underwent a massive data breach that was said to have been a concern among Facebook employees since 2015. A British consulting firm Cambridge Analytica stole and sold around 50-90 million Facebook user record data.

30. Marriot Breach #3

In November 2018, Marriot reported a colossal leak of data through illegally accessing its Starwood reservation database. Guest information from since 2014 had been obtained by the hackers adding the number of affected parties to a whopping 500 million. The number was later reassessed at 383 million. 


The incident took place in July 2018 when a malicious third party gained unauthorized access to SHEIN’s payment systems revealing information about 39 million customers. 

32. Dubsmash

Dubsmash was one of the more prominent victims in a hack involving 16 websites in 2018. 

The hack affected over 617 million user records out of which 162 million user records were accounted for from Dubsmash. 


33. SpamBot

A misconfiguration in the SpamBot resulted in the leak of over 700 million emails and passwords in 2017. The data however included a lot of repeated and fake accounts. 

34. RiverCity Media

Nearly 1.37 billion records were exposed accidentally by a spam operator due to a faulty backup.


35. Uber

In 2016, Uber was the victim of a breach that exposed over 57,000,000 user accounts and 600,000 driver accounts that included email addresses, names, and phone numbers. 

36. Morgan Stanley

Morgan Stanley faced the accidental leak of personal information of 15 million customers when they failed to take the necessary precautions during their transition from older technologies.


37. Anthem

They disclosed on February 2015 that criminal hackers broke into its servers stealing over 37.5 million records that contain personally identifiable information. 


38. Yahoo Breach #2

Information from 5 million accounts was leaked in 2014. However, this only came to light in 2016, which was when the company disclosed the event.

39. eBay

The retailing and auction site eBay was hacked in 2014 which resulted in a massive data breach. The hacker stole the passwords of 145 million users.


40. Yahoo Breach #1

In 2013, Yahoo faced a data breach of 3 billion accounts of which customer information was leaked. The data leaked did not contain crucial payment information, passwords, or bank account numbers. 

It resulted in the leak of private information like security information, telephone numbers, birth dates, and names. 

41. Adobe 

One of the worst data breaches in history was faced by Adobe in October 2013 when it experienced a massive hack that resulted in the theft of 38 million credit card information and 153 million user records. 

42. Myspace

Occurred in June 2013, Myspace experienced severe data exposure when it was hacked to reveal the information of 427 million user account details.


43. LinkedIn Breach #1

In 2012, LinkedIn experienced a massive data breach brought about by hackers who accessed nearly 6.5 unassociated million passwords which were later put up on a Russian hacker forum.

The number was revised when it came to light that the total number of accounts affected was actually 165 million in 2016. 

Nivedita James Palatty

Nivedita is a technical writer with Astra who has a deep love for knowledge and all things curious in nature. An avid reader at heart she found her calling writing about SEO, robotics, and currently cybersecurity.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany