10 Biggest Mega Breaches Of The Past 10 Years
These data breaches from Dark Reading's 10-year history boggle the mind in terms of scale and fallout.
May 3, 2016
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt798bf63de24f7d24/64f0dac6aee48c8b5fc6853b/DR10th2_somelight_bigger-01-for-caro.jpg?width=700&auto=webp&quality=80&disable=upscale)
Make no mistake about it, some of the most exciting rollercoaster moments of Dark Reading's decade of coverage came as a result of the very large-scale and extremely embarrassing breaches that have plagued organizations across the globe.
To be sure, data breaches come in all shapes and sizes, but perhaps none have been quite as impactful as the mega breach. Typically hitting government, retail and financial organizations, these massive breaches boggle the mind in their scale, with tens or even hundreds of millions of records stolen at once and wide-ranging financial implications coming in the fallout.
Here are some of the biggest to break since we've started covering them.
Year: 2006
Records Breached: PII of 26.5 million veterans, their spouses and active-duty military personnel
Before there was the OPM or IRS hack, there was the massive loss of tens of millions of records about veterans, their spouses and active-duty military members by the U.S. Department of Veterans Affairs (VA). The embarrassing incident was triggered when a VA staffer had a laptop chock-full of records stolen from his home during a burglary.
Dark Reading Story: A bad situation just got worse, according to wire report.
Year: 2007
Records Breached: Data from 94 million customers
The breach of TJX Companies, which includes the T.J. Maxx and Marshalls chains, saw the entrance of the modern mega breach. This massive breach was actually the largest of a spate of massive credit card hacks masterminded by American hacker Albert Gonzalez and a crew of criminals who hit other brands including Barnes & Noble, Sports Authority and DSW. Gonzalez is currently serving 20 years for these thefts.
Dark Reading Story: Hacker Indicted For Stealing 130 Million Credit Cards
Year: 2008
Records Breached: Information from over 100 million cards
One of the largest payment processing companies in the country, Heartland in 2008 was hit by a breach that compromised cardholder data for over 100 million cards. According to quarterly financial filings, the firm racked up about $140 million in breach-related expenses due to this incident.
Dark Reading Story: Heartland To Pay Up To $60 Million In Breach Settlement With Visa
Year: 2009
Records Breached: PII for 70 million members of the military
Chain of custody problems were a big cause of data loss in the early days of the mega-breach and that's exactly what befel the National Archives and Records Administration (NARA), which ended up exposing tens of thousands of military personnel records after sending a hard drive to an outside contractor for repair and recycling before erasing a treasure trove of valuable information.
Dark Reading Story: U.S. Government Suffers 'Largest Release Of Personally Identifiable Information Ever'
Year: 2011
Records Breached: PII of 100 million customers
2011 was a bad year for Sony as attackers pillaged the Sony Online Entertainment databases to expose personally identifiable information for around 100 million accounts, including credit card data. Just a few months later, attackers went after Sony Pictures, exposing 1 million users' personal information, including passwords in a Pastebin post and exposing over 150,000 business records in the process. Three years later, Sony still wasn't able to clean up its act enough to prevent another major breach at Sony Pictures brought down its corporate systems for weeks and even disrupted a movie release.
Dark Reading Story: Sony Brings In Forensic Experts On Data Breaches
Dark Reading Story: Sony Hacked Again, 1 Million Passwords Exposed
Dark Reading Story: 6 Ways The Sony Hack Changes Everything
Year: 2013
Records Breached: Data from 40 million customers
Often used as a dire caution about third-party risks, this breach was apparently carried out by attackers who found a way into the Target network by first breaching an HVAC vendor's electronic billing account. Target has bled red as a result of this breach, paying more than $116 million just in settlements with banks that suffered losses tied to the breach, let alone other breach costs.
Dark Reading Story: Target Breach: 10 Facts
Year: 2014
Records Breached: Payment card data for 40 million customers
Attackers used similar techniques against Home Depot as they did against Target, targeting a third-party vendor system and using that to move laterally into Home Depot's networks, eventually striking gold in Home Depot's point-of-sale data caches. The breach resulted in the exposure of payment card data for 40 million customers and 53 million customer email addresses.
Dark Reading Story: Home Depot To Pay $19.5 Million In Data Breach Settlement
Year: 2014
Records Breached: Data for 83 million customers
First discovered in 2014, the massive breach of one of the largest global banks was eventually shown to be part of a sweeping heist of information stolen from at least 14 businesses in the financial services sector. In addition to run-of-the-mill fraud, the information stolen was used to artificially manipulate stock prices.
Dark Reading Story: JP Morgan Breach Only One Piece Of Vast Criminal Enterprise, Indictments Reveal
Year: 2015
Records Breached: PII about 80 million health insurance customers
Healthcare breaches are on the uptick as attackers are recognizing the value of stolen health information for the sake of caring out healthcare fraud and other scams. The Anthem breach is among the biggest, with more than 80 million records being stolen by what security researchers claim to be a well-funded cyberespionage group that they've dubbed Black Vine, which used a complex infrastructure, zero-day vulnerabilities and custom malware to carry out their attack against the insurer.
Dark Reading Story: Anthem Breach Linked To Black Vine Group & Beijing InfoSec Firm
Year: 2015
Records Breached: Personal information about 21.5 million people
One of the most egregious government data breaches of all time, the seriousness of the incident striking the Office of Personnel Management (OPM) was measured not just in the scale of theft but also what was stolen. The breach exposed data about 21.5 million citizens included in the OPM's background-check investigation database. This included all the normal PII, plus fingerprint data, highly sensitive information about their personal lives--including financial histories, sexual proclivities and other details that could be used for blackmail purposes.
Dark Reading Story: OPM: Personal Info On 21.5 Million People Exposed In Hack
Year: 2015
Records Breached: Personal information about 21.5 million people
One of the most egregious government data breaches of all time, the seriousness of the incident striking the Office of Personnel Management (OPM) was measured not just in the scale of theft but also what was stolen. The breach exposed data about 21.5 million citizens included in the OPM's background-check investigation database. This included all the normal PII, plus fingerprint data, highly sensitive information about their personal lives--including financial histories, sexual proclivities and other details that could be used for blackmail purposes.
Dark Reading Story: OPM: Personal Info On 21.5 Million People Exposed In Hack
Make no mistake about it, some of the most exciting rollercoaster moments of Dark Reading's decade of coverage came as a result of the very large-scale and extremely embarrassing breaches that have plagued organizations across the globe.
To be sure, data breaches come in all shapes and sizes, but perhaps none have been quite as impactful as the mega breach. Typically hitting government, retail and financial organizations, these massive breaches boggle the mind in their scale, with tens or even hundreds of millions of records stolen at once and wide-ranging financial implications coming in the fallout.
Here are some of the biggest to break since we've started covering them.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024