Slideshow The 10 biggest data breaches

Published
  • September 29 2017, 5:27am EDT

How does Equifax stack up?

Equifax's data breach may be the most serious data breach, given that it covered 143 million consumers and involved reams of confidential information, but it wasn't the largest. Following are the biggest to date.

Yahoo

Yahoo has the dubious distinction of having the two largest data breaches in history. The first was disclosed in September 2016, affecting 500 million accounts. The second was made public only three months later when the company announced that there was a separate breach, believed to be committed by different actors, affecting 1 billion accounts. Making matters even worse? The first breach occurred in 2014, while the second happened in 2013. It's still unclear why Yahoo did not detect either intrusion until years after the fact.

Content Continues Below


MySpace

Remember your MySpace page? Yeah, we don't either. And that's precisely the point. It's not clear when hackers stole 360 million names and passwords from the social media network, but the breach didn't come to light until a hacker tried to sell the data (which, at that point, was so old it was relatively useless).

EBay

EBay disclosed in May 2014 that thieves had stolen password information on 145 million account holders. That forced the company to alert customers that they'd need to reset their password. The thieves apparently accessed the data by stealing the credentials of three corporate employees. Unlike the Equifax case, however, customers did not have their financial data stolen.

Equifax

It isn't just the eye-popping 143 million consumers affected by the Equifax breach, which was disclosed on Sept. 7, 2017, but also the sheer volume of what was stolen: birth dates, addresses, Social Security numbers. Unlike simply resetting your eBay password, the Equifax breach may mean customers have to put credit freezes on their account — something that could impact consumer lending.

Content Continues Below


LinkedIn

Like others on this list, the details of LinkedIn's breach were disclosed in stages. But in this case, it happened years apart. When the breach was first announced in 2012, it was thought that just 6.5 million user names and passwords had been stolen. But four years later, the firm said that a Russian hacker called "Peace" was selling the emails and passwords of 117 million users from that 2012 hack.

Target

Bankers are still angry about the Target breach, disclosed at the end of 2013. The retail giant first said that 40 million credit and debit card numbers had been stolen, then followed up shortly thereafter to reveal that contact information of 70 million had also been taken. It's not clear how much overlap there was between the two groups, if any.

Heartland Payment Systems

Payment processor Heartland Payment Systems saw more than 100 million credit and debit cards stolen by cyber criminals in 2008. In 2010, Albert Gonzalez was convicted of masterminding the attack and sentenced to 20 years in prison.

Content Continues Below


Sony

When all was said and done, hackers in 2011 made off with information on 100 million members of Sony's Playstation Now service, including gamers and those streaming music and video on the site. The service was even shut down for three weeks.

AOL

An ex-employee of America Online stole and sold information containing 92 million screen names and email addresses, leading to a lot of spam emails for unhappy customers. Jason Smathers was convicted in 2005 and sentenced to a year and three months in jail.

JPMorgan Chase

First revealed in August 2014, hackers gained access to the internal systems at JPMorgan Chase and made off with data on 83 million personal and small-bsuiness accounts. Three hackers were later convicted of 23 criminal counts, including hacking, securities fraud and identity theft.