Home  ›  Articles  ›  Top 10 Biggest Data Breaches of All Time

Top 10 Biggest Data Breaches of All Time

By: Natasha Piirainen Natasha Piirainen | Updated on: February 27, 2026

Reviewed by: Masha Komnenic CIPP/E, CIPM, CIPT, FIP Masha Komnenic CIPP/E, CIPM, CIPT, FIP

98-Biggest-Data-Breaches-Hack-and-Exposures-2022-Update

Data breaches impact businesses and individuals at an exponential rate. These attacks represent one of the biggest threats to personal data.

Bad actors exploit poor data security protocols to steal consumer data. They then use it for monetary gain or other illegal purposes.

Below, I list the biggest data breaches ever and the biggest breaches that occurred by year.

Table of Contents
  1. What Are the 10 Most Impactful Data Breaches of All Time?
  2. What Are the Biggest Data Breaches by Year?
  3. The Increasing Threat of Data Breaches
  4. Our Methodology: How We Made This List

What Are the 10 Most Impactful Data Breaches of All Time?

To start, here the 10 largest data breaches that have occurred up until now.

1. The 2025 Credentials Crisis – 16,000,000,000+ records exposed

In 2025, one of the largest data breaches of all time occurred. It impacted over 16 billion records, which mostly contained password information and login credentials.

The attack was coordinated using infostealer malware which is thought to have harvested the data directly from users’ devices.

The breach impacted password information for large entities including Google, Facebook, Apple, Github, and Microsoft, and more.

2. Yahoo – 3,000,000,000 records lost

yahoo-logo

In 2013, hackers breached Yahoo’s system and leaked customer info from over 3 billion accounts.

Fortunately, the stolen data didn’t include crucial information such as payment data, unhashed passwords, or bank account numbers.

3. National Public Data – 2,900,000,000 records lost

national-public-data-logo

In April 2024, it was revealed that a historical data breach occurred, hackers gaining access to billions of individual’s Social Security numbers, among other personal data.

4. River City Media – 1,370,000,000 records lost

river-city-media-logo

In March 2017, a spam email operator exposed 1.37 billion records by accident. It is one of the largest data breaches to ever occur.

This breach happened when River City Media accidentally published a snapshot of a backup from January 2017 without password protection.

5. Aadhaar – 1,100,000,000 records lost

aadhaar-logo

In March 2018, India’s biometric database, Aadhaar, was breached through a leak at a state-owned utility organization.

Every registered Indian citizen was affected, and their identity numbers, bank details, and names were all leaked.

6. Indian Council of Medical Research (ICMR) – 815,000,000 records lost

Indian-Council-of-Medical-Research-Logo

In October 2023, the COVID testing data of 815 million people (81.5 crore) was stolen from the Indian Council of Medical Research.

The bad actor attempted to sell the dataset for $80,000 on hacking forums. Four people have since been arrested in relation to the crime.

7. Spambot – 711,000,000 records lost

spam-bot-logo

In August 2017, a spambot leaked passwords and emails due to a misconfiguration.

As a result, over 700 million records were leaked. However, the breach included lots of repeated and fake accounts.

8. Facebook – 533,000,000 records lost

facebook-logo

In March 2021, hackers scraped the social media giant Facebook due to a vulnerability that was patched in 2019. 533 million user records from 106 countries were then posted onto a hacking forum.

The leaked data included full names, phone numbers, user locations, biographical information, and email addresses.

9. Syniverse – 500,000,000 records lost

Syniverse-logo

Syniverse, a company that forms a critical part of the global telecommunications infrastructure, was hacked in 2021. The hackers gained access to 500 million records.

The leaked information contained personal information of its employees, trade secrets, and intellectual property.

It also contained sensitive information of its suppliers, customers, vendors, and other important financial information.

The company discovered that hackers had been in its system for years.

10. Yahoo – 500,000,000 records lost

yahoo-logo

In September 2016, a state-sponsored actor stole 500 million records from Yahoo.

This included birth dates, names, and security information.

At the time, this was the biggest data breach in history.

11. MySpace – 427,000,000 records lost

myspace-logo

In May 2016, a search engine for hacked data and a hacker obtained over 400 million records from MySpace.

Both parties claimed that they had obtained the data from a past, unreported data security incident.

The leaked information contained emails, passwords, usernames, and second passwords.

What Are the Biggest Data Breaches by Year?

Now let’s look at the largest data breaches in each year going back to 2010.

2025

As predicted by experts, data breaches increased in 2025.

This lead to several instances where millions of peoples data, passwords, and other information was compromised or lost.

1. Global Credential Collapse

Over 16 billion records compromised

In what is now considered one of the largest data breaches to ever occur, bad actors are thought to have used malware to harvest passwords and login credentials directly from users’ devices.

Passwords stolen included logins for entities including Microsoft, Google, GitHub, Apple, and more.

2. Real Estate Wealth Network Data Breach

Over 1.5 billion records compromised

A  database owned by New York-based entity Real Estate Wealth Network containing 1.16 terabytes of personal data was found to allegedly have no password protection.

The issue was reportedly discovered by Cybersecurity Researcher, Jeremiah Fowler.

An internal forensic audit would need to be performed to understand more about the scope and nature of this leak. For this reason, it is not in the top 10 list above.

However, this incident emphasizes the importance of implementing strong multi-factor password policies.

3. SK Telecom (SKT)

27,000,000 records lost

A South Korean telecom company experienced a malware attack which lead to a data breach involving SIM-stored information and authentication keys.

The breach lead to the loss of over 27 million records, and SKT was fined by the Personal Information Protection Commission for over $91 million, but the total liabilities could actually be in the trillions.

4. Aflac

22,650,000 records lost 

Aflac experienced a massive data breach in June 2025 which lead to the theft of 22.65 million records, which included sensitive personal information.

Specifically, the stolen data comprised of names, social security numbers, addresses, and health insurance information.

5. Prosper Marketplace

17,600,000 records compromised

In 2025, fintech company Propser Marketplace reported that they experienced a data breach impacting up to 17.6 million records.

The stolen information could include details like names, social security numbers, birth dates, bank account information, and more.

2024

Here’s the list of the biggest breaches that occurred in 2024, one even made the top 10 list above.

1. National Public Data (NPD)

2,900,000,000 records lost

In one of the largest data breaches of all time, hackers stole the sensitive information of billions of people.

This included full names, addresses, birth dates, and social security numbers. (Tech.co)

2. Financial Business and Consumer Solutions (FBCS)

4,200,000 records lost 

Hackers stole full names, Social Security numbers, birth dates, and more from FBCS’s systems, a nationally licensed and bonded collection agency. (FBCS)

3. Ticketmaster

560,000,000 records lost

Ticketmaster confirmed hackers stole personal data from customers, including names, addresses, and phone numbers. (Ticketmaster)

4. Change Healthcare

145,000,000 records lost

A ransomeware attack expoed Social Security numbers, medical records, and addresses of millions of Change Healthcare patients. (UnitedHealth Group)

While originally the breach was said to have impacted 145 million records, in 2025, it was adjusted to over 190 million.

5. AT&T

110,000,000 records lost

In their second breach of the year, hackers stole data from all AT&T customers including approximate locations, phone numbers, and numbers of non-customers. (AT&T)

6. Dell

49,000,000 records lost

Dell confirmed that customer data was compromised in a breach, including home addresses and order information (LinkedIn)

2023 – 2010

The table below shows the largest data breaches that occured in the years 2023 back to 2010.

Year

Top Data Breaches

2023
  1. Indian Council of Medical Research 815,000,000 records lost (Tech Informed)
  2. X (formerly Twitter) 200,000,000 records lost (CNN)
  3. MOVEit 62,000,000 records lost (AP News)
  4. T-Mobile 37,000,000 records lost (T-Mobile)
  5. HCA Healthcare 11,000,000 records lost (HCA Healthcare)

 

2022
  1. Neopets 69,000,000 records lost (CPO Magazine)
  2. SuperVPN, GeckoVPN, ad ChatVPN  21,000,000 records lost (Cybernews)
  3. Singtel Optun Pty Limited 9,800,000 records lost (Bloomberg)
  4. Cash App 8,200,000 records lost (TrendMicro News)
  5. X (formerly Twitter) 5,400,000 records lost (Malwarebytes)

2021
  1. Facebook (Meta) 533,000,000 records lost (Business Insider)
  2. Syniverse 500,000,000 records lost (SEC)
  3. Power Apps (Microsoft) 38,000,000 records lost (Wired)
  4. Amazon Vendors 13,124,962 records lost (Safety Detectives)
  5. Pandora Papers 11,900,000 records lost (The Guardian)

2020
  1. Pakistani Mobile Operators 115,000,000 records lost (ZD Net)
  2. SolarWinds 50,000,000 records lost (New York Times)
  3. MGM Hotels 10,600,000 records lost (ZD Net)
  4. Dutch Government 6,900,000 records lost (ZD Net)
  5. Marriott International 5,200,000 records lost (Marriott)

2019
  1. 16 Hackers Websites 617,000,000 records lost (The Register)
  2. MongoDB 275,265,298 records lost (Bleeping Computers)
  3. Microsoft 250,000,000 records lost (Forbes)
  4. 8 Hacked Websites 127,000,000 records lost (TechCrunch)
  5. Capital One 100,000,000 records lost (CSO Online)

2018
  1. Aadhaar 1,100,000,000 records lost (ZD Net)
  2. Marriott International 383,000,000 records lost (New York Times)
  3. X (Formerly Twitter) 330,000,000 records lost (Reuters)
  4. Chinese Job-seeking Websites 202,000,000 records lost (The Hacker News)
  5. Quora 100,000,000 records lost (New York Times)
  6. Google 500,000 records lost (Forbes)

2017
  1. River City Media 1,370,000,000 records lost (The Guardian)
  2. Spambot 711,000,000 records lost (The Guardian)
  3. Equifax 143,000,000 records lost (CBC News)
  4. Malaysian Mobile Phone Numbers 46,200,000 records lost (Lowyat)
  5. AI.Type 31,000,000 records lost (ZD Net)

2016
  1. Yahoo 500,000,000 records lost (CNBC)
  2. Friend Finder Network 412,000,000 records lost (ZD Net)
  3. Uber 57,600,000 records lost (New York Times)
  4. Morgan Stanley 15,000,000 records lost (Reuters)
  5. MySpace 427,000,000 records lost (Vice)

2015
  1. Deep Root Analytics 198,000,000 records lost (Reuters)
  2. Experian/T-mobile 15,000,000 records lost (T-Mobile)
  3. Anthem 80,000,000 records lost (New York Times)
  4. Securus Technologies 70,000,000 records lost (The Intercept)
  5. US Office of Personnel Management 14,000,000 records lost (BBC)

2014
  1. eBay 145,000,000 records lost (Business Insider)
  2. JPMorgan Chase 83,000,000 records lost (New York Times)
  3. The Home Depot 56,000,000 records lost (Krebs on Security)
  4. Korea Credit Bureau 20,000,000 records lost (Security Week)
  5. Sony Pictures 10,000,000 records lost (BuzzFeed News)

2013
  1. Yahoo 3,000,000,000 records lost (BBC)
  2. Court Ventures 200,000,000 records lost (Krebs on Security)
  3. Multiple American Businesses 160,000,000 records lost (Technology Review)
  4. Target 70,000,000 records lost (USA Today)
  5. Excellus Health Plan 9,300,000 records lost (USA Today)

2012
  1. Zappos 24,000,000 records lost (Forbes)
  2. KT Corp 8,700,000 records lost (Korea Times)
  3. South Carolina State Department of Revenue 3,987,000 records lost (InfoWorld)
  4. Three Iranian Banks 3,000,000 records lost (DataBreachToday)
  5. Apple 1,000,000 records lost (CNET)

2011
  1. Sony PSN 77,000,000 records lost (Playstation Blog)
  2. Steam 35,000,000 records lost (BBC)
  3. Nexon Korea Corp 13,000,000 records lost (Reuters)
  4. The New York City Health and Hospitals Corp 1,700,000 records lost (InfoRiskToday)
  5. The Washington Post 1,270,000 records lost (PC Mag)

2010
  1. Educational Credit Management Corp 3,300,000 records lost (MPR News)
  2. Gawker 1,500,000 records lost (The Guardian)
  3. Ohio State University 760,000 records lost (The Lantern)
  4. Lincoln Medical and Mental Health Center 130,000 records lost (The New York Times)

The Increasing Threat of Data Breaches

Data breach incidents continue to rise year after year.

But security practices, education, and regulatory guidance move much slower than technology. This makes it difficult for businesses to keep up with the fast pace of cybercriminals and bad actors.

Data suggests that more and more businesses are reporting falling victim to a data leak or other cybercrimes impacting consumer personal data:

  • 82% of data breaches include information stored in digital ‘clouds.’ (IBM)
  • In the U.S., in 2024, data breaches cost businesses $4.88 million on average (IBM)
  • The most common type of data breach in 2023 involved compromising sensitive personal information. (ID Theft Center Annual Data Breach Report)

Most breaches in the 2010s concerned medical centers, government departments, and large corporations.

Today, businesses of all sizes and even individuals regularly face cyberthreats.

According to the Identity Theft Resource Center’s 2025 Data Breach Report, 81% of small businesses reported experienced a breach.

Many of these attacks were allegedly fueled by AI-powered attacks.

Plus, according to recent data privacy statistics, consumers demand increased efforts to protect their personal information.

The data is clear, all businesses should take data security seriously to prevent unauthorized access, cybercrimes, and data breaches from occurring.

I suggest businesses use this massive list of data breach examples as a warning; technology has progressed, and data breaches are increasingly widespread.

If you don’t have adequate security measures, you may become the target of malicious cyber attacks, jeopardizing the safety of the personal data you collect.

Implement privacy protocols for your organization now to ensure your employees understand the importance of security and why they need to play a role in protecting data.

Our Methodology: How We Made This List

To make this list, our team has researched and compiled instances of massive data breaches from various sources. We review and update the sources regularly.

The lists are organized from the most impacted individuals to the fewest, and it accounts for data breaches that occur around the world.

While many historical data breach incidents appear in this list, it is not a representative of all data breaches that have occurred throughout all of time.

Natasha Piirainen
More about the author

Written by Natasha Piirainen

Natasha Piirainen is a Content Specialist with a Bachelor’s Degree in English and Philosophy from Wheaton College and over 10 years of professional experience in research-driven content development.

More about the author
Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Reviewed by Masha Komnenic CIPP/E, CIPM, CIPT, FIP Director of Global Privacy

privacy-policy-template-preview-from-generator-with-check

Generate a FREE Privacy Policy

Outline your data security measures in a comprehensive privacy policy.
Create a Privacy Policy

Related Articles

  1. Cookie-Consent-for-AI-Startups-and-Companies-01
    Cookie Consent for AI Startups & Companies
    Articles

    February 20, 2026
    Natasha Piirainen
  2. 8-Most-Common-Third-Party-Services-on-Websites-and-Their-Privacy-Risks-01
    8 Most Common Third-Party Services on Websites and Their Privacy Risks
    Articles

    February 20, 2026
    Hanna De La Garza
  3. Privacy-Policy-for-Auto-Dealerships-01
    Privacy Policy for Auto Dealerships: How To Create One
    Articles

    February 20, 2026
    Natasha Piirainen
  4. Termly-Rolls-Out-2-Bulk-Website-Management-Features-01
    Termly Rolls Out 2 New Bulk Website Management Features
    Articles

    February 11, 2026
    Natasha Piirainen
  5. Best-WordPress-Consent-Plugins-Compared-2026-01
    5 Best WordPress Consent Plugins Compared 2026
    Comparisons

    February 6, 2026
    Ali Talip Pınarbaşı, CIPP/E, & LLM
  6. Privacy-Policy-for-AI-Startups-and-Companies-01
    Privacy Policy for AI Startups and Companies
    Articles

    February 6, 2026
    Natasha Piirainen
  7. Cookie-Consent-for-WordPress-01
    Cookie Consent for WordPress
    Resources

    January 27, 2026
    Hanna De La Garza
  8. Data-Privacy-Laws-and-Regulations-Guide-for-2026-01
    Data Privacy Laws & Regulations Guide for 2026
    Articles

    January 27, 2026
    Natasha Piirainen
  9. Privacy-Policy-for-Facebook-Ads-01
    Privacy Policy for Facebook Ads: How To Create One
    Articles

    December 19, 2025
    Natasha Piirainen

Explore more resources

Enter Your Website URL

In order to help you create a cookie solution that is GDPR and Cookie Law compliant, we must first scan your website for cookies.