According to the Identity Theft Resource Center’s 2021 Annual Data Breach Report, there were approximately 1,862 cases of data compromises in 2021 in the United States, which is 68% higher than the 2020 figures. These data breaches affected organizations in different industries, such as hospitality, IT, retail, finance, etc. While such data breaches can be unsettling for most, they don’t seem to be stopping anytime soon.
Awareness of past data breaches can help organizations improve their security measures. So, let’s explore the 12 most significant data breaches in the USA that shocked everyone.
Yahoo
It is among the most prominent cyberattacks, affecting all 3 billion Yahoo users. Russian hackers targeted Yahoo’s database and stole users’ names, email addresses, phone numbers, passwords, security questions, etc. Since Yahoo failed to act on time, the company attracted a $35 million fine from the U.S. Securities and Exchange Commission and multiple class-action lawsuits.
Real Estate Wealth Network
The end of 2023 witnessed one of the most significant data leaks in the history of the US.
According to Jeremiah Fowler, a cybersecurity expert, a massive Real Estate Wealth Network dataset was left accessible to the public because of poor encryption. This database totaled 1.16 TB and contained more than 1.5 billion neatly organized records in folders, including property history, buyer and seller information, bankruptcy information, tax IDs, mortgage information, and more.
The leaked information also contained details on leading politicians and celebrities like Nancy Pelosi, Kylie Jenner, Britney Spears, and many more.
First American Financial Corp
First American Financial Corp, the country’s leading title insurance provider, was a victim of a massive data leak in 2019. Its website design error allowed anyone to access its users’ private information without verification. The leak exposed 885 million file records that stored customers’ sensitive information, like bank account numbers, mortgage records, tax documents, social security numbers, etc. This leak left all customers vulnerable to potential financial threats.
Cambridge Analytica
Considered one of the most high-profile cases of data breaches in US history, Cambridge Analytica quickly became the most talked-about topic globally. Cambridge Analytica is a British consulting firm that stole 50-87 million user account details from Facebook. This is significant because the firm sold psychological profiles of American voters to influence political campaigns and violated American election law. Facebook faced numerous actions for this blunder and paid a $5 billion fine as a final FTC settlement.
Adobe
Adobe, a leading software company, faced the worst data breach in 2013 because of network vulnerabilities. The cyberattack exposed user details of approximately 38 million active accountholders on the dark web. The stolen details include the user’s Adobe IDs and passwords, product source codes, credit-debit card information, and full names. It exposed the affected individuals to potential financial threats.
Equifax
Equifax, one of U.S’s leading credit reporting companies, faced heavy backlash when it announced that the personal information of over 140 million users had been stolen from its network. The breach occurred due to Equifax’s poor network security and segmentation. While Equifax was aware of critical faults in its cybersecurity infrastructure, it failed to address them promptly. As a result, people’s sensitive information, like social security numbers, credit card information, driver’s license numbers, and email addresses, became publicly accessible, making them potential victims of scammers.
Target
Retail giant Target became the biggest data breach victim in 2013 because of third-party vulnerabilities. This major data breach helped cybercriminals steal over 40 million debit/credit card records of Target customers, risking their financial standing. It also caused significant economic losses to Target, paying $18.5 million to settle claims for a multi-state investigation.
Exactis
It is one of the most concerning data breaches in the history of the US because it leaked the behavioral and personal information of almost all US citizens and businesses. This breach exposed 340 million records containing people’s names, email and physical addresses, phone numbers, religious and political affiliations, income, credit rating, education level, etc. Scammers and cybercriminals can easily misuse this leaked data for dangerous social engineering attacks.
Deep Root Analytics
In 2017, the personal information of over 198 million US citizens was leaked on the internet, making it one of the biggest data breaches of the 21st century. This breach was concerning because Deep Root Analytics gathered and stored political information of US population without any password protection on Amazon cloud servers. The breach made all this information accessible on a public network and exposed peoples’ names, physical and email addresses, internet browsing history, voter ID numbers, religion & ethnicity, birthdate, political affiliation, and numerous other crucial data. Political parties could have easily used his data to exploit and manipulate voter behavior.
Progress Software (MOVEit)
A recently conducted data breach incident involved cybercriminals stealing over 1.3 million people’s records from Progress Software’s MOVEit file transfer tool. This breach occurred in May 2023 and affected numerous US corporations. Some of the biggest names affected by this breach include First National Bank, the University of Georgia, the NYC Department of Education, and Johns Hopkins University. This breach collectively caused damages worth billions and even disrupted some organization’s workflow.
Heartland Payment Systems
Heartland Payment Systems encountered one of the biggest data breaches of the early 2000s, exposing over 100 million payment records. Cybercriminals exploited the company’s poor security management and attacked their system via SQL injection. This breach caused irreparable damage to the company, which lost a significant customer base and paid millions in compensation to the affected parties.
Marriott International
Marriott is a top hospitality player with a prominent presence in numerous countries. It shocked people when it announced that cybercriminals had illegally accessed its reservation database. This is one of the most significant data breaches in the hospitality sector, where cybercriminals stole over 500 million guests’ records. The stolen details included visitor names, passport numbers, reservation details, credit card information, phone numbers, home addresses, etc. This breach affected the brand’s reputation and left guests financially vulnerable.
