Skip to content
All topics

Data Breaches

How the largest data breaches in history happened — the intrusions, the exposed records, and the fallout for millions of people.

  1. 01

    Equifax: The Unpatched Server That Bared a Nation

    The Equifax breach exploited one unpatched Apache Struts server to exfiltrate the credit records of 147 million Americans, nearly half the country.

  2. 02

    Cambridge Analytica: 87 Million Facebook Profiles

    A personality quiz harvested 87 million Facebook profiles that Cambridge Analytica used to micro-target voters in Brexit and the 2016 US election.

  3. 03

    Target 2013: The Breach That Walked In Through HVAC

    Target's 2013 breach exposed 40 million payment cards after attackers slipped in through an HVAC contractor's vendor login during the holiday rush.

  4. 04

    Ashley Madison: The Affair Site Hacked Into the Open

    In 2015 The Impact Team breached affair site Ashley Madison and, after its ultimatum was ignored, leaked 32 million users onto public torrents.

  5. 05

    Yahoo Breaches: Three Billion Accounts and a Hidden Bill

    The Yahoo breaches compromised three billion accounts across 2013 and 2014, and the delayed disclosure forced Verizon to cut $350 million off its acquisition.

  6. 06

    Capital One Breach: 106 Million Records via SSRF

    In 2019 a former AWS engineer abused a misconfigured WAF to reach Capital One S3 buckets and steal data on 106 million credit-card applicants.

  7. 07

    Marriott: Four Years Inside Starwood's Reservations

    An intelligence-grade intrusion sat undetected inside Starwood's reservation system for four years, surviving a multi-billion-dollar acquisition by Marriott.

  8. 08

    Uber 2016: The Breach Cover-Up That Convicted a CSO

    Uber's 2016 breach exposed 57 million people, then its CSO hid it as a bug-bounty payout, earning the first US criminal conviction of a security chief.

  9. 09

    T-Mobile Breaches: A Carrier That Kept Losing Your Data

    T-Mobile suffered breaches in 2018 through 2023, including a 2021 hack of 54 million customers, making it the case study in serial carrier data loss.

  10. 10

    Anthem Breach: 78.8 Million Health Records Stolen

    In 2015 a nation-state intrusion at health insurer Anthem exposed 78.8 million records, including Social Security numbers, dates of birth and addresses.

  11. 11

    Magecart: The Skimmer Hidden in British Airways

    Twenty-two lines of JavaScript injected into a third-party script harvested credit cards from the British Airways checkout for fifteen days.

  12. 12

    Optus 2022: How One Open API Exposed a Nation

    Australia's second-largest telco lost the personal records of 9.8 million customers — including 1.2 million still-valid passport and driver's license numbers — through an unauthenticated API.

  13. 13

    PSN 2011: The 23-Day Outage That Grew Up Gaming

    Seventy-seven million accounts and a 23-day global outage made the 2011 PSN breach the moment console gaming discovered it was a data-custody business.

  14. 14

    JPMorgan 2014: One Server, 76 Million Households

    The JPMorgan Chase 2014 breach exploited one server missing two-factor auth to expose 76 million households and seed a years-long securities fraud scheme.