10 Major Data Breach Incidents in the last 5 years
1. Graff (November 2021)
The British multinational Jeweller, Gaff, has fallen victim of a ransomware attack by the Russian cybercriminal group, Conti. Conti managed to steal the data of 1.1 million records (names, addresses, invoices, receipts, and credit notes) and threatened to publish them to the dark web unless a ransom of 10 million pounds was paid.
Some of the high-profile customers reportedly impacted by this breach include:
- Donald Trump
- David Beckham
- Oprah Winfrey
- Alec Baldwin
- Sir Philip Green
- Ghislaine Maxwell
- Saudi Crown Prince Mohammed bin Salman
- Sheikh Mohammed bin Rashid Al Maktoum
2. Twitch (October 2021)
Twitch, an Amazon owned company suffered a data breach which compromised the information of 7 million users. The security vulnerability that made the breach possible was a server configuration change permitting unauthorized access by third parties.
The data compromised included:
- Twitch’s source code
- Three years of payout reports for creators
- All of Twitch’s properties
- Code related to proprietary SDKs and internal AWS services used by Twitch
- The identity of an unreleased steam competitor from Amazon Game Studios – “Vapor”
- Twitch’s internal ‘red teaming tools’, used by internal security teams for cyberattack training exercises.
3. LinkedIn (June 2021)
Personal data of 700 million LinkedIn users was posted for sale in a Dark Web forum on June 2021. This exposure impacted 92% of the total LinkedIn user base of 756 million users.
The exposed data included:
- Phone numbers
- Geolocation records
- LinkedIn username and profile URLs
- Personal and professional experience
- Other social media accounts and details
4. Pixlr (January 2021)
Photo editor Pixlr had its database of 1.9 million users breached and ready to be sold to the Dark Web.
The breached data included:
5. EasyJet (May 2020)
Easyjet suffered a major data breach of its 9 million customers.
Data exposed included:
- Travel details
- Credit card information of 2.208 customers
6. Zoom (April 2020)
During the pandemic peak back in April 2020, Zoom suffered a data breach which compromised the log in details of 500.000 users. Hackers published and sold the information on the dark web.
7. Marriott Hotels (March 2020-November 2018)
Marriott Hotels had fallen victim of a hacker attack twice within two years. The first attack happened in November 2018 and compromised the information of 500 million guests
The information that was exposed included:
- Contact information
- Passport number
- Travel information
Marriott believes that financial information such as credit and debit card numbers, and expiration dates of more than 100 million customers were stolen, although the company is uncertain whether the attackers were able to decrypt the credit card numbers.
In March 2020, the company announced that records of 5.2 million guests were yet again compromised.
It is believed that the following guest records were compromised:
- Email address
- Mail addresses
- Phone numbers
- Company names
- Birth dates
- Accommodation preferences
- Language preferences
- Linked airline loyalty programs and numbers
8. Facebook (April 2019)
In April 2019 over 533 million users’ facebook activity was exposed to the dark web for free.
The data exposed included:
- Account names
- FB IDs
9. Twitter (May 2018)
Twitter announced that a glitch that stored passwords unmasked in an internal log, making all user passwords accessible to the internal network. Twitter asked its 330 million users to change their passwords but the company said it fixed the bug and that there was no indication of a breach or misuse, but encouraged the password update as a precaution.
10. Yahoo (October 2017)
In October 2017 Yahoo announced that an estimate of 3 billion user accounts were compromised since August 2013 when Yahoo suffered a major hacker attack. Security questions and answers were exposed and Yahoo urged its users to change their passwords.