Revealed: The 21 biggest data breaches of 2018

Revealed: The 21 biggest data breaches of 2018The incidence of data breaches, hacks, and malware are a common occurrence and most of us hear about it frequently on tech news. Ranging in intensity, the security breaches happen for different reasons including mishandling of data and having a website that lacks advanced security features.

During the year 2018, many prominent organizations faced data breaches that not only compromised the personal data of their users but also affected their reputation and financial standing.

Here, we list down some of the biggest data breaches of this year, ranked by the number of users affected.

21. British Airways – 380K Users Data Stolen

Date: August 21, 2018 – September 5, 2018

A criminal hack took place on the airline’s website and app that affected bookings made by credit cards.

20. Orbitz — 880K Data Breach

Date: January 1, 2016 – December 22, 2017

Personal data such as credit card information, addresses, and phone numbers were stolen when hackers accessed the travel-booking website.

19. SingHealth – 1.5 million user's info leak

Date: May 1, 2015 – July 4, 2018

Hackers coordinated a well-planned attack on the Singapore government’s health database. Apart from getting hold of patient’s medical history and the medicines used, information regarding the health of prime minister of Singapore was specifically targeted.

18. T-Mobile – 2 million data hack

Date: August 20, 2018


Image: Shutterstock

An international group of hackers accessed T-Mobile servers through an API and got hold of personal data and passwords of the users.

17. myPersonality – 4 million

Date: Facebook banned the app in April 2018

The Facebook app mishandled the data of their user by sharing information with ‘third-parties’ with only limited protection.

16. Saks and Lord & Taylor – 5 million

A hacking group announced it had access to credit card information of more than 5 million customers from the Saks and Lord & Taylor database. More details regarding the misdemeanor were never shared with the public.
Related: When Was The Last Time You Googled Yourself? - Infographic

15. SheIn.com – 6.42 million

Date: June 2018

A cyber attack was carried out on the online store that compromised login details of the customers.

14. Cathay Pacific Airways – 9.4 million

Date: March 2018

Passenger data including 860,000 passport numbers, 245,000 Hong Kong identity card numbers, 403 expired credit card numbers, and 27 credit card numbers without card verification value were accessed through unlawful means.

13. Careem – 14 million

Date: January 14, 2018



Hackers gained access to the system that contained sensitive information regarding the customer and drivers of the ride-hailing service.

12. Timehop – 21 million

Date: December 2017 – July 2018

Hackers accessed the cloud computing account of the Timehop website and got hold of personal information including names, email addresses, and phone numbers of the subscribers.

11. Ticketfly – 27 million

Date: End of May 2018

IsHaKdz, the hacker accessed the website and gained access to information about the clients and promoters that utilized Ticketfly’s services.

10. Facebook – 29 million

Date: July 2017 – September 2018



The hackers made use of the vulnerabilities in the Facebook’s code and gained full access to user’s data that included sensitive information such as user’s location, relationship status, devices used and recent searches.

9. Chegg – 40 million

Date: April 29, 2018 – September 19, 2018

Unauthorized access was gained on the company’s database that compromised data of consumers including their name, addresses, and login credentials.

8. GooglePlus – 52.5 million

Date: 2015 – March 2018, November 7, 2018 – November 13, 2018

Wall Street Journal reported that a software glitch caused Google to expose data of over 500,000 users. The company experienced another security breach in November that compromised data of approximately 52.5 million users. After the recurrent hacking incidents, Google announced that it would shut down Google+ for good by April 2019.

7. Cambridge Analytica – 87 million

Date: Occurred in 2015 and revealed in 2018

A Facebook app “This is your digital life” mishandled users information and provided access to third parties including the Cambridge Analytica, a data analytics firm that assisted President Trump in creating targeted ads during his presidential campaign.

According to data by Facebook, 270,000 users use the personality prediction app. However, since Facebook allows data sharing, the app was able to gather data of millions of other users as well.

6. MyHeritage – 92 million

Date: October 26, 2017

Although not much information regarding the hack was disclosed, a company representative admitted that their database of email addresses and passwords was found on a private server.

5. Quora – 100 million

Date: November 2018



A ‘malicious’ third party gained access to the Quora’s system and retrieved account information of user accounts.

4. MyFitnessPal – 150 million

Date: February 2018

Hackers gained access to user-data through illegitimate ways and got hold of confidential account information including addresses and passwords.
Related: What Apple, Amazon, Google, Facebook, Microsoft and Twitter Know About You (Infographic)

3. Exactis – 340 million

Date: June 2018

A security expert found a vulnerability in the publicly accessed server that exposed detailed information of many US citizens. The information compromised included phone numbers, addresses, and personal preferences of the members.

2. Marriott Starwood hotels – 5 million

Date: 2014 – September 2018

Hackers accessed the reservation database of the hotel and copied guest information including phone numbers, email addresses, passport numbers, and even credit card numbers.

1. Aadhar – 1.1 billion users data breach

Date: The breach was discovered in March 2018

Aadhar, the Indian government portal for storing information of its residents and biometric info experienced a leak that gave anyone the access to obtain information from the Aadhar website. The compromised information included names of the Indian residents, their ID card numbers, and bank accounts.

No comments:

Post a Comment