Each of the breaches below has affected millions—sometimes billions—of individuals, underscoring the importance of robust data security measures.

1. Yahoo – 3,000,000,000 Records Lost (2013)

The largest data breach ever recorded took place in 2013 when Yahoo’s systems were compromised. Hackers accessed account information for 3 billion users. Fortunately, the exposed data didn’t include payment details, bank information, or unhashed passwords, but the sheer volume of records lost places this breach at the top of the list.

2. National Public Data (NPD) – 2,900,000,000 Records Lost (2024)

Newly revealed as one of the largest breaches to date, hackers accessed the personal information of nearly 3 billion individuals via the National Public Data repository. Exposed data included Social Security numbers, addresses, birthdates, and more.

3. River City Media – 1,370,000,000 Records Lost (2017)

A misconfigured backup snapshot by spam email operator River City Media led to the accidental leak of over 1.37 billion records, exposing users’ names, IP addresses, and email addresses. While unintentional, it became one of the most significant data breaches ever recorded.

4. Aadhaar – 1,100,000,000 Records Lost (2018)

India’s biometric database, Aadhaar, suffered a major security breach in 2018 due to a leak at a utility organization. The breach compromised sensitive data for every registered Indian citizen, including their Aadhaar identity numbers, bank details, and personal information.

5. Indian Council of Medical Research (ICMR) – 815,000,000 Records Lost (2023)

The ICMR faced a catastrophic breach involving COVID-19 testing data for over 815 million individuals. The stolen information was later put up for sale on hacking forums for $80,000, leading to multiple arrests.

6. Spambot – 711,000,000 Records Lost (2017)

A software misconfiguration inadvertently leaked email and password data from Spambot databases. Although many of the 711 million entries were duplicates or fake accounts, the breach represents one of the largest spillovers of compromised information ever recorded.

7. Facebook – 533,000,000 Records Lost (2021)

Hackers exploited a vulnerability in Facebook’s servers to scrape data from 533 million users before it was patched in 2019. The leaked data was posted on a hacking forum and included names, phone numbers, locations, and emails of users across 106 countries.

8. Syniverse – 500,000,000 Records Lost (2021)

Telecommunications company Syniverse disclosed in 2021 that hackers had gained access to its systems and database for several years. Leaked data included sensitive personal information of employees and customers, trade secrets, financial information, and information of suppliers and vendors.

9. Yahoo – 500,000,000 Records Lost (2016)

In a separate 2016 incident, Yahoo suffered another major breach where 500 million user accounts were impacted. The stolen data included users’ names, dates of birth, and security questions, adding to the company’s previous cybersecurity challenges.

10. MySpace – 427,000,000 Records Lost (2016)

Once a major social media platform, MySpace experienced a breach in 2016 where hackers stole over 427 million records, including usernames, emails, and passwords. The compromised credentials were later sold in underground forums, emphasizing the critical need for strong security.