History Of Major Data Breaches In The U.S. (Updated June 2020)

To sustain this free service, we receive affiliate commissions via some of our links. This doesn’t affect rankings. Our review process.

Person's hand with credit card: The Latest Data Breach NewsFrom government organizations to major retailers, headlines about data breaches seem to be the new norm. Hackers continue to put millions of consumers at risk. If you’re reading this, you’ve most likely experienced an attack at some point.

Important Update For COVID-19

In April 2020, the Treasury Department announced automatic economic payments to taxpayers as part of the stimulus bill for Coronavirus (COVID-19) relief. The Internal Revenue System (IRS) is urging Americans to stay on the lookout for phishing scams related to these distributions.

Phrases like “stimulus check” or “stimulus payment” are warning flags (the correct phrase is “economic impact payment”). Also, the IRS will not be calling to verify financial information. Visit the official website to find out if you are eligible and how your funds will be sent to you (via direct deposit or check). And if you suspect potential fraud, report it to the Federal Trade Commission (FTC).

Article Overview

Since 2012, we’ve monitored security breach breaking news and tracked those having the biggest impact on Americans. Remember the big Target breach from 2013? That seems like ages ago with 10,000+ violations in the U.S. since January 2018 alone, resulting in 10.7 billion exposed records1. That makes Target’s 40-70 million affected customers seem like peanuts in comparison.

Where Are Most Data Breaches Happening In The U.S.?

Ironically, California, home to Silicon Valley, suffers the worst magnitude and frequency of breaches (double the next hardest-hit states: New York, Texas and Florida). On the flip side, the Dakotas, Wyoming and West Virginia remain relatively in the clear with the fewest breaches (under 30 total).1

What Is The Best Way To Protect Yourself From Data Breaches?

Man on computer in the dark: What is the Best Identity Theft Protection?Identity theft can happen even to the most cautious of us. As you can see from the list of security breaches below, millions of people have had their personal information stolen. And in most security breaches, the hacked company offered affected customers an identity theft protection service. But that’s not as helpful when your information was already compromised.

Read our comprehensive guide on preventing identity theft

We also recommend Dashlane to generate extra difficult to guess passwords. Dashlane also safely stores passwords, credit card info and other sensitive data.

Recent Security Breaches (By Year)

Trying to keep up with all the latest security breach news and which companies have been affected can be overwhelming. We’ve put together this comprehensive guide to help you stay on top of what’s happening with the latest security breaches.

These recent credit card and data breaches are listed in chronological order of when the happened. Let us know in the comments if we missed any major events.

2020: Minted | Bank Of America | Home Chef | GoDaddy | Zoom | Marriott | T-Mobile | J.Crew | Carnival Cruise Lines | Walgreens | MGM
2019: Zynga | Wawa | FacebookVerizon | Web.com | CenturyLinkDoorDash |State Farm| Poshmark | CafePress | Capital OneQuest Diagnostics | Earl Enterprises| FEMA | Facebook

2018: Quora |Marriott |HSBC |Facebook | Macy’s Adidas |Chili’s|Panera Bread| Saks and Lord & Taylor | MyFitnessPal
2017: Uber | Verizon | Equifax
2016: Democratic National Committee | Yahoo
2015: Scottrade | Experian | Ashley Madison | OPM | Anthem
2014: JPMorgan Chase |Home Depot
2013: Neiman-Marcus | Target | Adobe

2020 Security Breaches

Minted

When It Happened: On May 5, 2020, the database was breached. It was investigated in mid-May 2020 and announced in early June 2020.
Who It Affected: Approximately 5 million customers, a digital marketplace for sending cards, announcements and invitations.
What Was Compromised: Customer names, email addresses, hashed passwords, phone numbers, billing and shipping address. There is no indication that credit card information, user’s photos or address books were accessed.
Resolution: All Minted customers are encouraged to reset their passwords regardless of their account impact. The company also set up a hotline to answer questions about the breach.

Bank Of America

When It Happened: Took place April 22, 2020, and was announced on May 27, 2020.
Who It Affected: A “small number” of Bank Of America’s 305,000 Paycheck Protection Program (PPP) applicants (Coronavirus Aid, Relief, and Economic Security Act’s business loan program).
What Was Compromised: Business names, addresses, tax ID numbers, business owner’s addresses, phone numbers, email addresses, and citizenship status. There is no indication that the information was misused or that the data is visible to the public or other applicants.
Resolution: Bank Of America (BOA) and the Small Business Administration (SBA) removed the exposed data from their databases and launched an investigation to find how the breach occurred. BOA is offering affected clients two years free access to Experian’s identity theft protection program.

Home Chef

When It Happened: Discovered and announced in late May 2020.
Who It Affected: 8 million customers (this is not all of their customers).
What Was Compromised: Names, email addresses, phone numbers, scrambled passwords, mailing addresses and last four digits of credit cards.
Resolution: Home Chef notified affected customers.

GoDaddy

When It Happened: Announced early May 2020, but the breach started in October 2019.
Who It Affected: 24,000 of the 19 million GoDaddy users.
What Was Compromised: Usernames and passwords.
Resolution: GoDaddy has reset passwords for impacted customers to prevent further access.

Zoom

When It Happened: In April 2020, several security vulnerabilities were discovered in the popular video conferencing software.
Who It Affected: Over 500,000 Zoom user account data was sold on the dark web. Also, reports of Zoom “bombers” (uninvited meeting guests) and exposed (not encrypted) video recordings leaked.
What Was Compromised: Email addresses, password, personal meeting URLs and more.
Resolution: Announced on April 8, 2020, Zoom added several features to enhance the security for hosts. This includes a “security” icon in the meeting control, offering the ability to lock participants or restrict screen sharing (see video below). By default, the service now requires meeting passwords and a Waiting Room function, preventing unwanted users from entering a meeting. Further, Zoom no longer displays the meeting ID on the title toolbar to avoid hacking.

Marriott

When It Happened: The breach happened between mid-January and February 2020 and was announced on March 31, 2020.
Who It Affected: 5 million worldwide customers.
What Was Compromised: Names, birth date, mailing address, email address, phone numbers, loyalty number and more.
Resolution: Marriott sent notifications to impacted guests and disabled credentials. The company is also investigating with authorities and has set up a website with more details.

T-Mobile

When It Happened: T-Mobile released a statement on March 5, 2020, but they did not say when the breach actually occurred.
Who It Affected: T-Mobile employees’ email accounts (and some of its customers).
What Was Compromised: Names, addresses, social security numbers, financial information, government identification numbers, phone numbers, billing and account information, rate plans and features.
Resolution: T-Mobile has notified impacted customers and is offering them free credit monitoring and identity theft detection services via TransUnion. They are also encouraging all customers to update their personal identification numbers (PINs) on their accounts by dialing 611 from their T-Mobile phone.

J.Crew

When It Happened: The hack took place in April 2019 and was made public March 4, 2020.
Who It Affected: Online shoppers of J.Crew, J.Crew Factory and Madewell.
What Was Compromised: Last four digits of credit card numbers stored in accounts, credit card expiration dates, card types, billing addresses, order numbers, shipping confirmation numbers and shipping status.
Resolution: A notice of the data breach was sent to affected customers. The company disabled impacted accounts and asked those users to contact J.Crew customer care to reset their passwords.

Carnival Cruise Lines

Carnival Cruise Lines boat in ocean with people swimmingWhen It Happened: Between April 11 and July 23, 2019. Suspicious activity was detected in late May 2019, and the announcement occurred on March 4, 2020.
Who It Affected: Employees and guests of Carnival Cruise lines. We don’t know yet how many people were impacted, but the company employs around 100,000 people shipboard and has an estimated 325,000 daily passengers.
What Was Compromised: Depending on the guest, hackers accessed customer names, addresses, social security numbers, government identification numbers (passport number or driver’s license number), credit card/financial data and health-related information.
Resolution: Upon identifying the threat, Carnival Corporation engaged with cybersecurity forensic experts and initiated an investigation to determine what happened, who was impacted and what data was affected.

Walgreens

When It Happened: The error was first discovered in January 2020, and it was reported to the public in late February 2020.
Who It Affected: Users of Walgreens mobile app’s messaging feature. The exact number is unclear, but they believe it was a small percentage of customers.
What Was Compromised: Health-related data, including names, prescription numbers, shipping addresses and store numbers. No financial data was exposed.
Resolution: Upon discovery, Walgreens temporarily disabled message viewing to prevent further exposure. They also implemented a technical correction that resolved the issue.

MGM

When It Happened: The breach took place in the summer of 2019 and was made public on February 19, 2020.
Who It Affected: More than 10.6 million users who stayed at MGM Resort hotels, including celebrity, tech CEOs, reporters, government officials and other notable guests.
What Was Compromised: Full names, home addresses, phone numbers, emails and dates of birth. No financial/payment information or password data.
Resolution: The hotel chain notified all impacted guests and hired two cybersecurity firms to investigate.

2019 Security Breaches

Zynga

When It Happened: September 2019 and announced in December 2019.
Who It Affected: 172-218 million users of the popular gaming developer (Words With Friends, Farmville, etc.).
What Was Compromised: Email addresses, usernames and passwords.
Resolution: None yet. But, if you have played one of Zynga’s games on your phone or via Facebook, we recommend to reset your user data with a unique and strong password.

Wawa

When It Happened: Between March 4 and April 22, 2019. The breach was discovered December 10th and announced on December 19, 2019.
Who It Affected: The breach impacted 30 million customers and occurred at all of its 850+ locations.
What Was Compromised: Credit and debit card numbers, expiration dates and cardholder names.
Resolution: If you may have shopped at a Wawa during the breach, monitor your credit or debit card for any unusual activity. Wawa is also offering one year of free credit monitoring to those affected.

Facebook

Facebook homepage screenWhen It Happened: A large, unprotected file of Facebook user data was discovered on a hacker forum on December 12th. On December 14th, Facebook contacted the database’s host ISP (internet service provider). They eliminated it from the site on December 19th.
Who It Affected: 267 million Facebook users.
What Was Compromised: Names, phone numbers, and user IDs.
Resolution: None has been announced yet.

Update Your Facebook Privacy Settings

We recommend that social media users cultivate more control over how their profile information is shown to others by fine-tuning their account privacy settings.

  • Go to “Settings and Privacy.”
  • Then go to “Privacy Shortcuts” and click “See more privacy settings.”
  • Set most (if not all) fields to Only me or Friends
  • And select No under “Do you want search engines outside of Facebook to link to your profile.”

Verizon

When It Happened: It was discovered in early November 2019 and reported at the end of the same month. The company did not disclose the length of exposure time.
Who It Affected: 1 million pre-paid customer records (less than 1% of their 75 million users).
What Was Compromised: User names, billing addresses, phone numbers, account numbers and plan information. No financial information, social security numbers or passwords were exposed.
Resolution: Nothing has been shared yet about how the company will resolve the matter.

Web.com

When It Happened: Web.com, the parent company to Network Solutions and Register.com, says they became aware of the breach on October 16, 2019, but the break took place in late August 2019.
Who It Affected: Roughly 2.2 million customer records.
What Was Compromised: Names, email addresses, phone numbers and services used by the customer.
Resolution: The incident was reported to law enforcement, and an outside security agency will contact impacted customers. All users are encouraged to change their passwords.

CenturyLink

When It Happened: CenturyLink first learned about the breach on September 15, 2019, but didn’t announce it in late-October 2019. The breach happened over 10 months.
Who It Affected: 2.8 million customer records.
What Was Compromised: Names, email addresses, phone numbers, physical addresses, CenturyLink account numbers, notification logs and conversation logs.
Resolution: The company says they are conducting a thorough investigation of the incident and are communicating with customers (our own team member who is also a customer received their email).

DoorDash

When It Happened: Announced in late-September 2019.
Who It Affected: 4.9 users and merchants who joined on or before April 5, 2018.
What Was Compromised: Profile information including names, emails, delivery address, order history, phone number and hashed passwords. Some credit card info (last four digits only).
Resolution: The company says they’ve added additional security layers around their data, improved security protocols and brought in outside expertise to help prevent future threats. They also encourage users to reset their passwords.

State Farm

When It Happened: August 2019.
Who It Affected: Have not disclosed how many people were impacted.
What Was Compromised: State Farm usernames and passwords (from another company’s data breach) to gain access to accounts.
Resolution: The company has reset passwords for accounts whose login credentials were compromised.

Poshmark

When It Happened: August 2019.
Who It Affected: Did not disclose, but they have more than 50 million users.
What Was Compromised: Names, usernames, genders, city data, email addresses, size preferences and scrambled passwords.
Resolution: The company retained outside forensics to investigate and rolled out enhanced security measures.

CafePress

When It Happened: Between February and August 2019.
Who It Affected: Over 23.2 million accounts were exposed.
What Was Compromised:  Email addresses, phone numbers and hashed passwords.
Resolution: The company has sent out password resets and updated its password policy.

Capital One Financial Corporation

When It Happened: Between March 22-23, 2019, and includes data from as far back as 2005. Announced July 29, 2019.
Who It Affected: 100 million Capital One customers and credit card applicants.
What Was Compromised: 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers, 80,000 bank account numbers, people’s full names, addresses, phone numbers, birth dates, email, income, credit scores and more.
Resolution: The company has fixed the vulnerability and is investigating the incident. Capital One will notify people affected by the breach and will offer free credit monitoring and identity protection.
Additional Notes: Although the records were exposed, Capital One says it’s “unlikely that the information was used for fraud or disseminated by this individual.”

Quest Diagnostics

When It Happened: Between August 1, 2018 and March 30, 2019.
Who It Affected: 11.9 million patients.
What Was Compromised: Certain medical and financial information and social security numbers.
Resolution: Patients were notified and an investigation was opened to look into what happened.

Earl Enterprises

When It Happened: Between May 2018 and March 2019.
Who It Affected: 100 locations of their restaurants including Buca di Beppo, Planet Hollywood, Earl of Sandwich, Chicken Guy!, Mixology, and Tequila Taqueria. Online orders were not impacted.
What Was Compromised: It’s reported that more than 2 million credit cards were compromised and being sold on the dark web.
Resolution: The company has since launched a website for customers to check if the location they visited was impacted.

FEMA

When It Happened: On March 22, 2019, the Federal Emergency Management Agency (FEMA) acknowledged that they improperly handled Personal Identifiable Information (PII) with an outside contractor who manages their Transitional Sheltering Assistance Program.
Who It Affected: 2.5 million natural disaster survivors.
What Was Compromised: 1.8 million victims’ banking information and personal addresses revealed and about 725,000 people had just their addresses shared.
Resolution: The Inspector General report told FEMA it needed to take measures to ensure data won’t be shared again with contractors and that the shared data is promptly destroyed.

Facebook

When It Happened: Already exposed 50 million accounts in 2018. Then, in March 2019, Facebook admitted yet another security incident.
Who It Affected: Estimated 200 to 600 million users.
What Was Compromised: Passwords (that Facebook improperly stored on its servers).
Resolution: Facebook notified affected users.

History Of Major Data Breaches Infographic

To see how the various breaches compare, we complied a graphic showing the breadth and depth of each major compromise including a timeline of when each event happened, was announced to the public, who it impacted and the resolution (if any). The results showcase the full scope of this massive concern plaguing society today.

History of Major Data Breaches Infographic

To share this infographic on your site, simply copy and paste the code below:

2018 Security Breaches

Quora

When It Happened: The company announcement came on December 4, 2018. Quora discovered the breach on November 30, 2018.
Who It Affected: Approximately 100 million of its 300 million users.
What Was Compromised: Names, email addresses, encrypted passwords and public content (questions, answers and comments). No sensitive data (credit card, SSN) is collected on the site.
Resolution: Quora is alerting affected users to update their passwords, working rapidly to investigate the situation and taking appropriate steps to prevent future incidents.

Marriott / Starwood Guest Reservation Database

When It Happened: On or before September 10, 2018. Announcement did not happen until November 30, 2018.
Who It Affected: As many as 500 million guests from Marriott International hotel properties (Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Meridien, Tribute, Design Hotels, Elements and the Luxury Collection). Breached data may go back to 2014.
What Was Compromised: Names, addresses, dates of birth, passport numbers, email addresses, phone numbers, encrypted credit-cards.
Resolution: Marriott has a dedicated website and call center to deal with questions and has notified legal and regulatory authorities. The company is also attempting to reach out to affected customers and offer them one year of free web watcher service that monitors sites where hackers swap and sell stolen personal information.

HSBC

When It Happened: Between October 4-14, 2018.
Who It Affected: Fewer than 1% of the firms’ U.S. clients.
What Was Compromised: Full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history.
Resolution: HSBC sent notifications to those who were compromised and offered them one year of free credit monitoring and identity theft protection.

Facebook

When It Happened: September 28, 2018, Facebook announced it learned of an attack on its computer network.
Who It Affected: First updated that 50 million of its users were impacted but later reduced the number to 30 million.
What Was Compromised: Hackers took over users accounts gaining access to their names, email addresses and phone numbers.
Resolution: Facebook fixed the vulnerability and notified law enforcement officials. They also logged 90 million users out of their accounts, forcing them to log back in, a solid safety measure for compromised accounts.

We also recommend that you are proactive and change your passwords (make sure they are secure!) for Facebook, Instagram and WhatsApp (all owned by Facebook).

Macy’s

When It Happened: In the Summer of 2018, Macy’s informed customers of a two-month data breach that happened between April 26th and June 12th.
Who It Affected: Online customers of Macys.com and Bloomingdales.com (they didn’t specify how many but said it was a “small number of customers.”)
What Was Compromised: Login details, including usernames and passwords which could mean full names, addresses, birthday, phone numbers, email address and credit card numbers and expiration (no security codes were stored).
Resolution: Macy’s has contacted and is providing consumer protection services for customers who were potentially impacted.

Adidas

Adidas storefrontWhen It Happened: On June 28, 2018, Adidas says it became aware of a potential security breach that happened on June 26th.
Who It Affected: A “few million” consumers.
What Was Compromised: Names, usernames and encrypted password (no credit card or fitness information).
Resolution: Began taking steps to alert relevant consumers and is working with data firms and law enforcement to investigate the issue.

Chili’s

When It Happened: On May 11, 2018, Chili’s parent company Brinker learned about a data breach which happened between March and April 2018.
Who It Affected: Customers who dined in certain restaurants (as of May they haven’t identified which of their 1,600 locations or how many people it affected).
What Was Compromised: Credit card information and names from payment systems.
Resolution: They are working with law enforcement officials to investigate the issue. The company also said they are working to provide credit monitoring services for customers who may have had their data stolen.

Panera Bread

When It Happened: On April 3, 2018, it was reported that customer information may have been compromised on Panera Bread’s website for eight months.
Who It Affected: 37 million customers who signed up to order food via PaneraBread.com.
What Was Compromised: Names, email addresses, phone numbers, physical addresses, birthdays, ordering habits, food preferences, last four digits of payment card numbers.
Resolution: The data has been removed from Panera’s website. The investigation is still ongoing and Panera has yet to release a formal statement on the matter.

Saks And Lord & Taylor

When It Happened: Saks Fifth Avenue became aware of a security issue on April 1, 2018
Who It Affected: More than 5 million Saks Fifth Avenue and Lord & Taylor customers in North America
What Was Compromised: Hackers staged an attack to steal debit and credit card information but it is not confirmed if such a breach took place.
Resolution: The company has looked into and taken steps to contain the issue and believes there is no risk to shoppers.

MyFitnessPal App By Under Armour

When It Happened: Under Armor was notified on March 25, 2018, that the breach took place during February of 2018
Who It Affected: Approximately 150 million user accounts
What Was Compromised: Usernames, email addresses, and passwords with the hashtag function called bcrypt used to secure passwords.
Resolution: Under Armour is requiring all MyFitnessPal users to change their password and update any accounts which use similar passwords to the app. They are also encouraging users to monitor suspicious activity and are working with law enforcement officials and a data security firm to investigate the breach.

2017 Security Breaches

Verizon Data Breach

When It Happened: July 2017
Who It Affected: 6 million confirmed, but could be as many as 14 million Verizon subscribers.
What Was Compromised: Log files that were generated when Verizon customers called customer support. Each file includes the customer’s name, email address, phone number and PIN associated with their account. With this information, some experts say that online accounts could be logged into, allowing access to phones and social media accounts.
Resolution: Verizon customers were encouraged to change their passwords immediately and be aware of any phishing emails or scammy phone calls requesting personal information to verify identity (like zip code).

Equifax Data Breach

When It Happened: Mid-May to July 2017, caught by Equifax July 29, 2017, and announced to public September 7, 2017.
Who It Affected: Around 147 million Americans and some Canadians. (March 1, 2018, they announced that an additional 2.4 million Americans were impacted).
What Was Compromised: Social Security numbers, birth dates, addresses, email addresses and some driver’s license and credit card numbers
Resolution: They set up a website for users to check if they were impacted and are working with a independent cybersecurity firm to conduct an assessment and provide recommendations on prevention from future hackings. Read more about Equifax.

Why You Should Get Identity Theft Protection

Uber Data Breach

Uber App on iPhone ScreenWhen It Happened: Late 2016, announced fall 2017 (Uber executives knew about the breach for over a year and paid $100,000 in ransom to keep it secret from the public)
Who It Affected: 57 million rider and driver accounts
What Was Compromised: The names and driver’s license numbers of around 600,000 drivers in the United States and other personal information including email addresses, names and mobile phone numbers of riders and drivers around the world. They do not believe that social security numbers, credit card or bank info or dates of birth were compromised.
Resolution: According to Uber’s website, they do not feel that further action is needed since there has been no fraud or misuse tied to the incident. They are continuing to monitor the situation and encourage users to change passwords and report any unusual activity. But in 2018 it was reported that they will pay $148 million to settle claims.

2016 Security Breaches

Democratic National Committee

In June 2016, the Democratic National Committee’s (DNC) entire database was hacked by the Russian government. The hackers gained access to the DNC’s computer network which gave them access to the research database for the Republican presidential candidate, Donald Trump. However, according to the DNC no financial, donor or personal information appears to have been stolen. The breach was purely for espionage and consumer data is at risk.

2015 Security Breaches

T-Mobile Data Breach

When It Happened: Between Sept. 1, 2013 and Sept. 16, 2015 and again in 2018
Who It Affected: Potentially exposed personal information of 15 million customers and potential customers (the 2018 breach was approximately 2.3 million customers)
What Was Compromised: Social Security numbers and birthdays of those who might have applied for T-Mobile cell service.
Resolution: Two years of free credit monitoring and identity protection

Which Is The Best Identity Theft Protection Provider?

Ashley Madison Data Breach

When It Happened: July 2015
Who It Affected: Users of a Ashley Madison, a commercial website that enables extramarital affairs
What Was Compromised: Hackers obtained 60 gigabytes of personal information and threatened to publicly share the names of users unless Ashley Madison agreed to shut down its site
Resolution: Those users whose details were exposed are filing a $567 million class-action lawsuit against the parent company of Ashley Madison

Office of Personnel Management Breach

When It Happened: April – June 2015
Who It Affected: 21.5 million federal employees
What Was Compromised: Social Security numbers, names, dates and places of birth, email addresses, mailing addresses as well as security clearance info.
Resolution: Employees and dependent minor children who were under the age of 18 as of July 1, 2015 were offered credit and identity monitoring, identity theft insurance, and identity restoration services for the next three years through ID Experts

Are you a federal employee? Get more info on OPM’s Cybersecurity.

Equifax PapersAnthem Health Insurance Breach

When It Happened: February 2015
Who It Affected: Originally reported that it was as many as 37.5 million insurance customers but later raised the number to 78.8 million people.
What Was Compromised: Records including Social Security numbers, birthdays, email addresses and physical addresses.
Resolution: AllClear ID identity protection for two years at no cost to customers and in 2018 they reached an agreement with regulators to pay out $16 million to the Department of Health and Human Services.

2014 Security Breaches

Yahoo Data Breach

Yahoo HomepageWhen It Happened: 2013 and again in late 2014 (both announced in 2016)
Who It Affected: 3 billion in 2013 and 500 million user accounts in 2014
What Was Compromised: Names, email addresses, telephone numbers, dates of birth, user names, hashed passwords and encrypted or unencrypted security questions and answers.
Resolution: Encouraged customers to update passwords and security questions and in 2018 it was reported they would pay $50 million in damages as part of the settlement. If you think your Yahoo account was part of the breach, you can visit their settlement site to file a claim.

JPMorgan Chase

When It Happened: September 2014
Who It Affected: 83 million accounts, 76 million households, 7 million small businesses
What Was Compromised: Email and postal addresses, names and phone numbers of account holders.
Resolution: JPMorgan says it spends $250 million a year on online security and intends to double that amount

Learn More About Identity Theft

Home Depot Credit Card Breach

When It Happened: April 2014 – September 2014
Who It Affected: 56 million customers
What Was Compromised: Credit card information and names.
Resolution: Offered the affected customers a free year of identity theft protection from AllClear ID. In 2017 the retailer agreed to pay $25 million for damages they incurred as a result of the breach.

Scottrade Data Breach

When It Happened: Late 2013 and early 2014, announced in October 2015 and again in 2017
Who It Affected: 4.6 million customers (and another 20,000 customers in 2017)
What Was Compromised: Names and street addresses (possibly Social Security numbers, email addresses and other sensitive data). The smaller breach in 2017 exposed credit profiles including SSN, names, addresses, phone numbers and more.
Resolution: Offered customers identity theft protection services

2013 Security Breaches

Target Credit Card Breach

Target Credit Card MachineWhen It Happened: November to December 2013
Who It Affected: About 40 million customer’s credit and debit card information and 70 million customer’s email and addresses.
What Was Compromised: Credit/debit card information, names, addresses, phone numbers and email addresses.
Resolution: Customers who shopped during that time were offered a free year of Protect My ID. In 2017 Target agreed to pay a bulk settlement of $18.5 million to be distributed among 47 state governments and Washington, D.C.

Adobe Systems Data Breach

When It Happened: Announced in October 2013
Who It Affected: At least 38 million Adobe users
What Was Compromised: Credit/debit card records stolen, users’ Adobe IDs and encrypted passwords.
Resolution: Notified users to change passwords and offered a year’s worth of credit monitoring to customers whose encrypted credit card data was stolen in the breach.

Neiman-Marcus Breach

When It Happened: Between July 16 and October 30, 2013 but the investigation is ongoing.
Who It Affected: Originally reported that 1.1 million Neiman-Marcus customers’ credit card info in 77 stores nationwide but the number has since been reduced to roughly 370,000 credit cards were used.
What Was Compromised: Credit/debit card information.
Resolution: Customers affected received one free year of credit monitoring. In January 2019 it was announced that Neiman Marcus will pay $1.5 million to 43 states in a settlement over the breach.

What Happens After A Data Breach?

So, the hackers have your data – now what do they do with it after they “pump and dump” your information from the servers? Find out more about the black market trading and selling of personal information that goes on behind the scenes in this two-minute video from Norton.

Find out if you’ve been breached at www.haveibeenpwned.com. You can also learn more tips on how to protect yourself in our cybersecurity tips article.

How have you been affected by a security breach?

Sources: [1] Comparitech

About The Author:

Sadie has a bachelor’s in communications and minor in business from the University of Texas at Austin. She has been writing about, researching and a user of security and smart home technology since 2012. As an early adapter and avid user of gadgets, she’s not only well-versed in how to use them but also passionate about helping others integrate them into their lives and homes.

Having lived in various urban neighborhoods in major cities like Dallas, Austin, Winston-Salem and currently Washington DC, Sadie has experienced her share of property crimes over the years; from car break-ins to stolen bikes. As a result, she’s extra cautious when it comes to protecting herself and her property.

Sadie attends conferences, events and webinars to stay up-to-date on cybersecurity and technology. She loves traveling the world and is a self-proclaimed Apple junkie.

Disclaimer: This website contains reviews, opinions and information regarding products and services manufactured or provided by third parties. We are not responsible in any way for such products and services, and nothing contained here should be construed as a guarantee of the functionality, utility, safety or reliability of any product or services reviewed or discussed. Please follow the directions provided by the manufacturer or service provider when using any product or service reviewed or discussed on this website.

Subscribe
Notify of
6 Comments
Newest
Oldest Most voted
Inline Feedbacks
View all comments
Janet
May 13, 2020 3:36 pm

Wow – we are barely 5 months into the year and already have 8+ data breaches! What is this world coming to? Can’t anyone provide better protection for consumers?

LindaJoyAdams
May 12, 2020 7:40 pm

I do not use my visa debit card….as they are most vulnerable now…and saw pending charge at bank and called and canceled card and online said it was their Chilean D/C SETTLEMENT…… and no way to notify Visa that their numbers compromised as bank said they have no numbers they keep of these either… here we are with all getting their $1200 in a few days and will be spending….and not get a hard copy of the pending that will disappear in a few days…card number sold and months from now on day most get paid…money gone from account… with so many home, etc…this could be missed….and one can only reach their call centers…and no way to vet and get message through of something more than an individual card number stolen… I protected myself….and card…but what happens when millions have no money in the bank….and chaos turns worse into real horror…some seem to be trying to make happen… I’m just trying to make sure those in charge at Visa…do know and try and shut it down….and all get hard copies or selfies of these pendings….that disappear and then govt has not evidence of anything to even go after crooks months from now…maybe in 11/1/20 to cause chaos in election by who or what side…maybe they do not even know…Linda Joy Adams

Anonymous
November 24, 2017 12:41 pm

I heard this week that Uber compromised user data…and knew about it for a year!

Denise W
September 8, 2017 12:06 pm

Thanks for keeping these data breaches covered, very helpful! It’s nice to have a source that only covers the major stuff, not all the breaches, which can get overwhelming! You say that I’m able to check the Equifax site you link to to find out if my data has been exposed, but once I get to the site I can’t find where to get that information?

(Admin)
Alex Schenker
September 8, 2017 12:12 pm
Reply to  Denise W

Hi Denise, if you use the link we provide above (here it is again) vs. going to the homepage of the Equifax site, you’ll be taken straight to a page that gives you instructions on checking the potential impact on your data (you’ll be asked for your last name and the last 6 digits of your SSN). We recommend you sign up for an identity theft monitoring service (we review the top ID theft protection services here) to help monitor and protect against future breaches.

Don
November 10, 2016 5:39 pm

This is useful, will bookmark it and reference often, hopefully there won’t be too many more updates to this though!