It seems as though the torrent of revelations from the Ashley Madison hack has slowed.
While the sensitivity of the info exposed may have some wondering how the breach ranks among top hacks by affected users, the truth is, it’s nowhere close.
Here is how Ashley Madison measures up to the top 10 data breaches.
Ashley Madison – 32 million, 2015
If there’s one thing that became clear from the hack, it’s that it’s the type of data – not always the volume – that makes it valuable. At 32, it comes nowhere close to the top 10 in terms of data volume, but in value, that’s a whole different matter entirely. We recently spoke with security experts on how companies like Avid Life Media may actually be enabling breaches such as these rather than preventing them. Check out the link below.
Read more: Security experts talk MSSP shortage and how companies make breaches an easy thing
10. Target – 70 million, 2014
While there’s speculation that the attack on Target may have actually affected as many as 110 million customers (which would bump its position to the number 4 on this list) the official number places the toll at 70 million affected users.
The official 70 million figure covered stolen names, addresses, phone numbers and e-mail addresses, while additional credit and debit card entries were stolen, with an unknown amount of overlap. Target’s damage control included offering a year of credit monitoring and identity theft protect free of charge to US customers.
9. US Military – 76 million, 2009
While there is speculation that the Ashley Madison breach was an insider job, the US Military proves that human error has a role to play. More than 76 million records were revealed, containing personal information of US veterans, when a defective hard drive was sent to a government vendor for repair and recycle. Other information exposed included social security numbers and records dating from 1972.
8. Sony – 77 million, 2011
For a company hit frequently by high-profile hacks, Sony ranks surprisingly low on the list. Its biggest individual breach came in spring 2011 when notorious hacking collective Lulzsec compromised some 77 million PlayStation Network and media streaming service Qriocity user accounts. It was only one of several hacks that Sony had to contend with that year.
It could be argued that data breaches and maybe even hacker calling cards entered the collective minds of consumer as a result of the Sony hacks.
7. Anthem – 78.8 million, 2015
In another recent example from this past February, health insurance giant Anthem Inc. disclosed that an estimated 80 million, later narrowed down to 78.8 million customer records were accessed. These included members of the Blue Cross Blue Shield plans.
5. AOL – 92 million, 2004
Back when spam was in its heyday, an AOL engineer made off with screen names and email addresses to sell to spammers, who reportedly sent out 7 billion unsolicited emails. Jason Smathers, who was responsible, received a sentence of a year and three months in prison. This is the oldest hack on our list.
4. TJX Companies – 94 million, 2007
With brands including T.J. Maxx and Marshalls, a hack of TJX Companies stores resulted in an original estimate of 46 million users with compromised credit card entries. A court filing later revealed more than double that number to be the true figure.
3. Heartland – 130 million, 2009
In what is considered the biggest credit card-specific hack in history, Heartland Payment Systems had to shell out $110 to companies including Visa, MasterCard and American Express to settle claims.
The 20-year sentence handed down to Albert Gonzalez, a hacker convicted of the attack, may provide some consolation, however.
3. Ebay – 145 million, 2014
The 2014 breach at Ebay looked to be an attack on high target individuals. The company said that login credentials from “a small number” of employees was used to access a large database containing all user records, from which a significant amount was copied. Stolen information included encrypted passwords, email addresses, birth dates, mailing addresses and other personal information, but no financial data.
Despite this, a spokesperson had said on record that there was “no evidence of impact on any eBay customers.”
2. Adobe – 152 million, 2013
Adobe, with its beleaguered Flash property, is no stranger to hacks. Its worst year may be 2013, however, when some 152 million customer records including IDs, encrypted passwords, credit or debit card numbers, expiration dates, were stolen. It doesn’t help matters that, despite a widely accepted figure of 152 million affected users uncovered by Naked Security on a hacker-frequented website, Adobe stands by the much lower figure of 38 million breached accounts.
1. Court Ventures/Experian – 200 million, 2014
Some 200 million social security numbers were stolen from Court Ventures, a data broker and subsidiary of credit bureau Experian, when one of its customers ran an ID theft service variously named Superget.info and findget.me. The 25-year-old by the name of Hieu Minh Ngo, has since been jailed, but Experian itself has been hit with a class action lawsuit that alleges it failed to meet consumer protection laws that led the 10-month long operation to go unnoticed.