Data Privacy Day: It is commemorated annually at the global level on 28 January to raise awareness and promote privacy and data protection best practices. Through this article, let's have a look at the top 7 largest data breaches in history.
Yahoo suffered the largest data breach in history, compromising information linked to over three billion user accounts in March 2013. Exposed details included names, email addresses, phone numbers, dates of birth, and security questions. While payment data and unhashed passwords were not stolen, the breach severely damaged Yahoo’s credibility and later impacted its valuation during the company’s acquisition by Verizon.
In April 2024, hackers accessed a massive trove of sensitive personal data from National Public Data, a background-check firm. The breach reportedly exposed Social Security numbers, addresses, and other identifying details of billions of individuals. Considered one of the most alarming leaks ever, it raised serious concerns over data brokers, identity theft risks, and the handling of sensitive citizen information.
The US-based marketing firm River City Media accidentally exposed 1.37 billion records after publishing an unsecured backup snapshot online in March 2017. The data contained email addresses, names, IP addresses, and physical locations, largely linked to spam campaigns. Although not the result of hacking, the incident highlighted how misconfigured servers and poor security practices can cause breaches of historic scale.
In 2018, India’s Aadhaar system faced a major data leak through a state-owned utility portal, exposing information of nearly every registered citizen. The compromised data included Aadhaar numbers, names, bank details, and addresses. Though officials denied a central database breach, the incident triggered nationwide debate on data privacy, surveillance, and the security of India’s biometric identification infrastructure.
In October 2023, hackers stole COVID-19 testing data of around 815 million individuals from the Indian Council of Medical Research. The dataset, containing personal and medical information, was allegedly put up for sale on dark web forums. Indian authorities later arrested four people in connection with the breach, raising concerns over healthcare data protection and cyber preparedness.
A massive spambot database leak exposed over 711 million email addresses and passwords due to a server misconfiguration in August 2017. While many records were duplicates or fake, the breach was significant in scale and risk. The leaked data later fuelled credential-stuffing attacks, underlining how poorly secured datasets can amplify cybercrime across platforms worldwide.
In 2021, personal data of 533 million Facebook users from 106 countries surfaced online after hackers exploited a vulnerability patched two years earlier. The scraped data included phone numbers, email addresses, full names, and locations. Though Facebook said no passwords were compromised, the incident sparked renewed scrutiny over data scraping, platform accountability, and user privacy protections.