Your cookie preferences


We use cookies and similar technologies. You can use the settings below to accept all cookies (which we recommend to give you the best experience) or to enable specific categories of cookies as explained below. Find out more by reading our Cookie Policy.

Select cookie preferences

Skip to main content

Data Breach Report - the world's biggest data breaches

From email addresses and passwords to bank, job and identity details, it’s incredibly important that our private data stays secure. But with increasingly intelligent cyber-attacks continuing to breach the data security of businesses and individuals across the world, the best ways to stave off hackers are always changing. Our report highlights which countries suffer from the largest data breaches, the most common type of stolen data and the companies that have been hit the hardest by a data breach.
Share this guide

Where in the world has suffered from the biggest data breaches

Over 6 billion cases of breached data in the US since 2013

data breaches - countries

When we talk about data we refer to any piece of information that can leave you or your business at risk. Looking at this on a global level shows how frequently data breaches can affect countries and economies. To make these equally comparable, we ranked the data breaches based on 100,000 of the population of each country. 

The US ranks as the worst-affected country with 6,219,819,956 recorded cases since 2013, or 1,879,085 cases per 100,000 people. Host to a high population and an industrial hub of technology-based companies, the States is a hotspot for cybercrime. Despite a number of proposals to improve it during the Obama administration, cybersecurity in the states is not as strong as it could be, leaving them open to more data breaches.

Although laws are put in place to safeguard users and protect data, they are still rife as governments and corporations attempt to protect their online infrastructure. Canada comes in third with 91,830,959 cases since 2013, or 243,311 per 100,000 people relatively. This is closely followed by the UK with 206,433 cases per 100,000.

Interestingly, China and India have not made it into the top 20 despite having their own technology industry hotspots. In China data security laws are deemed to be of the highest priority but with concerns about censorship, it is interesting to understand where data breaches sit. Whereas in India cybersecurity laws are so lax that 394,307,531 cases of data breach have been recorded since 2013, but due to such a high population it ranks 22nd with 28,573 per 100,000 people.

Most commonly stolen data

Email addresses and passwords are the most commonly stolen data

Stolden data% of breaches
Email addresses2.8%
Passwords2.3%
Usernames1.6%
IP addresses1.3%
Names1.1%
Dates of birth0.7%
Phone numbers0.6%
Physical addresses0.5%
Genders0.4%
Website activity0.4%

Data that can be stolen needs to be able to extort a victim or be sold, so it is not surprising that email addresses and passwords are the most compromised data with 871 cases collectively. But what other data can be stolen and be used against individuals and businesses?

From physical addresses and security questions to sexual orientation and chat logs, if it is on the internet then there is a chance it could be stolen, which means that as a user you need to sharpen up on the most common types of internet fraud. From email fraud that looks genuine to social media scams and private messages, think twice before you click on a suspicious message or set a new password. 

10 most hacked companies

3 billion account hacks leave Yahoo hit by the worst data breach

CompanyDateUser Records Breached
Yahoo2013 & 20143,000,000,000
Sina Weibo2020538,000,000
Marriott International2014-2018500,000,000
Adult Friend Finder2016412,200,000
MySpace2013359,420,698
NetEase2015235,000,000
Zynga2019218,000,000
LinkedIn2012 & 2016165,000,000
Dubsmash2018162,000,000
Adobe2013153,000,000

As individuals we are most likely to have our email addresses stolen but when it comes to companies, who have been affected by the worst data breaches?

In 2013 Yahoo saw 3 billion usernames, phone numbers, passwords and birthdates stolen through encrypted security that was easily cracked. Through this mass of vital information, it was assumed that government systems could be hacked and infiltrated all over the world. Because of the data breach, Yahoo underwent many shareholder lawsuits due to their financial liabilities, with the stolen data also leaving users bank accounts liable where one password has multiple uses.

The data from the Yahoo breach is rumoured to have been sold on the dark web but it is not known what was done with it.

More recently, Chinese microblogging site Weibo saw a data breach of 538,000,000 with phone numbers, gender, location and usernames stolen. As the hacker was unable to gain access to passwords, the data was available to buy on the dark web for ¥1,799 ($250). Although, this does not mean that using the data could not be harmful — pairing it with other breaches could lead to mass infiltration.

As hacking techniques get smarter, are governments and companies able to get ahead of data breaches? With more global and local countermeasures being put in place to protect our data and user education slowly getting better, hopefully we’ll be able to tackle the hackers much more effectively in the future.

How to protect yourself against a data breach

There are things you can do at home to avoid breaches of your own personal details too. We’ve shared our ten top tips on how to make sure you’re as safe as possible online.

  • Make sure your home broadband is as safe and secure as possible

  • Get some good-quality antivirus software for your internet-connected devices

  • Use obscure passwords with various symbols, to help keep your private information safe

  • Keep your software regularly updated, your network is more vulnerable when update patches haven’t been installed

  • Use multi-factor authentication where possible

  • Always check companies security guidelines when asked for information, your bank would never ask you to confirm your details over email for example

  • If using shared devices, protect confidential files and information saved from other users

  • Backup your most important files to a cloud and also manually

  • Be mindful of what devices you connect to your home network, and check their security settings (speakers, smart devices etc.)

  • Keep only what you need. If sensitive information no longer has a use, then remove it from your devices to prevent it being stolen.

Protecting your data with these steps is sure to help combat against potential breaches, and protect against scams and fraud.

Methodology

Using the site “have I been pwned”, that collects and counts known data breaches since 2007, we were able to collect data on:

Total breaches - This is an exhaustive list of the breaches recorded

Companies - Looking at the the sources of these breaches as well as the data compromised e.g. emails, addresses

The above data was then categorised to provide top 10s in the form of brands, sources, periods of time, types of data and total compromised data.

Sources:

Total data records stolen: https://www.varonis.com/blog/the-world-in-data-breaches/

Worst data breaches ever? https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html

https://phoenixnap.com/blog/data-breach-statistics

https://haveibeenpwned.com/

The most compromised types of data: https://haveibeenpwned.com/PwnedWebsites