The Worst Data Breaches of 2018 (Before December)

Jack Foster details the worst data breaches -- in terms of volume -- that occurred in 2018.

2018 has seen some spectacular breaches of data, and this is not restricted to the U.S. As major hacks have taken place across the globe, here are some of the most notorious to date in order of the sheer volume of records that became accessible during these incidents.

Aadhaar: The year started with a breach of 1.1 billion personal records of Indian customers after login credentials were sold to a news group by an anonymous seller on WhatsApp. This enabled reporters to access a unique 12-digit number that is assigned to every Indian national and which connects to a whole range of personal data.

Exactis: This American marketing and data firm left a database of personal information on a public server that enabled anyone to access detailed information about hundreds of millions of businesses and American citizens, and the volume is said to be in the region of 340 million records.

Under Armour: In May, a platform named MyFitnessPal was compromised which meant that 150 million records were breached including usernames, passwords and email addresses. Luckily the incident didn't reveal payment information or other personal identifying data such as social security numbers.

My Heritage: The genealogy website owned up to finding one of their files on a private server that was not part of the company in June this year. As a result 92 million records were breached containing email addresses and hashed passwords but not other information such as payment details which were processed through a third party.

Facebook: Many people will recall the big data breach at Facebook in March 2018 when it was estimated that 87 million records had been breached although it is thought that it was probably many more. A political data collecting firm named Cambridge Analytica managed to scoop up a range of personal information that included a user's social networks, personality details and Facebook connections.

Panera Bread: The company revealed that a weakness in their information security meant that approximately 37 million customers had records hacked, although Panera initially attempted to play down the breach stating it had only affected 10,000 customers, but the real number was significantly higher.

Ticketfly: This sports and concert event booking site endured a cyber attack that completely disrupted the site for a week and they were then held to ransom by a hacker who requested a payment to fix it. The company refused to pay up so the hacker purloined a huge directory of customer and employee information that amounted to approximately 27 million accounts.

Sacramento Bee: A California newspaper had two databases hacked in June this year which held voter information and subscriber details. Once again, a hacker demanded a ransom for access to the data but the newspaper turned this offer down and deleted the databases.

Pumpup: A backend server was found to be accessible on the wider Internet and was reported by a security researcher. The company dealt with this as soon as it was communicated to them, however nobody is sure how long the 6 million records of sensitive data such as health, photos and credit card information had been exposed to anyone who was looking.

Saks, Lord & Taylor: April 2018 saw a security firm discover 5 million stolen records up for sale through a hacking syndicate. The details belonged to customers of the deluxe department store who were later criticized in a lawsuit for failing to comply with the necessary security standards.

Other notable breaches have included FIFA, Cathay Pacific and T-Mobile to name just a few of the many companies who have been hacked recently. At the time this article was being prepared, Marriott Hotels and Quora also announced data breaches.

In addition to this list of the worst data breaches, there have been numerous other serious breaches of data. As a result, more companies are looking to tighten up data security to beat the relentless attacks.


One of the most effective ways to protect data is to have good VPNs, or virtual private networks. This links a private network into a public network so that users can receive and send data and benefit from greater security and functionality. VPNs not only protect user security and personal information but are also a mechanism for preventing hackers and other types of cybercrime. However, it is imperative to ensure you have a top quality VPN that has been tested and approved by VPN experts.

Security and Privacy

The examples above show that even the big names in business get it wrong on many occasions, therefore any company or site storing personal data needs to vigorously review their information security and ensure they have the best tools around. With hackers who always seem to be one step ahead of the game and cybercrime on the rise, the need for secure systems has never been greater and compromised data can create havoc for businesses, not least in terms of reputation.

Recommended for you

Copyright © 2022 Gov1. All rights reserved.