Visualizing The World’s Biggest Data Breaches

In corporate servers we trust? A beautiful interactive timeline puts the growing vulnerabilities to our personal online security in stark relief.

The experience is becoming so common it’s scary. You’re sitting there minding your own business, when up pops an email (or worse, a letter via snail mail) from some company you may or may not be familiar with telling you that your data has been compromised by a security breach. Change your password, post haste–if you’re lucky that a password is the worst of what was compromised.


More than 50% of CEOs surveyed by the Ponemon Institute, a cybersecurity think tank, say that their company experiences cyber attacks daily or even hourly. These attacks are becoming more and more sophisticated, and increasingly, they are successful–to date this year, there have 343 data breaches reported in the U.S., which already exceeds the number in all of 2006, according to the Wall Street Journal.

A new visualization of the world’s biggest data breaches on a timeline since 2004 puts the rise of cyberattacks in stark relief. The graphic, compiled by journalist and data visualization pro David McCandless, who runs the site Information is Beautiful, shows select corporate, government, and academic data losses that involved more than 30,000 records. The data is further broken down by the method used to steal the records–was it a hack, an insider job, or maybe simply a lost laptop fallen into the wrong hands?–and the sensitivity of the data lost.

If you use popular web services, you were at biggest risk within the last year, when 250,000 Twitter records, 6 million Facebook records, 22 million Yahoo! Japan records, and 50 million Living Social and Evernote records each were compromised, just to name a handful of incidents.

While the biggest breaches involve consumer web companies, some of the other more common targets include retail, government, and financial services companies that hold sensitive information, such as social security and credit card numbers. Go to the graphic and click on individual incidents to learn the full story, such as how Eastern European hackers were able to gain access to 780,000 Medicaid records when the Utah Department of Technology moved its claims records to a new and vulnerable server.

While breaches are becoming bigger and badder, the worst year yet was in 2009, according to the graphic, when hackers breached the Heartland Payment credit card system, compromising 130 million transaction records.

And still among two of the most infamous breaches were at AOL, way back in 2004 and 2006. The first was an inside job in which a former AOL software engineer sold 92 million screen names and email address to spammers, who then sent out 7 billion unsolicited emails. Then in 2006, AOL voluntarily posted “anonymous” search records from 650,000 users–some of them giving up sensitive and personally identifying information. Unlike the recent waves of phishing attacks and ever-more sophisticated exploits of security systems, these old-school breaches seem almost quaint.


You can explore the graphic more here. And to protect yourself against certain kinds of data breaches, it’s always good to follow good hygiene for passwords and PINs to your online accounts, like making sure you use different passwords for all sites. You can see a few additional tips on how to secure your passwords here.

About the author

Jessica Leber is a staff editor and writer for Fast Company's Co.Exist. Previously, she was a business reporter for MIT’s Technology Review and an environmental reporter at ClimateWire.