List of Data Breaches for 2017
Here is a list of all the data breaches that took place – or were publically notified of, in 2017. Included are a number of household names (Uber, Forever 21), as well as some lesser known businesses who process sensitive information such as resumes.
RootsWeb – Ancestry
23rd December, 2017
Source: blogs.ancestry.com/ancestry/2017/12/23/rootsweb-security-update/
Size: 300,00 Records
Contents: Email addresses and passwords.
Alteryx
19th December, 2017
Source: www.zdnet.com/article/alteryx-s3-leak-leaves-120m-american-households-exposed/
Size: 123 million records of US households.
Contents: Home addresses, contact information, mortgage status, financial histories, and very specific analysis of purchasing behaviour
eBay
10th December, 2017
Source: www.databreaches.net/ebay-privacy-breach-exposes-customer-names-on-google/
Size: Unknown
Contents: Due to a customer privacy leak, the personal information of many eBay customers, including usernames, first and last names, and purchase history, were made available via a Google’s Shopping platform.
CrackingForum
10th December, 2017
Source: twitter.com/haveibeenpwned/status/939952929900867584?lang=en
Size: 660,000
Contents: Email addresses, IP addresses, Passwords, Usernames
Netshoes
8th December, 2017
Source: www.databreaches.net/netshoes-customer-data-possibly-hacked-500k-customers-order-info-dumped/
Size: 500,00 Customers
Contents: Dates of birth, Email addresses, Names, Purchases
DVD-Shop.ch
5th December, 2017
Source: www.melani.admin.ch/melani/de/home/dokumentation/newsletter/passwoerter-von-70000-e-mail-konten-im-umlauf.html
Size: 70,000 Customers
Contents: Email addresses, Passwords
Ai.Type
5th December, 2017
Source: thehackernews.com/2017/12/keyboard-data-breach.html
Size: 31 Million Users
Contents: Full name, phone number, and email address. Device name, screen resolution and model details. Android version, IMSI number, and IMEI number. Mobile network name, country of residence and even user enabled languages. IP address (if available), along with GPS location (longitude/latitude). Links and the information associated with the social media profiles, including birth date, emails, photos.
TIO Networks
1st December, 2017
Source: www.businesswire.com/news/home/20171201005719/en/TIO-Networks-Update-Suspension-Operations
Size: 1.6 Million Customers
Contents: PII (Undisclosed).
Bolt (File sharing)
24th November, 2017
Source: haveibeenpwned.com/PwnedWebsites
Size: 995,000 Accounts
Contents: Email addresses, IP addresses, Passwords, Usernames
Imgur
24th November, 2017
Source: blog.imgur.com/2017/11/24/notice-of-data-breach/
Size: 1.7 Million Users
Contents: Email addresses and passwords
Uber
21st November, 2017
Source: www.bbc.co.uk/news/technology-42075306
Size: 57 Million Customers
Contents: Names, email addresses and mobile phone numbers
Maine Foster Care
14th November, 2017
Source: www.pressherald.com/2017/11/13/social-security-numbers-of-2100-maine-foster-care-participants-posted-online/
Size: 2,100 Foster Parents & Children
Contents: Social Security numbers, addresses, children’s names and the names of their legal guardians.
Forever 21
14th November, 2017
Source: www.forever21.com/protecting_our_customers/default.aspx
Size: Unknown
Contents: Payment card data, sourced from malware on tills.
Jewsons
4th November, 2017
Source: www.jewson.co.uk/working-with-you/notification-of-security-breach/
Size: 1,659
Contents: Customers’ names, location, billing address, password, email, phone number, payments details, card expiry dates and CVV numbers
South African Master Deeds Database
18th October, 2017
Source: www.iafrikan.com/2017/10/18/south-africas-govault-hacked-over-30-million-personal-records-leaked/
Size: 30 Million People
Contents: https://pastebin.com/TPzwVAVG
Hyatt Hotels
12th October, 2017
Source: krebsonsecurity.com/2017/10/hyatt-hotels-suffers-2nd-card-breach-in-2-years/
Size: Unknown
Contents: Cardholder name, card number, expiration date and internal verification code
We Heart It
11th October, 2017
Source: help.weheartit.com/customer/portal/articles/2889018
Size: 8 Million Accounts
Contents: Email addresses, usernames, and encrypted passwords
Victory Phones
11th October, 2017
Source: www.zdnet.com/article/republican-polling-firm-hacked-exposing-donor-records/
Size: 166,000 records
Contents: Names, postal and email addresses, phone numbers, genders, and donation amounts.
AbuseWith.us
9th October, 2017
Source: twitter.com/haveibeenpwned/status/917347480328585216?lang=en
Size: 1.3 Million records
Contents: Email addresses, IP addresses, Passwords, Usernames
Yahoo!
9th October, 2017
Source: www.bbc.co.uk/news/business-41493494
Size: 3 Billion Users
Contents: Name, email address, hashed passwords, birthdays, phone numbers
Disqus
6th October, 2017
Source: blog.disqus.com/security-alert-user-info-breach
Size: 17.5 Million Users
Contents: Email addresses, Disqus user names, sign-up dates, and last login dates in plain text. 3rd of users also has SHA1 hashed and salted passwords.
Whole Foods Market
28th September, 2017
Source: media.wholefoodsmarket.com/news/whole-foods-market-payment-card-investigation-notification
Size: Unknown
Contents: Customer data, including credit details.
Sonic
26th September, 2017
Source: krebsonsecurity.com/2017/09/breach-at-sonic-drive-in-may-have-impacted-millions-of-credit-debit-cards/
Size: 5 Million
Contents: Payment card data, sourced from malware on tills.
Deloitte
25th September, 2017
Source: www.bbc.co.uk/news/technology-41385951
Size: Unknown
Contents: Private corporate emails
SVR Tracking
21th September, 2017
Source: securityaffairs.co/wordpress/63343/data-breach/svr-tracking-data-leak.html
Size: 540,000 Records
Contents: Email addresses and passwords, as well as users’ vehicle data, such as VIN (vehicle identification number) and the IMEI numbers of GPS devices.
U.S. Securities and Exchange Commission (SEC)
21th September, 2017
Source: www.sec.gov/news/press-release/2017-170
Size: Unknown
Contents: Nonpublic information (the SEC does not believe there has been any unauthorized access to personally identifiable information).
Equifax
7th September, 2017
Source: www.theregister.co.uk/2018/05/08/equifax_breach_may_2018/
Size: 146 million people, 99 million addresses, 209,000 payment cards, 38,000 drivers’ licenses and 3,200 passports
Contents: Wide varies of data, including names, addresses and passports.
TalentPen and TigerSwan
2nd September, 2017
Source: gizmodo.com/thousands-of-job-applicants-citing-top-secret-us-govern-1798733354
Size: 9,400 resumes
Contents: Resumes
Spam Botnet
30th August, 2017
Source: www.bbc.co.uk/news/technology-41095606
Size: 711 Million Email Addresses
Contents: Email Address and passwords
Mall.cz
27th July, 2017
Source: blog.mall.cz/o-nas/q-a-vse-co-jste-chteli-vedet-o-bezpecnosti-na-mall-cz-451.html
Size: 735,000 Accounts
Contents: Email addresses, Names, Passwords, Phone numbers
Verizon
13th July, 2017
Source: www.upguard.com/breaches/verizon-cloud-leak
Size: 14 Million Customers
Contents: Customer’s name, a cell phone number, and their account PIN
California Association of Realtors
10th July, 2017
Source: www.globaldatasentinel.com/the-latest/up-to-1000-members-of-california-assn-of-realtors-hit-in-data-breach/
Size: 1,000 Users
Contents: Name, address, credit card number, credit card expiration date and, in some cases, credit card verification code
Deep Root Analytics
20th June, 2017
Source: www.upguard.com/breaches/the-rnc-files
Size: 192 Million US Voters
Contents: Names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions.
Washington State University
15th June, 2017
Source: wsu.edu/security-incident/
Size: 1 Million Users
Contents: Names, Social Security numbers and, in some cases, personal health information.
University of Oklahoma
14th June, 2017
Source: www.scmagazine.com/data-breach-at-oklahoma-u-impacts-30k-students/article/668731/
Size: 29,000 Students
Contents: Included social security numbers, financial aid information and grades
Kmart
31st May, 2017
Source: krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-again/
Size: Unknown
Contents: Payment card data, sourced from malware on tills.
OneLogin
31st May, 2017
Source: www.onelogin.com/blog/may-31-2017-security-incident
Size: Unknown
Contents: Users, apps, and various types of keys.
Zomato
18th May, 2017
Source: www.zomato.com/blog/security-notice
Size: 17 Million Users
Contents: User IDs, Names, Usernames, Email addresses, and Password Hashes with salt.
DocuSign
17th May, 2017
Source: krebsonsecurity.com/2017/05/breach-at-docusign-led-to-targeted-email-malware-campaign/
Size: Unknown
Contents: Email Addresses
Brooks Brothers
12th May, 2017
Source: oag.ca.gov/system/files/Sample%20Notice_9.pdf
Size: Unknown
Contents: Payment card data, sourced from malware on tills.
Bronx Lebanon Hospital Center
10th May, 2017
Source: www.scmagazine.com/7000-affected-in-bronx-lebanon-hospital-data-breach/article/656792/
Size: 7000 Patients
Contents: Patients’ mental health and medical diagnoses, HIV statuses and sexual assault and domestic violence reports along with names, home address, addiction history and religious affiliation.
Gmail (Kind of…)
3rd May, 2017
Source: www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
Size: Undisclosed
Contents: Provided access to Google/Gmail accounts.
Sabre Hospitality Solutions
2nd May, 2017
Source: www.sabreconsumernotice.com
Size: Undisclosed
Contents: Booking details & payment card data.
Chipotle
25th April, 2017
Source: www.reuters.com/article/us-chipotle-cyber/chipotle-says-hackers-hit-most-restaurants-in-data-breach-idUSKBN18M2BY
Size: 2,250 Resaurants
Contents: Payment card data, sourced from malware on tills.
InterContinental Hotels Group (IHG)
19th April, 2017
Source: krebsonsecurity.com/2017/04/intercontinental-hotel-chain-breach-expands/
Size: 1,200 Hotels
Contents: Payment card data, sourced from malware on tills.
FAFSA: IRS Data Retrieval Tool
6th April, 2017
Source: oversight.house.gov/hearing/reviewing-fafsa-data-breach/
Size: Up to 120,000
Contents: Undisclosed.
America’s JobLink
21st March, 2017
Source: www.ajla.net/pressrelease.html
Size: 4.8 Million
Contents: Names, dates of birth, and Social Security numbers
UNC Health Care
20th March, 2017
Source: medium.com/@mbromileyDFIR/morning-read-unc-health-care-informs-1-300-prenatal-patients-of-possible-data-breach-ddf87aee3692
Size: 1,400
Contents: SSNs, physical/mental health, as well as HIV and STD statuses.
Saks Fifth Avenue
19th March, 2017
Source: www.saksfifthavenue.com/include/aem/aem_static.jsp?page=security-information-notice&site_refer=EML
Size: Estimated 5 Million
Contents: Payment card data, sourced from malware on tills.
Dun & Bradstreet (Netprospex)
15th March, 2017
Source: www.troyhunt.com/weve-lost-control-of-our-personal-data-including-33m-netprospex-records/
Size: 33.6 Million
Contents: Full name, job title, company, email address, phone numbers, address, revenue, and employee figures.
Verifone
7th March, 2017
Source: krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/
Size: Undisclosed
Contents: Payment card data.
River City Media
6th March, 2017
Source: mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire
Size: 1.4 Billion
Contents: Email accounts, full names, IP addresses, and often physical addresses.
Arby’s
17th February, 2017
Source: krebsonsecurity.com/2017/02/fast-food-chain-arbys-acknowledges-breach/
Size: 335,000
Contents: Payment card data, sourced from malware on tills.
PoliceOne
3rd February, 2017
Source: www.zdnet.com/article/police-forum-hacked-thousands-of-records-for-sale-on-dark-web/
Size: 715,000
Contents: Usernames, passwords stored in MD5, email addresses, dates of birth, and other forum data, such as if a member is a verified law enforcement officer.
Xbox 360 ISO and PSP ISO
1st February, 2017
Source: www.scmagazine.com/xbox-and-psp-forum-accounts-breached/article/635024/
Size: 2.5 Million
Contents: Email addresses, passwords, IP addresses & Usernames
E-Sports Entertainment Association (ESEA)
8th January, 2017
Source: play.esea.net/index.php?s=news&d=comments&id=14936
Size: 1.5 Million
Contents: Registration date, city, state (or province), last login, username, first and last name, bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID.