The top five companies that were found by Ninjaone to have had the largest data breaches over the past few years are as follows:  

1. Yahoo (2013) – 3 billion records

The 2013 attack on Yahoo is the largest known data breach in history, with all three billion Yahoo user accounts at the time being compromised. Originally, it was reported that only one billion user accounts were compromised, but this figure was later revised to three billion. The attack resulted in data such as email addresses, passwords, dates of birth, and telephone numbers being stolen.

2. First American Corporation (2019) – 885 million records

Financial services provider First American Corporation has the second largest known data breach in history, with 885 million records being compromised in 2019. The breach was a result of poor security practices on their servers, with sensitive information being accessible to external users. This information included bank account details, Social Security digits, wire transactions, as well as other mortgage paperwork.

3. Facebook (2019) – 540 million records

The third largest known data breach belongs to social media giant Facebook, with 540 million records compromised in 2019. Third-party app developers posted the records on a public Amazon cloud server with the compromised records including information such as account names, IDs, and information about reactions and comments on posts.

4 (Tie). Marriott International (2018) – 500 million records

Hotel chain Marriott International has the tied fourth largest known data breach, with 500 million records compromised in a 2018 attack. Hackers suspected of working on behalf of the Chinese government were behind the attack on Marriott’s reservation database. The information that was compromised included unencrypted passport numbers and encrypted credit card numbers stored on the same server as their encryption keys.

4 (Tie). Yahoo (2014) – 500 million records

The second time Yahoo has featured on this list, the 2014 attack was the tied fourth largest known data breach, with 500 million records compromised. The attack resulted in information such as names, email addresses, telephone numbers, dates of birth, and answers to security questions being stolen.

Valuable commodity

According to Ninjaone, data is one of the most valuable commodities in our interconnected world, and it pays dividends to keep it safe with proper security practices.  The company suggests that by keeping software up to date by patching security vulnerabilities and making sure sensitive data is only accessible to those who need it, are two ways to minimize the risk of costly data breaches.

The report states, "Yahoo unfortunately learned the hard way just how costly a large data breach can be, with two breaches in 2013 and 2014 resulting in billions of data records being compromised, the former being the largest known in history. This series of data breaches resulted in a class action settlement against Yahoo amounting to $117,500,000, in addition to legal action against the company and its successors due to how the breaches were handled." 

Ninjaone also makes the point that companies should be up front when breaches occur, citing details from part of the Yahoo fine.  “One such example is the $35,000,000 SEC fine Yahoo incurred for not disclosing the data breach when they first learned about it, thereby misleading investors.”