laptop user using a credit card online

Which companies have suffered the worst data breaches – and how can you protect yourself online?

We’re increasingly living our lives online. From shopping to social media, we use digital platforms for various facets of our lives. Making the most of online platforms such as these is convenient, time-saving, and often saves us money, too.

However, we pay a price for this convenience. Living our lives online means that we share a massive volume of our data every day.

What details and data do we share?

Depending on what we’re doing, it can be anything, from something we may think is trivial like our email address to vital things like our bank or credit card details, along with our address and other personal data.

Most of the time, we do this in good faith. Modern web browsers even warn us if we try to submit data through a website that doesn’t have a valid security certificate. They also create strong passwords on our behalf.

However, these measures might ultimately be doing little more than lulling us into a false sense of security.

The reality is that your details often aren’t safe online. Furthermore, it’s often the companies and organisations that we trust to look after them that are guilty of putting them at risk!

If a company has suffered a data breach and put your privacy at risk, you could be entitled to compensation. Contact LawPlus today for a FREE assessment of your claim.

How do data breaches occur online?

There are several ways your data and privacy can be compromised. Most of them are entirely avoidable, making the somewhat common acceptance that data breaches are inevitable puzzling and, frankly, unacceptable.

Here are some of the most common ways your data and privacy are put at risk:

  • Data breaches are usually considered the unintentional release of data either to the wider public or an untrusted source. However, you may see the term “data breach” used as an umbrella term to describe all instances of your privacy being put at risk.
  • Hacks are when someone, or a group, gains unauthorised access to data. Sometimes hacks do not lead to any further consequences, as they’re simply highlighting the possibility, and often the ease, of data being accessed.
  • Data theft sometimes occurs as a result of some hacking activity.
  • Malicious insider breaches are when someone within an organisation, or a disgruntled ex-employee, allows third parties to access data.
  • Cyber attacks are often thought of as the same as hacks and are typically an attack on a computer or a network. However, cyber attacks often don’t result in stolen data but instead disable systems to facilitate a further attack during which data is then stolen.

If your data has been compromised as the result of any of these events, you may be entitled to compensation even if you didn’t suffer financial loss. Contact LawPlus today for a FREE assessment of your claim.

Which companies have suffered the worst data breaches?

Money.co.uk recently published some analysis around the worst data breaches to occur in the past 20 years. As we’ll see, some of the numbers are shocking. Still, it’s worth remembering that these are only the reported and serious data breaches! Who knows how many data breaches there have been in reality that we don’t hear about?!

Unsurprisingly, the companies to have suffered the worst data breaches are those with a significant volume of data for hackers and cybercriminals to get their hands on.

As you can see from the image below, the four worst data breaches in recent years all occurred from Facebook and Yahoo!. The worst, involving Facebook in 2018, saw a staggering 2.2 BILLION people – almost all Facebook users – have their details stolen. A vulnerability in Facebook’s code allowed hackers to steal access tokens – the things that mean you don’t need your password to sign in every time – and take control of user accounts.

If you remember your Facebook account signing you out inexplicably a few years ago, your account may have been involved in this breach.

The table below highlights the worst data breaches of the last 20 years.

Table of the worst data breaches online in the last 20 years.
1. Facebook | Hacked | 2018 | All personal details | 2,200,000,000 people affected
2. Yahoo | Hacked | 2013 | All personal details | 1,000,000,000 people affected
3. Facebook | Hacked | 2021 | All personal details | 533,000,000 people affected
4. Yahoo | Hacked | 2014 | All personal details | 500,000,000 people affected
5. Estée Lauder | Data Breach | 2020 | Email addresses and online data | 440,336,852 people affected
6. Twitter | Data Breach | 2018 | Email addresses and online data | 330,000,000 people affected
7. Microsoft | Data Breach | 2020 | Email addresses and online data | 250,000,000 people affected
8. MySpace | Hacked | 2016 | Email addresses and online data | 164,000,000 people affected
9. MyFitnessPal  | Hacked | 2018 | Email addresses and online data | 150,000,000 people affected
10. eBay  | Hacked | 2014 | Email addresses and online data | 145,000,000 people affected
11. Decathlon | Data Breach | 2020 | All personal details | 123,000,000 people affected
12. Nametests | Data Breach | 2018 | Email addresses and online data | 120,000,000 people affected
13. TK/TJ Maxx | Hacked | 2007 | Credit card information | 94,000,000 people affected
14. MyHeritage | Hacked | 2017 | Email addresses and online data | 92,283,889 people affected
15. AOL | Malicious insiders | 2004 | Email addresses and online data | 92,000,000 people affected
16. Sony PSN | Hacked | 2011 | Email addresses and online data | 77,000,000 people affected
17. Dropbox  | Hacked | 2012 | Email addresses and online data | 68,700,000 people affected
18. Tumblr  | Hacked | 2013 | Email addresses and online data | 65,000,000 people affected
19. Ubisoft  | Hacked | 2013 | All personal details | 58,000,000 people affected
20. Uber  | Hacked | 2016 | Email addresses and online data | 57,000,000 people affected
21. Facebook  | Hacked | 2014 | Email addresses and online data | 50,000,000 people affected
22. Adobe  | Data Breach | 2013 | Full bank account details | 36,000,000 people affected
23. Steam | Hacked | 2011 | Credit card information | 35,000,000 people affected
24. Yahoo | Hacked | 2017 | All personal details | 32,000,000 people affected
25. Sony Online Entertainment | Hacked | 2011 | Credit card information | 24,600,000 people affected
Image from Money.co.uk

Which companies have suffered the most data breaches?

Facebook and Yahoo! are also close to the “top” of the table for suffering the most data breaches. However, that dubious crown is taken by Amazon suffering six breaches in the past 20 years. What’s notable about Amazon’s breaches is that they don’t disclose how many customers have been affected, so potentially its whole database has been compromised at least once!

What’s also notable from this list is the presence of supermarket giants Tesco and Asda. With a vast increase in online grocery shopping during the Covid-19 pandemic, not to mention the number of us who have discovered Amazon Prime next day delivery, are we increasingly at risk of seeing our data stolen?

The table below highlights the companies to have suffered the most data breaches, ordered by the number of customers affected.

Table of data breaches by brand

1. Amazon | 6 breaches | unknown number of people affected
2. Facebook | 4 breaches | 2,789,000,000 people affected
3. Yahoo | 3 breaches | 1,532,000,000 people affected
4. Estée Lauder | 1 breach | 440,336,852 people affected
5. Twitter | 2 breaches | 330,250,000 people affected
6. Microsoft | 2 breaches | 251,800,000 people affected
7. MySpace | 1 breach | 164,000,000 people affected
8. MyFitnessPal | 1 breach | 150,000,000 people affected
9. eBay | 3 breaches | 145,001,000 people affected
10. Decathlon | 1 breach | 123,000,000 people affected
11. Nametests | 1 breach | 120,000,000 people affected
12. AOL | 3 breaches | 114,400,000 people affected
13. TK/TJ Maxx | 1 breach | 94,000,000 people affected
14. MyHeritage | 1 breach | 92,283,889 people affected
15. Sony PSN | 1 breach | 77,000,000 people affected
16. Dropbox | 2 breaches | 68,730,000 people affected
17. Tumblr | 1 breach | 65,000,000 people affected
18. Ubisoft | 1 breach | 58,000,000 people affected
19. Uber | 2 breaches | 57,050,000 people affected
20. Adobe | 1 breach | 36,000,000 people affected
21. Steam | 1 breach | 35,000,000 people affected
22. Sony Online Entertainment | 1 breach | 24,600,000 people affected
23. Tesco | 4 breaches | 20,617,000 people affected
24. Asda | 1 breach | 19,000,000 people affected
25. Blizzard | 1 breach | 14,000,000 people affected
Image from Money.co.uk

What are the most common types of data breach?

The below table highlights the number of data breaches by the specific types we explored earlier, as found by Money.co.uk’s research.

Graph of data breaches by type
Image from Money.co.uk

While hacking was most common, the fact that a third of all breaches investigated were unintentional data breaches – and probably a result of human error – highlights the scale to which your details may be unnecessarily being put at risk!

If your details have been accessed as part of a malicious or accidental data breach, you may be entitled to compensation. Contact LawPlus now for a FREE assessment of your claim!

What data is stolen most often?

The below table highlights the types of data stolen most regularly.

Image from Money.co.uk

It is easy to dismiss your email address being stolen – what’s a handful of extra spam emails to delete every day on top of the dozens you probably already get. However, the problem comes if your password is included with your email address, which it usually is. This sets cybercriminals to work trying those credentials on various websites. That’s why it’s vital not just to have a strong password but to have different passwords for all your online accounts.

Have your details been accessed in a data breach? You may be entitled to compensation! Contact us now for a FREE assessment of your claim!

How to protect yourself online

In addition to ensuring you have a strong password and utilise different passwords online, keep the following in mind to help you protect your data:

  • Change your passwords regularly or use browser alerts to tell you when your email address and password have been identified as part of a data breach.
  • Keep your antivirus software up to date and ensure you use a program suited to your needs.
  • Have a strong password for your computer itself, and remember to lock it, log out, or shut it down if you’re using it in a public space and need to leave it unattended.
  • Be wary of using public wi-fi networks. For example, do you really need to buy something while sitting having a coffee? Waiting until you get home could remove a tremendous amount of risk from your purchase.
  • Don’t submit your data to insecure websites. Most browsers these days will warn you before you submit your information over an insecure connection, but it pays to be vigilant yourself. Avoid even signing up for newsletters from insecure platforms!

If your online data has been compromised, you may be entitled to compensation regardless of the circumstances. Contact LawPlus now for a FREE assessment of your claim!


Get in Touch

Fill in the form below to tell us your details, and we’ll get started.