The Biggest Data Breaches of 2021

Twitter

Facebook

Tumblr

Buffer

Last Updated on June 13, 2021

Follow @paulsparrows

With this new project I am going to track the biggest data breaches of 2021 extracted from my cyber attack timelines, into an interactive graph with the ability to pinch and zoom the data in the chart area.

The size of the bubble (and the value of the Y-axis) measures the extension of the data breach. In order to make the chart more readable, the scale for both values is logarithmic. The balloon text on each bubble provides additional data about the breach, whose details are also available in the summary table after the chart.

No need to repeat that the data is available from public sources such as blogs and news sites, and please support my work, sharing the content, and of course follow @paulsparrows on Twitter and LinkedIn for the latest updates.

ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags
57	12/06/2021	During May 2021	12/06/2021	Mastiff	Multiple organizations in the Italian healthcare sector	A forum on the DeepWeb publishes a post selling COVID-19 vaccination data of 7.4 Million Italians.	Undisclosed vulnerabilities	O Public administration and defence, compulsory social security	CC	IT		COVID-19, Mastiff
56	11/06/2021	-	-	?	Volkswagen USA	Volkswagen and Audi are hit by a data breach that exposed the contact information and, in some cases, personal details of 3 million customers or shoppers. The data was stolen from an outside company that worked with the automaker.	Unknown	C Manufacturing	CC	US		Volkswagen USA, Audi
55	09/06/2021	Between 2018 and 2020	-	?	Multiple targets	Researchers from NordLocker uncover a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies – with 400 million of the latter still valid at the time of the database’s discovery.	Malware	Y Multiple Industries	CC	>1		NordLocker
54	04/06/2021	-	31/05/2021	?	New York Pizza	New York Pizza, one of the largest pizza restaurant chains in the Netherlands, discloses a security breach after a hacker tried to extort the company over the weekend.	Unknown	I Accommodation and food service activities	CC	NL		New York Pizza
53	24/05/2021	13/01/2021	During January 2021	?	DailyQuiz	The personal details of 13 million DailyQuiz users are leaked online after a hacker breached the quiz builder’s database and stole its content	Unknown	R Arts entertainment and recreation	CC	IL		DailyQuiz
52	22/05/2021	-	21/05/2021	?	BPJS Kesehatan? (the Indonesian Social Security Administrator for Health)	A newly registered member of the RaidForums forum posts what they claim is a database containing 200 million records of personal information for Indonesian people.	Unknown	O Public administration and defence, compulsory social security	CC	ID		BPJS Kesehatan, RaidForums
51	21/05/2021	-	28/04/2021	?	Omiai	Japan’s biggest dating app, Omiai, is hacked and personal data of 1.71 million users such as drivers’ licenses, insurance cards, and passports is accessed by threat actors.	Unknown	R Arts entertainment and recreation	CC	JP		Omiai
50	19/05/2021	-	24/02/2021	?	Air India	Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021.	Unknown	H Transportation and storage	CC	IN		Air India, SITA
49	10/05/2021	-	-	?	Municipality of Konya	A cyberattack steals info of one million in Turkey’s municipality of Konya	Unknown	O Public administration and defence, compulsory social security	CC	TR		Konya
48	26/04/2021	-	22/04/2021	Pompompurin	N/A	Hacker dumps sensitive household records of 250M Americans	Unknown	L Real estate activities	CC	US		Pompompurin
47	25/04/2021	During November 2020	08/11/2020	ShinyHunters	BigBasket	ShinyHunters leakes approximately 20 million BigBasket user records containing personal information and hashed passwords on a popular hacking forum.	Unknown	G Wholesale and retail trade	CC	IN		ShinyHunters, BigBasket
46	18/04/2021	-	-	?	Domino's Pizza India	A threat actor is claiming to have stolen the personal data of over a million customers of Domino's Pizza India	Unknown	I Accommodation and food service activities	CC	IN		Domino's Pizza India
45	12/04/2021	During March 2021	-	?	ParkMobile	Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America.	Vulnerability	N Administrative and support service activities	CC	US		ParkMobile
44	11/04/2021	-	-	?	Upstox	Indian stock trading firm Upstox reveals to users that it has suffered a serious security breach that may have seen unauthorised criminal access to millions of customers’ personal information.	Misconfiguration	K Financial and insurance activities	CC	IN
43	10/04/2021	-	-	Multiple breaches	Clubhouse	Personal data of 1.3 million Clubhouse users leaked online	Vulnerability	S Other service activities	CC	>1		Clubhouse
42	06/04/2021	-	06/04/2021	Multiple breaches	Linkedin	Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof	Unknown	S Other service activities	CC	>1		Linkedin
41	30/03/3021	-	During February 2021	?	MobiKwik	Private information of nearly 100 million users of the Indian mobile payments startup MobiKwik is leaked in the dark web	Misconfiguration	K Financial and insurance activities	CC	US		MobiKwik
40	25/03/2021	-	25/03/2021	?	RDC	RDC, a Dutch company that provides garage and maintenance services to Dutch car owners, confirms a data breach after the personal and vehicle details of 7.5 millions of Dutch car owners are posted for sale on a well-known cybercrime forum.	Unknown	N Administrative and support service activities	CC	NL		RDC
39	25/03/2021	-	26/01/2021	?	Astoria Company LLC	30M records from Astoria Company LLC, a Lead Generation company are leaked in the Darkweb.	Misconfiguration	N Administrative and support service activities	CC	US		Astoria Company LLC
38	22/03/2021	During 2020	-	?	Elector Software Ltd	Hackers expose online personal details of 6.5 million Israeli voters, less than 24 hours before the country goes to the polls in the fourth election in the last two years, allegedly stolen from the Elector app.	Unknown	M Professional scientific and technical activities	H	IL		Elector Software Ltd
37	04/03/2021	-	24/02/2021	?	SITA	Passenger data from multiple airlines around the world is compromised after hackers breached servers belonging to SITA.	Unknown	M Professional scientific and technical activities	CC	CH		SITA
36	04/03/2021	-	-	?	Adecco Group	A user on a popular hacking forum purportedly sells the stolen credentials from 6 South American countries for the Swiss-based Adecco Group.	Misconfiguration	N Administrative and support service activities	CC	>1		Adecco Group
35	01/03/2021	During August 2020	21/02/2021	?	Ticketcounter	Ticketcounter suffers a data breach after a user database containing 1.9 million unique email addresses is stolen from an unsecured staging server.	Misconfiguration	R Arts entertainment and recreation	CC	NL		Ticketcounter
34	27/02/2021	-	Last week of February 2021	?	Zee5	Zee5, an Indian OTT platform with over 150 million users has a part of its userbase’s data (9 million records) leaked (again.)	Unknown	J Information and communication	CC	IN		Zee5
33	26/02/2021	-	-	?	SuperVPN, GeckoVPN, ChatVPN	The data of 21 million users from 3 popular Android VPNs are leaked on a forum.	Misconfiguration	M Professional scientific and technical activities	CC	PK		SuperVPN, GeckoVPN, ChatVPN
32	20/02/2021	14/02/2021	18/02/2021	?	Cashalo	Fintech platform Cashalo is hit with a data breach and the data of 3.3 million users are on sale in the dark web.	Unknown	V Fintech	CC	PH		Cashalo
31	19/02/2021	-	-	?	1.4 million French Twitter users	The data of 1.4 million French Twitter users are on sale in the underground market.	Unknown	X Individual	CC	FR		Twitter
30	11/02/2021	-	-	?	Vivo, Claro	Brazil's National Data Protection Authority (ANPD) starts an investigation for the exposure of data relating to more than 102 million mobile phone lines from two mobile operators, Vivo (57,2 million)and Claro (45,6 million).	Unknown	J Information and communication	CC	BR		ANPD, Vivo, Claro
29	11/02/2021	-	06/02/2021	?	0 million Malaysian voters	Personal data of 10 million Malaysian voters is leaked online.	Unknown	Z Unknown	CC	MY		Malaysia
28	03/02/2021	21/01/2021	31/01/2021	?	EscortReviews.com	EscortReviews.com, an online community promoting female escorts and reviews of their services suffers a data breach after a hacker downloaded the site's database.	vBulletin vulnerability	R Arts entertainment and recreation	CC	US		EscortReviews.com, vBulletin
27	03/02/2021	-	26/01/2021	?	Oxfam Australia	Oxfam Australia investigates a suspected data breach after a threat actor claimed to be selling their database on a hacker forum.	Unknown	U Activities of extraterritorial organizations and bodies	CC	AU		Oxfam Australia
26	02/02/2021	-	-	Singularity0x01	Multiple targets	About 3.27 billion stolen account logins are posted to the RaidForums English-language cybercrime community in a ‘COMB’ collection.	>1	Y Multiple Industries	CC	>1		COMB
25	02/02/2021			Red Rabbit Team	Airtel	A hacker group, dubbed 'Red Rabbit Team' leaks the personal details of 2.5 million Airtel customers.	Unknown	J Information and communication	CC	IN		Airtel
24	01/02/2021	-	19/12/2020	?	DriveSure	Over three million customers of DriveSure, a US car company have had their details compromised after a cyber-criminal posted them to a dark web forum	Unknown	N Administrative and support service activities	CC	US		DriveSure
23	31/01/2021	-	-	?	Raychat	Raychat, a popular Iranian business and social messenger, exposes its entire database (267M+ accounts w/ names, emails, passwords, metadata, encrypted chats etc.), which is then destroyed by a bot attack.	Misconfiguration	S Other service activities	CC	IR		Raychat
22	29/01/2021	Between November 2013 and 09/12/2020	09/12/2020	?	Florida Healthy Kids Corporation	Florida Healthy Kids Corporation posts a notice about an incident in their website attributed to Jelly Bean Communications Design	Unknown	Q Human health and social work activities	CC	US		Florida Healthy Kids Corporation
21	29/01/2021	Late December 2020	25/01/2021	?	Washington's State Auditor office	Washington's State Auditor Office suffers a data breach that exposes the personal information in 1.6 million employment claims after a threat actor exploited a vulnerability in a secure file transfer service from Accellion.	Vulnerability	O Public administration and defence, compulsory social security	CC	US		Washington's State Auditor Office, Accellion
20	29/01/2021	-	29/1/2021	?	Bihar Police Subordinate Services Commission (BPSSC)	Researchers from CloudSEK discover a post on a well-known database sharing forum advertising the PII of 500,000 Indian citizens.	Unknown	O Public administration and defence, compulsory social security	CC	IN		Bihar Police Subordinate Services Commission, BPSSC
19	24/01/2021	-	-	ShinyHunters	MeetMindful	ShinyHunters leaks the details of more than 2.28 million users registered on MeetMindful.com.	Cloud misconfiguration	S Other service activities	CC	US		ShinyHunters, MeetMindful
18	23/01/2021	-	-	?	Undisclosed French Travel Agency	An undisclosed French travel agency has its data leaked. 1.4 million records are exposed.	Unknown	R Arts entertainment and recreation	CC	FR		Undisclosed French Travel Agency
17	22/01/2021	-	-	?	Santander Mexico	A database belonging to Santander Mexico is put on sale on an underground market. 1 million records are leaked.	Unknown	K Financial and insurance activities	CC	MX		Santander
16	22/01/2021	-	-	?	BBVA Mexico	A database belonging to BBVA Mexico is put on sale on an underground market. 3 million records are leaked.	Unknown	K Financial and insurance activities	CC	MX		BBVA
15	22/01/2021	-	-	?	IMSS	A database belonging to IMSS, a Mexican marketing firm, is put on sale on an underground market. 42 million records are leaked.	Unknown	M Professional scientific and technical activities	CC	MX		IMSS
14	22/01/2021	-	-	?	Serasa	The personal information of 220 million users in Brazil, belonging to Serasa (an Experian company) is leaked in the dark web.	Unknown	K Financial and insurance activities	CC	BR		Serasa
13	22/01/2021	-	20/01/2021	ShinyHunters	Bonobos	Bonobos men's clothing store suffers a massive data breach exposing millions of customers' personal information after a 70GB cloud backup of their database is downloaded and shared.	Cloud misconfiguration	G Wholesale and retail trade	CC	US		Bonobos, ShinyHunters
12	22/01/2021	-	14/01/2021	?	MyFreeCams	A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.	SQLi	R Arts entertainment and recreation	CC	US		MyFreeCams
11	20/01/2021	-	21/10/2020	?	Nitro PDF	A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.	Unknown	M Professional scientific and technical activities	CC	US		Nitro PDF
10	20/01/2021	-	-	ShinyHunters	Pixlr	ShinyHunters share a database that he claims was stolen from Pixlr while he breached the 123rf stock photo site. Pixlr and 123rf are both owned by the same company, Inmagine.	Cloud misconfiguration	S Other service activities	CC	US		ShinyHunters, Pixlr, 123rf, Inmagine
9	18/01/2021	-	-	?	Capital Economics	Researchers from Cyble discover a leak of 500K+ records of C-level people from Capital Economics on a Russian-speaking forum.	SQLi	M Professional scientific and technical activities	CC	US		Capital Economics, Cyble
8	15/01/2021	Between 10/10/2020 and 9/11/2020	20/11/2020	?	Hendrick Health System	Hendrick Health System notifies patients that some identifying information may have been compromised during a network security breach apparently due to a ransomware attack. 640,000 individuals are potentially affected.	Unknown	Q Human health and social work activities	CC	US		Hendrick Health System
7	14/01/2021	-	18/8/2020	?	Juspay	The data of 35 million users from Juspay goes on sales in the dark web	Cloud misconfiguration	K Financial and insurance activities	CC	IN		Juspay
6	14/01/2021	During 2020	-	?	Facebook	A threat actor publishes the phone numbers and account details for an estimated 533 million Facebook users —about a fifth of the entire social network’s user pool— on a publicly accessible cybercrime forum.	Unknown	J Information and communication	CC	US		Facebook
5	11/01/2021	During November 2020	-	ALTDOS	3BB	ALTDOS claims to have acquired 8 million records from 3BB a broadband service provider in Thailand.	Unknown	J Information and communication	CC	TH		ALTDOS, 3BB
4	10/01/2021	-	-	?	French individuals	5 million records (usernames and passwords) of French users are on sale on a black market.	Unknown	X Individual	CC	FR		France
3	10/01/2021	-	-	?	Vidéotron	A threat actor claims to have leaked about 1 million records stoken by the Canadian telco company Vidèotron	Account Takeover	J Information and communication	CC	FR		Vidéotron
2	04/01/2021	During 2020	During 2020	Multiple threat actors	Multiple game companies	A research from Kela reveals finds nearly 1 million compromised accounts pertaining to gaming clients and employees in the dark web, with 50% of them offered for sale.	Unknown	R Arts entertainment and recreation	CC	>1		Kela
1	03/01/2021	-	End of December 2020	?	200 million records of Chinese citizens	Researchers from Cyble discover a trove of more than 200 million records of Chinese citizens for sale on the dark web. The alleged leaks could be related to Gongan County, Weibo, and QQ.	Unknown	Y Multiple Industries	CC	CN		Cyble, Gongan County, Weibo, QQ
ID	Date Reported	Date Occurred	Date Discovered	Author	Target	Description	Attack	Target Class	Attack Class	Country	Link	Tags

Popular Posts

Related Posts

This Post Has 10 Comments

Leave a Reply Cancel reply