Major cybersecurity breaches

This breach is significant due to its unprecedented scale, exposing approximately 16 billion login credentials. It highlights the pervasive issue of password reuse and the widespread risk of credential stuffing attacks across numerous major online platforms.

This leak exposed personal details of over 86 million AT&T customers, including sensitive information like Social Security numbers. It led to significant legal and regulatory scrutiny, demonstrating the severe consequences of large-scale customer data compromise.

This breach impacted most of Allianz's 1.4 million U.S. customers through a third-party CRM platform. It exemplifies the growing risk posed by supply chain vulnerabilities and social engineering tactics targeting critical business services.

Affecting approximately 5.5 million individuals, this breach exposed highly sensitive patient information. It underscores the persistent vulnerability of healthcare systems to cyberattacks and the critical impact on patient privacy.

As the largest provider of credit checks for automotive businesses, this breach affected over 5.8 million individuals. It demonstrates how compromised third-party APIs can serve as critical entry points for large-scale data exfiltration.

This breach impacted over 4.4 million customers' sensitive data, including Social Security numbers, due to misconfigured API permissions. It showcases the dangers of improper cloud security configurations and the involvement of prominent threat actors like ShinyHunters.

Nearly 6 million customer records were exfiltrated from Qantas, an Australian airline, by exploiting a third-party system. This incident highlights the vulnerability of major corporations to supply chain attacks and the impact on personally identifiable information.

The Crimson Collective exfiltrated 570 GB of data from Red Hat's internal repositories, including sensitive information from major enterprise clients. This breach reveals the severe consequences of compromising internal development platforms and the exposure of critical infrastructure data.

This breach impacted 2.7 million people through an exposed API, leading to the theft of personal and health-related data. It serves as a recent example of how API vulnerabilities continue to be a significant threat vector for sensitive information.

Hackers affiliated with ShinyHunters claimed to have breached Match Group, affecting major dating platforms and allegedly exposing 10 million records. This incident highlights the vulnerability of consumer-facing platforms and the potential for widespread user data compromise.

This large cyberattack on a medical technology company, linked to an Iran-aligned hacktivist group, saw computers wiped in real-time. It exemplifies the increasing trend of geopolitically motivated cyberattacks targeting critical infrastructure and organizations.

This exposure of 149 million records was due to a publicly exposed and misconfigured cloud database. It serves as a stark reminder of the critical importance of proper cloud security configurations to prevent massive data leaks.

The Crimson Collective claimed to steal data from over a million Brightspeed customers, showcasing ransomware's continued prevalence. This attack highlights common entry points like phishing and unpatched vulnerabilities, leading to significant data theft.

Nike launched an investigation after WorldLeaks claimed to have stolen 1.4 terabytes of internal company data, including product development IP. This breach highlights the risks associated with supply chain infrastructure and internal privilege misuse.

A customer dataset from Under Armour was released on a hacking forum, exposing 72 million email addresses and other sensitive data. This leak raises concerns about how such extensive email lists can be leveraged for future phishing and credential stuffing attacks.