Scary Cyberattacks that Hacked Millions of Users

Young woman feeling stressed while looking bank account online


Cheapism is editorially independent. We may earn a commission if you buy through links on our site.
Expensive Data Breaches
T Mobile store front inside a mall in New Jersey. T Mobile is the third largest mobile carrier in the US based on number of subscribers.
Tak Yeung/istockphoto

T-Mobile | 2022

Last summer, T-Mobile users were the target of a cyberattack that resulted in personal data, including social security numbers, being stolen. Since the mobile-communications giant first disclosed information about the attack, a class-action lawsuit has been filed against it, and T-Mobile has agreed to pay $350 million to affected customers.

RelatedThese Companies Had to Pay Massive Sums to Settle Lawsuits Against Them

Be Selective with Your Experience on LinkedIn

LinkedIn | 2021 and 2012

Though cybercriminals stole LinkedIn passwords in 2012, it wasn't until 2016 that the scale of the breach was truly known. That's when hackers started selling 117 million user passwords online. The incident cost LinkedIn at least $1 million to investigate the and up to $3 million more for security improvements, according to ZDNet, but no system is perfect — and another breach occurred in June 2021.

Or did it? The information of 700 million users, or 92% of users on LinkedIn, was taken and posted for sale in a Dark Web forum by the hacker “god user,” but the Microsoft-owned company said it wasn't a breach — merely data scraping in violation of its terms of service.

CAM4 by Rocklandderek (CC BY-SA)

CAM4 | 2020

In a seeming nightmare for millions of users conducting their private lives via webcam, the adult-video streaming website CAM4 was breached to the tune of 10.9 billion records in 2020. The stolen data included first and last names, email addresses, usernames, conversation transcripts, gender preferences and sexual orientations, and pay logs, including credit card type. The theft could’ve exposed users around the world to potential blackmail attempts and identity theft — though ultimately it was determined that only about 1,000 people had their “full names, credit card types and amounts paid to view explicit content on the website” revealed, according to Security Boulevard.


Facebook | 2019

Though hackers undertook this exploit in 2019, the goods from the theft — 533 million records including account names, Facebook IDs, and comments — didn't show up on the Dark Web until April 2019. “If you have a Facebook account, it is extremely likely the phone number used for the account was leaked,” said Alon Gal, of the Under the Breach security firm.

Capital One | 2019
Roman Tiraspolsky/istockphoto
Exactis | 2018

Exactis | 2018

Servers operated by Exactis, a Palm Coast, Florida-based data aggregator and marking firm, were left unprotected June 27, 2018, Wired magazine reported, in what was once quaintly considered the biggest breach of personal data in the U.S. — exposing personal data on 230 million consumers and 110 million businesses. The breach was first discovered by a web security consultant, who alerted Exactis and the FBI. Initial reports indicated that the data included home addresses, email addresses, phone numbers, even personal information such as ages or whether someone owns a pet (but not credit card and Social Security data).

For more of these stories, sign up for our free newsletters.

Equifax | 2017
Source: Equifax

Equifax | 2017

Equifax, one of the three major credit reporting agencies, made consumers' blood run cold when it announced that the personal data of 143 million consumers in the U.S., Canada, and the U.K. had been hacked. The breach included highly sensitive information including birthdates, credit-card numbers, and even Social Security numbers. Equifax reached a $700 million settlement following the hack.

U.S. Office of Personnel Management | 2015
U.S. Office of Personnel Management | 2015 by U.S. Government (CC BY)

U.S. Office of Personnel Management | 2015

In a black mark for Uncle Sam, the U.S. Office of Personnel Management revealed in 2015 that very detailed information on current and previous employees had been compromised as early as 2012. Hacked data included highly sensitive background information used for security clearances. All told, the breach could cost ultimately more than $1 billion in credit monitoring and other expenses, experts have said.

Ashley Madison | 2015
Jeramey Lende/shutterstock

Ashley Madison | 2015

Hackers exposed the personal data of more than 37 million users of Ashley Madison, a now-infamous website aimed at helping married people begin an affair, in July 2015. Email addresses of account users made their way around their web, allowing suspicious spouses to check up on their significant others. In July 2017, the site's owner settled a class-action suit for $11.2 million, the New York Post reported.

Anthem | 2015
Jonathan Weiss/shutterstock

Anthem | 2015

The nation's largest health insurer was targeted by a hacker in early 2015 who accessed the personal information of roughly 79 million customers. Compromised data included birthdays, addresses, Social Security numbers, and even employer and income information. Anthem settled breach-related suits for a painful $115 million in July 2017, NBC reports. The company announced plans to change its name to Elevance Health in March.

Sony Pictures | 2014

Sony Pictures | 2014

The malware attack on Sony at the end of 2014 had all the intrigue of a major motion picture: Hackers, allegedly sponsored by North Korea, claimed to have stolen 100 terabytes of data, including sensitive emails between employees. While Sony disclosed losses of at least $35 million, experts said that direct and hidden costs of this breach could end up closer to a staggering $1 billion.

JP Morgan Chase | 2014

JPMorgan Chase | 2014

In the summer of 2014, hackers exploited a security vulnerability in one of JPMorgan Chase’s servers to compromise account data including addresses, phone numbers, and email addresses for 83 million household and small-business users. The bank later said it would spend an eye-popping $250 million every year to beef up its cybersecurity.

Home Depot | 2014

Home Depot | 2014

Home-improvement giant Home Depot reported in fall 2014 that hackers had infiltrated its payment systems, accessing 56 million credit- and debit-card numbers. Total costs for the retailer: At least $179 million, according to court filings, which included millions in settlements with credit-card companies, banks, and consumers.

Yahoo | 2013 and 2014
Benny Marty/shutterstock

Yahoo | 2013 and 2014

In two disclosures in 2016, Yahoo said a staggering 1 billion and 500 million total user accounts had been compromised in 2013 and 2014, respectively. The massive security breaches came with a very real price tag when Verizon agreed to acquire Yahoo: The cellular giant lopped $350 million off the price of the deal because of the hacks.

Super Target

Target | 2013

The 2013 holiday shopping rush wasn't so jolly at Target, when a breach of the retailer's point-of-sales systems exposed credit-card and/or personal data for more than 100 million customers, according to Adaware, a company that provides antivirus and anti-spyware software. Target saw a big dip in sales and had to pony up millions in settlements with banks and credit-card issuers. The total cost? About $300 million, experts have said.

Sony PlayStation | 2011

Sony PlayStation | 2011

Hackers managed to access a range of data for more than 77 million Sony PlayStation gaming network accounts in April 2011, including credit-card numbers. Sony says the breach cost the company at least $171 million, and it later settled a class-action lawsuit over the hack for $15 million in 2014, ZDNet reported.

Epsilon | 2011
Source: Epsilon

Epsilon | 2011

The Epsilon name might not be familiar, but the marketing company's clients — including Best Buy, JPMorgan, Target, and Disney — surely are. The company disclosed in March 2011 that hackers had stolen names and emails from up to 75 of Epsilon's partners, according to cyber analysis and intelligence firm CyberFactors. The number of affected email addresses was about 60 million, experts have estimated; the total cost could end up being $3 billion to $4 billion, they say.

Heartland Payment Systems | 2008
Source: Heartland Payment Systems

Heartland Payment Systems | 2008

Credit-card payment processor Heartland revealed in 2008 that 130 million customers' debit- and credit-card numbers had been compromised by hackers. It cost the company at least $110 million to settle claims with Visa, MasterCard, and American Express, according to CNN Money.

TJX | 2007
Jonathan Weiss/shutterstock

TJX | 2007

TJX, parent company of stores including TJ Maxx, Marshall's, and Home Goods, announced in 2007 that at least 46 million customers' credit-card numbers had been stolen, but court filings later revealed the number to be more than double that. It cost the retailer at least $256 million, though experts have said the ultimate price tag was likely to be higher.

U.S. Department Of Veterans Affairs | 2006

U.S. Department of Veterans Affairs | 2006

A laptop stolen from a VA employee's home in 2006 contained unencrypted personal information on 26.5 million veterans, military personnel, and spouses. Though the laptop was recovered and the data appeared to have been uncompromised, the VA still had to pay $20 million to settle a class-action lawsuit stemming from the theft, according to the Associated Press.