Important! June 12th, 2024 Webinar Attendees, please click here to complete our Survey or Verification Request Form.

Click Here

Top 10 Data Breaches of 2018

Last update





Print Friendly, PDF & Email
More than 2 billion people were affected by these massive hacks and cyber-attacks.

Several billion people had their names, passwords and banking information publicly exposed through data breaches in 2018.

And that shocking total comes from just the 10 biggest breaches that made the news – several of which impacted more than 100 million people.

Meanwhile, an unknown number of hacks and thefts went undetected, and others were discovered but not made public.

Those are some of the disturbing cyber-crime statistics from 2018. Some of the breaches were caused by outside hackers. Others resulted from internal bugs in the system. Either way, the victims were powerless to prevent their most sensitive information from being put at risk – and often they first learned about it on the news.

Protect your practice by attending a free CLE webinar on August 14 on “Top 10 Things To Prevent a Data Breach.” It’s just one benefit of membership in the Alta Pro Lawyers RPG. Already a member? Sign up for the program today. Want to join? Click here.

10 Biggest Data Breaches

Here are the 10 Biggest Data Breaches that came to light in 2018, courtesy of

  1. Aadhaar (ID database run by the Indian government)
    Number of people affected: 1.1 billion
    What happened: The Indian government “ignored repeated attempts by security researchers to secure a database leak caused by an unsecured API endpoint connected to a state-owned utility company,” reports dashlane. “It was only after the vulnerability was publicly disclosed that the government secured the database.”
    What was compromised: Names, unique 12-digit identity numbers, information about their banks and other services
  2. Marriott
    Number of people affected: 500 million
    What happened: “Marriott received an alert from an internal security tool about an attempt to access the Starwood guest reservation database. During the investigation, Marriott learned that there had been unauthorized access to the Starwood network since 2014, and that an unauthorized party had copied and encrypted information and had taken steps to remove it.”
    What was compromised: Names, addresses, phone numbers, email addresses, passport number
  3. Exactis
    Number of people affected: 340 million
    What happened: Exactis was notified of leaked data by a security researcher.
    What was compromised: Names, addresses, email addresses, phone numbers, other personal information, including habits, hobbies, and the number, ages, and genders of the person’s children
  4. Twitter
    Number of people affected: 330 million
    What happened: “Twitter discovered a bug that stored passwords unmasked in an internal file. Though this isn’t really a breach, it’s inexcusable for any company—especially one as well-equipped as Twitter—to store user passwords in plaintext. Twitter asked all of its users to reset their passwords as a result.”
    What was compromised: Passwords
  5. UnderArmour
    Number of people affected: 150 million
    What happened: An “unauthorized user” accessed MyFitnessPal accounts.
    What was compromised: Usernames, email addresses, encrypted passwords
  6. Quora
    Number of people affected: 100 million
    What happened: A “malicious third party” accessed Quora’s database.
    What was compromised: Names, email addresses, encrypted passwords, data imported from linked networks when authorized by users
  7. MyHeritage
    Number of people affected: 92 million
    What happened: “A security researcher found a file containing email addresses and hashed passwords on a private server outside of MyHeritage. MyHeritage added two-factor authentication options for users to protect against account takeover.”
    What was compromised: Email addresses, encrypted passwords
  8. Facebook (via Cambridge Analytica)
    Number of people affected: 87 million
    What happened: “Cambridge Analytica exploited a loophole in Facebook’s API that allowed third-party developers to collect data not only from users of their apps but from all the people in those users’ friends network on Facebook. It’s important to note that this isn’t really a breach, but more a misuse of user data.”
    What was compromised: Facebook user profile data, user preferences and interests
  9. Google+
    Number of people affected: 52.5 million
    What happened: A breach disclosed personal data of Google+ users.
    What was compromised: Names, email addresses, dates of birth, some other personal information collected by Google+
  10. Chegg
    Number of people affected: 40 million
    What happened: An “unauthorized party” gained access to a user database. The company reset passwords for all customers and though it notified the SEC, it didn’t initially notify the customers directly.
    What was compromised: Names, shipping addresses, email addresses, usernames, passwords

Alta Pro Insurance offers top of the line, comprehensive cyber-liability insurance protection. Find out how to protect your firm today.


Print Friendly, PDF & Email

Related Posts on!

Alta Pro Logo Icon

About the Editorial Staff

In an age of consolidation where increasingly impersonal transactions have made customer service an oxymoron, we bring together independent agents, insurance companies, and other industry specific service providers to develop and deliver insurance products and risk management solutions that benefit our insurance customers.

Join Our Newsletter

Occasional newsletters and CLE invites

Find Us on Social

Upcoming CLE Webinar: Essential Business Skills for Busy Lawyers Part 2 – Build Your Legal Practice Like a Pro

August 28, 2024 1:00 pm EST
CLE Credit: 1.0 Regular

Colleen L. Byers

Colleen Byers Mediation, LLC


Latest Videos

1 Hour

Essential Business Skills for Busy Lawyers Part 1 – Communicate Like A Pro

1 Hour

Creating an Attorney Compensation Plan That Will Build Firm Culture and Attract Top Talent

1 Hour

Cybersecurity for Attorneys: Employing Competent and Reasonable Safeguards

Need Help?

Visit our Frequently Asked Questions page. 

Or email us directly at

Or submit your issue in the comment form below and we will respond as soon as possible.