51 Biggest Document Leaks & Data Breaches of All Time

51 Biggest Document Leaks & Data Breaches of All Time

We’ve investigated the biggest document leaks and data breaches from the past five years. What did we learn? In over 100 document leaks and data breaches, we found two cases that affected companies most: 

1. The breach revealed company trade secrets and information. 

2. The breach exposed sensitive customer and consumer data. 

According to IBM, data breach costs rose in 2021 from $3.86 million to $4.24 million. These costs stay with companies for years, with 61% of data breach costs hitting within the first year, 24% in the next 12-24 months, and 15% more than two years later.

Other costs are harder to put a value to, including reputational cost and client relationships. Ultimately, we discovered the devastation of a document leak is so far-ranging that it cannot be fully quantified.

Contents

Here are the 51 biggest document leaks and data breaches we found:

Note: Source text and quotes have been edited or condensed for brevity.

Revealing Confidential Company Information

Industry: Tech

1. Wisk Aero (2021)

Ten of Wisk’s engineers were hired by a rival company, Archer, “some of whom allegedly downloaded confidential documents before leaving.” A legal battle continues as Archer seeks $1 billion in damages from Wisk Aero, claiming “that this ‘smear campaign’ has negatively impacted its ability to access capital and has impaired business relationships…”

Those files contain our valuable trade secrets and confidential information about Wisk’s aircraft development spanning the history of the company, accumulated over countless hours of incremental progress by scores of engineers.”

Wisk Aero Public Statement

Source: Tech Crunch

2. Amazon (2021)

​​”A leaked document revealed how Amazon trains and dispatches employees to social media to defend Amazon. Amazon ‘sought to train and dispatch select employees to the social media trenches to defend Amazon and its CEO, Jeff Bezos, according to an internal description of the program obtained exclusively by The Intercept.’”

Source: The Intercept

3. Amazon (2021) 

“An unspecified source revealed a memo that shows ‘Amazon has a goal to get rid of a certain number of employees each year, voluntarily or otherwise… A memo appears to show some teams trying to meet the goal by doubling the number of people in a coaching program.’”

Source: Business Insider

4. EA (2021)

A gaming insider says an internal company document proves video game giant Electronic Arts is trying to drive players into a type of gameplay that encourages them to spend more money and which has come under fire for possible links to gambling. The 54-page leaked document contains controversial information about how to increase in-game purchases.”

FIFA players have thought that’s their strategy for a long time, but it’s still shocking to actually see a document from within EA stating it in writing,” he said. “They are driving everyone towards the casino, basically.” 

Source: CBC.CA

5. Amazon (2020)

“Amazon officials have profoundly misled the public and lawmakers about its record on worker safety, according to a cache of company records obtained by Reveal from The Center for Investigative Reporting – including internal safety reports and weekly injury numbers from its nationwide network of fulfillment centers.” 

“With weekly data from 2016 through 2019 from more than 150 Amazon warehouses, the records definitively expose the brutal cost to workers of Amazon’s vast shipping empire – and the bald misrepresentations the company has deployed to hide its growing safety crisis.”

Source: Reveal

6. Clearview AI (2020)

Clearview AI admitted that its entire client list had been stolen in a breach. According to documents obtained and reported by BuzzFeed News, Clearview AI’s facial recognition software has been used by people in more than 2,200 law enforcement departments, government agencies, and companies across 27 countries. Although CEO Hoan Ton-That claimed that its tech is meant ‘strictly for law enforcement,’ BuzzFeed’s leak suggests it has been used by private firms, too.”

“Clearview AI is already facing legal action from Facebook, Google, and Twitter for alleged photo-scraping – obtaining and using photos without consent. All three have sent cease-and-desist letters to the company, with the number of photos it’s scraped thought to number in the billions.”

Source: Business Insider

7. Khoros, LLC/Lenovo (2020)

Texas software company Khoros, LLC “filed a breach of contract complaint against Lenovo Singapore PTE, Ltd., alleging that it misappropriated trade secrets…” According to Law Street Media, “Lenovo is a former Khoros customer and had access to its Studio Tool. In 2007, Lenovo entered into a contract agreement with Khoros’ successor Lithium, agreeing not to copy or reverse engineer the company’s software. Despite accepting these terms, Lenovo is accused of reverse-engineering the Studio Tool.”

Source: Law Street Media

8. Intel (2020)

A data breach at Intel leaked 20 GB of confidential and restricted data. According to CPO Magazine, “the data breach did not contain any sensitive personal information on Intel’s clients or workers. However, it contained technical designs for various Intel chipset platforms such as Kaby Lake and Tiger CPUs. The data breach also exposed source code belonging to third parties, such as SpaceX sensors developed by Intel.” Swiss software engineer, Till Kottmann, shared the data on the file-sharing site, MEGA, after receiving the information from an anonymous source. 

“Intel released a statement denying being hacked and blaming the incident on a rogue user. Kottman said more data with “juicier” details were on the way.”

Source: CPO Magazine 

9. Intel (2018)

“A lawsuit filed by Intel alleged that a former employee attempted to download the details of a highly classified project before leaving to work for a competitor.”

“A few days before he left Intel, [he] tried to access and copy a ‘top secret’ designated Intel file that Intel’s electronic security system blocked from being copied.”

Source: GovTech

Industry: Consumer Goods & Retail

10. Mars, Inc. (2020)

Mars Inc. sued sandwich and coffee chain Pret Panera Holding and its owner JAB Holding Co. for allegedly gaining illegal access to thousands of valuable corporate documents that the candy maker claims were stolen by a former executive.”

“He repeatedly uploaded proprietary business information to a company-issued laptop and downloaded it onto a personal hard drive before eventually sharing it “on a number of occasions” with his new colleagues at JAB and Pret Panera, according to the complaint.”

Source: Bloomberg

11. Walmart (2020)

“A leaked presentation revealed…Walmart’s digital strategy project to improve users’ online experience.” 

“Internal company documents from March 2020 obtained by Business Insider revealed the retailer’s initiative—dubbed “Project Glass”—to strengthen its business and take on Amazon head-on.”

Source: eMarketer

12. Peloton (2019)

Business Insider obtained four confidential documents including Peloton’s internal brand pitching deck.” According to the leaked marketing documents, Peloton wanted to stop being described as “cultish” or “a fad” while targeting highly educated individuals who are usually married with children and have household incomes of $100K-150K. 

Source: Business Insider 

13. Away (2019)

Leaked documents revealed that Away barred employees from discussing The Verge’s investigation into workplace conditions on either their personal or professional social media channels. The investigation from The Verge revealed how CEO Steph Korey used Away’s core company values to push employees nearly to the breaking point. Last year, she told a group of customer experience managers that she was taking away their paid time off in order to support their career development.”

“Please do not share the article,” managers told their direct reports. “Please do not fave/like/comment or interact with any commentary (negative or positive) through either your personal or professional accounts.”

Source: The Verge 

14. Target (2019)

A leaked document revealed Target’s plan to change the way its store functions nationwide, which employees said backfired. In general, the document outlined how Target workers should be in charge of their own store areas and responsible for various stocking tasks, in addition to assisting guests.”

“Business Insider talked to over 50 former and current Target employees, many of whom said that the modernization program had changed their business for the worse, making their work unbearably stressful.”

Source: Business Insider, NewsBeezer

15. Coca-Cola (2018)

“The Coca-Cola company announced a data breach incident… after a former employee was found in possession of worker data on a personal hard drive. Coca-Cola said it worked with law enforcement to investigate the data’s origin and validity, and determined that some documents contained the personal information of some of its workers.”

“We are issuing data breach notices to about 8,000 individuals whose personal information was included in computer files that a former employee took with him when he left the company,” a Coca-Cola spokesperson told Bleeping Computer today.

Source: Bleeping Computer

Industry: Finance

16. Goldman Sachs (2021)

In a leaked presentation, junior bankers at Goldman Sachs said they were facing “inhumane” conditions at the investment bank, including 100-hour work weeks and “abuse” from colleagues which had severely affected their mental health… The 11-page presentation features “select analyst quotes”, in which the graduates describe a toxic office environment: 

“The sleep deprivation, the treatment by senior bankers, the mental and physical stress … I’ve been through foster care and this is arguably worse.”

 

“This is beyond the level of ‘hard working’, this is inhumane, abuse.”

Source: The Guardian 

17. FinCEN (2020)

Thousands of sensitive bank documents from the Financial Crimes Enforcement Network were leaked to Buzzfeed who shared them with the International Consortium of Investigative Journalists… The leaked documents describe how five major banks, – JPMorgan Chase, HSBC, Standard Chartered Bank, Deutsche Bank, and Bank of New York Mellon – were allegedly involved in handling the flow of money between individuals and groups that may have been acting in a criminal manner, according to BuzzFeed and other media reports.”

“From a cybersecurity standpoint, we may expect a growing lack of trust to governmental agencies, which on one side have quasi-unlimited access to the most sensitive data of the largest organizations, while on the other side, they cannot duly safeguard this data. A transparent investigation is required to restore confidence.”

Mark Rasch, an attorney at Kohrman, Jackson & Krantz 

Source: BankInfoSecurity.com

Industry: Government

18. The Pandora Papers (2021)

The most expansive leak of tax haven files in history revealed the secret offshore holdings of more than 300 politicians and public officials from more than 90 countries and territories.” 

“The trove of more than 11.9 million confidential files shows how presidents, prime ministers, royals, elected officials — and some of their family members and closest associates — stash assets in a covert financial system with the help of firms who establish companies in secrecy jurisdictions.”

Source: International Consortium of Investigative Journalists

 19. CIA Vault 7 (2017)

“The CIA was embedded with a workplace culture in which elite hackers were so preoccupied with building cyber weapons they neglected to secure their own systems, an internal report has suggested. The theft of documents revealing hacking tools in March 2017, infamously publicized by WikiLeaks, was in part the result of an agency more concerned with reinforcing its arsenal than securing those tools.”

“The CIA’s WikiLeaks Task Force produced a report, now seen by the Washington Post, that revealed “woefully lax” security procedures within the team that developed those tools were partially responsible for the disclosure.”

Source: ITPro

Industry: Automotive 

20. Tesla (2020)

Business Insider obtained a leaked copy of Tesla’s employee handbook, titled The Anti-Handbook Handbook.

“Written in a conversational, sometimes combative tone (“Our assumption will be that if you don’t call and don’t show up for work, you’re a jerk. You better have a really good reason for not letting us know why you didn’t come in or you’re out of here.”), the handbook positions Tesla as an outlier in the auto and tech industries.”

Source: Business Insider

21. Tesla (2019)

Self-driving startup Zoox admitted that four of its employees took confidential documents from their previous employer Tesla.” 

“Zoox acknowledges that certain of its new hires from Tesla were in possession of Tesla documents pertaining to shipping, receiving, and warehouse procedures when they joined Zoox’s logistics team,” the startup said in a statement to Reuters. 

“Zoox says it will pay Tesla an undisclosed amount of money and will perform an audit to ‘ensure that no Zoox employees have retained or are using Tesla confidential information.’”

Source: The Verge

Industry: Healthcare

22. Direct Supply Inc. (2017)

Direct Supply Inc. accused a former employee of downloading more than 50 company documents containing technology trade secrets before becoming the chief information officer at a competitor.”

“When Direct Supply reviewed the employee’s activity on its systems, it allegedly found that between Nov. 23 and Dec. 29 he had downloaded more than 50 files with confidential information, including technology infrastructure strategy documents, IT incident reports, and software architecture information.”

Source: BizTimes 

Industry: Telecommunications

23. Motorola (2019)

The Motorola case centered on allegations that Hytera, a Chinese rival of Motorola, misappropriated Motorola’s trade secrets to develop and sell a competing digital radio. Motorola claimed that Hytera hired three engineers away from Motorola’s Malaysian office and that those engineers stole thousands of technical, confidential Motorola documents containing trade secrets and source code.”

Source: National Review 

Exposing Customer and Consumer Data

Back to top

Industry: Tech

24. Facebook (2021)

The Facebook Papers project represents a unique collaboration among 17 American news organizations, including The Associated Press. Journalists from a variety of newsrooms, large and small, worked together to gain access to thousands of pages of internal company documents obtained by Frances Haugen, the former Facebook product manager-turned-whistleblower.

“The papers themselves are redacted versions of disclosures that Haugen has made over several months to the Securities and Exchange Commission, alleging Facebook was prioritizing profits over safety and hiding its own research from investors and the public.”

Source: The Associated Press

25. Twitch (2021)

Twitch confirmed a major data breach and that more than 100GB of data was posted online. Alleged leaked data included “source code for the company’s streaming service, an unreleased Steam competitor from Amazon Game Studios, and details of creator payouts.”

“And if it is all confirmed, it will be the biggest leak I have ever seenan entire company’s most valuable data cleaned out in one fell swoop.”

Joe Tidy, cybersecurity reporter

Sources: BBC and The Verge

26. ParkMobile (2021)

After a breach, cybercriminals sold account information “for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data included customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords, and mailing addresses.”

“It’s also curious that ParkMobile hasn’t asked or forced its users to change their passwords as a precautionary measure. I used the ParkMobile app to reset my password, but there was no messaging in the app that suggested this was a timely thing to do. So if you’re a ParkMobile user, changing your account password might be a pro move.”

Source: Krebs on Security

27. Qualys (2021)

Cybersecurity company Qualys suffered a data breach after cybercriminals “exploited a zero-day flaw in its Accellion FTA server,” according to Forbes. The breach affected numerous companies and entities including “retail giant Kroger, law firm Jones Day, and the state of Washington.”

“Qualys said it has “notified the limited number of customers impacted by this unauthorized access.” 

Source: Forbes

28. Ubiquiti (2021)

Ubiquiti, a global Internet of Things device provider, experienced a data breach that compromised the personal information of its customers. The company said, “that compromised data may include names, email addresses, one-way encrypted passwords to customer accounts, addresses, and phone numbers.”

“There was no indication that the attackers used any sophisticated tactics. Evidence points to rather basic misconfiguration errors, an all-too-pervasive problem that has led to countless data breaches.”

Source: Security Boulevard 

29. Google (2021)

“Google fired dozens of employees between 2018 and 2020 for abusing their access to the company’s tools or data, with some workers potentially facing allegations of accessing Google user or employee data, according to an internal Google document obtained by Motherboard.”

“A Google spokesperson told Motherboard in a statement: ‘The instances referred to mostly relate to inappropriate access to, or misuse of, proprietary and sensitive corporate information or IP.’”

Source: Vice

30. SolarWinds (2021)

Criminal hackers, with alleged ties to Russia, used a routine software update to put malicious code in a software program called Orion. They then used the downloaded code to launch a massive cyberattack on thousands of U.S. companies and governmental agencies. Agencies included the U.S. Treasury, Justice, and Commerce departments; affected companies included Microsoft, Intel, and Cisco. An estimated 18,000 customers may have downloaded the malicious code.

“I think from a software engineering perspective, it’s probably fair to say that this is the largest and most sophisticated attack the world has ever seen.” 

Microsoft Corp President Brad Smith

Source: Reuters, NPR

31. Whisper App (2020)

Hundreds of millions of users’ intimate messages, tied to their locations, were made publicly viewable. The data exposure allowed anyone to access all of the location data and other information tied to anonymous “whispers” posted to the popular social app. The records were viewable on a non-password-protected database open to the public Web.” 

“This is the difference between a user handing you their business card and Whisper leaking an entire phone book. This is the most intimate data laid bare in a massive unprotected database for the entire world to see.”

Kyle Olbert, a human rights activist and researcher

Source: The Washington Post 

32. BlueKai (2020)

Oracle’s BlueKai left exposed an unsecured database containing billions of records like names, home addresses, email addresses, and sensitive users’ web browsing activity — from purchases to newsletter unsubscribes.”

“BlueKai tracks 1.2% of all web traffic and tracks some of the world’s biggest websites: Amazon, ESPN, Forbes, Glassdoor, Healthline, MSN.com, Levi’s, Rotten Tomatoes, and The New York Times.

 

Given the volume of data on this unsecured server, this is already one of the largest cybersecurity mistakes of 2020.”

Source: cyware.com

33. Wattpad (2020)

An allegedly stolen Wattpad database containing 270 million records was being sold in private sales for over $100,00.” It was later offered for free on hacker forums. “A few sample records of this database seen by BleepingComputer contained user names, names, hashed passwords, email addresses, and general geographic location.”

“Out of precaution, and as is common in these situations, we are resetting passwords and advising users to change passwords on other sites if they used the same password.”

Wattpad Public Statement

Source: Bleeping Computer

34. Keepnet Labs (2020)

A UK-based cybersecurity firm that threatened legal action against a security blogger has confirmed that a contractor temporarily exposed a database containing five billion email addresses and passwords collated from previous data breaches.”

“The ‘breaking news’ was that Keepnet Labs was responsible for the “world’s biggest data breach with over 5+ billion records” which is just not true. Stories suggested that the exposed database “could have included data that has not been previously breached” and “Keepnet ignored the warnings from the researcher”… These are all inaccurate and could be misleading, causing damage to our brand and reputation.”

—Keepnet Labs Public Statement

Source: Verdict and Keepnet Labs

35. Facebook (2019)

“…the details of 533 million Facebook users, including phone numbers and email addresses, had been leaked online. Facebook claimed this data was from an old breach that took place in 2019. But now the information has been made widely available in a hacking forum online, it could potentially have been accessed by anyone.”

“It is “vital” to implement two-factor authentication “as an extra layer of protection as it will help keep threat actors from gaining entry to vulnerable or exposed accounts.” 

Jake Moore, cybersecurity specialist at ESET 

Source: Forbes

36. Microsoft (2019)

A misconfiguration of an internal customer support database led to a breach of 250 million customer service and support records. Microsoft maintains that no “malicious use” was found, but that “a change made to the database’s network security group on December 5, 2019 contained misconfigured security rules that enabled exposure of the data.”

“Misconfigurations are unfortunately a common error across the industry. We have solutions to help prevent this kind of mistake, but unfortunately, they were not enabled for this database. As we’ve learned, it is good to periodically review your own configurations and ensure you are taking advantage of all protections available.”

Source: Microsoft Security Response Center

37. Google (2019)

“Google fired an employee for leaking other employees’ names and personal information to the media and placed another employee on leave pending an investigation into whether the person improperly accessed a wide range of documents unrelated to the person’s job after receiving warnings not to do so.” 

The firing and employee suspensions have been the subject of intense discussion within the company in recent weeks, according to Bloomberg, as employees worry that Google — which has traditionally been known for its open and transparent culture — is attempting to crack down on dissent.”

Source: Business Insider

38. Wyze (2019)

A server leak exposed the customer data of 2.4 million users, including email addresses, SSID information, and API tokens. Wyze co-founder Dongsheng Song said, “that an employee error led to the server’s security protocols being removed on December 4th, and the data was exposed until December 26th when the company was made aware of the problem.”

“We’ve often heard people say, ‘You pay for what you get,’ assuming Wyze products are less secure because they are less expensive. This is not true,” the co-founder wrote. “We’ve always taken security very seriously, and we’re devastated that we let our users down like this.” 

Wyze co-founder Dongsheng Song

Source: The Verge 

39. MyFitnessPal (2018)

A data breach compromised as many as 150 million accounts. Account information included usernames, email addresses, and hashed passwords, but not financial information like credit card numbers or identifiers like social security numbers.”

“The company will be requiring MyFitnessPal users to change their passwords and is urging users to do so immediately.”

Source: The Verge 

Industry: Healthcare

40. Cancer Treatment Centers of America (2021)

“Cancer Treatment Centers of America alerted 104,808 patients of its Midwestern Regional Medical Center that some of their protected health information was contained in an email account that was accessed by an unauthorized individual.” 

“A review of the compromised account revealed it contained patient names, health insurance information, medical record numbers, CTCA account numbers, and limited medical information. No financial information or Social Security numbers were compromised.”

Source: HIPAA Journal

41. Wyoming Dept. of Health (2020)

“The Wyoming Department of Health announced that thousands of state residents had their personal information, including names, addresses, and dates of birth, exposed through an online server containing COVID-19, influenza, and breath alcohol test results. Department officials emphasized that the breached data did not include any Social Security numbers or banking, financial, or health insurance information.”

“According to a statement issued by the state Department of Health, those files were mistakenly uploaded by the official to private and public online repositories on servers belonging to GitHub.com. The department emphasized that the incident ‘did not result from a compromise of GitHub or its systems.’”

Source: Wyoming Tribune Eagle

42. MyHeritage (2018)

A data breach exposed the email addresses and encrypted passwords for more than 92 million users of MyHeritage, a company used for testing DNA and tracking people’s ancestry.

MyHeritage said a security researcher notified the company on June 4, 2018, of a file found on a private server outside of the company. After analyzing the file, a MyHeritage security team determined that its contents originated from the company and included the email addresses and hashed passwords of 92,283,889 users…

Source: Norton

Industry: Finance

43. First Horizon Bank (2021)

Financial services company First Horizon Corp. suffered a data breach that saw customer accounts accessed and funds stolen… The data breach was described as involving an authorized third party obtaining login credentials from an unknown source and then attempting to access customer accounts. The third party then gained access to fewer than 200 online customer bank accounts, had access to personal information in those accounts, and then fraudulently obtained an amount of less than $1 million from those accounts.”

“Whatever the mechanism of compromise used here, it’s another reminder that all organizations, but especially financial services organizations, need to consider the totality of their attack surface area, from the email security of the most senior company officer down to the smallest software library used in their applications.” 

Robert Haynes, software composition analyst at Checkmarx Ltd.

Source: SiliconANGLE 

44. Capital One (2019)

The personal details of about 106 million individuals across the US and Canada were stolen in a hack targeting financial services firm Capital One, the company has revealed,” after the alleged criminal hacker boasted about the breach online. 

“Capital One said the hacker was able to “exploit” a “configuration vulnerability” in the company’s infrastructure. Aside from names and dates of birth, she also managed to obtain credit scores, limits, balances, payment history, and contact information.”

Source: BBC

Industry: E-commerce & Retail

45. Reverb.com (2021)

A data breach at the world’s largest online music marketplace exposed the personal details of high-profile musicians. Information belonging to Bill Ward of Black Sabbath, Jimmy Chamberlin of the Smashing Pumpkins, and Alessandro Cortini of Nine Inch Nails was among the data exposed in the security incident at Reverb.com.”

“Scammers might pose as Reverb or an associated company in an attempt to persuade victims to divulge additional information such as account login credentials or payment details,” said the consultant.

 

“The fact that customer shop IDs were exposed is troublesome as these can be used to make fraudulent correspondence look legitimate.”

Source: Infosecurity Magazine 

46. Hobby Lobby (2020)

Hobby Lobby exposed a large amount of data online, including customer names, phone numbers, physical and email addresses, and the last four digits of their payment card, as well as source code for the company’s app, according to a security researcher.”

“’We identified the access control involved and have taken steps to secure the system,’ Hobby Lobby told Motherboard in an email. The researcher said they previously tried to warn Hobby Lobby of the issue but received no response.”

Source: Vice 

Industry: Government

47. FEMA (2019)

The Federal Emergency Management Agency shared personal addresses and banking information of 2.3 million U.S. disaster survivors. Those affected included the survivors of California wildfires in 2017 and Hurricanes Harvey, Irma, and Maria.

“Several elements of PII were shared unnecessarily with an outside contractor who managed FEMA’s Transitional Sheltering Assistance program. It included names, addresses, and banking information — all of which can be used to commit identity theft and fraud.”

Source: The Washington Post and Sontiq

Industry: Telecommunications

48. Broadvoice (2020)

A huge data breach at US VoiP provider Broadvoice exposed more than 350 million customer records, including names, phone numbers, and even call transcripts.” 

“VoIP calls are sometimes touted as being more secure than those that take place over traditional landline services. However, neither approach can completely safeguard user data. As the Broadvoice leak demonstrates, human error will continue to play an important role, even as security solutions become increasingly sophisticated.”

Source: Tech Radar

Industry: Insurance

49. Geico (2021)

Geico mailed notifications of a data breach to its customers, indicating that an unknown number of driver’s license numbers were compromised during a six-week period early in the year. The notification advised Geico customers that these numbers might be used for fraudulent unemployment claims, urging them to be on the lookout for unusual or suspicious communications from the state government.”

“The data breach impacts customers that were with the company from Jan. 21, 2021, to March 1, 2021, most likely auto insurance customers given that Geico says no other information but the driver’s license numbers were leaked.”

Source: CPO Magazine

Industry: Hospitality

50. MGM Resorts (2019)

“Data from a whopping 142,479,937 MGM Resorts guests was found for sale on an underground hacking forum. The data included customer names, email and physical addresses, phone numbers, and dates of birth.” 

“Credit card details were not listed which aligns with MGM’s statement on the 2019 breach that ‘no financial, payment card or password data was involved.’”

Source: Forbes

Industry: Education

51. University of California (2021)

“The UC system announced that it was one of 300 organizations affected by a nationwide cyberattack on Accellion’s File Transfer Appliance, a vendor service used for “transferring sensitive information.” Following the announcement, many students have reported their personal information being found on the dark web. The stolen information included Social Security numbers, email addresses, phone numbers, and home addresses.”

“We are working with federal law enforcement and external cybersecurity experts to investigate this incident,” said Stett Holbrook, spokesperson for the UC Office of the President. “In the meantime, we have notified the UC community and offered one year of complimentary credit monitoring and identity theft protection.”

Source: The Daily Californian

How To Protect Your Data From Accidental Breaches

Although we found quite a few stories involving criminal hacking, most tech leaders are more concerned about inadvertent and negligent data breaches than malicious ones, according to a recent Pulse survey. 

We also find this to be true with our work with customers at Nira. Most employees are not malicious threats or “out to get” their companies. Many document leaks are actually a result of accidental misconfigurations or expired third-party access that hasn’t been cleaned up. It’s why we created a tool that allows IT teams to easily identify access risks so data breaches become visible within 48 hours or less. Our mission is to make collaboration safe and secure for everyone.

Get a demo to find out how Nira helps protect company documents. 

Back to top