Capital One’s data breach affected approximately 100 million customers — more than 30% of the U.S. population. However, it doesn’t even break into the top five data breaches of all time.
The company announced on July 19, 2019, that a non-employee seized “certain types of personal information” related to credit card customers and others who had applied for Capital One products. A Seattle woman has been arrested in connection with the breach.
But Yahoo — now owned by Verizon — actually suffered the largest data breach in U.S. history.
Take a look at the top data breaches to affect American consumers.
Andrew Kelly/Reuters, FILE
Signage for the New York Marriott Marquis is seen, Nov, 16, 2015.
(MORE: Marriott says data breach may affect up to 500 million Starwood hotel guests)
The top five largest corporate hacks
1. Yahoo: 3 billion accounts in 2013
Yahoo, which is now owned by Verizon, admitted in 2017 that the previously reported data breach in 2013 actually affected all three billion accounts on its server, exposing the names, birth dates, phone numbers and passwords of users whose accounts were encrypted with what was ultimately weak security.
On Dec. 14, 2016, “Yahoo disclosed that more than one billion of the approximately three billion accounts existing in 2013 had likely been affected,” the company said in a 2017 press release. “The company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.”
The hackers also obtained the security questions and backup email addresses used to reset lost passwords, which are key to hacking into government computers.
2. Yahoo: 500 million accounts in 2014
It’s a tie between this separate Yahoo breach and Marriott. Yahoo suffered a previous attack in December 2014 affecting at least 500 million users whose data included names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions. The U.S. charged four Russians, including two Russian Federal Security Service (FSB) officers with the crime, according to the U.S. Department of Justice.
News of this breach was not revealed for two years, until, again, the company was in the process of a sale to Verizon. In 2018, the Securities and Exchange Commission fined Yahoo for its failure to disclose the news, according to an SEC press release.
Smith Collection/Gado/Getty Images
The headquarters of Internet company Yahoo in the Silicon Valley town of Sunnyvale, Calif., Oct. 28, 2018.
3. Marriott/Starwood: 500 million guests in 2018
Marriott said in a statement Friday that an investigation recently revealed “unauthorized access” since 2014 to information relating to reservations at Marriott’s Starwood properties, and that a hacker had “copied and encrypted information.”
The compromised data includes names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood Preferred Guest loyalty program account information, arrival and departure times, and reservation dates.
(MORE: 10 cybersecurity tips to remember if you’re shopping Black Friday through Cyber Monday)
4. Friend Finder Networks: 412 million accounts in 2016
The adult dating and entertainment company Friend Finder Network had a data breach of more than 412 million accounts, according to ZDNet.
Data was hacked from 339 million of the accounts from AdultFriendFinder.com, which the company boasted as the “world’s largest sex and swinger community.” The information gathered included usernames, e-mails, and passwords, according to ZDNet.
That breach also affected over 15 million “deleted” accounts that had not been purged from the databases. LeakedSource obtained the data, and said it included 20 years of information from the company’s sites. An additional 62 million accounts from Cams.com and seven million from Penthouse.com (the company was owned by Penthouse at the time) were stolen.
5. Equifax: 146 million accounts in 2017
Equifax revealed in a press release that a hack on its networks exposed names, birth dates, social security numbers, addresses and some driver’s license numbers.
The company added that 209,000 U.S. credit card numbers were exposed. Earlier this year, Equifax found an additional 2.4 million U.S. consumers whose names and partial driver’s license information were stolen.