The largest reported data leakage as of January 2024 was the Cam4 data breach in March 2020, which exposed more than 10 billion data records. The second-largest data breach in history so far, the Yahoo data breach, occurred in 2013. The company initially reported about one billion exposed data records, but after an investigation, the company updated the number, revealing that three billion accounts were affected. The National Public Data Breach was announced in August 2024. The incident became public when personally identifiable information of individuals became available for sale on the dark web. Overall, the security professionals estimate the leakage of nearly three billion personal records. The next significant data leakage was the March 2018 security breach of India's national ID database, Aadhaar, with over 1.1 billion records exposed. This included biometric information such as identification numbers and fingerprint scans, which could be used to open bank accounts and receive financial aid, among other government services.

Cybercrime - the dark side of digitalization As the world continues its journey into the digital age, corporations and governments across the globe have been increasing their reliance on technology to collect, analyze and store personal data. This, in turn, has led to a rise in the number of cyber crimes, ranging from minor breaches to global-scale attacks impacting billions of users – such as in the case of Yahoo. Within the U.S. alone, 1802 cases of data compromise were reported in 2022. This was a marked increase from the 447 cases reported a decade prior. The high price of data protection As of 2022, the average cost of a single data breach across all industries worldwide stood at around 4.35 million U.S. dollars. This was found to be most costly in the healthcare sector, with each leak reported to have cost the affected party a hefty 10.1 million U.S. dollars. The financial segment followed closely behind. Here, each breach resulted in a loss of approximately 6 million U.S. dollars - 1.5 million more than the global average.

View Data Breach Notification Reports, which include how many breaches are reported each year and the number of affected residents.

Analysis of ‘List of Top Data Breaches (2004 - 2021)’ provided by Analyst-2 (analyst-2.ai), based on source dataset retrieved from https://www.kaggle.com/hishaamarmghan/list-of-top-data-breaches-2004-2021 on 14 February 2022.

--- Dataset description provided by original source is as follows ---

This is a dataset containing all the major data breaches in the world from 2004 to 2021

As we know, there is a big issue related to the privacy of our data. Many major companies in the world still to this day face this issue every single day. Even with a great team of people working on their security, many still suffer. In order to tackle this situation, it is only right that we must study this issue in great depth and therefore I pulled this data from Wikipedia to conduct data analysis. I would encourage others to take a look at this as well and find as many insights as possible.

This data contains 5 columns: 1. Entity: The name of the company, organization or institute 2. Year: In what year did the data breach took place 3. Records: How many records were compromised (can include information like email, passwords etc.) 4. Organization type: Which sector does the organization belong to 5. Method: Was it hacked? Were the files lost? Was it an inside job?

Here is the source for the dataset: https://en.wikipedia.org/wiki/List_of_data_breaches

Here is the GitHub link for a guide on how it was scraped: https://github.com/hishaamarmghan/Data-Breaches-Scraping-Cleaning

--- Original source retains full ownership of the source dataset ---

In 2023, the number of data compromises in the United States stood at 3,205 cases. Meanwhile, over 353 million individuals were affected in the same year by data compromises, including data breaches, leakage, and exposure. While these are three different events, they have one thing in common. As a result of all three incidents, the sensitive data is accessed by an unauthorized threat actor. Industries most vulnerable to data breaches Some industry sectors usually see more significant cases of private data violations than others. This is determined by the type and volume of the personal information organizations of these sectors store. In 2022, healthcare, financial services, and manufacturing were the three industry sectors that recorded most data breaches. The number of healthcare data breaches in the United States has gradually increased within the past few years. In the financial sector, data compromises increased almost twice between 2020 and 2022, while manufacturing saw an increase of more than three times in data compromise incidents. Largest data exposures worldwide In 2020, an adult streaming website, CAM4, experienced a leakage of nearly 11 billion records. This, by far, is the most extensive reported data leakage. This case, though, is unique because cyber security researchers found the vulnerability before the cyber criminals. The second-largest data breach is the Yahoo data breach, dating back to 2013. The company first reported about one billion exposed records, then later, in 2017, came up with an updated number of leaked records, which was three billion. In March 2018, the third biggest data breach happened, involving India’s national identification database Aadhaar. As a result of this incident, over 1.1 billion records were exposed.

Data breaches cost companies and businesses a lot of money. The average cost of a data breach is $3.86 million.

Washington law requires entities impacted by a data breach to notify the Attorney General’s Office (AGO) when more than 500 Washingtonians personal information was compromised as a result of the breach. This dataset breaks out the individual types of breached personal information that were identified in each notice our office received. This data is used to produce the AGO’s Annual Data Breach Report. For additional statistics relating to data breaches, also see the main dataset at: https://data.wa.gov/Consumer-Protection/Data-Breach-Notifications-Affecting-Washington-Res/sb4j-ca4h.

In this document, comprehensive datasets are presented to advance research on information security breaches. The datasets include data on disclosed information security breaches affecting S&P500 companies between 2020 and 2023, collected through manual search of the Internet. Overall, the datasets include 504 companies, with detailed information security breach and financial data available for 97 firms that experienced a disclosed information security breach. This document will describe the datasets in detail, explain the data collection procedure and shows the initial versions of the datasets. Contact at Tilburg University Francesco Lelli Data files: 6 raw Microsoft Excel files (.xls) Supplemental material: Data_Publication_Package.pdf Detailed description of the data has been released in the following preprint: [Preprint in progress] Structure data package The folder contains the 6 .xls documents, the data publication package. Link to the preprint describing the dataset is in the description of the dataset itself. The six .xls documents are also present in their preferred file format csv (see Notes for further explanation). Production date: 01-2024---- 05-2024 Method: Data on information security breaches through manual search of the Internet, financial data through Refinitiv (LSEG). (Approval obtained from Refinitiv to publish these data) Universe: S&P500 companies Country / Nation: USA

The average cyber attack takes 280 days to identify and contain and it costs an average of about $3.86 million to deal with properly.

The Security Baseline Check market is experiencing robust growth, driven by the increasing sophistication of cyber threats and the stringent regulatory compliance requirements across various industries. The market, estimated at $15 billion in 2025, is projected to maintain a healthy Compound Annual Growth Rate (CAGR) of 15% from 2025 to 2033, reaching approximately $50 billion by 2033. This expansion is fueled by several key factors. Firstly, the rising adoption of cloud computing and digital transformation initiatives across SMEs and large enterprises necessitates comprehensive security assessments. Secondly, the increasing frequency and severity of data breaches are compelling organizations to proactively invest in robust security baseline checks to mitigate risks and protect sensitive data. Furthermore, evolving regulatory landscapes like GDPR and CCPA mandate stringent security protocols, further bolstering the demand for these services. The market segmentation reveals a strong emphasis on host security checks, followed by database and network security equipment checks, reflecting the criticality of securing core infrastructure components. Geographically, North America and Europe currently hold significant market share, driven by high technological adoption and stringent security regulations. However, rapidly growing digital economies in Asia Pacific and the Middle East & Africa present lucrative growth opportunities. The competitive landscape is characterized by a mix of established cloud providers like Alibaba Cloud, Amazon, Microsoft, and Huawei Cloud, alongside specialized security firms like OWASP and Antiy Labs. These players are constantly innovating to offer comprehensive and integrated security solutions that meet the evolving needs of their clients. While the market is experiencing substantial growth, challenges such as the high cost of implementation, integration complexities, and the need for skilled professionals could potentially restrain its growth. However, the overall market trajectory points towards a sustained period of expansion, driven by the imperative to secure digital assets and comply with regulatory requirements. The continued evolution of cybersecurity threats will further fuel the demand for sophisticated baseline checks across all segments and regions.

These cybersecurity statistics will help you understand the state of online security and give you a better idea of what it takes to protect yourself.

As of 2024, the mean number of days to identify the data breaches was 194 days, four percent less than in the previous year. The mean time companies needed to contain the breaches in 2024 was 64 days. In comparison, in 2022, it took organizations 207 days to identify and 70 days to address the data breaches.

The world has entered the era of the Code War where every digital device, however small and innocuous, can be “weaponised” – as the recent Dyn cyber-attack aptly illustrated – to send “rogue code” deep into the Internet's engine room to create mayhem.
Cybersecurity is critical to almost every business. Yet it is a non-core competence for most boards. The frequency of high profile corporate data breaches may accelerate because CEOs are not sufficiently trained in cyber risks.
Almost every cyber-breach is an “inside job” – whether malicious or accidental – so real-time behavioural analytics is becoming increasingly important as a defense.
Insidt this report, we look at the evolution, nature, growth in cybersecurity technologies and threat. Read More

With the surge in data collection and analytics, concerns are raised with regards to the privacy of the individuals represented by the data. In settings where the data is distributed over several data holders, federated learning offers an alternative to learn from the data without the need to centralize it in the first place. This is achieved by exchanging only model parameters learned locally at each data holder. This greatly limits the amount of data to be transferred, reduces the impact of data breaches, and helps to preserve the individual’s privacy. Federated learning thus becomes a viable alternative in IoT and Edge Computing settings, especially if the data collected is sensitive.

However, risks for data or information leaks still persist, if information can be inferred from the models exchanged. This can e.g. be in the form of membership inference attacks. In this paper, we investigate how successful such attacks are in the setting of sequential federated learning. The cyclic nature of model learning and exchange might enable attackers with more information to observe the dynamics of the learning process, and thus perform a more powerful attack.

The number of data breaches fluctuated in Poland in the observed period. The second quarter of 2020 recorded the highest number of data breaches. In the third quarter of 2024, this number decreased to over 150,000; however, it was 907 percent higher than in the previous quarter.

Scientists from the U.S. Geological Survey St. Petersburg Coastal and Marine Science Center in St. Petersburg, Florida, conducted a bathymetric survey of Fire Island, New York, from October 5 to 10, 2014. The U.S. Geological Survey is involved in a post-Hurricane Sandy effort to map and monitor the morphologic evolution of the wilderness breach, which formed in October 2012 during Hurricane Sandy, as part of the Hurricane Sandy Supplemental Project GS2-2B. During this study, bathymetry data were collected, using single-beam echo sounders and global positioning systems mounted to personal watercraft, along the Fire Island shoreface and within the wilderness breach, Fire Island Inlet, Narrow Bay, and Great South Bay east of Nicoll Bay. Additional bathymetry and elevation data were collected using backpack and wheel-mounted global positioning systems along the subaerial beach (foreshore and backshore), and flood shoals and shallow channels within the wilderness breach and adjacent shoreface.

The Data-Loss Prevention (DLP) market is experiencing robust growth, driven by increasing cyber threats and stringent data privacy regulations like GDPR and CCPA. The market, estimated at $15 billion in 2025, is projected to achieve a Compound Annual Growth Rate (CAGR) of 12% from 2025 to 2033, reaching approximately $40 billion by 2033. This expansion is fueled by the rising adoption of cloud computing, the proliferation of mobile devices, and the growing need to protect sensitive data across diverse environments. Key market drivers include the escalating costs associated with data breaches, the increasing awareness of data security risks amongst organizations, and the growing demand for advanced DLP solutions that can effectively address sophisticated attack vectors. Market segmentation reveals strong growth across all application areas—individuals, families, and enterprises—with the enterprise segment dominating due to its higher spending capacity and greater vulnerability to data breaches. The advanced measures segment within the DLP solutions category is experiencing particularly rapid expansion, driven by the demand for AI-powered threat detection and response capabilities. Geographic regions such as North America and Europe currently hold significant market share, but Asia-Pacific is poised for substantial growth due to increasing digitalization and rising adoption of DLP solutions in emerging economies. However, the market faces certain restraints, including the high cost of implementation and maintenance of DLP solutions, the complexity of integrating DLP technologies with existing security infrastructure, and the shortage of skilled cybersecurity professionals. Despite these challenges, the overall outlook for the DLP market remains positive. The increasing sophistication of cyberattacks and the growing regulatory landscape are expected to propel the adoption of more robust and comprehensive DLP solutions. Furthermore, advancements in artificial intelligence (AI) and machine learning (ML) are playing a significant role in enhancing the effectiveness of DLP technologies. Continuous innovation in areas such as data classification, anomaly detection, and endpoint security is contributing to the development of more sophisticated and adaptable DLP solutions, catering to the evolving needs of individuals, families, and enterprises alike. The market's trajectory strongly indicates a continued rise in demand for DLP solutions across diverse sectors, reinforcing the crucial role of data protection in the increasingly digital world.

Hurricane Sandy made U.S. landfall, coincident with astronomical high tides, near Atlantic City, New Jersey, on October 29, 2012. The storm, the largest on historical record in the Atlantic basin, affected an extensive area of the east coast of the United States. The highest waves and storm surge were focused along the heavily populated New York and New Jersey coasts. At the height of the storm, a record significant wave height of 9.6 meters (m) was recorded at the wave buoy offshore of Fire Island, New York (fig. 1, inset). During the storm an overwash channel opened a breach in the location of Old Inlet, in the Otis Pike High Dunes Wilderness area. This breach is now referred to as the Wilderness Breach (fig. 1). Fire Island, New York is the site of a long term coastal morphologic change and processes project conducted by the U.S. Geological Survey (USGS). One of the objectives of the project was to understand the morphologic evolution of the barrier system on a variety of time scales (days - years - decades - centuries). In response to Hurricane Sandy, this effort continued with the intention of resolving storm impacts post-storm beach response and recovery. The day before Hurricane Sandy made landfall (October 28, 2012), a USGS field team conducted differential global positioning system (DGPS) surveys at Fire Island to quantify the pre-storm morphologic state of the beach and dunes. The area was re-surveyed after the storm, as soon as access to the island was possible. In order to fully capture the recovery of the barrier system, the USGS Hurricane Sandy Supplemental Fire Island Study was established include collection in the weeks, months, and years following the storm. As part of the USGS Hurricane Sandy Supplemental Fire Island Study, the beach is monitored periodically to enable better understanding of post-Sandy recovery. The alongshore state of the beach is recorded using a DGPS to collect data around the mean high water (MHW; 0.46 meter North American Vertical Datum of 1988) to derive a shoreline, and the cross-shore response and recovery are measured along a series of 15 profiles. Monitoring continued in the weeks following Hurricane Sandy with additional monthly collection through April 2013 and repeat surveys every 2-3 months thereafter until October 2014. Bi-annual surveys have been collected through September 2016. Beginning in October 2014 the USGS also began collecting shoreline data at the Wilderness Breach. See below for survey collection dates for all data types. For along shore shoreline data, the MHW shoreline (0.46 m [NAVD 88]; Weber and others, 2005) is derived from the field data using an interpolation method that creates a series of equally-spaced cross-shore profiles between the two survey lines that flank the MHW contour. The foreshore slope is assumed to be uniform on each profile. Using this slope and the two surveyed positions on each cross-shore profile, a simple geometric calculation is done to find where each profile line intersects the MHW contour. This shapefile FIIS_Shorelines_Oct2012_Sept2016.shp consists of Fire Island, NY pre- and post-storm shoreline data collected from October 2012 to September 2016. This dataset contains 20 Mean High Water (MHW) shorelines for Fire Island, NY (A total of 22 dates, where two shorelines were collected over multiple days). Prior to and following Hurricane Sandy in October, 2012, continuous alongshore DGPS data were collected to assess the positional changes of the shoreline (MHW - 0.46 m NAVD88) and the upper portion of the beach. In the four years following Sandy, 22 surveys were conducted collecting data along shore-parallel tracks to capture the base of the dune, the mid-beach, and the upper and lower foreshore. The alongshore tracks extend from just west of Fire Island Lighthouse to the western flank of the storm-induced breach in the location of Old Inlet, in the Otis Pike High Dunes Wilderness area. Oct 28 2012 (MHW shoreline/Cross-shore data) Nov 01 2012 (MHW shoreline/Cross-shore data) Nov 04 2012 (Cross-shore data only) Dec 01 2012 (MHW shoreline/Cross-shore data) Dec 12 2012 (MHW shoreline/Cross-shore data) Jan 10 2013 (MHW shoreline/Cross-shore data) Feb 13 2013 (MHW shoreline/Cross-shore data) Mar 13 2013 (MHW shoreline/Cross-shore data) Apr 09 2013 (MHW shoreline/Cross-shore data) Jun 24 2013 (MHW shoreline/Cross-shore data) Sep 18 2013 (MHW shoreline/Cross-shore data) Dec 03 2013 (MHW shoreline/Cross-shore data) Jan 29 2014 (MHW shoreline/Cross-shore data) Jun 11 2014 (Cross-shore data only) Sep 09 2014 (MHW shoreline/Cross-shore data) Oct 07 2014 (Cross-shore data/Breach shoreline) Jan 21 2015 (MHW shoreline/Cross-shore data/Breach shoreline) Mar 19 2015 (MHW shoreline/Cross-shore data) May 16 2015 (MHW shoreline/Cross-shore data/Breach shoreline) Set 28 2015 (MHW shoreline/Cross-shore data/Breach shoreline) Jan 21 2016 (MHW shoreline/Cross-shore data) Jan 25 2016 (MHW shoreline/Cross-shore data) Apr 06 2016 (Cross-shore data only) Apr 11 2016 (MHW shoreline/Cross-shore data/Breach shoreline) Jun 16 2016 (Cross-shore data only) Sep 27 2016 (MHW shoreline/Cross-shore data/Breach shoreline)

Revenue in the cybersecurity industry worldwide reached $146.32 billion in 2022.

Number of breaches applications for social work orders by order type.

Between January and September 2024, healthcare organizations in the United States saw 491 large-scale data breaches, resulting in the loss of over 500 records. This figure has increased significantly in the last decade. To date, the highest number of large-scale data breaches in the U.S. healthcare sector was recorded in 2023, with a reported 745 cases.