The 10 Most Expensive Data Breaches in Corporate History

Cybercrime is quickly becoming a big business. CNN reported that back in 2014, a whopping 47% of US adults had some sort of personal information stolen by hackers.

As cloud storage becomes more and more common, large businesses with few security measures become very tempting targets for hackers. Starting with the least expensive and working our way up to #1, here are 10 of the most expensive data breaches in recent years.

10. The Home Depot – $56 Million

Utilizing a cloud computing setup to launch malware onto Home Depot’s servers, a group of hackers hit the home improvement chain in 2014. They got away with 56 million debit and credit card numbers before getting shut out of the servers. This is going to cost Home Depot up to $56 Million dollars in restitution.

9. Sony Pictures Entertainment – $100 Million

Striking at the end of 2014, a collective of hackers calling themselves the ‘Guardians of Peace’ managed to slip malware into Sony’s servers. Although no official numbers have been released, the guardians claim to have stolen 100 terabytes of data from Sony’s servers. They must have had a grudge, because once they were finished they erased all of the company’s data! Cleanup and data recovery have cost Sony $100 million.

8. Anthem – $100 Million

Health insurer Anthem’s cloud storage was hit hard in February of 2015. A cyber attack stole and later revealed personal information for nearly 80 million people. The real danger is in the fallout, the information included everything from names to social security numbers so all of those people are in danger of identity theft. It’s estimated this slip-up will cost Anthem more than $100 million.

7. Heartland Payment Systems – $140 Million

Back in 2008, Heartland Payment Systems was hit by a nasty piece of malware that broke into their data room and stole over 130 million debit and credit card numbers. The company didn’t even know about it until early 2009! At the time it was the most expensive breach, totally around $140 million in legal fees and overall costs.

6. TJ Maxx – $162 Million

Beginning their attack in 2007, hackers hit the fashionable retailer TJ Maxx over an unbelievable 18 month period. This is the same thief who would go on to cause our #7 pick, the Heartland Payment Systems hack, a year later. The TJ Maxx hack originally caused $118 million in damages but has since ballooned to $162 million as they continue to deal with the after effects.

Discover a virtual data room that's made with you in mind.

Learn more about serious sharing by booking a live one-on-one demo.

5. Target – $162 Million

More recently, Target was the victim of a major attack in late 2013. Hackers compromised the retailer’s credit card readers just before Thanksgiving and it wasn’t detected until well after Black Friday. All said, 110 million Target shoppers had their card numbers stolen costing them $162 million and lost sales after the public lost faith in their business.

4. Sony PlayStation – $171 Million

This is one list you don’t want to be on twice! Sony PlayStation got hit in 2011, a few years before the Guardians set their sights on the entertainment division. Different hackers broke into Sony’s digital data room and made off with 100 million customer records from the PlayStation Online service. This cost them a massive $171 million and the public’s opinion of them soured after it was discovered Sony knew of the hack a full 6 days before they announced it to the public.

3. Hannaford Bros – $252 Million

Crafty hackers hit the Hannaford Bros main servers in 2007, and the malware spread to all 300 of their stores as well as independent stores who sold Hannaford products. All in all the hackers made off with 4.2 million debit and credit card numbers costing an estimated $252 million.

2. Veterans Administration – $500 Million

If you leave the records of 26.5 million veterans, military personnel and their families unencrypted you’re playing with fire. In 2006 the Veterans Administration got burned when the database containing all 26.5 million records was stolen. There was quite a public backlash when it was revealed all of the data was not only unencrypted but on a laptop and external hard drive. This has cost them in the ballpark of $100 to $500 million.

1. Epsilon – $4 Billion

The single most expensive breach so far, in 2011 hackers hit Epsilon. They stole an unknown number of names and emails, affecting up to 75 clients of Epsilon’s, including Best Buy, JPMorgan Chase and Target. The hack caused a headache to the tune of up to $4 billion.

Large companies are looking more and more like massive paydays for hackers. In several of the examples above the stolen data was later released for anyone to download via document sharing websites. The overall moral of this story, be careful who you trust with your data. Mega Corporations without a large degree of responsibility toward the privacy of the customers personal data have become targets for hacking groups and data theft attempts.


Brought to you by Team Firmex.