Unauthorized access and dissemination of information. A data breach may be due to an attack on the network or outright theft of paper documents, portable drives, USB drives or laptops. Sensitive information can also be found in trash cans when reports are carelessly discarded. See
information broker and
Web tracking.
The Worst Data Breaches in U.S. History
In September 2025, WIRED senior editor Andrew Couts described the worst data breaches in the past 10 years, which are excerpted below.
1 - Ashley Madison
In 2015, a group called the Impact Team claimed they would release details of more than 35 million users on Ashley Madison, a website created for married people to have extramarital affairs, if the site were not taken down. Avid Life Media did not take down the site, and details of millions of people were published.
2 - Vastaamo Mental Health Clinics in Finland
In 2020, Julius Kivimaki, known as Ransom Man and member of the Lizard Squad hacker group, captured more than 36,000 patient records, a large number for a country with 5.6 million people. When Vastaamo would not pay up, Kivimaki posted sensitive data for various patients. Three years later, Kivimaki was caught in France and sentenced to six years in Finnish prison. Unfortunately, Vastaamo went bankrupt.
3 - Office of Personnel Management (OPM)
In 2015, personal data on more than 22 million Americans who previously worked for, were working for or had ever applied to work for the U.S. federal government were stolen from the OPM. Fingerprints for more than five million people were also stolen, and the breach was attributed to Chinese military hackers.
4 - Equifax
In 2017, social security numbers for more than 140 million Americans were stolen as well as personal records for 148 million Americans, 14 million U.K. and 19 million Canadian citizens. As one of three major credit reporting agencies, Equifax paid the U.S. government and all 50 states at least $575 million in fines and up to $300 million to affected customers. The Chinese People's Liberation Army was charged by the U.S. government for the breach in 2020.
5 - 2016 Election and Pizzagate
There have been countless claims of Russian meddling in the U.S. 2016 presidential election to promote Donald Trump, all of which have been denied by Russia and the Republican party. However, hacks on the Democratic National Committee (DNC) and the personal email server of John Podesta, Hillary Clinton's presidential campaign chair, were proven. Part of the Russian military, the Cozy Bear and Fancy Bear hacker groups were responsible for some 44,000 emails that wound up published on Julian Assange's WikiLeaks. The leaks exposed that the DNC favored Hillary Clinton over Bernie Sanders. In addition, conspiracy theorists claimed the emails linked Democrats to a pedophile ring in the basement of the Comet Ping Pong pizzeria in Washington, D.C. (there is no basement there). Edgar Maddison Welch served four years in prison for opening fire at the pizza shop to save the "non-existent" children, and nine years after "Pizzagate," he was fatally shot by police during a traffic stop in North Carolina.
6 - U.S. Telecom Companies
In 2024, Salt Typhoon, which is connected to the Chinese government, hacked AT&T, Verizon, T-Mobile and other telecom companies to obtain phone calls and text messages from both the Harris and Trump campaigns, as well as the office of Senate Majority Leader Chuck Schumer. These were considered the worst attacks ever on U.S. telecom networks.