Data Breach Horror Stories: Top 5 Breaches That Scared the World

Cybersecurity Content Writer

Fall is here, that special time of the year when people enjoy the spooky and the scary, and when horror stories feel most alive and real. The season’s eerie atmosphere can make even the bravest of us look over our shoulder in a dimly lit room. But, before you start checking under your bed for the Boogeyman, there’s something that’s even scarier for us as citizens of the digital world — data breaches that can affect you, your family and friends, and your business. Just think about it: how scary is the prospect of losing your sensitive data to hackers who are ready to sell it off on the dark web? Today, we’re taking you for a ride and sharing 5 of the scariest data breach stories in recent memory.

Data breaches are on the rise

Data breaches are nothing new. For a decade now, data breaches have been getting more and more frequent, and now we hear about them pretty much every day. In fact, we hear about them so much that we’re almost desensitized, and this is rather alarming because it is our data that gets compromised during those breaches.

A recent Risk Based Security report revealed that, in the first half of 2021, 18.8 billion records were exposed due to data breaches. In general, cybercrime is on the rise, mostly due to the obvious — the COVID-19 pandemic. Forbes reports that, throughout 2020, malware threats increased by a whopping 358%, and ransomware threats by 435%, compared to 2019.

Without further ado, let’s get on with the stories.


Back in September of 2017, Equifax, a consumer-credit-reporting agency, revealed that almost half of the country’s citizens had their personal information compromised in one of the worst data breaches of all time. The breach exposed a total of 145.5M customers’ sensitive data, which included Social Security numbers, birthdates, addresses, and, in some instances, driver’s licenses. The hackers also got their hands on credit card numbers of more than 200,000 people. With all such information at their fingertips, the hackers behind one of the largest breaches of all time could steal identities, get mortgages, loans, and more. Not to mention that those datasets were likely sold on the dark web as well. The scariest thing about the breach was that Equifax waited more than a month to announce the breach. Eventually, in July 2019, the consumer-credit-reporting agency revealed a $675M consumer settlement, which was used to pay for credit-monitoring services for those affected.


In 2013, 40 million of Target shoppers got the news that their sensitive information had been exposed. Target, one of the largest retailers in the US, suffered a massive data breach that comprised more that 40 million credit and debit card numbers as well as verification codes, phone numbers, names, and email addresses. You can only imagine what the bad guys behind the breach could do with all that data at their disposal.

To gain unauthorized access to the data, hackers launched an elaborate phishing attack on a third-party vendor closely related to Target. The successful attack paved the way for the cybercrooks to hack into Target’s point-of-sale systems.

The breach happened during the post-Thanksgiving holiday shopping spree but wasn’t reported up until December 18. Eventually, Target paid a settlement of $18.8M and offered to pay up to $10,000 to any customer who could prove they suffered losses due to the breach.

  • Find out if any of your personal data has been exposed in a data leak with our Data Breach Scanner.


Back in 2018, Hotel Marriott International announced that it had suffered a massive data breach that consequently exposed sensitive information of almost 400 million people. The news shook the world and certainly Marriott’s customers. During the investigation, it was revealed that the hackers responsible for the cyber attack got their hands on sensitive personal information such as guests’ names, phone numbers, mailing addresses, email addresses, dates of birth, gender, arrival and departure information, reservation dates, and more. As with other breaches described here, hackers with all that information could engage in identity fraud and other dubious activities.

The international hotel chain was eventually fined £18.4 million by the UK’s Information Commissioner's Office (ICO) in 2020 for failing to keep customers’ personal data secure. Interestingly, the New York Times connected the attack to Chinese intelligence, which allegedly seeked data on US citizens.

Adult Friend Finder

The adult-oriented social networking service Friend Finder Networks had 20 years’ worth of user data across six databases breached back in October 2016. The breach included 339 million accounts associated with the company’s largest website The stolen dataset also included as many as 15 million deleted accounts that, as it turned out, were not removed from the databases. It was revealed that the cybercrooks responsible for the breach were able to gather sensitive information such as names, usernames, email addresses, passwords, browser information, IP address, and purchase history. Later, investigations revealed that exposed passwords were hashed via the notoriously weak algorithm SHA-1. Due to the website's sensitive nature, the breached data could prove to be extremely damaging to the affected people.


In April 2019, it was discovered that large quantities of Facebook data had been exposed to the public internet. The exposed sensitive information belonged to more than 530 million Facebook users from 106 countries. After a deeper analysis, it was revealed that the exposed data included account names, phone numbers, Facebook IDs, locations, birthdates, and, in some instances, email addresses. Two years later (in 2021), the stolen data was posted on a low-level hacking forum for public download. Even though the data was already a couple of years old when it was posted, it could still prove to be valuable to cybercriminals. They could use it for identity theft or fraud as well as to scam people by impersonation.

Final thoughts

Are you scared after reading about these horrific data breaches? Well, you should be. Having your personal information exposed can be a stressful, anxiety-inducing experience. It could have devastating real-life consequences. We all know this to some degree but rarely think about it, and take action even more rarely. Well, it’s about time we faced it — cybersecurity is as important as any kind of physical security. After all, we never leave our doors unlocked or windows open. Think of digital security in the same way. It is a lock on your digital life, which is just as important as the real one. And it all starts with passwords.

We know — passwords can be tricky, especially when you have to use a unique, strong, and complex one for every single account. Remembering them all is out of the question. This is where password managers such as NordPass come in handy. Not only do they allow you to securely store and access your passwords whenever you need them but also save you time by auto filling login credentials. In fact, with a password manager, you only need to remember a single password — your master password. In today’s digital world, a password manager should be just as common as a wallet.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.