The Ten Worst Corporate Cyberattacks of All-Time


There have been dramatic increases in cyber attacks so far this 2020. Public entities, universities, and businesses are being hacked on a near-daily basis. Since 2010, there have been corporate cyberattacks and data breaches that affected hundreds of millions of people. 

This year, ransomware accounts for over one-third of all cyber attacks. Malicious threat actors are taking advantage of the COVID-19 pandemic as organizations reconfigure staffing and supply chains and offer more digital experiences. 

Cyberattacks have evolved into a multi-billion dollar business with international law enforcement agencies involved. There is no doubt that some of the worst hack attacks have been occurring this year. But major data breaches have been happening for years.

Signup for the USA Herald exclusive Newsletter

Bloomberg has a long list of the worst corporate hacking incidents of all time. Here are the ten worst corporate hacks of all-time:

  • Yahoo!

In 2016, Yahoo finally confirmed that in August 2013, they had been hacked for over 3 billion user records. The disclosure of the security breach was revealed when they were announcing the 2014 data theft of 500,000,000 records. With a cyberattack on Yahoo! Japan where the company lost 22,000,000 records Yahoo became the most hacked company in the world. In 2018, the company agreed to pay $50 million in damages and nd provide a two-year free credit monitoring service to people whose personal data were stolen during a massive data breach.

  • Marriott International

In March 2020, Marriott International announced that  “an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property.” That data breach included information of 5.2 million guests.

Two years ago Marriott released a statement that the hotel chain had received a significant hack. Between 2014-2018, 327 million customer records were taken including over 9 million encrypted payment card numbers, and over 5 million contact information and passport numbers had been breached. 

It had been reported that Chinese hackers suspected to be working for China’s Ministry of State Security were behind the massive cyberattack on Marriott International’s subsidiary.

  • LifeLabs

In December 2019, LifeLabs disclosed an unauthorized breach of its computer systems containing customers’ private information. The cyberattack affected 15 million people- a majority from British Columbia (B.C) and Ontario, Canada. Around 40% of all Canadians had their private medical data stolen. A class-action lawsuit was filed against the company following the hack. The plaintiffs alleged that “the data in question was stored on unsecured servers and not encrypted.” 


From 2006 to 2012, hackers breached the NASDAQ and stole over 161 million credit and debit card numbers. The cost to the companies affected by the hack was $300 million. In 2013, federal prosecutors filed charges against a gang of Russian and Ukrainian hackers for committing the crime. 

  • eBay

In  2014, cyber thieves compromised 145 million eBay buyer and seller accounts. There were class-action lawsuits filed against the company, as a result.  It cost the company over $200 million in fees. 

  • JP Morgan/Chase Bank

In  2014, hackers breached Chase Bank and gained access to 83 million personal and small business accounts. Although the Federal Bureau of Investigation (FBI) suspected a Russian hacker group for the theft, they were never charged.

  • Equifax

In  2017, Equifax, the multinational consumer credit reporting company suffered a massive data breach in which 15.2 million U.K. customer accounts and 145.5 million U.S. consumer accounts were compromised. The company agreed to pay $700 million to settle a nationwide complaint against it related to the cyberattack.

  • Cognizant 

New Jersey-based Cognizant, is one of the top CRN solution providers in the world.

In April 2020,  its entire network was infected with Maze ransomware. All servers were encrypted and the company’s work-at-home capabilities were compromised. 

On May 7, Cognizant said it had “fully recovered from the ransomware infection and restored most of its services”. Loss revenue and long-term cost of the is said to be $70-$100 million including legal, consulting, and remediation costs.

  • ISS World

In February 2020, a ransomware attack shut down ISS World, a Denmark-based facilities management company. It is the largest facility services management company in the world. 

During the attack, workers lost access to systems and email. By the end of March, ISS was able to relaunch most business-critical systems but some are yet to be restored or rebuilt. The cost of the remediation is expected to be up to $75 million.

  • Dubsmash, Armour Games, Share This, etc…

In February 2019,  it had been reported that 16 company websites have been hacked from 2017 to 2019, through their websites, by the same hacker group. 

Some 617 million online account details were stolen. The data was listed for sale on the dark web. 

The data breach included Dubsmash (162 million records), MyFitnessPal (151 million records), MyHeritage (92 million records), ShareThis (41 million records), HauteLook (28 million records), Animoto (25 million records), EyeEm (22 million records), 8fit (20 million records), Whitepages (18 million records), Fotolog (16 million records), 500px (15 million records), Armor Games (11 million records), BookMate (8 million records), CoffeeMeetsBagel (6 million records), Artsy (1 million records), and DataCamp (700,000 records).

Data has become more weaponized with the use of ransomware. There are more ransomware operators than ever before. Groups like Maze, Sodinokibi, DoppelPaymer, Nemty, Nefilim, CLOP, and Sekhmet are attacking companies daily throughout the world. 

Hackers are also targeting governmental, educational, and health-care entities. 

In 2019, the U.S. was hit by ransomware attacks impacting 948 public and government agencies and the estimated costs were over $7.5 billion, according to a December 2019 Emsisoft report. 

This 2020 so far, ransomware accounts for over one-third of all cyber attacks. Malicious threat actors are taking advantage of the COVID-19 pandemic as organizations reconfigure staffing and supply chains and offer more digital experiences. 

Microsoft and its international partners recently stopped a dangerous and massive hacking operation that could compromise the upcoming U.S. presidential elections.


Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions — check out our writer’s guidelines here.