What are the biggest data breaches of 2021?

CryptographySystem SecurityEthical Hacking

The year 2021 will set a new high for data breaches. According to research conducted by the Identity Theft Resource Center (ITRC), the overall number of data breaches has already surpassed the total number of events in 2020 by 17 percent, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020.

The manufacturing and utility sectors were particularly hard hit, with 48 compromises and a total of 48,294,629 victims. The healthcare industry was next, with 78 breaches and almost 7 million victims.

Because all of the gory facts take time to reach the public, determining the severity of data breaches may be difficult. Companies may strive to suppress some of the most damaging material, or they may simply be unaware of the extent to which they have been hacked.


With the unveiling of their Metaverse initiative earlier this year, Facebook created a lot of news. But don't let it detract from Facebook's other major announcement: a catastrophic data leak.

In early 2021, a massive amount of user data was discovered on hacker forums. Full names, phone numbers, emails, geographical information, and more were included in the breach. A total of 533 million people were affected.

The hackers behind the attack, according to Facebook, took advantage of a security hole that was repaired in 2019. However, this just emphasizes the reality that customers frequently learn about these instances after it is too late.

Android users data

In May, security researchers revealed that multiple misconfigurations of cloud services had exposed the personal data of over 100 million Android users. The downloads, which varied from 10,000 to 10 million and contained internal developer tools, were left unprotected in real-time databases utilized by 23 apps.

Names, email addresses, dates of birth, chat messages, location, gender, passwords, photographs, payment information, phone numbers, and push alerts were determined to be accessible by anybody, according to Check Point researchers.


Following a significant data leak, credit scoring provider Experian found itself in hot water with authorities and the general public.

While the theft may have happened in 2020, news came this year that Experian was related to the leak of 220 million Brazilians' personal information. PSafe, a security firm, discovered the hack, which resulted in massive amounts of personal information being sold on the dark web.

Thailand Visitors

After uncovering an unprotected database containing the personal information of millions of Thai visitors, Comparitech cybersecurity researcher Bob Diachenko unexpectedly upon his own data online in August.

The Elasticsearch database, which had been left unencrypted for ten years, held the personal information of over 106 million foreign passengers.


Syniverse may be unfamiliar to you, yet it is an important part of the backbone of many large telecom companies (T-Mobile, AT&T, and Verizon, to name but a few).

However, they came to our attention in 2021 after admitting that hackers had access to their networks for potentially several years. As a result, millions of cellphones have been compromised, with call records and other personal information available to an unknown number of malicious actors.


Raychat, an Iranian commercial and social messaging service experienced a major data breach. A hack employing a bot revealed millions of its user records to the internet, which were eventually erased. According to a Gizmodo article, the company kept its customer data on a misconfigured MongoDB database, a NoSQL database used by businesses that deal with big amounts of data. The database, if mishandled, can expose millions of documents.

Microsoft Power Apps

In 2021, 38 million records were leaked online due to a weakness in Microsoft's Power Apps service (a platform that enables quick app building).

Worryingly, the data disclosed includes records from Covid-19 contact tracing applications as well as immunization information.


This year uncovered an Elasticsearch database holding 200 million Stripchat entries, an adult cam service. There were 65 million user entries in the database, each with email addresses, IP addresses, the number of tips they provided to models, a timestamp for when the account was established, and the most recent payment activity.


A vast database of over 5 billion documents culled from past data breaches was uncovered. According to Comparitech, it was accessible on the web without a password or other authentication necessary to access it.

Cognyte, a cybersecurity analytics business, maintained the database as part of its cyber intelligence service, which is designed to warn clients about third-party data breaches. Cognyte was notified by Diachenko, and the database was secured three days later.

Updated on 16-Mar-2022 06:34:01