(In)famous data breaches

Hack Discovered in Reported in Impact
From the o-really-just-out-in-the-open Dept.: Exactis without firewall 2018 Discovered by security researcher Vinny Troia while using Shodan to search for all ElasticSearch databases visible on publicly accessible servers with American IP addresses. Exposed is information of 230 million people and 110 million businesses, including phone numbers, home addresses and email addresses, whether the person smokes, their religion, whether they have dogs or cats, and interests as varied as scuba diving and plus-size apparel. Financial information and Social Security numbers appear to not be exposed.
From the There-is-much-much-more-to-it Dept.: Equifax hack 2017 First reported by Equifax in July. In October 2017, the estimate of the number of impacted consumers was raised. The attack compromised records containing Social Security Numbers, birth dates, addresses, and in some cases driver's license numbers of 145.5 million consumers, 209,000 consumers also had their credit card data exposed and for 182,000 consumers the breach also included “certain dispute documents with personal identifying information”.
From the You-have-got-to-be-kidding-me Dept.: Uber hack 2016 Uber reported it a year later, paid the hackers $100,000 to destroy the data with no way of verifying that they really did, and blamed and fired its CSO. The attack compromised names, email addresses, and mobile phone numbers of 57 million users and driver license numbers of 600,000 Uber drivers.
From the How-were-those-passwords-protected-again? Dept.: Adult Friend Finder hack 2016 Discovered in 2016 by researchers. In a statement, Adult Friend Finder confirmed it, stating that they've hired FireEye to perform a full investigation. The attack compromised IP address, email, handle, country, state, zip code, language, sex, race, birth date and password of at least 3 million accounts.
From the Through-the-looking-glass Dept.: JP Morgan Chase hack 2014 Was reported by Forbes in the same year, after which the bank confirmed. The attack compromised names, addresses, phone numbers and email addresses of all US households – 76 million – plus 7 million small businesses, and internal information on credit cards and investment products of its customers.
From the And-again Dept.: Yahoo 2014 hack 2014 September 2016 The attack compromised the real names, email addresses, dates of birth and telephone numbers of 500 million users.
From the Emmenthaler-cheese-with-extra-holes Dept.: eBay hack 2014 2014 The attack compromised names, addresses, dates of birth and encrypted passwords of all of its 145 million users.
From the You-have-seriously-got-to-be-kidding-me Dept.: OPM hack 2014, probably started in 2012 2015 The attacks compromised SF-86 data – including in many cases detailed security clearance information and fingerprint data – of more than 22 million current and former federal employees. The SF-86 also contains information on financial history, investments, arrest records, medical problems, any drug or alcohol problems and other material that could be used to blackmail an employee.
From the Used-for-political-manipulation Dept.: Yahoo 2013 hack 2013 December of 2016, Yahoo disclosed a breach that had compromised 1 billion accounts. In October of 2017, Yahoo revised the number of affected accounts. The attack compromised real names, email addresses, dates of birth, telephone numbers, security questions and answers of all 3 billion user accounts.