Top 10 biggest data breaches of 2017

The previous year has been marked by the largest data breaches in the history of cybersecurity. Hardly a week went by without news that some company had exposed and leaked consumer and commercial data. In fact, according to the Breach Level Index (BLI,) 1454 organizations in various industries failed to safeguard their databases, resulting in the entirety of their user’s information being exposed for all to see. And all this happened in 2017 alone.

To help put all this in perspective, we’ll recap the ten most recent, and notable, data breaches in America, and the consequences to which they’ve led. Each of the following data breaches has a “risk score,” based on many factors: financial loss, the amount of sensitive information lost, and the damage it caused to the company in question, its customers, and its partners. The following data breach ratings are presented in ascending order. 

author of the article, OneRep blog,
Mary Scotorenko

Editor of OneRep Blog

Photograph: Markus Spiske/

Check if People-search sites expose your info

OneRep’s  algorithm scans 196 data broker sites
 for your profiles, then makes sure your private information is removed

10. Verizon / NICE Systems

Headquarters: New York City, New York, United States (Verizon),
Ra’anana, Israel (NICE Systems)
June 6, 2017
Risk Score:8.1
6 million records

According to ZDNet, millions of Verizon customers have had their private records exposed. Verizon confirmed that 6 million records were compromised by Nice Systems, a Verizon partner that facilitates customer service calls. The records, which held logs from residential customers who called Verizon customer service in the past six months, were accessed via an unprotected Amazon S3 storage server controlled by an employee of Nice Systems.

CNN reports that the cause was a misconfigured security setting on the server, and as a result, anyone with a direct link could download the private files in question. Verizon claims no external parties had access to the data, telling CNN that no loss or theft of customer information occurred.

The breached records included customer’s names, mobile number and account PIN, along with their home address, email address, and Verizon account balance. Anyone with access to these records could have impersonated the victimized customers and gained access to their Verizon account. And don’t forget, in 2016, hackers stole data about Verizon enterprise customers, and put it up for sale online.

9. Wishbone

Headquarters: Santa Monica, California, United States
March 3, 2017
Risk Score: 8.3
2.4 million records

Wishbone, a popular social networking app, allows users to create polls based on simple two-choice quizzes. The service lost millions of user’s records, including more than 2 million email addresses, full names, and almost 300,000 cell phone numbers. Unknown hackers apparently found an unprotected database for the app and stole its contents, which are now circulating the internet’s underground, according to Troy Hunt.

The app is popular with teenagers and young adults, mostly female. In fact, almost 70% of the leaked accounts were for users under 18 years old, creating a serious data breach that could put these young victims in danger of identity theft or spam.

8. California Voters

April 4, 2017
Risk Score: 8.3
19.2 million records

If there’s one thing the 2016 election taught us, it’s that the entire electoral process needs to be revamped and security measures must be strengthened. There have been several high profile leaks of voter data in recent months, including the entire database of California voters, which was hacked by cyber criminals.

In early December, Kromtech security researchers discovered an unprotected instance of a MongoDB database that appears to have contained private voter data. The database named ‘cool_db’ contained two collections and was available to view and edit by anyone with an Internet connection. Personal Identifiable Information (PII) about voters was found in the database, including names, addresses, phone numbers, emails, place of birth and gender.

Let OneRep remove your records from the Internet​.

OneRep offers its members a continuous monitoring and automated removal of their private information (users’ names, home address, phone numbers). We look forward to serving you.

7. Dun and Bradstreet/NetProspex

Headquarters: Millburn, New Jersey, United States
March 15, 2017
Risk Score: 8.5
33.6 million records

Dun & Bradstreet, a business services giant, confirmed that a 52GB database containing 33.6 million records was leaked, compromising personal information, names, job titles, work duties, email addresses, and phone numbers.

Troy Hunt, who runs the data breach notification site,, analyzed the compromised database in a blog post and found the information leak impacted over 4 million records in California, 2.7 million records in New York, and 2.6 million records in Texas. Hunt’s analysis further showed that several government employee records were also compromised, including the Department of Defense, with 101,013 employee records exposed, the US Postal Service, with 88,153 employee records exposed, and even the US Army, Air Force, and Department of Veterans Affairs, with a combined exposure of 76,379 records.  

6. America Joblink Alliance

Headquarters: Topeka, Kansas, United States
March 21, 2017
Risk Score: 8.9
4.8 million records

America’s JobLink (AJL), works with state governments to provide information to job seekers across the United States, and was the victim of a security breach when a hacker exploited a vulnerability to access the private information of job seekers in 10 states. The information exposed included names, Social Security Numbers and birthdates of job seekers in Alabama, Arizona, Arkansas, Delaware, Idaho, Illinois, Kansas, Maine, Oklahoma and Vermont.

5. Center for Election Systems at Kennesaw State University

Headquarters: Kennesaw, Georgia, United States
March 3, 2017
Risk Score: 9.1
7.5 million records

During a breach of the Kennesaw State University (KSU) Center for Election Systems, sensitive data on Georgia’s 6.7 million voters was exposed to potential hackers, and remained accessible for months. The data included Social Security Numbers, party affiliation, and birthdates — as well as passwords used by county officials to access election management files. The center was notified about the possible vulnerabilities in August 2016, however, didn’t take the necessary security measures rectify the problem.

biggest data breaches of 2017
Photograph: Ev/

4. Alteryx

Headquarters: Irvine, California, United States
December 19, 2017
Risk Score: 9.4
123 million records

Alteryx, a California based marketing and analytics firm, accidentally left an unsecured database online, exposing sensitive information for about 123 million
 U.S. households. The personal details included street addresses, demographics,
and family finances, as well as information pertaining to home and auto ownership, and even specifics about children in the household. The database was accessible to anyone with an Amazon Web Services account, the storage service Alteryx used to host the files.

3. Deep Root Analytics/ Republican National Committee

Headquarters: Arlington, Virginia, United States
June 13, 2017
Risk Score: 9.6
198 million records

Deep Root Analytics, a marketing company working for the Republican National Committee, inadvertently left sensitive personal details for roughly 62% of the US population on a public domain. The data breach was named the largest breach of electoral data in the United States to date. Along with information about 200 million US citizens’ home addresses, birthdates, phone numbers and political views, the breach also included analyses used by political groups to predict where individual voters fall on controversial issues such as gun ownership, stem cell research and abortion rights. The data was placed on a public Amazon cloud server and could be accessed and downloaded by anyone with a link.

30 websites contain information about you.

According to our statistics, at least 30 websites show your name, home address, dob, credit history and much more. Forget about removing records by yourself, let us to do this tedious work for you.

2. River City Media

Headquarters: Jackson, Wyoming, United States
June 3, 2017
Risk Score: 9.8
1.3 billion records

River City Media, a huge email marketing organization, failed to safeguard backups of its database containing 1.3 billion email accounts. Besides emails, the database included users’ real names, IP addresses, and often physical address. River City Media used the following personal data in its spam email campaign. In the emails, the company promised “credit checks, education opportunities, and sweepstakes.There’s a risk that your personal data, or the data of someone you know, was made public. 

1. Equifax

Headquarters: Atlanta, Georgia, United States
July 12, 2017
Risk Score: 10.0
143 million records

Equifax, one of the three major credit reporting agencies, suffered a massive data breach in mid-May through July 2017. If you have a credit report, there’s a good chance you’re one of the 143 million Americans whose sensitive personal information was exposed in this Equifax data breach. During the attack, malicious outsiders managed to steal data containing people’s names, Social Security Numbers, birth dates, addresses, and in many cases, driver’s license numbers. They also hacked credit card numbers for 209,000 people, and dispute documents with personal identifying information for about 182,000 people. 

What if my personal data was exposed?

There’re literally thousands of data breaches we could discuss, but we chose the biggest breaches that could potentially affect you, your family, and your friends.
With that in mind, we urge you to take a moment and visit and see exactly which websites are posting information about you online. OneRep’s service has proved itself invaluable to many customers and is a “must have” for anyone
who cares about their online privacy and security. OneRep automatically removes your name, address, credit history, birthdate, and other information from the Internet and continually monitors the internet for relisted records. Try OneRep and remove records from 196 people-search website.

Check what websites your info without your consent.

We​ ​will ​analyze​ ​the​ ​most​ ​popular​ ​people-search​ ​websites​ ​such​ ​as​ ​Spokeo,​ ​Intelius,​ ​Radaris, TruthFinder,​ ​etc.​ ​to​ ​see​ ​whether​ ​they​ ​have​ ​posted​ ​your​ ​name,​ ​age,​ ​current​ ​and​ ​previous addresses,​ ​phone​ ​numbers,​ ​information​ ​about​ ​your​ ​relatives​ ​and​ ​much​ ​more. This is a FREE report.