Major Data Breaches

The first cyberattack on the list impacted electronic ordering and delivery systems for a major U.S. grocery retail store. Which lead to a mass grocery shortage and forced retailers to find an alternative supplier. Which this incident marked the fragility of digital supply chains for us to have to reinforce to gain trust back from those grocery stores due to the incident (Fortinet).

This next cyberattack was done by a group called "Codebreakers" collective, where it exposed a million customer records and involved extortion attempts of $42 million (Fortinet). Where the attack was labeled one of 2025's largest financial sector compromises. Which reflects serious risks to banking data and confidence related to the banks themselves.

During Easer weekend a comprised conducted by "Scattered Spider" disabled online shopping, where it lead to a multi week retail disruption. That caused losses up to $402,027,000 (Fortinet). Which businesses learned from this attack was the impact of targeted social engineering, and took measures on how to counter these types of attacks.

This attack involved the disclosure of a critical RCE vulnerability, where it allowed web shell uploads and active exploitaition across hundreds of instances (Fortinet). This incident showed how a single flaw can put cloud, and public sector infrastructure at risk.

This final cyberattack I am listing, was a ransomware attack that disrupted internal systems, phone lines, and EHRs across 14 medical centers. Where it lead to forced procedures cancellations and ambulance diversions, where it showed that healthcare will remain a high impact target with direct public safety consequences (Fortinet).

This is the number one biggest cyberattack to happen in the United States, according to upguard.com with it being a data breach, happening in 2013, and currently holds the record for the most people affected. A group of Russian hackers targeted Yahoo's database using backdoors, and access cookies to steal records from all user accounts, which included personally identifiable information.

This is the second biggest cyberattack with it being on the National Public Data, which is a major data broker in the U.S. which experienced one of the largest breaches all due to a misconfigured database that got taken advantage of by hackers. In March 2024, the breach exposed nearly 2.9 billion records, which contained highly sensitive information on approximately 1.3 billion people (Chin, 2025).

In January 2021, 30,000 US Companies, and 60,000 companies worldwide suffered from a sweeping attach on the Microsoft Exchange email serves, which is one of the largest email servers in the world (Chin, 2025). The hackers were able to exploit four different zero day vulnerabilities that allowed them to gain unauthorized access to emails from small businesses to local governments.

In December 2023, a New York online real estate education platform was exposed for nearly 1.5 billion records in their database to the public (Chin, 2025). Where it was exposed for an unknown period due to having non password protected folders and system access.

In 2019, a massive database compiled by data brokers in People Data Labs and OxyData.io was accidentally exposed on the internet due to a misconfigured database (Chin, 2025). Where it led to 1.2 billion records to be leaked online.