With a few months left in the decade, it’s safe to say that the 2010s were the worst decade on record for hacks and data breaches.
Of the 15 largest data breaches in history, 10 took place in the past decade. Each involved the theft of tens or hundreds of millions of records — such as login credentials, financial information, or personal data — adding up to nearly 4 billion records stolen in total over the past 10 years.
The number of data violations like hacks and breaches is steadily trending upwards, according to a recent study by the cybersecurity firm Kastle Systems.
Lawmakers and the private sector have both been relatively slow to adapt to the rising threat of cyber attacks, but the federal government has started taking new action this year. The Department of Defense released a new draft of cybersecurity standards in August 2019, and plans to publish a finalized set of standards in January 2020.
Here are the 10 most serious data breaches in the US from the past decade, ranked by the number of records seized by hackers.
10. Target was subject to a data breach in 2013 that exposed 40 million credit and debit card accounts.
Target’s network was compromised after hackers targeted a third-party heating and air conditioning contractor working for the company, according to cybersecurity watchdog Brian Krebs. The breach took place during two weeks in late 2013 and was unveiled in 2014, setting off a Secret Service investigation.
9. A 2017 data breach targeted Equifax, impacting as many as 143 million users.
Hackers stole names, social security numbers, birth dates, addresses, and the numbers of some driver’s licenses from Equifax users, the company discovered in July 2017. It was later uncovered that some users’ passports were also accessed.
8. A 2014 cyber attack on eBay stole login credentials of up to 145 million users.
Hackers compromised accounts of a handful of eBay employees, gaining access to information on millions of users. The company wasn’t sure how many people were affected, it told the Washington Post at the time, but warned 145 million of its users to change their login credentials.
Buildings at the Under Armour headquarters in Baltimore, Maryland.
7. An Under Armour data breach affected 150 million users of the store’s mobile app in 2018.
Users of the retail giant’s food and nutrition app, MyFitnessPal, were hit by the data breach, in which hackers stole usernames, passwords, and associated email addresses. The company’s stocks took a significant hit after the news of the breach came out, CNBC reported.
6. As many as 152 million records were stolen from Adobe in a 2013 data breach.
Hackers compromised millions of users’ Adobe login information in a 2013 breach.
Adobe at first said 3 million accounts were affected, then revised that number to 38 million, while cybersecurity watchdog Sophos said it found over 150 million breached records in a database dump of the stolen data. At the time, Adobe told The Verge that that figure could include “many invalid Adobe IDs, inactive Adobe IDs, Adobe IDs with invalid encrypted passwords, and test account data.”
5. A group of Eastern European hackers stole over 160 million records from companies ranging from Nasdaq to 7-Eleven before being stopped by authorities in 2013.
The hackers were finally caught and charged by federal prosecutors in 2013 after stealing data from Nasdaq, 7-Eleven, J.C. Penney, and other companies. Prosecutors said the hackers were affiliated with Albert Gonzalez, a Miami-based hacker who had already been charged with cyber crimes in 2010 and sentenced to 20 years in prison, according to the Wall Street Journal.
4. A 2016 data breach compromised more than 412 million accounts from a network of adult-oriented networking sites.
The breach targeted users on the Friend Finder network, which included adult-oriented social media sites AdultFriendFinder.com, Cams.com, iCams.com, Stripshow.com, and Penthouse.com.
The network discovered the breach after it was brought to their attention by a Twitter user, according to Cyber Security Online.
3. Hackers broke into Marriott’s reservation system in 2018, accessing 500 million guests’ private information.
Hackers stole names, addresses, credit card numbers, and phone numbers of hotel guests, as well as information on travel itineraries like passport numbers and arrival and departure dates.
The company’s shares dropped nearly six points in the aftermath of the breach, according to the Washington Post.
2. More than 540 million Facebook users’ data was up for grabs on unprotected servers until April 2019.
While the data exposure wasn’t as headline-grabbing as more high-profile incidents like Facebook’s Cambridge Analytica scandal, it was notable for affecting a huge number of users. The insecure data wasn’t removed from unprotected cloud servers until it was uncovered by Bloomberg in April 2019.
1. 885 million sensitive financial records were left exposed by First American on public servers where anyone could access them until May 2019.
Social Security numbers, tax documents, and more personal information was left exposed on publicly accessible web pages for years. The data exposure was brought to the attention of the insurance giant First American by Brian Krebs in May 2019, after which the company took the records down.
This article originally appeared on Business Insider. Follow @BusinessInsider on Twitter.