The Capital One data breach is alarming, but these are the 5 worst corporate hacks

It's not even in the top five.

July 30, 2019, 3:13 PM

Capital One's data breach affected approximately 100 million customers -- more than 30% of the U.S. population. However, it doesn't even break into the top five data breaches of all time.

The company announced on July 19, 2019, that a non-employee seized "certain types of personal information" related to credit card customers and others who had applied for Capital One products. A Seattle woman has been arrested in connection with the breach.

But Yahoo -- now owned by Verizon -- actually suffered the largest data breach in U.S. history.

Take a look at the top data breaches to affect American consumers.

Signage for the New York Marriott Marquis is seen, Nov, 16, 2015.
Andrew Kelly/Reuters, FILE

The top five largest corporate hacks

1. Yahoo: 3 billion accounts in 2013

Yahoo, which is now owned by Verizon, admitted in 2017 that the previously reported data breach in 2013 actually affected all three billion accounts on its server, exposing the names, birth dates, phone numbers and passwords of users whose accounts were encrypted with what was ultimately weak security.

On Dec. 14, 2016, "Yahoo disclosed that more than one billion of the approximately three billion accounts existing in 2013 had likely been affected," the company said in a 2017 press release. "The company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft."

The hackers also obtained the security questions and backup email addresses used to reset lost passwords, which are key to hacking into government computers.

2. Yahoo: 500 million accounts in 2014

It's a tie between this separate Yahoo breach and Marriott. Yahoo suffered a previous attack in December 2014 affecting at least 500 million users whose data included names, email addresses, telephone numbers, birth dates, encrypted passwords and, in some cases, security questions. The U.S. charged four Russians, including two Russian Federal Security Service (FSB) officers with the crime, according to the U.S. Department of Justice.

News of this breach was not revealed for two years, until, again, the company was in the process of a sale to Verizon. In 2018, the Securities and Exchange Commission fined Yahoo for its failure to disclose the news, according to an SEC press release.

The headquarters of Internet company Yahoo in the Silicon Valley town of Sunnyvale, Calif., Oct. 28, 2018.
Smith Collection/Gado/Getty Images

3. Marriott/Starwood: 500 million guests in 2018

Marriott said in a statement Friday that an investigation recently revealed "unauthorized access" since 2014 to information relating to reservations at Marriott's Starwood properties, and that a hacker had "copied and encrypted information."

The compromised data includes names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood Preferred Guest loyalty program account information, arrival and departure times, and reservation dates.

4. Friend Finder Networks: 412 million accounts in 2016

The adult dating and entertainment company Friend Finder Network had a data breach of more than 412 million accounts, according to ZDNet.

Data was hacked from 339 million of the accounts from, which the company boasted as the "world's largest sex and swinger community." The information gathered included usernames, e-mails, and passwords, according to ZDNet.

That breach also affected over 15 million "deleted" accounts that had not been purged from the databases. LeakedSource obtained the data, and said it included 20 years of information from the company's sites. An additional 62 million accounts from and seven million from (the company was owned by Penthouse at the time) were stolen.

5. Equifax: 146 million accounts in 2017

Equifax revealed in a press release that a hack on its networks exposed names, birth dates, social security numbers, addresses and some driver's license numbers.

The company added that 209,000 U.S. credit card numbers were exposed. Earlier this year, Equifax found an additional 2.4 million U.S. consumers whose names and partial driver’s license information were stolen.