Which brands have suffered the worst online data breaches in the last 20 years?

Over the past two decades, our lives have increasingly moved online, with social interactions and shopping becoming more convenient than ever before. With online activity increasing, brands are becoming increasingly susceptible to cyber threats, but which brands have been affected the most by breaches over the years?

Share this guide
A working man with his head in his hands and text reading Breached Brands, which brands have suffered the worst data breaches online in the last 20 years?

Despite all of the positives of shopping or interacting online, brands are still susceptible to cyber threats, which could drastically impact you if your personal data is stolen and shared illegally.

At its worst, individuals could steal your personal data or financial information from your credit or current account to commit identity theft, fraud or money laundering. It is important to keep your personal information and bank account secure when using the internet to minimise the risk of falling victim to cyber crimes.

But which brands have had the most breaches and leaks over the years?

We’ve looked at over 250 of the biggest eCommerce, retail and technology brands in the UK according to RXUK’s Top500 Report 2020 and the World’s Biggest Data Breaches and Hacks to find out which brand has suffered the worst data breaches and how many people were affected.

If you're looking to switch bank accounts, you may want to compare current accounts to find a deal that suits your situation and needs.

The worst data breach of the last 20 years affected over 2 billion people

Looking at a variety of cybercrimes from the last 20 years, it was found that the social networking site, Facebook, suffered the worst breach back in 2018. With over 2 billion personal details stolen from the social media giant in just one cyber attack. Of the 250 companies analysed, this is the largest data breach to affect so many users in one attack.

In a statement on their blog, Facebook explained that the attackers exploited a vulnerability in the site’s code that impacted the “View As” feature that lets people see what their profile looks like to someone else. This allowed them to steal access tokens, digital assets that mean you can log into your account without needing to type your password every time you log in, which the cyber criminals could then use to take control over users accounts. In response to the hack, Facebook alerted the relevant authorities, fixed the vulnerability in their system and reset the access tokens of the accounts they knew and suspected were affected to protect their security. 

Below, reveals the data breaches that have affected the most users of the UK’s biggest eCommerce brands.

Worst data breaches

What are the different types of data breaches?

  • Hacked: This breach occurs when someone gains unauthorised access to data from a system or computer.

  • Data breach: This is the unintentional release of private and confidential information to an untrusted source or environment.

  • Malicious insiders: A breach of this kind occurs usually by a person from within the organisation, whether that be a current or former employee, contractors or business associates, who have insider information.

  • Cyber attack: Often seen as an assault online towards one or more computers or networks with the aim of maliciously disabling computers, stealing data, or using a breached computer as a launch point for other attacks.

  • Theft: Theft online refers to the action of stealing personal, sensitive or confidential information for malicious purposes.

Amazon suffers the most data breaches in the last 20 years

Whenever people need to purchase something in a hurry, most will turn to shopping through Amazon due to their fast, convenient deliveries and their wide range of product offerings. However, our research shows that the eCommerce giant has suffered six major data breaches. The most recent in early 2021, making them the most breached brand in our study.

Aside from Amazon, where it is not known how many people have been affected by their six data breaches, Facebook users, followed by Yahoo users, are the users most affected by their respective data breaches. In total, Facebook data breaches of personal data affected over 2.7 billion people, while over 1.5 billion Yahoo users have been affected by their data breaches.

It’s not just large technology companies that have been hit by several data breaches. UK supermarket giant, Tesco have had four breaches in the last 20 years, affecting over 20 million people. Rival supermarket, Asda have just had just one data breach during this time, however that one breach affected 19 million people.

Luxury skincare and makeup brand, Estée Lauder, is the fourth most affected by data breaches, with a single breach that affected over 440 million people in 2020.

Two brands within the sport and fitness space make the top 10, MyFitnessPal and Decathlon, with both having one data breach over the past 20 years affecting 150 million people and 123 million people respectively.

Data breached by brand

Hackers contribute to the most frequent cyber attacks

Looking at the types of cybercrime, the most common crime is hacking. Fourty-seven occurrences of hacking occurred to the brands studied, while data breaches happened on 30 occurrences, with the main difference being that a hack is an intentional attack, while a breach can be an unintentional leak.


During these cyber attacks, the most common type of data that is stolen is email addresses and online data attached to personal accounts and profiles. The second most common type of data obtained is sensitive personal information ranging from an individual’s full name and address to identifiable data, such as a phone number or license plate, which could be used to carry out identity theft.

Data breaches by data collected

5 tips for keeping your data safe online

1. Change your passwords regularly

Even if the passwords you use are considered strong and secure, it’s a good idea to change them frequently so if any of your passwords have been compromised, hackers won’t be able to use them for malicious purposes. It goes without saying, you should be using different unique passwords for each account, to reduce your security risks even more.

2. Install a security solution 

Install a solution that offers firewall and network monitoring features to protect yourself from cloud-based attacks as well as potential phishing or cyber attacks. Keeping this software updated at all times will increase the security of your device.

3. Log out of or lock your computer

If you’re leaving your device unattended for any reason, especially in a public place, make sure you log out or lock your computer so that you mitigate the risk of hackers breaking in and taking advantage of your access. Having a strong operating system password can be the difference between allowing a breach and securing your personal information.

4. Don’t use sites that don’t have https at the start of the URL

A site that doesn’t have "https" in the URL is not secure. ‘Https’ stands for "hypertext transfer protocol with secure socket layer”, and it’s what keeps sites secure for you from people with malicious intent. Take note of this because data sent to these sites is vulnerable.

5. Use a VPN

Virtual Private Networks (or VPN’s) provides you with anonymity, security and privacy while browsing the web. They create a private network for you from a public internet connection, masking your internet protocol (IP) address so your actions online are almost untraceable, keeping you and your data secure.

New bank accounts are offered all the time, so compare all of the best options to make sure you get the right one for you.


Taking the top 250 eCommerce and retail brands from Internet Retailing’s RXUK Top 500 Report 2020, we used the search function on IT Governance’s blog to see if any of the brands listed have had any recent breaches. We also used the data on eCommerce brands and technology companies that operate in the UK from the ‘World’s Biggest Data Breaches and Hacks’ by Information Is Beautiful. 

All data was sourced in June 2021. Once data was collected, it was analysed for the number of people affected by a breach, the type of breaches that occurred and the type of data being collected by each brand.

About Salman Haqqi

Salman is our personal finance editor with over 10 years’ experience as a journalist. He has previously written for Finder and regularly provides his expert view on financial and consumer spending issues for local and national press such as The Express, Travel Daily, and The Daily Star.

View Salman Haqqi's full biography here or visit the money.co.uk press centre for our latest news.

About Salman Haqqi

Salman is our personal finance editor with over 10 years’ experience as a journalist. He has previously written for Finder and regularly provides his expert view on financial and consumer spending issues for local and national press.

View Salman Haqqi's full biography here or visit the money.co.uk press centre for our latest news.