1Sony’s PlayStation Network, Qriocity, Sony Online Entertainment
Date Reported: April 26Size: 101 million user accountsType of Data: name, home and e-mail addresses, login credentials, some credit card information Sonys three cloud services for PlayStation games, music and video, and online gaming were compromised by attackers while the company was distracted by a distributed denial of service attack from a different source. The company is rebuilding the services to be more secure.
2Epsilon, Alliance Data Systems
Date Reported: April 1Size: Unknown; 60 million estimated e-mail addressesType of Data: e-mail addresses, some namesAttackers breached e-mail marketing provider Epsilons databases and waltzed off with e-mail marketing lists belonging to its clients, including Walt Disney, JPMorgan Chase and Best Buy. While the company has declined to disclose exactly how many addresses were stolen, risk analytics firm estimate the number is around 60 million.
Date Reported: Feb. 7Size: 60,000 recordsType of Data: corporate emails, presentations, client reportsThe Anonymous hackers collective attacked HBGary Federals network in revenge for comments made by the CEO regarding their identities. The group hacked the email server and published all the stolen documents on a Russian server, ala Wikileaks-style.
5University of South Carolina
Date Reported: March 18Size: UnknownType of Data: “information related to SecurID technology”RSA Security may not be considered big in terms of actual records compromised, but the attack had wide-ranging repercussions, not only on the security company, but on all the enterprises and government agencies that rely on the SecurID two-factor authentication technology for their own security.
8HuskyDirect.com, University of Connecticut
Date Reported: Jan. 12Size: 231,400 recordsType of Data: patient names, social security numbers, addresses, phone numbersDespite the size, this was pushed down the list because it occurred in 2010 but was reported in 2011. This unusual breach happened in Nov. 12, 2010 when third-party intruders broke into the network to use the bandwidth to play Call of Duty. Its not clear whether they accessed the patient data.
10Ankle and Foot Center of Tampa Bay
Date Reported: Jan. 29Size: 156,000Type of Data: names, dates of birth, addresses, social security numbers, health care services receivedThis was another 2010 incident reported in 2011. Hackers breached the centers network to access protected patient health information and personal data.