This year is not even half over, and it's already looking like a banner year for hackers.
A rash of high-profile digital breaches and large-scale data dumps has affected hundreds of millions of users of prominent websites, with millions more impacted by breaches of brick-and-mortar businesses. According to the Identity Theft Resource Center, over 6 million records have been exposed already this year. This follows high-profile attacks on sites like Ashley Madison (nearly 31 million accounts) last year and Adobe (152 million accounts) in 2013.
More often than not, hacks are more of an inconvenience for the victims than a traumatic life event. If you have been impacted and don't take action (like changing your password and monitoring other sites you frequent), that information can be used for everything from identity theft to more serious forms of harassment — and continue to unfold years later as information gets sold and resold.
Wondering if you've been impacted? Take a look at some of the year's biggest data dumps — and pay a semi-regular visit to the Have I Been Pwned? website to make sure an attack of a site you frequent (or once frequented and subsequently forgot about) hasn't occurred.
It's pretty certain that the actual breach of MySpace happened quite some time ago, but it was just last month that stolen user login data was found in an online hacker forum. The compromised data includes a portion of the site's usernames, passwords and email addresses from the old Myspace platform prior to June 11, 2013. Time Inc., which owns MySpace these days, says none of its other sites were impacted.
Like MySpace, the LinkedIn hack took place a little while ago (2012). But it wasn't until this year that the data — consisting of email and password combinations — was offered for sale, making users more vulnerable. and contacted people who were affected.
In May the social media/blogging site let users know that email addresses and passwords stolen in a 2013 attack had been exposed. While company officials said they did not believe the information had been used to access Tumblr accounts, the site did require all users to reset their passwords immediately.
While the release of data from this sexually themed site came after the high-profile hack of Ashley Madison, the attack itself seems to have occurred prior to that event. Regardless of timing, a hacker began offering data in May from the adult dating site that included not only account information, like user names and passwords, but dates of birth and details about those users' sexual desires and preferences.
This Florida-based operator of 145 cancer treatment centers announced in March that hackers had breached its database and stolen a wealth of personal information from current and former patients. Among the data collected were patient names, Social Security numbers, insurance data and their diagnoses. The company says it has no indication so far that the data has been misused.
Contact information for 1.5 million customers of Verizon's business-to-business arm was hacked this year, a surprising revelation given the company's cybersecurity strength (and the fact that Verizon Enterprise Solutions is a unit Fortune 500 companies often call for help when they get hacked). Officials said no proprietary data was taken, just contact info for customers.
While this hack took place and was first announced in 2015, the agency drastically revised its numbers in February. Originally, the IRS believed hackers had stolen Social Security numbers, addresses and birth dates of 114,000 people through its IRS Get Transcript application. This year, though, it said the number turned out to be 724,000.
Hackers attacked the school's computer systems in January, gaining access to personal information of current and former students as well as staff and faculty members. No grade transcripts, credit card numbers or medical information was stolen, but the hackers did take off with Social Security numbers of affected people.
This data breach, which occurred in February, was less the work of hackers and more the result of clumsiness. An employee leaving the agency "inadvertently and without malicious intent" downloaded data for 44,000 customers of the Federal Deposit Insurance Corp. onto a personal storage device. FDIC officials did not disclose what data was taken but said the former employee had legitimate access to it as part of his job.
The burger chain is still investigating the impact of the hack that occurred in late 2015 and was announced in May. Malware that targeted the point-of-sales system was found at roughly 300 locations, the company said originally. In June it said it had discovered the number of affected locations was likely "considerably higher" than the initial estimate. On Thursday, July 7, Wendy's said hackers were able to steal customer's credit and debit card information at 1,025 of its U.S. restaurants. There are 5,700 Wendy's nationwide. The company has not yet said how many customers might have been affected.