Organisation have had it easy for some time. Data breaches are increasingly being addressed with penalties backed by GDPR legislation. Some noted fines are:
- British Airways was fined $328M.
- Facebook fined $5B for Cambridge Analytica data theft.
- $99M for Marriott Hotel
In Australia, the OAIC reports that it received 812 privacy complaints in 2018.
Entity | Records | Organization type | Method |
---|---|---|---|
2019 Bulgarian revenue agency hack | over 5,000,000 | government | hacked |
Canva | 140,000,000 | web | hacked |
Capital One | 106,000,000 | financial | hacked |
Desjardins | 2,900,000 | financial | inside job |
540,000,000 | social network | poor security | |
1,500,000 | social network | accidentally uploaded | |
First American Corporation | 885,000,000 | financial service company | poor security |
Health Sciences Authority (Singapore) | 808,000 | healthcare | poor security |
Justdial | 100,000,000 | local search | unprotected api |
Ministry of Health (Singapore) | 14,200 | healthcare | poor security/inside job |
Quest Diagnostics | 11,900,000 | Clinical Laboratory | poor security |
StockX | 6,800,000 | retail | hacked |
Truecaller | 299,055,819 | Telephone directory | unknown |
Woodruff Arts Center | unknown | arts group | poor security |
Westpac | 98,000 | financial | hacked |
Australian National University | 19 years of data | academic | hacked |
Here are a few links to fines noted.