Organisation have had it easy for some time. Data breaches are increasingly being addressed with penalties backed by GDPR legislation. Some noted fines are:
- British Airways was fined $328M.
- Facebook fined $5B for Cambridge Analytica data theft.
- $99M for Marriott Hotel
In Australia, the OAIC reports that it received 812 privacy complaints in 2018.
| Entity | Records | Organization type | Method |
|---|---|---|---|
| 2019 Bulgarian revenue agency hack | over 5,000,000 | government | hacked |
| Canva | 140,000,000 | web | hacked |
| Capital One | 106,000,000 | financial | hacked |
| Desjardins | 2,900,000 | financial | inside job |
| 540,000,000 | social network | poor security | |
| 1,500,000 | social network | accidentally uploaded | |
| First American Corporation | 885,000,000 | financial service company | poor security |
| Health Sciences Authority (Singapore) | 808,000 | healthcare | poor security |
| Justdial | 100,000,000 | local search | unprotected api |
| Ministry of Health (Singapore) | 14,200 | healthcare | poor security/inside job |
| Quest Diagnostics | 11,900,000 | Clinical Laboratory | poor security |
| StockX | 6,800,000 | retail | hacked |
| Truecaller | 299,055,819 | Telephone directory | unknown |
| Woodruff Arts Center | unknown | arts group | poor security |
| Westpac | 98,000 | financial | hacked |
| Australian National University | 19 years of data | academic | hacked |
Here are a few links to fines noted.
