A monitor displays Equifax signage on the floor of the New York Stock Exchange.
A monitor displays Equifax Inc. signage on the floor of the New York Stock Exchange (NYSE) in New York, U.S., on Friday, Sept. 15, 2017. Rediscovering their love for U.S. stock funds, investors added the most money since June during the past week, as the Trump administration plotted strategy for pushing a tax overhaul and the S&P 500 rose to a record. Photographer: Michael Nagle/Bloomberg

How does Equifax stack up?

Equifax's data breach may be the most serious data breach, given that it covered 143 million consumers and involved reams of confidential information, but it wasn't the largest. Following are the biggest to date.
Yahoo logo and sign
A man waits to cross the street in front of a Yahoo! sign at headquarters in Sunnyvale April 17, 2006. Kimberly White/Bloomberg News


Yahoo has the dubious distinction of having the two largest data breaches in history. The first was disclosed in September 2016, affecting 500 million accounts. The second was made public only three months later when the company announced that there was a separate breach, believed to be committed by different actors, affecting 1 billion accounts. Making matters even worse? The first breach occurred in 2014, while the second happened in 2013. It's still unclear why Yahoo did not detect either intrusion until years after the fact.
The MySpace Inc. website is displayed for a photograph in New York, U.S., on Wednesday, Aug. 31, 2011. Photographer: Scott Eells/Bloomberg


Remember your MySpace page? Yeah, we don't either. And that's precisely the point. It's not clear when hackers stole 360 million names and passwords from the social media network, but the breach didn't come to light until a hacker tried to sell the data (which, at that point, was so old it was relatively useless).
eBay sign and logo
EBay Inc. signage is displayed at the entrance to the company's headquarters in San Jose, California, U.S., on Tuesday, Jan. 24, 2017. Ebay is expected to release earnings figures on January 25. Photographer: David Paul Morris/Bloomberg


EBay disclosed in May 2014 that thieves had stolen password information on 145 million account holders. That forced the company to alert customers that they'd need to reset their password. The thieves apparently accessed the data by stealing the credentials of three corporate employees. Unlike the Equifax case, however, customers did not have their financial data stolen.
Rows of coloured co-ax cables are seen feeding into computer servers inside a comms room at an office in London, U.K., on Tuesday, Dec. 23, 2014. Vodafone Group Plc will ask telecommunications regulator Ofcom to guarantee that U.K. wireless carriers, which rely on BTs fiber network to transmit voice and data traffic across the country, are treated fairly when BT sets prices and connects their broadcasting towers. Photographer: Simon Dawson/Bloomberg


It isn't just the eye-popping 143 million consumers affected by the Equifax breach, which was disclosed on Sept. 7, 2017, but also the sheer volume of what was stolen: birth dates, addresses, Social Security numbers. Unlike simply resetting your eBay password, the Equifax breach may mean customers have to put credit freezes on their account — something that could impact consumer lending.
LinkedIn logo


Like others on this list, the details of LinkedIn's breach were disclosed in stages. But in this case, it happened years apart. When the breach was first announced in 2012, it was thought that just 6.5 million user names and passwords had been stolen. But four years later, the firm said that a Russian hacker called "Peace" was selling the emails and passwords of 117 million users from that 2012 hack.
Target store
Target Corp. signage is seen on a shopping cart and the exterior of a company store in Chicago, Illinois, U.S., on Monday, May 16, 2016. Target is scheduled to release earnings figured on May 18. Photographer: Christopher Dilts/Bloomberg


Bankers are still angry about the Target breach, disclosed at the end of 2013. The retail giant first said that 40 million credit and debit card numbers had been stolen, then followed up shortly thereafter to reveal that contact information of 70 million had also been taken. It's not clear how much overlap there was between the two groups, if any.
Hooded computer hacker.

Heartland Payment Systems

Payment processor Heartland Payment Systems saw more than 100 million credit and debit cards stolen by cyber criminals in 2008. In 2010, Albert Gonzalez was convicted of masterminding the attack and sentenced to 20 years in prison.
The Sony PlayStation logo.


When all was said and done, hackers in 2011 made off with information on 100 million members of Sony's Playstation Now service, including gamers and those streaming music and video on the site. The service was even shut down for three weeks.
The AOL website.


An ex-employee of America Online stole and sold information containing 92 million screen names and email addresses, leading to a lot of spam emails for unhappy customers. Jason Smathers was convicted in 2005 and sentenced to a year and three months in jail.
Pedestrians walk past JPMorgan Chase & Co. headquarters in New York, U.S., on Tuesday, Jan. 12, 2016. JPMorgan Chase is scheduled to release earnings data on January 14. Photographer: Michael Nagle/Bloomberg

JPMorgan Chase

First revealed in August 2014, hackers gained access to the internal systems at JPMorgan Chase and made off with data on 83 million personal and small-bsuiness accounts. Three hackers were later convicted of 23 criminal counts, including hacking, securities fraud and identity theft.