By using website you agree to our use of cookies as described in our cookie policy. Learn More


Proxyrack Study Reveals Costliest Data Breaches, Most Popular Methods

Study also looked at companies with the most data breaches to reveal the most exposed industries

Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.

Data breaches happen every year, and they can affect some of the biggest companies in the world. They can expose sensitive information and have huge financial implications. The ripple effect that these breaches can cause could put you at risk. 

Proxyrack looked into the most costly data breaches, the most common methods, and the companies with the most data breaches. 

Most Targeted Industries

We’ve looked at data breaches since 2004 where more than 30,000 records were stolen or compromised. Web-based industries have been the most targeted since 2004, with 53 data breaches to companies. Web industries potentially hold large amounts of sensitive data and information, which makes it no surprise that these are the most targeted. 

Healthcare industries were the second most common industry targeted by hackers, with 47 data breaches. There were four data breaches to healthcare companies in 2021, with Apple Health Medicaid and Health Service Executive among the four which were hacked. 

Completing our top three is the financial industry, which has suffered 38 data breaches since 2004. With finance companies holding information regarding bank accounts, there is no surprise that these are in the top three for most targeted industries. 

Most Targeted Companies

You’d hope that after the first hack, companies would strengthen their online protection to ensure it doesn’t happen again. Unfortunately for some companies, that’s not what has happened. We’ve discovered which companies have received the most data breaches since 2004. 

At the top of the list is Facebook, which has had the most data breaches since 2004 with a total of five, two more than any other company. Three of the five data breaches Facebook experienced were in 2019, with the other two in 2018 and 2013. Facebook's most recent hack was their most costly with 540 million records either stolen or compromised. Poor security was the social networking site’s main problem, causing three of its data breaches. 

AOL take second place with three hacks since 2004. A total of 114.4 million records were stolen or compromised during the three hacks AOL suffered, which happened in 2004, 2006 and 2014. All three data breaches were through different methods. In 2004, it was an inside job that caused what was also their most costly breach, with 92 million records stolen or compromised. In 2006, 20 million records were accidentally published and in 2014 it was a hacking that caused 2.4 million records to be stolen or compromised. 

Also with three hacks since 2004 is Citigroup, which was hacked in 2005, 2011, and 2013. The data breaches to the finance company weren’t as severe as AOL’s, with just over 4.4 million records stolen or compromised. The methods used were lost/stolen media, hacking, and poor security, with poor security being the most recent method. 

Most Common Methods of Data Breaches

There are a number of ways in which hackers try and steal data from companies. We’ve looked at the most common methods that are used. 

The most common cause of data breaches is hacking, which has occurred 193 times since 2004. Whether it’s through password abuse or tempting you to click on a fake link, there are a number of ways that a hacker can hack someone. 

Poor security was the second most common way people gained unauthorized access to sensitive information, happening on 44 occasions since 2004. This emphasizes how important it can be to invest in internet security.

Completing our top three is lost or stolen media, the third most common data breach method, happening 33 times since 2004. The most recent hack of this kind happened in 2017 to Advocate Medical Group where 4 million records were stolen. 

Most Expensive Data Breaches

We’ve looked at which data breaches have been the most costly to the companies that were hacked.

The most expensive data breach was the hack of Epsilon, which cost the company $4 billion. The marketing company’s hack was huge, where the names and addresses of 60 million people were stolen after the email system was breached. 

Our second most costly breach was Equifax, which caused damage of $700 million. Equifax is a finance company that offers credit monitoring services for free. When it was hacked, the private information of 160 million accounts was exposed, and Wall Street lowered the company’s valuation by $4 billion. 

Our third most costly data breach was the U.S. Office of Personnel Management, which cost the agency $500 million. OPM deals with personal data for millions of employees, and when they were hacked, the information of 4 million employees was compromised. The hack happened while updating their security. 


We used Wikipedia to discover the most targeted industries and companies, as well as the most common methods of data breaches. We also used Total It to uncover the most costly data breaches. You can access the full results here.

TDWI Membership

Get immediate access to training discounts, video library, research, and more.

Find the right level of Membership for you.