A monitor displays Equifax signage on the floor of the New York Stock Exchange.
A monitor displays Equifax Inc. signage on the floor of the New York Stock Exchange (NYSE) in New York, U.S., on Friday, Sept. 15, 2017. Rediscovering their love for U.S. stock funds, investors added the most money since June during the past week, as the Trump administration plotted strategy for pushing a tax overhaul and the S&P 500 rose to a record. Photographer: Michael Nagle/Bloomberg
Michael Nagle/Bloomberg

How does Equifax stack up?

Equifax's data breach may be the most serious one, given that it covered 143 million consumers and involved reams of confidential information, but it wasn't the largest. Following are the biggest to date.
Yahoo logo and sign
A man waits to cross the street in front of a Yahoo! sign at headquarters in Sunnyvale April 17, 2006. Kimberly White/Bloomberg News
KIMBERLY WHITE

Yahoo

Yahoo has the dubious distinction of having the two largest data breaches in history. The first was disclosed in September 2016, affecting 500 million accounts. The second was made public only three months later when the company announced that there was a separate breach, believed to be committed by different actors, affecting 1 billion accounts. Making matters even worse? The first breach occurred in 2014, while the second happened in 2013. It's still unclear why Yahoo did not detect either intrusion until years after the fact.
MySpace
The MySpace Inc. website is displayed for a photograph in New York, U.S., on Wednesday, Aug. 31, 2011. Photographer: Scott Eells/Bloomberg
Scott Eells/Bloomberg

MySpace

Remember your MySpace page? Yeah, we don't either. And that's precisely the point. It's not clear when hackers stole 360 million names and passwords from the social media network, but the breach didn't come to light until a hacker tried to sell the data (which, at that point, was so old it was relatively useless).
eBay sign and logo
EBay Inc. signage is displayed at the entrance to the company's headquarters in San Jose, California, U.S., on Tuesday, Jan. 24, 2017. Ebay is expected to release earnings figures on January 25. Photographer: David Paul Morris/Bloomberg
David Paul Morris/Bloomberg

EBay

EBay disclosed in May 2014 that thieves had stolen password information on 145 million account holders. That forced the company to alert customers that they'd need to reset their password. The thieves apparently accessed the data by stealing the credentials of three corporate employees. Unlike the Equifax case, however, customers did not have their financial data stolen.
EquifaxBreachImage.jpg
Rows of coloured co-ax cables are seen feeding into computer servers inside a comms room at an office in London, U.K., on Tuesday, Dec. 23, 2014. Vodafone Group Plc will ask telecommunications regulator Ofcom to guarantee that U.K. wireless carriers, which rely on BTs fiber network to transmit voice and data traffic across the country, are treated fairly when BT sets prices and connects their broadcasting towers. Photographer: Simon Dawson/Bloomberg
Simon Dawson/Bloomberg

Equifax

It isn't just the eye-popping 143 million consumers affected by the Equifax breach, which was disclosed on Sept. 7, 2017, but also the sheer volume of what was stolen: birth dates, addresses, Social Security numbers. Unlike simply resetting your eBay password, the Equifax breach may mean customers have to put credit freezes on their account — something that could impact consumer lending.
LinkedIn logo

LinkedIn

Like others on this list, the details of LinkedIn's breach were disclosed in stages. But in this case, it happened years apart. When the breach was first announced in 2012, it was thought that just 6.5 million user names and passwords had been stolen. But four years later, the firm said that a Russian hacker called "Peace" was selling the emails and passwords of 117 million users from that 2012 hack.
Target store
Target Corp. signage is seen on a shopping cart and the exterior of a company store in Chicago, Illinois, U.S., on Monday, May 16, 2016. Target is scheduled to release earnings figured on May 18. Photographer: Christopher Dilts/Bloomberg
Christopher Dilts/Bloomberg

Target

Advisors and their clients are still angry about the Target breach, disclosed at the end of 2013. The retail giant first said that 40 million credit and debit card numbers had been stolen, then followed up shortly thereafter to reveal that contact information of 70 million had also been taken. It's not clear how much overlap there was between the two groups, if any.
Hooded computer hacker.

Heartland Payment Systems

Payment processor Heartland Payment Systems saw more than 100 million credit and debit cards stolen by cyber criminals in 2008. In 2010, Albert Gonzalez was convicted of masterminding the attack and sentenced to 20 years in prison.
The Sony PlayStation logo.

Sony

When all was said and done, hackers in 2011 made off with information on 100 million members of Sony's Playstation Now service, including gamers and those streaming music and video on the site. The service was even shut down for three weeks.
The AOL website.

AOL

An ex-employee of America Online stole and sold information containing 92 million screen names and email addresses, leading to a lot of spam emails for unhappy customers. Jason Smathers was convicted in 2005 and sentenced to a year and three months in jail.
jpmorgan-bl011216
JPMorgan Chase is competing with Square, Block and other firms to capture business from merchants.
Michael Nagle/Bloomberg

JPMorgan Chase

First revealed in August 2014, hackers gained access to the internal systems at JPMorgan Chase and made off with data on 83 million personal and small-business accounts. Three hackers were later convicted of 23 criminal counts, including hacking, securities fraud and identity theft.
The Securities and Exchange Commission flag flies in front of a building.
Dozens of municipal bond market participants filed letters to the SEC warning of damaging consequences from a new data disclosure law.
Bloomberg News

EDGAR

Our list of Top 10 data breaches can’t officially include the hack of the SEC’s electronic filing system, EDGAR, because it doesn’t appear to have jeopardized personal financial data. Instead, there’s potential that the stolen information could have been used to rack up millions in illegal equity trades, the commission says. But it’s important to note the breach, regardless. Its extent raises questions about the federal agency’s ability to protect sensitive records and ensure the safety of financial markets. And the SEC is warning financial firms they must be on guard.

"Malicious attacks and intrusion efforts are continuous and evolving, and in certain cases they have been successful at the most robust institutions and at the SEC itself," said SEC Chairman Jay Clayton in a statement acknowledging the hack. "Cybersecurity efforts must include, in addition to assessment, prevention and mitigation, resilience and recovery."
MORE FROM FINANCIAL PLANNING