The Worst Data Breaches of 2021 ... so far

Giulio Saggin
Giulio Saggin
Tuesday 28 November 2023

Cyber attacks are now an unfortunate part of life and 2021 has had some of the biggest breaches yet seen. This has been, in part, due to COVID, which has changed the way we work online. Working remotely may be convenient for some but it also weakens a company or organisation's online defences.

In no particular order, we've listed some of the worst cyber attacks of the year to date:

- In June, more than a billion search records of (US health company) CVS Health customers were accidentally posted by a third party. It turns out the 204 GB database wasn't password protected.

- More than 500 million LinkedIn profiles were found on the Dark Web in April. To show the data was 'for real', those reponsible shared two million of the profiles for $2.

- In April, the cashless parking app ParkMobile fell victim to hackers and the records of 21 million users were exposed, after a third-party software vulnerability was breached.

- Eleven days into 2021, it was revealed that 70TB - around 99.9% - of information, including messages, posts and video data, had been leaked from the conservative social media app, Parler.

- On the same day as the Parler 'reveal', the personally identifiable information (PII) of more than 210 million users of Facebook, Instagram and LinkedIn were exposed via an unsecure database belonging to Socialarks, a Chinese social media management company.

- In September, more than 61 million records of Apple and Fitbit users were exposed, after an unsecured database was breached. This one belonged to health and wellness data app, Get Health.

- In April, 533 million Facebook users from around the world - 106 countries - had their data posted online for free.

- In February, a Compilation of Many Breaches (COMB), totalling more than 3.2 billion unique emails and passwords belonging to previous leaks from Bitcoin, Netflix, LinkedIn, Yahoo and were discovered online. To date, it's the largest data leak of all time.

- In January, more than 23 million records belonging to users of the free online card and board game platform,, were exposed due to a cloud misconfiguration.

- In August, 126 million people had their personal data exposed thanks to an unsecured database, belonging to marketing company OneMoreLead, that was posted online.

- In April, tens of millions of Americans had their private credit scores exposed due to an unsecured application programming interface (API) tool used by information services company, Experian.

- In August, at least 38 million data records were exposed due to a misconfiguration within Microsoft Power Apps.

Improving your company or organisation's cybersecurity involves many aspects, both human and automated. Training is imperative to make employees more cyber aware. Automation frees up the time and resources of employees.

One area of cybersecurity that can be time-consuming is keeping track of software vulnerabilities. Vendors may publish vulnerabilities - CVEs - affecting their software but users are often left to track down the information.

Vulnerability alert service SecAlerts acts as a 'middle man' between software vendors and users by matching vulnerabilities to clients' software. Clients choose their software from more than 15,000 on the SecAlerts website and receive one easy-to-understand email listing all the CVEs affecting their software.

"Leaving your software vulnerable can lead to multiple avenues of cyber attack, including malware, ransomware, SQL injection, spyware and zero-days," said SecAlerts co-founder, Louis Stowasser. "If there's only one thing you do for your cybersecurity, fixing your software vulnerabilities is it."

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203