2020 was a record year on many accounts. With the COVID-19 global pandemic requiring massive stay at home orders across the globe, life was dramatically interrupted. Unemployment hit all-time highs, but cyber-criminals found themselves in a much better market. 2020 was a record year for online attacks. The final numbers aren’t in, but there were several notable hacks of the year.

Here is a list of some of the biggest hacks and data breaches of the year.

  • Estee Lauder exposed 440 million customer records early in 2020.
  • An undisclosed number of customer’s information was exposed by Fifth Third Bank last year. The personal information included Social, driver’s license information, addresses, phone numbers, date of births, and account numbers.
  • Hackers used the login credentials of two employees through a third-party app to expose the information of 5.2 million Marriott hotel guests.
  • In April, more than 267 million Facebook profiles were listed for sale on the Dark Web – all for $600.
  • A credential stuffing attack exposed the user IDs and passwords of 160,000 player accounts from Nintendo.
  • In July, the smartwatch company, Garmin, announced that it fell victim to a ransomware attack and that they may have paid $10 million in ransom to have their data decrypted.
  • Twitter experienced one of the largest attacks of 2020, when several prominent accounts were hacked, and all posted a similar message asking for bitcoin.
  • The personal information for 17 million users of the free lodging, CouchSurfing, were found for sale on the Dark web.
  • Capital One paid US federal authorities an $80 million penalty in the wake of their 2018 data breach that released the personal information and financial data for over 100 million Americans and six million Canadians – including 140,000 Social Security numbers and 80,000 bank account numbers.
  • A Cisco engineer admitted to illegally accessing Cisco’s network and wiping 456 virtual machines. The damage costs Cisco nearly $2.4 million to fix.
  • Pfizer exposed the personal and medical information of hundreds of medical patients taking cancer drugs through a data leak.
  • Cybersecurity firm, FireEye, was hacked when cybercriminals accessed tools the company uses for penetration testing.
  • 18,000 SolarWinds’ customers were breached when hackers installed malicious code into a software update.