🛡️
EmailBreachGuard
Plain-English breach reports
Plain-English breach history

Breach Timeline & Context

This page gives you context for why your email may appear in a data breach. Each entry shows what was exposed, how serious it is, and what you can do next.

🧭Use this together with your EmailBreachGuard results
🔄Updated as major breaches are reported

2025

Latest major breaches affecting millions globally

Google Salesforce CRM Breach

Tech giant's Salesforce-hosted customer database was breached by ShinyHunters hacking group in a campaign targeting multiple enterprises.

Business contact records compromised
Risk: Medium (business contacts)
Year: 2025 (June-August)

Part of a larger attack wave targeting Salesforce CRM environments. The stolen information mainly comprised business contact records including names, emails, and phone numbers.

What to do: Be cautious of business-related phishing attempts. Even highly resourced enterprises are vulnerable when third-party SaaS platforms are compromised.

Contact information Third-party system breach

Allianz Life Insurance Breach

Over a million customers affected after unauthorized access to third-party CRM system exposed sensitive insurance data.

Over 1 million customers affected
Risk: High (identity & financial)
Year: 2025 (August)

Majority of customers had sensitive data exposed including policy details and personal information through compromised third-party systems.

What to do: Monitor your credit reports, enable fraud alerts, and be extra vigilant for insurance-related phishing attempts.

Personal details Insurance records

Air France-KLM Passenger Data Breach

Major European airlines disclosed breach originating from third-party customer support platform, potentially affecting hundreds of thousands of travelers.

Hundreds of thousands of travelers
Risk: Medium-high (loyalty fraud)
Year: 2025 (August)

Passenger records and loyalty program information accessed through vendor system. While no payment cards or passports were reported stolen, loyalty points are frequently targeted by fraud rings.

What to do: Check your loyalty account for unauthorized activity, change passwords, and be cautious of travel-related phishing emails.

Travel & contact info Loyalty program data

DaVita Healthcare Ransomware Attack

Major dialysis provider reported ransomware incident affecting approximately 2.7 million patients with encrypted systems and exfiltrated medical records.

2.7 million patients affected
Risk: Very High (medical records)
Year: 2025 (April)

Laboratory databases compromised with patient medical details and identifiers exposed. Clinics continued operating but privacy and fraud risks remain significant.

What to do: Monitor for medical identity theft, review credit reports, enable fraud alerts, and be extremely cautious of healthcare-related communications.

Medical records Health insurance data

2023–2024

Recent large-scale breaches that may still affect active accounts

MOVEit Transfer Supply Chain Breach

A file-transfer tool used by many organizations was compromised, exposing data across multiple companies and governments.

Millions across many organizations
Risk: High (depends on organization)
Year: 2023

Stolen data included full names, contact details, and sometimes Social Security numbers. Because this happened through a vendor, you may only hear about it from the affected organization.

What to do: Follow any notice from the affected organization, enable 2-factor authentication, and consider a credit freeze if SSN or government ID details were exposed.

Names & contact details Identity data (varies)

Genetic Testing Account "Credential Stuffing"

Attackers reused leaked passwords from other sites to break into accounts on a popular DNA / ancestry service.

Subset of customer accounts
Risk: High for reused passwords
Year: 2023

The service wasn't "hacked" directly. Attackers tried email+password combinations from older breaches until some worked. Exposed data could include profile details and relationship information.

What to do: Change your password immediately, and anywhere else that uses the same password. Turn on 2-factor authentication. This is a warning sign that reused passwords are at risk.

Account logins

2017–2020

Some of the most widely known modern breaches

Equifax Credit Reporting Breach

A major credit bureau was breached, exposing highly sensitive identity data for many U.S. consumers.

Over 100 million people
Risk: Very high (identity theft)
Year: 2017

Exposed data included names, addresses, dates of birth, Social Security numbers, and driver's license information. This data can be misused for years for identity theft.

What to do: Consider placing a credit freeze with all major bureaus, enable alerts with banks and credit cards, and monitor credit reports regularly.

Full identity details SSN / ID numbers Credit data

Large Hotel Loyalty Program Breach

Attackers accessed a hotel group's reservation database, exposing guest details and some encrypted payment data.

Hundreds of millions of guest records
Risk: Medium–high
Year: 2018

Exposed fields included names, emails, phones, addresses, and stay details. In some cases, passport numbers and encrypted card data were involved.

What to do: Be cautious with travel-related emails. Avoid clicking links in unsolicited "reservation" emails and sign in by typing the hotel's website address manually.

Contact & travel info Passport / ID (some cases)

Massive "Collection" Password Dumps

Huge combined lists of old breaches were bundled together, making it easier for attackers to test billions of email+password pairs.

Billions of email+password combinations
Risk: High for reused passwords
Year: 2019 and earlier

These lists combine leaks from many sites over many years. Even if passwords are old, attackers can still try them on current services like email, banking, and shopping accounts.

What to do: Never reuse passwords. If your email appears in these collections, assume older passwords may still be floating around. Change any reused passwords and consider a password manager.

Email + password pairs

2012–2016

Earlier "mega breaches" that still matter if you reused passwords

LinkedIn Password Breach

A major professional networking site had millions of hashed passwords stolen and later published online.

Hundreds of millions of accounts
Risk: Medium–high for reused passwords
Year: 2012 (data resurfaced later)

Even though this breach is older, password dumps from it are still circulating. If you reused your LinkedIn password on other sites, those accounts could be at risk.

What to do: Make sure your LinkedIn password is unique. If you used that same password anywhere else, change those passwords immediately.

Account passwords

Large Email Provider Breaches

A major email provider disclosed multiple incidents affecting a very large portion of its user base.

Billions of account records across incidents
Risk: High (email is a "master key")
Years: 2013–2014 (disclosed later)

Because email accounts are used to reset passwords elsewhere, any compromise here is especially serious. Even older breaches matter if recovery questions or backup emails were exposed.

What to do: If this was your primary email, change the password, enable 2-factor authentication, and review connected accounts and recovery options.

Email logins

Adobe Customer Account Breach

An older breach where customer account details and encrypted passwords were exposed for creative software users.

Tens of millions of accounts
Risk: Medium (password reuse + phishing)
Year: 2013

The passwords were stored poorly, and attackers have used this data in combination lists. Even if you no longer use that product, the same password might still be in use elsewhere.

What to do: If you had an account at the time, treat this as another reason to rotate any old, reused passwords and move toward unique passwords for every site.

Account details

"Email-Only" & Marketing List Breaches

Why even simple email leaks still matter

Marketing List & Newsletter Leaks

In some incidents, only email addresses and basic profile fields are exposed from mailing lists or contact databases.

Varies widely by incident
Risk: Usually lower – but not zero
Years: Various

On the surface, "email-only" breaches sound harmless. In reality, attackers can use these lists to send believable phishing emails, spam, and scams tailored to a specific topic or company.

What to do: Expect more spam and phishing attempts. Be skeptical of links in emails, especially those asking you to log in, pay a bill, or confirm personal information. When in doubt, go directly to the company's website instead of clicking a link.

Email address only Increased phishing risk

Why Ongoing Monitoring Matters More Than One-Time Checks

Running a breach check once is like checking the weather one morning and assuming it never changes. New breaches are discovered all the time. Here's why ongoing monitoring matters and how to make it practical.

Breach data is constantly changing

Breaches aren't single events you hear about once on the news. In reality:

  • New breaches are discovered and disclosed regularly
  • Old breaches are sometimes re-analyzed, revealing more details
  • Data from past incidents gets combined, re-sold, and reused in new ways

That means the risk picture around a single email address can shift over time—even if you haven't changed anything.

What a one-time check can (and can't) tell you

A single scan is useful for:

  • Spotting obvious password reuse problems
  • Triggering clean-up actions like password changes and MFA
  • Raising awareness with staff or family members

But it can't tell you:

  • Which new leaks might show up next month or next year
  • Whether new employees join with "pre-breached" credentials from past jobs
  • When a critical account you've already cleaned up appears in a fresh incident

What ongoing monitoring adds

With regular checks—monthly or quarterly—you can:

  • Catch new breaches early, before attackers exploit them
  • See patterns (for example, certain teams or roles showing more exposure)
  • Fold breach checks into your routine security hygiene instead of reacting to headlines

For individuals and families

Ongoing monitoring can be very simple:

  • Run a breach check for your primary email every few months
  • Repeat for important family members (spouse, kids with online accounts)
  • Each time you see a new breach, follow the same calm checklist: change password, fix reuse, enable MFA

For MSPs and IT providers

For MSPs, breach monitoring fits naturally into:

  • Onboarding — check new staff accounts when they join
  • QBRs — include a breach snapshot as part of your regular review
  • Security packages — offer "breach monitoring + password/MFA hardening" as a line item

Key is to keep it calm and predictable, not alarmist.

How often should you check?

There's no single right answer, but good starting points are:

  • Individuals: every 3–6 months, or whenever you hear about a major breach affecting a service you use
  • Small businesses: quarterly for key staff; monthly for high-risk roles (owners, finance, admins)
  • MSPs: align checks with your existing reporting rhythm (QBRs, monthly summaries, etc.)

The calm way to talk about ongoing risk

Instead of "you're constantly under attack," try:

  • "Breaches are a normal part of the internet now. Our goal is to make sure leaked data can't easily be used against you."
  • "We'll keep an eye on new breaches and use them as triggers to tighten passwords and MFA where needed."

The takeaway

One-time checks are a good start, but the real value comes from treating breach data like a changing weather report. When you combine ongoing monitoring with simple responses—password changes, MFA, and good habits—you stay ahead of most opportunistic attacks.