The 16 biggest data breaches of the 21st century

11. Anthem

Date: February 2015

Impact: Theft of personal information on up to 78.8 million current and former customers.

Details: The second-largest health insurer in the US, formerly known as WellPoint, said a cyberattack had exposed the names, addresses, Social Security numbers, dates of birth and employment histories of current and former customers – everything necessary to steal identity.

Fortune reported in January that a nationwide investigation concluded that a foreign government likely recruited the hackers who conducted what was said to be the largest data breach in healthcare history. It reportedly began a year before it was announced, when a single user at an Anthem subsidiary clicked on a link in a phishing email. The total cost of the breach is not yet known, but it is expected to exceed US$100 million.

Anthem said in 2016 that there was no evidence that members' data have been sold, shared or used fraudulently. Credit card and medical information also allegedly has not been taken.

Read more about the Anthem data breach...

12. RSA Security

Date: March 2011

Impact: Possibly 40 million employee records stolen.

Details: The impact of the cyberattack that stole information on the security giant's SecurID authentication tokens is still being debated. RSA, the security division of EMC, said two separate hacker groups worked in collaboration with a foreign government to launch a series of phishing attacks against RSA employees, posing as people the employees trusted, to penetrate the company's network.

EMC reported last July that it had spent at least US$66 million on remediation. According to RSA executives, no customers' networks were breached. John Linkous, vice president, chief security and compliance officer of eIQnetworks, Inc. doesn't buy it. "RSA didn't help the matter by initially being vague about both the attack vector, and (more importantly) the data that was stolen," he said.

"It was only a matter of time before subsequent attacks on Lockheed-Martin, L3 and others occurred, all of which are believed to be partially enabled by the RSA breach." Beyond that was psychological damage. Among the lessons, he said, are that even good security companies like RSA are not immune to being hacked.

Jennifer Bayuk, an independent information security consultant and professor at Stevens Institute of Technology, told SearchSecurity in 2012  that the breach was, “a huge blow to the security product industry because RSA was such an icon. They’re the quintessential security vendor. For them to be a point of vulnerability was a real shocker. I don’t think anyone’s gotten over that,” she said.

Read more about the RSA data breach...