Other Big Data Hacks That Nobody’s Talking About

There’s no denying the fact that data breaches are only becoming more and more common. Target, Anthem, Sony PlayStation, and most recently Equifax have all taken a lot of heat for the massive amount of personal information that was exposed while under the care of these companies.

There are, however, many more data breaches that you’ve never heard about because they weren’t quite as “sexy” to cover. So far in 2017 alone, PrivacyRights.org reports that at least 422 data breaches have been made public. That’s well over one per day. Here’s a sampling of some other big names that have experienced a data breach.

Sonic Drive-In

On Sept. 26, 2017, fast-food chain Sonic, with approximately 3,600 locations across the U.S., announced a breach that affected an “unknown number of store payment systems.” The data hack may have resulted in the sale of millions of stolen credit card and debit card account numbers, according to Krebs on Security.

U.S. Securities and Exchange Commission (SEC)

On Sept. 20, 2017, the SEC announced that its online database of corporate filings was hacked. Cybercriminals were able to hack into the agency’s “test Edgar system,” designed to help startups learn how to fill out SEC forms without the necessity of making those announcements public. The SEC revealed that the breach of their Edgar system, which actually occurred in 2016, may have resulted in the theft of corporate secrets.


On August 29, 2017, Credco announced that between July 21 and August 7, 2017, unauthorized access to the company’s system occurred and that, as a result, consumer information was accessed without proper authorization. The information exposed during the hack included the sensitive stuff typically found on a credit report: names, addresses, Social Security numbers, dates of birth, account numbers, and the like.

Keller Williams Realty

On July 18, 2017, Keller Williams Realty announced that an unauthorized third party gained access to their network. Types of information compromised included names, addresses, Social Security numbers, and some user names and passwords.


On May 15, 2017, DocuSign, an electronic signature technology provider, announced a computer systems data breach. The breach resulted in a series of malware phishing email attacks — which the recipients would be particularly vulnerable to, since they were already expecting to receive and click on DocuSign email links.


On April 12, 2017, student data service Schoolzilla announced a large-scale breach that might have exposed the personal information of some 1,300,000 students. The compromised information included names, test scores, and Social Security numbers of minors enrolled in kindergarten through 12th grade. However, the data breach was discovered by a computer security researcher, and it’s believed to have been resolved before the information fell into the hands of any cybercriminals.

U.S. Labor Department

On March 27, 2017, the U.S. Department of Labor announced that the agency’s online job portal, America’s Job Link Alliance, was hacked. Some 2,100,000 U.S. job seekers from at least 16 different states had sensitive personal data such as names, Social Security numbers, and dates of birth exposed.

Dunn and Bradstreet

On March 15, 2017, Dunn and Bradstreet, a company that provides commercial data and analytics for businesses, announced a massive data breach that compromised the information of some 33,500,000 employees of various U.S. corporations. The hacked information contains names, job titles, work email addresses, and phone numbers.

Toys ‘R’ Us

On Feb. 2, 2017, Toys “R” Us announced the unauthorized access of an unidentified number of the company’s Rewards “R” Us loyalty member accounts. The exposed information included logins and passwords — which cybercriminals know are often used across multiple accounts — in addition to the names and dates of birth of many users’ children. The company stated that the compromised database did not contain credit card numbers, payment information, or other sensitive personal information such as Social Security numbers.

The Tip of the Iceberg

This is just a micro-sampling of the data breaches that have occurred in 2017 alone. There are many, many more well known companies and organizations that have been breached in recent memory (HBO, UCLA, the IRS, the DNC, Instagram… to name just a few).

Point being, while we’re all focused on Equifax, it’s important to recognize that our personal and payment information may have already been exposed, years earlier, by some other breach that has flown completely under our radar.

Related Articles:

John Ulzheimer

Contributing Writer

John Ulzheimer is an expert on credit reporting, credit scoring, and identity theft. The author of four books on the subject, Ulzheimer has been featured thousands of times over the past decade in media outlets including the Wall Street Journal, NBC Nightly News, The Los Angeles Times, CNBC, and countless others. With professional experience at both Equifax and FICO, Ulzheimer is the only credit expert who actually comes from the credit industry. He has been an expert witness in over 230 credit related lawsuits and has been qualified to testify in both federal and state courts on the topic of consumer credit.