The Biggest Data Breaches Of 2022

Every major data breach since January.
Listen to this story

There’s been a high rise in global data breaches for several years, and 2022 has been littered with information thefts. This year, they’ve affected companies and organisations of all shapes, sizes, and sectors, costing US businesses millions in damages.

Here’s an overview of the data breaches that made headlines in 2022!

Subscribe to our Newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.


  • Red Cross

In January, data of over 515,000 people (some fleeing from war zones) had been seized via a cyberattack. The data was lifted from over 60 Red Cross societies globally via a third-party company that the organisation uses to store data.



In February, Nvidia revealed that it was investigating a possible cyberattack, which was confirmed in early March. The infamous hacking group Lapsus$ leaked information pertinent to more than 71,000 employees.


  • Microsoft

​​On March 20, 2022, Lapsus$ targeted Microsoft. 

The group posted a screenshot on Telegram indicating they had hacked Microsoft and compromised several other products. By March 22, Microsoft announced that it had stopped the hacking attempt, and only one account was compromised. Microsoft also said that no customer data had been stolen.

  • Apple and Meta

In late March, Apple and Meta were outwitted by hackers pretending to be law enforcement officials. The big techs provided the threat actors with customers’ personal information in mid-2021. Some of the hackers were assumed to be Lapsus$ members. 


  • Cash App

Cash App admitted that a former employee had breached the servers in April. The hack involved sensitive financial as well as personal information of the customers. As a result, the company contacted over eight million customers to inform them about the incident.


  • Costa Rican Government

The Conti ransomware gang hacked the Costa Rican government—which was forced to declare a state of emergency. Conti members stole highly valuable data and demanded $20 million in payment to not leak it. Nearly 90% of this data—amounting to around 670GB—was posted to a leak site on May 20.

  • SuperVPN, GeckoVPN, and ChatVPN

The breach led to the information of 21 million users being leaked on the dark web. Full names, usernames, country names, billing details, email addresses, and randomly generated password strings were among the information available.


  • OpenSea

NFT marketplace OpenSea suffered a data breach after a employee misused their employee access to share Opensea users’ email addresses with an unauthorised external party. As a result, the company stated that anyone with an email account shared with OpenSea should “assume they are affected”.


  • Twitter

Twitter suffered a data breach of 5.4 million accounts after threat actors built a database of phone numbers and email addresses. The data of accounts, including celebrities, companies and random users, is now sold on a hacker forum for $30,000. 


  • Plex

A data breach into the media server app ‘Plex’ resulted in encrypted customer data being compromised by millions. The vulnerability was addressed and secured, but Plex still encourages users to reset their passwords and enable multi-factor authentication.


  • Uber

In mid-September, Uber discovered they were hacked after the hacker announced in the company’s Slack organisation, “I am a hacker, and Uber has suffered a data breach”. This caused the company to shut down its internal messaging service and engineering systems to get to the root of the incident.

  • Microsoft

Microsoft recently confirmed that a misconfigured system had exposed the data of thousands of customers. The breach might have affected over 65,000 entities across 111 countries


  • Tata Power

On October 14, Tata Power disclosed that a cyberattack had hit its Information Technology infrastructure, and some of its systems were affected. However, in a Bombay Stock Exchange filing, the Mumbai-headquartered company said all critical operational systems were functioning and had “taken steps to retrieve and restore its systems”.

Tasmia Ansari
Tasmia is a tech journalist at AIM, looking to bring a fresh perspective to emerging technologies and trends in data science, analytics, and artificial intelligence.

Download our Mobile App

MachineHack | AI Hackathons, Coding & Learning

Host Hackathons & Recruit Great Data Talent!

AIMResearch Pioneering advanced AI market research

With a decade of experience under our belt, we are transforming how businesses use AI & data-driven insights to succeed.

The Gold Standard for Recognizing Excellence in Data Science and Tech Workplaces

With Best Firm Certification, you can effortlessly delve into the minds of your employees, unveil invaluable perspectives, and gain distinguished acclaim for fostering an exceptional company culture.

AIM Leaders Council

World’s Biggest Community Exclusively For Senior Executives In Data Science And Analytics.

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox