In 2014 alone, more than one billion personal records were illegally accessed -- including health, financial, email and home address data, and other personal information like Social Security numbers. That's up more than 54 percent on the year prior, according to Gemalto. This year, there's no sign of let-up.
As we're coming up to the end of the year, we look back at some of the biggest -- and most dangerous breaches -- so far.
You can put money on it being a bad hack when kids are named as victims. The toymaker suffered a major breach in late November, with hackers taking 4.8 million records, as well as a database of first names, genders and birthdays of more than 200,000 kids.
The attack on VTech, which reportedly used poor password security among other issues, ranks as one of the largest breaches of the year.
November: The big scandal when an anonymous hacker stole about 70 million phone calls from inmates in US prisons wasn't the hack itself, it was the suggestion that attorney-client privilege may have been violated on a regular basis. Millions of call logs and thousands of call recordings were taken in the breach. Securus provides landline phones and equipments to prisons, and generates high profits by charging the inmates themselves -- so much so, the FCC has taken action against the firm.
November: The same hackers who were able to get access to CIA director John Brennan's private email account also got access to a law enforcement portal used by police and federal agents to share intelligence, and book arrested suspects. It's not clear how many records were in the system -- the FBI declined to comment -- but hundreds of thousands of users are cleared to use the portal. Many of those names were also leaked in the hack. The attack was thought to be one of the widest external breaches of law enforcement this year.
October: A hack that targeted seven of Donald Trump's hotels, and lasted the whole year: even the presidential candidates aren't immune to hacks. Hackers snuck malware onto Trump systems, stealing credit card data (including security codes and card numbers) in the firm's hotels across the US. No final figure of how many people were affected was ever reported, but it's thought to be in the many thousands.
October: Crowdfunding service Patreon got the "Ashley Madison" treatment when it found its entire cache of data published online in a massive data breach in early October. Names, email addresses, and posts were leaked, though credit card data and Social Security was not compromised. The scope of the breach may take time to become fully clear, but at 15GB in size, and millions of accounts already found, the number of potential victims is only set to get larger.
October: T-Mobile may have taken over Sprint to become third place in US cellular rankings, but it's seventh place in our list of breaches, thanks to its misplaced trust in Experian. The credit agency suffered a breach in September, affecting as many as 15 million T-Mobile customers who underwent credit checks. Data, such as names, addresses, social security numbers, birth dates, and even passport numbers, may have been taken. Encrypted Social Security numbers may also have been swiped, but the company warned that encryption may have been compromised.
October: The retail brokerage firm said it detected "illegal activity involving our network" two years prior. Hackers reportedly took millions of customer contact details, which cybersecurity reporter Brian Krebs suggested it was to facilitate stock scams through spam campaigns. It was revealed in November after a case was unsealed that a total of four men had been charged with hacking into JPMorgan Chase and a number of other financial institutions, Scottrade included.
September: Around 37 million people were caught up in the Ashley Madison affair (for want of a better term). The site encourages its users to cheat on their partners. Aside from the many millions affected and the impact on relationships, should that information get into the hands of the enemy -- think, Russia or China -- it could lead to a considerable blackmail and espionage effort against US, UK, and allied countries.
September: Excellus BlueCross BlueShield suffered a major hit on its networks that ended up leaking more than 10 million records. The attack happened two years earlier in late December 2013. Names, birth dates, Social Security numbers and mailing addresses -- some of the most personal data going -- was taken, including financial account and claims information. The source of the hack remains unknown.
August: The UK's biggest data breach of the year can go to Carphone Warehouse, a phone retail store. As many as 2.4 million customers (roughly 4 percent of the country's population) had their personal information taken in the breach. About 90,000 customers had their encrypted credit card data stolen. The UK data privacy watchdog is now investigating the breach.
July: Pharmacy chain CVS was forced to pull its popular online photo print ordering site offline as it investigated a suspected hack. Credit card data, email and postal addresses, phone numbers, and passwords were taken, but it's not clear how many millions were affected by the breach. No other linked data was taken in the breach, but Costco and Rite Aid, among others, were also hit.
July: Data breaches and hacks happen all the time. But poor security and a lack of encryption can put the blame entirely on the body that was charged with protecting it. UCLA Health was at least partially to blame when it was hit by a massive hack on 4.5 million records earlier this year, because its customer data -- including Social Security numbers, and even medical data, such as conditions, medications, procedures, and test results -- was not encrypted.
July: An unknown group of hackers brought Italian surveillance firm Hacking Team to its knees when its entire network was breached -- and subsequently published online. Who were the real victims? The ordinary public, after hackers took working Flash exploits from the cache of leaked files. It's not known how many internet users were hit by the subsequent attacks. There may be more to come.
June: The big finale is the OPM breach, which affected 22.1 million (and counting). It could be the single most damaging breach to US national security of all time. Those who have access to some of the most sensitive data in the world had their entire backgrounds checks -- conducted by the OPM -- stolen by an unknown assailant. Imagine if the enemy knew exactly which buttons to push in order to blackmail someone into turning over vast swathes of sensitive or classified data. We have yet to see the repercussions of the breach, but it could harm the US' domestic and foreign diplomatic and intelligence work.
June: Almost any security expert will say using a password manager makes you safer. What happens when your password manager is hit by a hack? We found out when LastPass suffered a data breach this year. It's not clear if any data was taken, and any passwords that were taken were heavily encrypted. But all it takes is a weak master password to your keychain and boom, your online life can crumble.
May: The IRS data breach, reported in May, affected around 100,000 taxpayers. That may seem like a paltry number compared to the Anthem or UCLA breaches, but the impact on affected taxpayers could be staggering. A flaw in the IRS' system allowed hackers to access past filed tax returns, including sensitive financial information and Social Security data. It's said that the breach cost taxpayers $50 million in fraudulent claims.
February: If your healthcare provider can't keep your data safe, who can you trust? Anthem, a US health insurance firm, lost more than 80 million customer records when it was hacked at the start of this year, along with around 19 million rejected customers. Reports say much of the data was not encrypted. Enough personal data was stolen -- from Social Security numbers to birth dates and addresses -- to steal identities. The FBI, the investigating agency, has yet to confirm who it thinks was behind the attack.