Skip to Content
5 most costly data breaches
© Dragonimages |
Security & privacy

Scam alert: 5 most costly data breaches (plus 5 states most targeted)

A data breach can target any company you keep an account with, and it’s impossible to know where hackers will strike next. 

A recent breach involving one of the largest mortgage lenders in the country saw hackers stealing the personal details of over 1.5 million users, including Social Security numbers. Tap or click here for the full story and tips on what to do if your information is exposed.

Data breaches are among the most common cybersecurity threats out there. Stolen data involves sensitive information such as credit card numbers, customer data, trade secrets or national security matters. Just how far do these attacks reach? Read on for the alarming figures.

Here’s the backstory

Americans lost over $20 billion to data breaches between 2017 and 2021. Those numbers are too big to ignore even if you haven’t been a victim — which may happen without your knowledge.

In an email to, Forbes Advisor compiled breach data from the FBI’s Internet Crime Complaint Center and came up with more staggering numbers. Check out the key findings below, comprising five years of data.

The top five states hit the hardest by data breaches

  • California: 325,291 victims lost a total of $3,738,488,140.
  • Texas: 179,217 victims lost a total of $1,820,823,734.
  • New York: 141,170 victims lost a total of $1,775,479,397.
  • Florida: 198,830 victims lost a total of $1,723,041,371.
  • Ohio: 64,926 victims lost a total of $776,895,836.

The most expensive types of data breaches:

Email account compromise (EAC):

Let’s say you do business with a company that’s been hacked. The crooks have your email address and can send you messages that appear to come from the company.

The messages trick you into providing sensitive information or clicking on malicious links that infect your system with malware. A total of 94,814 breaches with losses of $7,527,098,098 involved EAC attacks.

Confidence fraud/Romance:

A criminal can adopt a fake online identity to gain your trust and affection. They may lure you in with plans to meet in person, but their ultimate goal is to get your money by asking for it or stealing it.

A total of 86,780 breaches with losses of $2,311,138,731 involved confidence/romance scams. Tap or click here to hide your phone number from your dating matches.


Scammers can lure you in with promises of riches via investment in the stock market, cryptocurrency, real estate and more. Once they get your money, they disappear. A total of 26,388 breaches with losses of $1,717,576,571 involved investment scams.


Always be careful when shopping online, especially during the holidays. When you pay for something online but don’t receive it, that’s a non-delivery scam.

Sellers can also be affected here. Non-payment scams involve shipping goods without receiving payment. These retail scams were involved in 362,962 breaches with a financial loss of $950,596,596.

Real estate/Rental:

Real estate data contains sensitive financial and contact details and makes for a prime target. These data breaches totaled 55,377 reports, with $944,761,963 in financial losses.

The most common data breaches:

  • Non-payment/Non-delivery (see above): 362,962 breaches.
  • No lead value: This indicates incomplete complaints, which totaled 275,707 breaches.
  • Extortion: Data breaches at large companies provide scammers with contact information. They use this to message their victims, threatening to reveal private information to their families and employers unless they pay a ransom. Extortion breaches totaled 213,237 reports.
  • Personal data breach: When personal data is lost, destroyed, corrupted or unintentionally disclosed to others, that’s a personal data breach. Scammers can take these actions themselves, but you could also accidentally do so. One example is sending an email with sensitive information to the wrong person. Oops! 203,317 personal data breaches were reported.
  • Identity theft: This is a scary one. Compromised data from a breach enables criminals to falsely impersonate you to access your accounts, trick people who trust you out of money or commit crimes in your name. Identity theft breaches totaled 140,091 reports.

If you’ve been a breach victim, you must act fast. Tap or click here for the first steps to take.

Get ahead of the crooks

There’s no guaranteed method to protect against falling victim to cybercrime following a data breach, but you can drastically reduce your chances with the following precautions:

  • Beware of phishing emails hitting your inbox. Scammers piggyback on breaches by sending malicious emails to trick you into clicking their links that supposedly have important information. Look out for strange URLs, return addresses and spelling/grammar errors.
  • Keep an eye on your banking statements for any unusual transactions. If you see anything strange, notify your bank immediately.
  • Enable two-factor authentication (2FA) for all your online accounts that offer it. This will make it more difficult for hackers to access your accounts. 
  • Check Enter your email address into this online database to reveal which data breaches you might be involved in.
  • Create strong, original passwords for all your accounts and don’t reuse any. Can’t keep track of all your unique passwords? Just use a password manager. Tap or click here to get started.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at That’s over 85% off the regular price!

Keep reading

4 data backup mistakes that could cost you your photos, videos and other files

3 tricks to see if your passwords are being sold on the Dark Web

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days