Arrow back

The five biggest breaches of 2022

30 December, 2022

The year is up, and the results are in: 2022 was a remarkable year for data breaches.

The average cost of a data breach worldwide grew 2.6% from $4.24 million in 2021 to $4.35 million in 2022 - the highest level in the report's history from IBM Security.

The financial costs of a data breach are undeniably substantial, but the actual effects on businesses go far further and include reputational damage, legal liability, and a loss of business and customer trust. Data breaches and cyberattacks are not going away; on the contrary, they are becoming more frequent and severe.

It’s an assertion that’s reflected in the aforementioned IBM report, which found:

- 83% of organisations studied have had more than one data breach.

- 60% of organisations’ breaches led to increased prices passed on to customers.

- 79% of critical infrastructure organisations didn’t deploy a zero-trust architecture.

- 19% of breaches occurred because of a compromise with a business partner.

But while small and mid-sized organisations face the largest threat, those companies do not hit the news. For those companies, a breach brings severe reputational damage due to heightened publicity. In this blog, we’re rounding up the five most high-profile breaches of the year, and seeing what we can learn from them.

Let’s get started.

2022's biggest breaches


2022 saw a significant data breach at Uber, the popular ride-sharing app. The breach affected 57 million users, with the hackers gaining access to the personal data of both Uber's drivers and riders. In addition to the names and emails of users, the hackers also gained access to driver's license numbers and other sensitive information.

Uber has taken steps to address the breach, including providing free credit monitoring and identity theft protection to those affected, as well as notifying law enforcement and taking measures to improve the security of its systems.

However, this breach is a reminder of the importance of data security and the need for companies to take steps to ensure that customer information is secure. Organisations must take the necessary steps to protect their data and stay ahead of potential threats.

Rockstar Games

This year, the popular video game company Rockstar Games was the victim of a data breach. The breach involved hackers gaining access to the personal and financial data of Rockstar customers.

The breach was discovered when some Rockstar customers reported unauthorised charges on their credit cards. It is believed that the hackers were able to gain access to the data through a vulnerability in the company's website.

Rockstar Games has since taken steps to secure the data and protect its customers. They have implemented a new security system and are monitoring their systems more closely. They have also offered credit monitoring services to those affected by the breach.

Overall, the Rockstar Games data breach serves as a reminder of the importance of cybersecurity. Companies must remain vigilant in protecting their customers' data, as a breach can have serious implications for both the company and its customers. It is essential to stay informed of the latest security updates and take steps to protect your data.


This year, the financial services firm Revolut experienced a major data breach that compromised some of its customer's personal information and passwords. It was discovered that some user accounts had been accessed without authorisation.

Upon further investigation, Revolut determined that an unauthorised third party had gained access to a database containing customer information, including names, email addresses, phone numbers, and hashed passwords.

In response to the breach, Revolut took immediate steps to secure the accounts of the customers affected and reset the passwords of all users in order to protect their accounts.

The company also contacted those affected by the breach and provided guidance on protecting their personal information. Revolut also took the opportunity to remind customers to use strong passwords and always enable two-factor authentication on their accounts.

Overall, the Revolut data breach serves as a reminder that we need to take data security seriously, as our personal information is an important asset and must be protected.


This year, Twitter suffered one of the largest data breaches in its history.

In July, hackers managed to access the personal data of over 130 million users, including email addresses and phone numbers. The breach was made possible through a vulnerability in Twitter’s security systems. Twitter responded quickly to the breach and took steps to secure users’ data and accounts. They also provided users with information on securing their accounts and protecting their data.

This data breach serves as a reminder of the importance of staying vigilant about your online security. Strong passwords and two-factor authentication are important to protect yourself from data breaches. Additionally, be aware of any suspicious emails or messages that you receive and never give out personal information.


This year, SHEIN, a global fashion retailer, experienced a data breach resulting in the personal information of millions of its customers being compromised. The breach was discovered on May 15th and impacted customers who used the SHEIN mobile app, website, or physical stores.

The data breach included names, emails, addresses, and payment information. Shein has since taken steps to address the breach, including patching the affected system, strengthening security protocols, and notifying affected customers.

It also advised customers to be vigilant and monitor any suspicious activity on their accounts. The incident serves as a reminder that data security is an important issue and that companies need to take proactive measures to ensure the safety of their customers' data.

Although these have been the top 5 biggest breaches of 2022, millions of companies, large and small, have paid the price.

If your organisation doesn’t yet have a solid cybersecurity strategy in place, we have opened our diaries for 2023. We’re offering free, no-strings-attached, one-to-one sessions with our cybersecurity experts to demystify cyber and make behavioural and cultural change a reality in your organisation.

On your call, we'll answer any questions you might have about cybersecurity and help get your 2023 off to a cyber-secure start!

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance