Major Incident Database
The most expensive IT incidents in history. Real companies, real costs, real lessons.
| Company | Date | Type | Duration | Est. Cost | Cause |
|---|---|---|---|---|---|
| CrowdStrike | Jul 2024 | Deployment Rollback | Multi-day | $5.4B | Faulty content update caused Windows BSOD globally, grounding flights and disrupting hospitals |
| Equifax | Sep 2017 | Security Breach | Months | $1.4B | Unpatched Apache Struts vulnerability exposed 147M consumers' personal data including SSNs |
| Yahoo | 2013-2014 | Security Breach | Years | $350M | Two massive breaches affecting 3B accounts led to $350M reduction in Verizon acquisition price |
| Capital One | Jul 2019 | Security Breach | Months | $300M | Misconfigured WAF on AWS allowed ex-employee to access 106M customer records |
| Maersk (NotPetya) | Jun 2017 | Security Breach | Weeks | $300M | NotPetya ransomware wiped 49,000 laptops and destroyed most of the company's IT infrastructure |
| Target | Dec 2013 | Security Breach | Weeks | $292M | HVAC vendor credentials used to install malware on POS systems, stealing 40M credit card numbers |
| British Airways | Sep 2018 | Security Breach | Weeks | $230M | Magecart skimming attack on website stole 380K payment cards, resulting in record GDPR fine |
| Marriott | Nov 2018 | Security Breach | Years | $124M | Starwood reservation database breached since 2014, exposing 500M guest records including passport numbers |
| SolarWinds | Dec 2020 | Security Breach | Months | $100M+ | Nation-state supply chain attack via Orion software update compromised 18,000 organizations including US government |
| Meta / Facebook | Oct 2021 | Service Outage | ~6 hours | $100M | BGP routing misconfiguration during maintenance made all Facebook services globally unreachable |
| AWS us-east-1 | Dec 2021 | Service Outage | ~5 hours | $150M | Network device overload cascaded across internal services, taking down major websites and services |
| Colonial Pipeline | May 2021 | Security Breach | Days | $4.4M ransom + disruption | DarkSide ransomware attack shut down largest US fuel pipeline, causing fuel shortages across East Coast |
| GitLab | Jan 2017 | Data Loss | 18 hours | $10M+ | Admin accidentally deleted production database; 5 backup methods all failed, losing 6 hours of data |
| Cloudflare | Jun 2022 | Service Outage | ~2 hours | $10M+ | BGP change in 19 data centers caused widespread outage affecting millions of websites |
| Slack | Feb 2022 | Service Outage | ~5 hours | $8M+ | Database infrastructure issue during configuration change disrupted all messaging globally |
Industry Benchmark
The average cost of a data breach is $4.45 million according to IBM's 2023 Cost of a Data Breach Report. The average time to identify and contain a breach is 277 days.