Companies from Target to Chipotle have been victimized by cybercriminals.
Who has been hacked? It might be easier to ask who hasn’t been hacked, as Fortune explores in the cover story of our Jul. 1 issue. The list below is just a sample of big companies and institutions struck by major data breaches in the past five years. As you can see, no industry has been spared. By now, the damage has afflicted billions of consumer accounts and is costing the companies tens or hundreds of millions. Alas, cyber-crime tools are getting cheaper and more prolific—which means the hacking nightmare is unlikely to end anytime soon.
In 2012, the professional network said 6.5 million accounts had been hacked. In 2016, it emerged that the breach was much worse: Hackers were selling name and password info for more than 117 million accounts.
In December 2013, 110 million customers’ personal and financial information was exposed. CEO Gregg Steinhafel later resigned as part of the fallout from the massive breach.
Hackers hijacked one of JPMorgan Chase’s servers and stole data about millions of the bank’s accounts, which they allegedly used in fraud schemes yielding some $100 million.
Home Depot, 2014
Hackers stole email and credit card data from more than 50 million customers. The breach cost the retail chain at least $179 million in settlements with consumers and credit card companies.
Hackers believed to be associated with North Korea rampaged through the servers of Sony Pictures Entertainment in retaliation for a film comedy showing North Korean leader Kim Jong-un’s face being melted off.
Hilton Hotels, 2015
Hackers got inside the chain’s payment system and reportedly stole customer credit card data from dozens of Hilton and Starwood chains from across the country.
Law Firms, 2015
Chinese hackers accessed email accounts at firms Cravath Swaine & Moore and Weil Gotshal & Manges—and learned about upcoming corporate mergers. They allegedly made $4 million trading on the information.
North Korean hackers reportedly exploited weaknesses in the SWIFT payment system to steal $81 million from the Bangladesh Central Bank’s account at the New York Federal Reserve.
Hackers drained a total of around $3.2 million from more than 9,000 accounts in Tesco Bank, the bank run by the giant grocery chain. Tesco was forced to reimburse customers for the stolen money.
An Eastern European criminal gang reportedly used phishing to steal the credit card information of millions of Chipotle customers. The breach was part of a larger scam targeting restaurants.
A version of this article appears in the Jul. 1, 2017 issue of Fortune as part of the feature titled “Hacked.”