Who has been hacked? It might be easier to ask who hasn’t been hacked, as Fortune explores in the cover story of our Jul. 1 issue. The list below is just a sample of big companies and institutions struck by major data breaches in the past five years. As you can see, no industry has been spared. By now, the damage has afflicted billions of consumer accounts and is costing the companies tens or hundreds of millions. Alas, cyber-crime tools are getting cheaper and more prolific—which means the hacking nightmare is unlikely to end anytime soon.
LinkedIn, 2012
In 2012, the professional network said 6.5 million accounts had been hacked. In 2016, it emerged that the breach was much worse: Hackers were selling name and password info for more than 117 million accounts.
Target, 2013
In December 2013, 110 million customers’ personal and financial information was exposed. CEO Gregg Steinhafel later resigned as part of the fallout from the massive breach.
JPMorgan, 2014
Hackers hijacked one of JPMorgan Chase’s servers and stole data about millions of the bank’s accounts, which they allegedly used in fraud schemes yielding some $100 million.
Home Depot, 2014
Hackers stole email and credit card data from more than 50 million customers. The breach cost the retail chain at least $179 million in settlements with consumers and credit card companies.
Sony, 2014
Hackers believed to be associated with North Korea rampaged through the servers of Sony Pictures Entertainment in retaliation for a film comedy showing North Korean leader Kim Jong-un’s face being melted off.
Hilton Hotels, 2015
Hackers got inside the chain’s payment system and reportedly stole customer credit card data from dozens of Hilton and Starwood chains from across the country.
Law Firms, 2015
Chinese hackers accessed email accounts at firms Cravath Swaine & Moore and Weil Gotshal & Manges—and learned about upcoming corporate mergers. They allegedly made $4 million trading on the information.
Swift, 2016
North Korean hackers reportedly exploited weaknesses in the SWIFT payment system to steal $81 million from the Bangladesh Central Bank’s account at the New York Federal Reserve.
Tesco, 2016
Hackers drained a total of around $3.2 million from more than 9,000 accounts in Tesco Bank, the bank run by the giant grocery chain. Tesco was forced to reimburse customers for the stolen money.
Chipotle, 2017
An Eastern European criminal gang reportedly used phishing to steal the credit card information of millions of Chipotle customers. The breach was part of a larger scam targeting restaurants.
A version of this article appears in the Jul. 1, 2017 issue of Fortune as part of the feature titled “Hacked.”
