10. P.F. Chang's China Bistro

When: March to May 2014

Records stolen: Unknown, thought to be thousands

Type of information stolen: Criminals hacked into 33 of the chain's point-of-sale machines and stole credit and debit card data, which found its way onto the black market. In some cases, personal idenfication such as name and the card's expiration date also was acquired. The value of a stolen record? Between $18 and $140 on the online black market.

Related: Read "P.F. Chang's IDs restaurants hit by data breach"

9. Neiman Marcus

When: July 2013 to October, made public in January 2014

Records exposed: 1.1 million

Type of information stolen: Debit and credit card numbers

8. Viator

When: September 2014

Records exposed: 1.4 million

Type of information stolen: The tours and activites provider, which has been acquired by TripAdvisor, reported a data breach affecting its websites and mobile offerings. Customers' credit and debit card numbers, email address and other personal information was stolen.

7. IRS

When: Unknown, but made public in August 2014

Records exposed: 1.4 million

Type of information stolen: Not "stolen" in this case, as the IRS brought this leak upon themselves (and any taxpayer). The IRS provided a printer services contractor a compact disc containing taxpayer names, addresses and Social Security numbers. None of the contractor personnel who worked on this contract were subject to a background investigation.

That's not the only problem at the IRS. An employee has been criminally charged with storing personal information of more than 20,000 taxpayers on his home computer, which ended up on Google back in March.

6. Michaels Stores

When: May 8, 2013, to Feb. 27, 2014

Records exposed: 2.6 million

Type of information stolen: Credit and debit card information, hacked through the chain's point-of-sale systems. Personal information–names and addresses–were not stolen.

5. Community Health Systems

When: April to June 2014, made public in July 2014

Records exposed: 4.5 million

Type of information stolen: Patient names, physical addresses, birth dates, telephone and social security numbers stolen from Community Health Systems, which operates 206 hospitals across the country 

Read: "Hospital hacks: The new gold mine for data thieves"

4. Home Depot

When: April to September 2014

Records exposed: 56 million

Type of information stolen: Malware installed on cash registers syphoned credit and debit card numbers.

Read "Home Depot data breach victims' bank accounts drained" 

3. Target Corp.

When: November to December 2013

Records exposed: 70 million

Types of information stolen: Credit and debit card infrormation from 40 million accounts, and personal information–names, physical addresses–from up to 70 million customers.

Read: "Target warns data breach could hurt future profit"

2. JP Morgan Chase

When: June to July 2014

Records exposed: 76 million household accounts, 7 million small business accounts

Types of information stolen: Names, physical addresses, phone numbers and email addresses of account holders. It is not clear why the hackers chose to hunt for customer information, instead of financial data.

Read "JP Morgan Chase, four other banks, hit by hackers"

1. eBay

When: February 2014, made breach public in May 2014

Records exposed: 145 million 

Types of information stolen: Hackers stole eBay credentials "from a small number of employees" to gain access to personal data. Usernames, passwords, real names, email addresses, physical addresses, phone numbers, birthdates were stolen. Financial information was not affected. The online marketplace has not confirmed who is behind the attack, but the Syrian Electronic Army claimed responsibility.