In 2019, a massive data exposure came to light that would redefine how security professionals think about "aggregated" data versus "breached" data. The incident involving and its partner, Oxydata , is often cited as one of the largest data exposures in history—not because of a traditional hack, but because of a misconfigured server that left nearly 1.2 billion unique records publicly accessible without a password.
Last updated: April 2026
PDL itself was not “hacked.” Their customer’s server (which hosted PDL data) was misconfigured. However, because the data originated from PDL, the incident is universally attributed to PDL’s supply chain risk. pdl data breach