Go to page content

Delete your data from the companies that have recently had major data breaches

Remove your information from their records. It's fast and completely free.

Why should I tell them to delete my data?

You should delete your personal data from companies that have had major data breaches to make sure that they can't compromise your information again. Simply press 'Get Started' and pick from our list of breached companies to send deletion requests, for free.

Remember, it's your information, which means it's your legal right to tell them to delete your data.

Types of personal data that could have been compromised:

  • Name, address and contact details
  • Bank and insurance details
  • IP Address & Cookie identifiers
  • Marital status and number of children
  • Political opinions and affiliations

This personal data could be used to financially harm you, or as a tool for identity theft.

We've compiled a list of all of the major data breaches of 2020, and the companies involved, below.

Why Rightly?

We’re free because our mission is to make data fairer, for everyone.

We don't use consumer data for commercial purposes, which means we'll never, ever sell your data. It also means that there are no adverts or hidden costs.

Which companies have had major data breaches in 2020?

Marriott International

In February 2020, hotel chain Marriott International experienced a new data breach.

The login details of two Marriott employees were used to access guest information, including:

  • contact details
  • loyalty account information
  • birth dates
  • loyalty programs and partnership details
  • other personal information

Number of records affected: 5.2 million.

Virgin Media

A Virgin Media database containing customers’ personal details was accessible online for 10 months.

The database included:

  • phone numbers
  • home addresses
  • email addresses

Number of records affected: 900,000

Network Rail wifi

The personal information of people using free station wifi was exposed online. The data included personal contact details and dates of birth.

The database was searchable by username, meaning a customer’s travel patterns could be determined by anyone accessing the database.

Number of records affected: 146 million


In May 2020, low-cost airline EasyJet revealed that a "highly-sophisticated attacker" stole the personal data of 9 million customers.

There were two groups of affected customers in the EasyJet breach. The first was the 9 million customers who lost:

  • email addresses
  • names
  • travel records

Even worse, roughly 2,200 customers had their credit card details exposed, including the three-digit CVV code on the backs of their cards, which leaves their finances very vulnerable.

Number of people affected: approx. 9 million


In October, retail giant H&M was fined €35.3m (£32.1m) for the illegal surveillance of several hundred employees. This is the second-largest fine a single company has faced under EU GDPR rules.

The company kept "excessive" records on its workforce including:

  • family details
  • religions
  • illnesses

Number of people affected: approx. 300

MGM Grand Hotels

In February 2020, the personal details of more than 10.6 million users who stayed at MGM Resorts hotels were published on a hacking forum.

This affected the both normal tourists and a huge number of celebrities, tech CEOs, government officials and reporters.

Details breached included:

  • full names
  • home addresses
  • phone numbers,
  • emails
  • dates of birth

Number of people affected: 10,683,188 former hotel guests.


At the start of April, the news broke that 500,000 stolen Zoom passwords were up for sale, and more than half a million Zoom account credentials had been shared.

Number of people affected: approx 550,000

Boots advantage card

Days after 600,000 Tesco Clubcard holders had also suffered a breach, Boots also breached the data of approximately 150,000 people. The type of information breached was mainly passwords.

Amount of people affected: 150,000


In June 2020, the personal information of Nintendo account holders was compromised. This included:

  • name
  • email address
  • date-of-birth
  • country of residence

Some users also announced that their accounts were charged for digital items without their permission.

Number of records affected: approximately 300,000

Bettson AB (SuperCasino)

In January 2020, SuperCasino suffered a data breach and lost:

  • names
  • usernames
  • email addresses
  • phone numbers
  • physical addresses
  • date of registration

SuperCasino advised all customers to reset their passwords (as well as any passwords for other similar sites).

Number of records affected: UNKNOWN.


Also in January 2020, CheckPeople’s database containing the personal details of 56 million US residents was posted on the public internet from an IP address in Hangzhou, China. These details contained:

  • names
  • addresses
  • phone numbers

Number of records affected: 56 million

Clearview AI 

The facial-recognition software maker’s entire list of customers was stolen in a huge data breach. A security flaw meant that an unauthorised person was able to access every search made by each of Clearview AI’s customers – and how many accounts each customer had set up.

Number of records affected: 3 million

Koodo Mobile

The Canadian brand’s customer data was breached by an unauthorised person and sold online. The information that was stolen was from August and September 2017. It contained:

  • mobile numbers
  • account numbers

Number of records affected: UNKNOWN.

Why should I use Rightly to send deletion requests?

If you think your information has been compromised due to a data breach - perhaps you've seen it on the news, this page or by using a tool like PWNED - you should send deletion requests to delete your data from their records so that it doesn't happen again.

Through Rightly, you can send multiple requests quickly, easily and for free. No finding data protection emails or needing to supply excessive amounts of information, just one process with lots of customer support.

Our mission is to make data fairer for all, which means no hidden costs, subscriptions or data sharing.

How do I send deletion requests?

The easiest way to delete your information from company records is by sending a request through Rightly.


  • Press the 'Get Started' button at the top of this page and select the breached companies you'd like to contact
  • Add your basic details so that they can identify you
  • Check your email to send your request

If you can't find the company that you're looking for, contact our support team and we'll add it for you straight away.

What if they don't reply to my request?

Don't worry, they have to by law. You can ask any company if they have your personal data, even if you don't know for sure whether or not they have it. They have to tell you what they have, as well as how and why they are using it. This is thanks to your ‘right of access’ under GDPR law. GDPR applies in the UK and EU.

After the company has received your request, they have to reply in full within 30 days, or give a valid reason for asking for an extension, by law. If this happens, our support team is here to help!

Keeping your data safe