The Corporate Wall of Shame

Installed secret "defeat device" software to cheat emissions tests on 11 million diesel vehicles worldwide, deceiving regulators and consumers for years.

Roundup weedkiller's active ingredient glyphosate was linked to non-Hodgkin lymphoma in tens of thousands of plaintiffs who used the product.

Talcum powder products linked to ovarian cancer and mesothelioma; J&J allegedly knew of asbestos contamination and concealed it from the public for decades.

Military-grade earplugs manufactured by 3M's Aearo subsidiary were defectively designed, causing hearing loss and tinnitus in hundreds of thousands of U.S. veterans.

Aggressively marketed OxyContin while knowingly downplaying its addiction risks, helping to ignite the opioid epidemic that has killed hundreds of thousands of Americans.

Bank employees secretly opened millions of unauthorized savings and checking accounts in customers' names to hit aggressive sales quotas set by management.

Concealed known safety flaws in the 737 MAX's MCAS flight-control system from regulators. Two crashes killed 346 people before the fleet was grounded worldwide.

Allowed Cambridge Analytica to harvest personal data of 87 million users without explicit consent, which was then used for targeted political advertising.

Secretly throttled the performance of older iPhones via software updates, slowing devices without user knowledge or consent to manage battery aging.

A preventable data breach — exploiting an unpatched Apache Struts vulnerability — exposed Social Security numbers, birth dates, and financial records of 147 million Americans.

Tracked users' precise location data even after they explicitly disabled Location History in their Google account settings.

A cyberattack exploited poor security practices to steal names, SSNs, and driver's license data of 76 million current and former T-Mobile customers.

A former AWS cloud engineer exploited a misconfigured web application firewall to steal credit card applications and personal data of over 100 million customers.

After hackers stole data of 57 million riders and drivers, Uber secretly paid them $100,000 to delete it and stay quiet rather than disclosing the breach as required by law.

Failed to properly dispose of servers and devices containing unencrypted personal data of millions of wealth management clients, including account numbers and SSNs.

Two massive data breaches (2013–2014) compromised all 3 billion Yahoo accounts. The company concealed both breaches from users and investors for years.

The largest U.S. health insurer was breached in 2015, exposing Social Security numbers, employment details, and medical IDs of 78.8 million people.

Collected biometric data including face prints and voiceprints from minors, and harvested personal data from users under 13 without parental consent, violating COPPA.

Routed user video calls through China's servers, shared personal data with Facebook without consent, and falsely claimed end-to-end encryption during the COVID-19 pandemic surge.

Gamified trading features caused customers to make reckless trades; misleading communications led some investors to believe they owed massive amounts, contributing to at least one suicide.

Hackers lurked undetected in Starwood's reservation system for four years before and after Marriott's acquisition, stealing personal data of up to 500 million hotel guests.

Hackers installed malware on point-of-sale terminals during the 2013 holiday shopping season, stealing 40 million credit and debit card numbers from shoppers.

Alexa retained voice recordings of children indefinitely despite deletion requests; Ring doorbell camera shared footage with police without owner consent.

Systematically failed to prevent sexual harassment in its restaurants over many years, enabling a toxic culture that harmed thousands of workers across its franchise network.

Point-of-sale malware silently harvested payment card data from 56 million customers across all U.S. and Canadian store locations over a five-month window.