The top 7 data breaches on 2015 exposed nearly 200 million records of victims. Find out which were the worst and which may have affected you.
2014 was a bad year for security breaches but looking back on 2015, this year has been pretty significant in terms of hackers gaining unauthorized access to victims’ sensitive data. Last year we put together a list of the top 10 biggest breaches of the year and we’ve returned this year, with the help of 10Fold PR Firm to compile a new list of the biggest data hacks of 2015. We’ve organized them in terms of the most users affected/records breached. The results were pretty dismal. Combining the top 7 data breaches of 2015 you’ll see some 193.4 million personal records of adults and children alike accessed.
7 Largest Data Breaches Of 2015
#1. Anthem
Ironically, the largest attack of 2015 was announced at the very start of the year in February. The attack on Blue Cross Blue Shield insurer Anthem, marked the largest healthcare data breach to date with approximately 78.8 million highly sensitive patient records accessed. Besides just patient records though, Anthem also reported the likelihood that another 8.8 to 18.8 million records belonging to employees with names, birth dates, Social Security numbers, addresses were also accessed. 2015 was riddled with attacks on government and healthcare related organizations and this hack was the first in the series.
#2. Ashley Madison
Probably one of the more controversial hacks of 2015, the Ashley Madison hack exposed 37 million users very sensitive data including personal and financial details. Ashley Madison, which had been charging users for “full delete” services which would allegedly scrub the personally identifiable information of customers who opted to have their profile and history deleted from the system, was actually doing no such thing. In fact, despite paying to have their information removed, the company still retained payment information and purchase details, which held identifiable information. When hackers revealed that the files were not scrubbed clean and then dumped the information on the web, there were disastrous consequences including some Ashley Madison users taking their lives.
#3. OPM
The Federal Office of Personnel Management hack was one that was personal to me as it affected members of my family. The OPM announced the hack in 2015 compromised the records of more than 21.5 million citizens – many of whom are in the military or other government jobs -- enabling attackers to gain access to highly personal information contained on background investigation applications. Altogether, the attack affected 19.7 million individuals who applied for security clearances, 1.8 million relatives and other government personnel associates, and 3.6 million current and former government employees. What’s more, the stolen data also included 5.6 million fingerprint records belonging to the background-check applicants. According to news reports, the breach caused U.S. intelligence and law enforcement officials to be concerned about the theft of data on government forms submitted for security clearances. And with good reason — these applicants share detailed information about themselves, including mental-health history and previous relationships. Hackers that gain access to the identity and fingerprints of employees with existing security clearances can cause serious, and irreparable damage to users’ privacy. The far-reaching affects of this hack have probably not even yet begun to unfold. The attack is also costing American citizens a pretty penny in future tax loads as the government has planned to dole out $133 million for ID theft protection for OPM hack victims.
#4. Experian/T-Mobile
Customers of the uncarrier, T-Mobile, saw their personal data hacked in 2015 as Experian North America, a vendor that processes the cellular company’s credit applications, stated that attackers breached a server containing personally identifiable information for approximately 15 million T-Mobile customers. The data included names, birth dates, addresses and Social Security numbers and/or an alternative form of ID, such as drivers’ license numbers.
#5. VTech
The VTech was unique in that it was the first we’ve seen that specifically targeted children. Though, thankfully, the hack was not done by a nefarious hacker, but rather one concerned with the safety of the affected children and parents, the breach was nonetheless chilling. The hacker was able to access customer data through the Learning Lodge app store database and Kid Connect servers on November 14. According to the company, the attack affected 6.4 million children and 4.9 million customer (parent) accounts worldwide, exposing personally identifying information such as names, passwords, IP addresses, download history, and children’s gender and birth dates. VTech acted quickly once informed of the issue, but nonetheless, the hack revealed some shockingly lax practices on the part of VTech with regard to customer data and that of their children.
#6. Premera Blue Cross
One month after the breach at Anthem Blue Cross, Premera Blue Cross released a statement saying it had experienced a cyber attack affecting up to 11 million members. The hack was discovered by the organization on January 29 of this year, although the initial attack dates back to May 2014. Premera’s investigation team determined that attackers infiltrated the organization’s information technology system, which allowed them to access applicants’ and members’ personal information, such as names, birth dates, Social Security numbers, member identification numbers and bank account information. Affected customers included employees of Microsoft, Starbucks and Amazon.
#7. Excellus BlueCross BlueShield
The Excellus BlueCross BlueShield hack which revealed the sensitive data of some 80 million announced that it was the victim of a sophisticated attack after hackers gained access to its information technology systems dating as far back as December 2013. This attack followed a series of healthcare hacks that had started at the beginning of the year. The Excellus hack in particular compromised the personal identifiable information of more than 10 million members, making this the third-largest healthcare breach in 2015. The exposed information, which includes names, birth dates, Social Security numbers, member identification numbers, financial account information and claims information, leaves members vulnerable to fraud and identity theft.
The information for this report was compiled largely by 10Fold, a North American public relations firm that provides its services to B2B organizations specializing in networking, IT security, cloud, storage, Big Data, enterprise software, AppDev solutions, wireless, and telecom.
10Fold analyzed 720 data breaches that occurred since January 1 st of this year that involved a minimum of 5 million records hacked. Findings were vetted via several third-party resources including ID Theft Resource Center and Information is beautiful.
“As the research 10Fold has conducted clearly shows, security never sleeps,” 10Fold’s Angela Griffo told iDigitalTimes. “Each of the top seven data breaches compromised more than 5 million records, indicating that attackers are becoming stealthier, are employing more sophisticated techniques and are going after bigger and more lucrative targets. What’s more, our research indicates that cyber criminals are increasingly going after targets in the medical and healthcare verticals, which store valuable patient data that can’t be reissued like a credit card. Looking at the top breaches at year’s end allows us to detect patterns while also giving us a glimpse of what we can expect to see in the future.”
