2015 Data Breaches – Year in Review
2015 was a big year in data breaches. As of December 1, 2015, there were 717 breaches with a total of 176,275,271 records exposed!!! That’s approximately 2 out of 3 adults in the U.S. so far this year. Here is an overview of the main breaches in 2015:
Premera BlueCross Blue Shield was the second largest breach to hit the health care industry this year, affecting as many as 11.2 million subscribers! The breach compromised subscriber data such as: names, birth dates, Social Security numbers, bank account information, addresses and other information.
Anthem was the largest breach in the health care industry in 2015, exposing 80 million patient and employee records. The breach occurred over several weeks and may have exposed names, date of birth, Social Security numbers, health care ID numbers, address, employment and income data and more.
As many as 100 banks around the world were impacted by a billion-dollar bank cyberheist. The cybercriminal ring, known as Carbanak, used phishing tactics to access employee account credentials, then used those stolen privileges to make fraudulent transfers and hijack ATM machines.
The hack of the Internal Revenue Service (IRS) “Get Transcript” application exposed 114,000 tax accounts to thieves. Since the initial announcement, the IRS revealed that an additional 220,000 tax accounts may have been exposed, bringing the total number of victims up to 334,000. The hacked ‘Get Transcript’ program required personal information, such as names, date of birth and Social Security numbers. The IRS believes the breach began in February and aimed to gather information for thieves to use in filing fraudulent tax returns in the next filing season.
Starbucks acknowledged that criminals used the company’s app to break into individual customer rewards accounts via their app. The Starbucks app lets you pay at checkout with your phone and reloads Starbucks gift cards by automatically drawing funds from your bank account, credit card or PayPal. It was discovered that criminals were siphoning money away from victims by breaking into their Starbucks account online, adding a new gift card, transferring funds over — and repeating the process every time the original card reloads.
The U.S. Government revealed in June that the Department of Defense Office of Personnel Management (OPM) was hit by two breaches. The larger of the two, affecting 21.5 million federal workers, was discovered in late May after a separate (and unrelated) breach hit the agency in April (affecting 4.2 million people.) Reports have tied the attack to hackers based in China, but nothing has been officially announced.
Password management company, LastPass, revealed they had been the victim of a cyber-attack. The attack compromised email addresses, password reminders, and other security features. This breach is highly significant because it shows an increasing trend from attackers to target the security vendors themselves to get consumer information.
The hack of the popular cheating website, Ashley Madison, exposed the personal information of nearly 37 million people. While some of those named as clients on the site are dealing with resulting fallout within their own families, others have been the victims of blackmail.
Pharmacy chain CVS pulled its site dedicated to photo printing offline as it investigated a suspected hack. Credit card data, addresses, phone numbers and passwords were taken, but it’s not clear how many millions were affected by the breach.
Several mobile applications contained malicious code that could, according to security firm Palo Alto Networks, prompt fake alerts to steal user details, hijack URLs and obtain data from an iPhone’s clipboard. The source of the apps, a program called XcodeGhost, was a counterfeit version of Xcode (the platform used by developers to create Mac and iOS programs.) The malicious version of Xcode was slipped in amongst authentic ones on Chinese sites and downloaded by many unknowing programmers.
Patterns of suspected fraudulent activity on customer cards led multiple financial institutions to identify a breach at Hilton Hotel properties between mid-April and late July 2015. It appears that the guest reservation system was not compromised—rather, the fraud stems from hacked point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties.
Experian PLC announced a data breach that may have compromised the personal information of roughly 15 million consumers in the U.S. who had applied for service with T-Mobile. Data taken included names, birthdates, addresses, and Social Security numbers, as well as other information used in T-Mobile’s credit assessment.
Fifty-four Starwood Hotels & Resorts were the victim of a recent security breach. Malware, which exposed customer names and credit card information, was found in a number of the retailers within the properties. Click here for a list of impacted locations.
A “clerical error” in the state of Georgia recently led to the exposure of Social Security numbers for six million voters. One year of credit monitoring services is available to those affected.
Most recent, VTech revealed its Learning Lodge database was hacked, exposing information of 6.4 million children and 4.8 million adults. While credit card data is said to not be part of the stolen information, pictures, names, email addresses and birth dates are.