2016 Data Breaches – Year in Review
As of December 13, 2016, there were 980 data breaches with a total of 35,233,317 records exposed! Below, Identity Theft Expert John Sileo gives an overview of the main breaches in 2016:
Wendy’s began investigating a hack that started in the fall of 2015 when hackers used malware to infiltrate one particular point of sale system in the U.S. and Canada. The breach exposed customers’ credit card data.
A hacker released the records of 30,000 people employed by the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS). The hacker claiming responsibility used social engineering to compromise a worker’s email account.
A hacker targeting Verizon Enterprise Solutions collected the basic contact information of about 1.5 million Verizon Enterprise clients. This hack is ironic because Verizon is known for providing IT services and data breach assistance to businesses and government agencies around the world.
21st Century Oncology, a national network of cancer-treatment centers, revealed that hackers had stolen the personal, financial and medical data of more than 2.2 million patients.
A stolen laptop from the Premier Healthcare billing department exposed more than 200,000 patient records. The system was password protected but not encrypted.
A computer virus (later confirmed to be ransomware) paralyzed MedStar Health in Maryland and Washington, D.C. It is the largest health system impacted by ransomware that has been reported in the mainstream media.
A possible credit card breach at three U.S. Trump hotels. Prior to this announcement, hotel chains Hilton, Hyatt and Starwood had also suffered data breaches in the past couple years.
The attack on payroll giant ADP was part of a series of W-2 based attacks going after tax information. It is significant because the breach wasn’t of 640,000 individual’s records, but of 640,000 companies’ payroll records.
A hacker, called “Peace,” posted data on the Dark Web to sell information on 167 million LinkedIn accounts.
Chinese hackers had allegedly been in the computer systems of the Federal Deposit Insurance Corp. (FDIC) for three years (2010-2013) before discovery or reporting of the breach. This was discovered while the Inspector General was investigating another breach. The FDIC then retroactively reported five other breaches, affecting a total of 160,000 individuals.
Perhaps the most controversial data breaches of 2016 were those involving political figures and campaigns. Starting in July, for example, Wikileaks published multiple emails stolen from the Democratic National Committee (DNC) and from Democratic presidential nominee Hillary Clinton. This leak eventually resulted in the resignation of the DNC chair.
The Micros point-of-sale credit card systems by Oracle Corp. were compromised. This type of system is “used at more than 330,000 cash registers worldwide.”
A thief believed to be working on behalf of a foreign government stole Yahoo! e-mail addresses, passwords, full user names, dates of birth, telephone numbers, and in some cases, security questions and answers of 500 million accounts. In December 2016, Yahoo! announced a second data breach.
A Distributed Denial of Service Attack (DDoS) targeting an Internet traffic company took down a number of popular sites for many users on the east coast. Sites impacted included: “Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, [and] PayPal.”
The U.S. Navy announced that more than 130,000 Sailors Social Security numbers and other personally identifiable information (PII) was accessed by hackers through a Navy contractor’s laptop.
An application provided by Quest Diagnostics was compromised, exposing the PII of 34,000 people.