Data Breaches of 2015: Bigger & Badder
The data breaches of 2014 were bad, including hacks at high-profile companies like Home Depot, eBay and Sony. In fact, 2014 was such a bad year for security, we dubbed it “The Year of the Hack.”
Little did we know that things would only get worse in 2015…like much worse. Who even knew that was possible?
We know we’re a bit early for the end-of-year summaries that normally appear around December, but we thought we’d get a headstart and look back at data breaches this year and list the highlights so far.
I mean, maybe there won’t be any more between now and the New Year? (Fingers crossed.)
Office of Personnel Management Data Breach
While a security breach may have devastating aftershocks, there is still no “Richter scale” to measure its magnitude.
But however you measure it, there’s no doubt that the OPM cyber attack comes in on top. (Sorry, US Government, there’s no blue ribbon for such achievements.)
Here’s the scoop: In June 2015, the Office of Personnel Management announced that it had suffered a data breach.
Initial numbers estimated that four million government employees had their personal information stolen.
However, current estimates put the number of those affected at a whopping twenty-two million employees – a number that continues to rise.
This insane figure includes records on all personnel data for every government employee, retiree and former employee.
And it wasn’t just social security numbers and addresses that were compromised; some of the records that were stolen in the OPM data hack contained information on background checks and fingerprints, around 5.6 million of which were stolen.
The enormous scale of the OPM hacking earned it the title of “the worst data breach in US history”
So, who done it you ask?
According to media reports, the US Government suspects that Chinese intelligence was behind the data theft.
If that is true, it’s possible that the information was leaked in order to place moles within the US Government.
To make matters even worse, the OPM had been repeatedly warned of its shortcomings in protecting data. (Maybe next time they’ll listen?)
The aftermath of this breach remains to be seen – but we can assume it will have dire consequences, even if we ordinary folk don’t come to hear about it.
Ashley Madison Data Breach
A month after the OPM breach another major incident took place – hackers released all the personal information of members of the Ashley Madison website.
This breach is considered especially nasty due to the scandalous nature of Ashley Madison (in case you’ve been living in a cave for the last year, the site helps adulterers find other adulterers to shack up with).
The details of 37 million members were leaked by the hackers, resulting in many broken homes and even two suicides.
The hackers continued to leak information, including the contents of internal emails, and eventually even the CEO of Ashley Madison, Noel Biderman, was forced to step down.
Noel claimed repeatedly that he never used his own site to cheat on his wife, but some of the leaked emails proved that he too had had a number of affairs. Busted!
The moral of the story: We should always be aware of the possibility that our private accounts and personal info may end up available for the world to see.
And – for heaven’s sake! – if you’re going to play around outside of marriage, please be extra careful.
Anthem Data Breach
Next up on our list of disaster breaches of 2015…the Anthem hack.
This American health insurance firm had close to 80 million customer records stolen, as well as the information of 19 million prospective customers.
The leaked information included names, date of births, addresses, email addresses, social security numbers and other identity-theft-ready personal information.
The Anthem breach affected several of the company’s brands, including Anthem Blue Cross, Amerigroup, CareMore, UniCare and many others.
And Anthem wasn’t the only healthcare-related breach in 2015; UCLA Health, among others, also suffered data breaches.
Carphone Warehouse Data Breach
Of course, not all breaches occur in the United States.
Across the pond, the UK’s biggest data breach of the year (so far) was the Carphone Warehouse cyber attack.
The information of up to 2.4 million customers was accessed in the Carphone Warehouse hack, including names, addresses, dates of birth and, best of all – that is, best of all if you’re a hacker – bank details. I can just hear those hackers smacking their lips…
In addition, the encrypted card details of up to 90,000 people were accessed. The Carphone Warehouse security breach wasn’t pretty for our friends overseas.
Experian Data Breach
Experian, the Irish-based credit agency, also suffered a major data breach in 2015 which exposed the personal information of 15 million people, most of whom were T-Mobile USA users.
Information stolen from the Experian hack included names, addresses, driving licenses, passport numbers and – another hacker delight – social security numbers.
The licenses and passport numbers were kept by Experian in encrypted fields, but apparently the encryption itself may have been weakened in the hack.
As a result of the hack, Experian has offered T-Mobile customers free credit monitoring, in the hopes of thwarting future identity theft.
You see where I’m going with all these examples, right?
Okay, we’ll spell it out for you – it’s hard to protect your information online!
The Experian breach is yet another example of this, and of how personal information can be leaked through a third party; although T-Mobile was not at fault here, their customers were the ones most affected.
Still not convinced? Let’s go with one more breach disaster…
LastPass Data Breach
The LastPass hack of 2015 has a bit of an ironic twist.
First, they’re a software company that helps customers manage multiple passwords and sensitive data – like, it’s their job to help you stay organized and safe.
Last June, LastPass announced that there had been a data breach.
According to the company, they have not seen any evidence that their encrypted “user vault” (which stores personal information in the cloud) had been breached, nor that any LastPass user accounts were accessed. In the end, users were safe, but it was a close call. (Big sigh of relief!)
Hackers are not afraid to target any organization, including security companies. This LastPass breach was not the only security hack targeted at a security company in recent years.
Add Kaspersky Anti-Virus and RSA to the list as well.
Only time will tell if the rest of 2015 – not to mention next year and beyond – will continue experiencing bigger and badder data breaches.
One thing remains certain: there is no magical formula that can ensure the absolute safety of our personal information.
So what can you do? Be cybersecurity-aware and protect yourself!