The Top 10 Biggest Data Breaches of 2015 | Digital Guardian Page 1 of 8
Total Page:16
File Type:pdf, Size:1020Kb
The Top 10 Biggest Data Breaches of 2015 | Digital Guardian Page 1 of 8 CONTACT US • SUPPORT • BLOG • PARTNERS PRODUCTS SOLUTIONS SERVICES RESOURCES ABOUT HOME BLOG The Top 10 Biggest Data Breaches of 2015 Wednesday January 13, 2016 By Nate Lord 64 Here’s a look back at the top ten biggest data FOLLOW US: breaches in 2015. 17 2015 was yet another year of massive data breaches, with an increase of 193149 reported incidents from 2014’s total. If these numbers are any indication, 2015 could surpass 2014’s record of 1 billion records exposed from data breaches. While the smoke clears and the dust settles, here’s a New 2016 roundup1 of the ten biggest data breaches last year, by total records lost. Gartner DLP Share Magic Quadrant Digital Guardian is a 10. Excellus BlueCross BlueShield Discovers Leader in the 2016 Magic Two-Year-Old Compromise that Exposed Quadrant for Data Loss Prevention. Read the Information on 10 Million Customers report to to understand how DLP solutions have evolved to provide advanced data protection. Download the report RELATED ARTICLES Stand By Me The Court has turned the Remijas v. Neiman Image via Mike Greenlar. Marcus Group, LLC. case into gold with its ruling; In August, healthcare provider Excellus uncovered a series of successful cyber attacks dating back as far as December 2013. The attacks were read this blog post to detected in a forensic investigation conducted in response to the number learn what the Court has of recent breaches and attacks that targeted other healthcare companies done to do so. (such as Anthem, Premera, Carefirst, and Community Health Services). The data exposed could include names, birthdates, Social Security Numbers, On The Internet, mailing addresses, phone numbers, financial information, medical claim Everyone Knows You’re A information, and member identification numbers. Dog Free Trial 2016 Gartner DLP MQ Contact Us https://digitalguardian.com/blog/top-10-biggest-data-breaches-2015 4/16/2016 The Top 10 Biggest Data Breaches of 2015 | Digital Guardian Page 2 of 8 9. Premera Data Breach Exposes HealthCONTACT US • SUPPORT • BLOG •The PARTNERS release of gigabytes of data from extramarital PRODUCTS SOLUTIONS SERVICES RESOURCEShookup site AshleyABOUT Madison underscores the death of online anonymity – and the dangers of unchecked data collection and storage by online merchants. Healthcare Leaks Not Just For Healthcare Providers 64 A report from Verizon finds that leaks of protected health Image via Kim Crompton/Spokane Journal. 17 information are epidemic, as more, To many, 2015 marked the year of the healthcare breach. In yet another different types of hacking-based149 breach in the health industry, Premera announced in March that it had detected a data breach affecting 11 million customers. While organizations are called less records were exposed than the Anthem breach, Premera’s 11 million on to track and store records1 exposed were more sensitive than those leaked by Anthem, health data. including Social Security Numbers, financial information, and healthcare dataShare including clinical and claims information. 8. VTech Data Breach Exposes Personal Information of 11.3 Million Customers, Including Children Image via VTech/Amazon. Free Trial 2016 Gartner DLP MQ Contact Us https://digitalguardian.com/blog/top-10-biggest-data-breaches-2015 4/16/2016 The Top 10 Biggest Data Breaches of 2015 | Digital Guardian Page 3 of 8 Late 2015 saw the announcement of a data breach at Hong Kong toymaker CONTACT US • SUPPORT • BLOG • PARTNERS PRODUCTS SOLUTIONS SERVICES RESOURCES ABOUT exposed includes names, email addresses, encrypted passwords, secret questions and answers used for account access, IP addresses, mailing addresses, and download histories. According to VTech’s FAQ on the data breach, the information exposed on children was limited to names, gender, and birthdates. Attributed to a “skilled hacker,” the incident and following investigation led to the British police’s arrest of a 21-year-old man in connection with the attack. 7. Misconfigured Database Exposes Information on 13 Million MacKeeper Users 64 17 149 1 Share Image via Malware Tips. Researcher Chris Vickery discovered two of the largest data breaches of 2015 while searching the internet for publicly accessible database servers. Vickery’s first discovery consisted of a 21 gigabyte cache of user data belonging to Kromtech, producer of the MacKeeper software utility for Apple computers. The information was left publicly exposed by a misconfigured database server and included names, user names, hashed passwords, IP addresses, license information, and purchase history. The database was taken offline “within hours of discovery,” according to a statement from MacKeeper/Kromtech. 6. T-Mobile has Information on 15 Million Customers Exposed in Experian Data Breach Free Trial 2016 Gartner DLP MQ Contact Us https://digitalguardian.com/blog/top-10-biggest-data-breaches-2015 4/16/2016 The Top 10 Biggest Data Breaches of 2015 | Digital Guardian Page 4 of 8 CONTACT US • SUPPORT • BLOG • PARTNERS PRODUCTS SOLUTIONS SERVICES RESOURCES ABOUT 64 Image via Bank Info Security. In September, Experian notified T-Mobile that “an unauthorized party accessed17 T-Mobile data housed in an Experian server.” Representative of the growing problem of data breaches via third party business partners, the incident exposed names, addresses, Social Security Numbers, birthdates, and149 other identifiable information (in some cases driver’s licenses, military IDs, or passport numbers) on up to 15 million T-Mobile customers. The incident marked the second major data breach involving Experian, who lost 200 million records in 2012 after acquiring a subsidiary that had been 1 compromised. Share 5. The Office of Personnel Management Exposes Personal Information of 21.5 Million Government Workers in Data Breach Image via Cyber Security Caucus. The Office of Personnel Management made headlines this June when it disclosed that the personal records of millions of federal workers were stolen over the course of two hacking attacks spanning March through June. Following the incidents, OPM announced that 4.2 million had their information exposed in the breach – a number that increased to 18 million and then finally 21.5 million as the investigation progressed. The sensitivity Free Trial 2016 Gartner DLP MQ Contact Us https://digitalguardian.com/blog/top-10-biggest-data-breaches-2015 4/16/2016 The Top 10 Biggest Data Breaches of 2015 | Digital Guardian Page 5 of 8 security clearance information, health records, fingerprints, and more – CONTACT US • SUPPORT • BLOG • PARTNERS PRODUCTS SOLUTIONS SERVICES RESOURCES ABOUT resigned on July 10. The attackers have not been named publicly, but U.S. Intelligence Chief James Clapper has confirmed that the attacks are believed to have originated in China. 4. Ashley Madison Hacked, Records Stolen on 37 Million Users Image via Ashley Madison/Avid Life Media. The infamous extramarital dating website Ashley Madison fell victim to a widely publicized hack and ensuing data breach in July. Following an online dump of volumes of Ashley Madison data, the hackers – a group known as Impact Team – blackmailed Ashley Madison with the release of customers’ personal data unless the website was permanently shut dwn within 30 days. Ashley Madison did not shut down, and Impact Team started dumping user data on August 18. The dating site’s reputation did take quite a hit from the breach, however, which revealed some questionable business practices by the company. 3. Securus Hack Leads to Data Breach of 70 Million Prisoner Phone Calls Free Trial 2016 Gartner DLP MQ Contact Us https://digitalguardian.com/blog/top-10-biggest-data-breaches-2015 4/16/2016 The Top 10 Biggest Data Breaches of 2015 | Digital Guardian Page 6 of 8 CONTACT US • SUPPORT • BLOG • PARTNERS PRODUCTS SOLUTIONS SERVICES RESOURCES ABOUT Image via Huffington Post. In November,64 an anonymous hacker leaked over 70 million recordings of inmate phone calls made using phone services provided by Securus Technologies. The recordings include phone calls made by prisoners between17 December 2011 through spring of 2014, spanning prisons in 37 states. The motive behind the data breach is best described as hacktivism, as the hacker claimed to have carried out the attack due to their belief that Securus’149 recording of prisoner phone calls – particularly between inmates and their attorneys – could be in violation of those inmates’ constitutional rights. Of the 70 million recordings, at least 14,000 have been determined to be1 calls between inmates and lawyers. Share 2. Anthem Loses 80 Million Customer Records in “Sophisticated Attack” Image via Darron Cummings/Associated Press. 2015 kicked off with Anthem’s disclosure of the loss of 80 million personal records stolen in a “sophisticated attack” discovered in January. The breach came on the heels of a 2014 warning from the FBI stating that hackers are targeting companies in the health industry. The FBI’s warning proved true, with Anthem going down as the first major healthcare provider to fall victim to a hacking attack in 2015. Data stolen includes names, birthdates, email addresses, Social Security Numbers, and medical IDs. After the breach was discovered, Anthem launched Anthemfacts.com to inform customers and offered 24 months of free identity theft repair and credit monitoring Free Trial 2016 Gartner DLP MQ Contact Us https://digitalguardian.com/blog/top-10-biggest-data-breaches-2015 4/16/2016 The Top 10 Biggest Data Breaches of 2015 | Digital Guardian Page 7 of 8 been named publicly, but it is widely believed that this breach was also CONTACT US • SUPPORT • BLOG • PARTNERS PRODUCTS SOLUTIONS SERVICES RESOURCES ABOUT 1. Database Server Misconfiguration Exposes Personal Information on 191 Million Registered Voters 64 17 149 1 Image via Newsy/Getty Images/John Moore. Share 2015 ended with a bang on the data breach front, as security researcher Chris Vickery disclosed his discovery of a misconfigured database server that left information on 191 million registered voters openly exposed on the internet.