UPDATED 12:00 EDT / DECEMBER 14 2015

NEWS

10Fold shares its list of the top 7 data breaches of 2015

Unless you’ve been sleeping in a cave, you’d know by now that 2015 was a huge year for data breaches, with many high-profile targets succumbing to bad actors.

But what were the biggest breaches of the year?

B2B technology public relations agency 10Fold, Inc. analyzed the year that was and came up with its top seven breaches.

“As the research 10Fold has conducted clearly shows, security never sleeps. Each of the top seven data breaches compromised more than 5 million records, indicating that attackers are becoming stealthier, are employing more sophisticated techniques, and are going after bigger and more lucrative targets,” 10Fold Vice President of  Security Practice Angela Griffo told SiliconANGLE. “What’s more, our research indicates that cyber criminals are increasingly going after targets in the medical and healthcare verticals, which store valuable patient data that can’t be reissued like a credit card. Looking at the top breaches at year’s end allows us to detect patterns while also giving us a glimpse of what we can expect to see in the future.”

The 10Fold list of the seven largest breaches of 2015 as follows.

Excellus BlueCross BlueShield

Excellus BlueCross BlueShield announced in September that it was the victim of a sophisticated attack after hackers gained access to its information technology systems dating as far back as December 2013.

The attack followed a series of healthcare hacks that had started at the beginning of 2015, with the Excellus hack, in particular, compromising the identifiable information of more than 10 million members, making this the third-largest healthcare breach in 2015.

The exposed information included names, birth dates, Social Security Numbers, member identification numbers, financial account information and claims information, leaving members vulnerable to fraud and identity theft.

Premera Blue Cross

Insurance companies were a popular target in 2015, with Premera Blue Cross admitting in March that it had experienced a cyber attack affecting up to 11 million members.

The hack was discovered by the organization on January 29 of this year, although the initial attack dates back to May 2014.

Premera’s investigation team determined that attackers infiltrated the organization’s information technology system, which allowed them to access applicants’ and members’ personal information, such as names, birth dates, Social Security Numbers, member identification numbers and bank account information.

VTech

Children’s toy maker VTech Holdings Ltd. was hit by the first data breach to ever directly target children in November when an unauthorized party accessed customer data through the Learning Lodge app store customer database and Kid Connect servers.

The attack is now believed to have affected 6.4 million children and 4.9 million customer (parent) accounts worldwide, exposing personally identifying information, such as names, passwords, IP addresses, download history, and children’s gender and birth dates.

Experian/T-Mobile

Also in November, Experian North America stated that attackers breached a server in one of its business units that contained personally identifiable information for approximately 15 million T-Mobile customers.

The data included names, birth dates, addresses, Social Security Numbers and/or an alternative form of ID, such as drivers’ license numbers.

The breach is said to have occurred in part due to T-Mobile sharing customer information with Experian to process required credit checks for service or device financing; breaches such as these underscore that when customers share their information with a business, their personal data isn’t always kept private.

Office of Personnel Management

In June, hackers targeted the Federal Office of Personnel Management in a cyber attack that compromised the records of more than 21.5 million U.S. citizens, including information on highly personal information contained in background investigation applications.

The attack affected 19.7 million individuals who applied for security clearances, 1.8 million relatives and other government personnel associates, and 3.6 million current and former government employees.

If that’s not bad enough, the stolen data also included 5.6 million fingerprint records belonging to the background-check applicants, causing U.S. intelligence and law enforcement officials to be concerned about the theft of data on government forms submitted for security clearance with good reason — these applicants share detailed information about themselves, including mental-health history and previous relationships.

Ashley Madison

A hacker or hackers going by the name of The Impact Team accessed Ashley Madison’s user database in July, obtaining financial records and other proprietary information, including the personal data of 37 million users.

A manifesto written by group disclosed that a “full delete” feature Ashley Madison charged users for to delete their personal data from the site was a lie, as the company kept their payment information and purchase details, which hold identifiable information.

The manifesto also instructed Ashley Madison parent company Avid Life Media to permanently delete the forums of Ashley Madison or they would release all customer information; the company refused, and the hackers subsequently released the information, resulting not only in broken relationships but more disturbingly attempted blackmail.

Anthem

The largest healthcare data breach in history occurred in February when Anthem announced it was the victim of a hack that resulted in the theft of approximately 78.8 million highly sensitive patient records.

By the end of the month, Anthem disclosed that the breach likely impacted an additional 8.8 to 18.8 million non-patient records that included names, birth dates, Social Security Nnumbers, addresses and employment data.

The attack on Anthem was the beginning of a series of healthcare hacks this year, including assaults on Premera Blue Cross, CareFirst BlueCross BlueShield, UCLA Health Systems and Excellus BlueCross BlueShield.

Image credit: 10fold

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU