

Unless you’ve been sleeping in a cave, you’d know by now that 2015 was a huge year for data breaches, with many high-profile targets succumbing to bad actors.
But what were the biggest breaches of the year?
B2B technology public relations agency 10Fold, Inc. analyzed the year that was and came up with its top seven breaches.
“As the research 10Fold has conducted clearly shows, security never sleeps. Each of the top seven data breaches compromised more than 5 million records, indicating that attackers are becoming stealthier, are employing more sophisticated techniques, and are going after bigger and more lucrative targets,” 10Fold Vice President of Security Practice Angela Griffo told SiliconANGLE. “What’s more, our research indicates that cyber criminals are increasingly going after targets in the medical and healthcare verticals, which store valuable patient data that can’t be reissued like a credit card. Looking at the top breaches at year’s end allows us to detect patterns while also giving us a glimpse of what we can expect to see in the future.”
The 10Fold list of the seven largest breaches of 2015 as follows.
Excellus BlueCross BlueShield announced in September that it was the victim of a sophisticated attack after hackers gained access to its information technology systems dating as far back as December 2013.
The attack followed a series of healthcare hacks that had started at the beginning of 2015, with the Excellus hack, in particular, compromising the identifiable information of more than 10 million members, making this the third-largest healthcare breach in 2015.
The exposed information included names, birth dates, Social Security Numbers, member identification numbers, financial account information and claims information, leaving members vulnerable to fraud and identity theft.
Insurance companies were a popular target in 2015, with Premera Blue Cross admitting in March that it had experienced a cyber attack affecting up to 11 million members.
The hack was discovered by the organization on January 29 of this year, although the initial attack dates back to May 2014.
Premera’s investigation team determined that attackers infiltrated the organization’s information technology system, which allowed them to access applicants’ and members’ personal information, such as names, birth dates, Social Security Numbers, member identification numbers and bank account information.
Children’s toy maker VTech Holdings Ltd. was hit by the first data breach to ever directly target children in November when an unauthorized party accessed customer data through the Learning Lodge app store customer database and Kid Connect servers.
The attack is now believed to have affected 6.4 million children and 4.9 million customer (parent) accounts worldwide, exposing personally identifying information, such as names, passwords, IP addresses, download history, and children’s gender and birth dates.
Also in November, Experian North America stated that attackers breached a server in one of its business units that contained personally identifiable information for approximately 15 million T-Mobile customers.
The data included names, birth dates, addresses, Social Security Numbers and/or an alternative form of ID, such as drivers’ license numbers.
The breach is said to have occurred in part due to T-Mobile sharing customer information with Experian to process required credit checks for service or device financing; breaches such as these underscore that when customers share their information with a business, their personal data isn’t always kept private.
In June, hackers targeted the Federal Office of Personnel Management in a cyber attack that compromised the records of more than 21.5 million U.S. citizens, including information on highly personal information contained in background investigation applications.
The attack affected 19.7 million individuals who applied for security clearances, 1.8 million relatives and other government personnel associates, and 3.6 million current and former government employees.
If that’s not bad enough, the stolen data also included 5.6 million fingerprint records belonging to the background-check applicants, causing U.S. intelligence and law enforcement officials to be concerned about the theft of data on government forms submitted for security clearance with good reason — these applicants share detailed information about themselves, including mental-health history and previous relationships.
A hacker or hackers going by the name of The Impact Team accessed Ashley Madison’s user database in July, obtaining financial records and other proprietary information, including the personal data of 37 million users.
A manifesto written by group disclosed that a “full delete” feature Ashley Madison charged users for to delete their personal data from the site was a lie, as the company kept their payment information and purchase details, which hold identifiable information.
The manifesto also instructed Ashley Madison parent company Avid Life Media to permanently delete the forums of Ashley Madison or they would release all customer information; the company refused, and the hackers subsequently released the information, resulting not only in broken relationships but more disturbingly attempted blackmail.
The largest healthcare data breach in history occurred in February when Anthem announced it was the victim of a hack that resulted in the theft of approximately 78.8 million highly sensitive patient records.
By the end of the month, Anthem disclosed that the breach likely impacted an additional 8.8 to 18.8 million non-patient records that included names, birth dates, Social Security Nnumbers, addresses and employment data.
The attack on Anthem was the beginning of a series of healthcare hacks this year, including assaults on Premera Blue Cross, CareFirst BlueCross BlueShield, UCLA Health Systems and Excellus BlueCross BlueShield.
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.