2014 was certainly a big year for data breaches; impacting the likes of Adobe, Apple, Evernote, eBay, and Facebook….to name a few of the headliners. As 2015 came to a close, we saw even more breaches, hitting the likes of industries like health-care, financial, education, federal government, and eCommerce. While the threat of cyber security increases, the good news is that we’re seeing more and more companies getting educated, taking action, and making increased investments in both security technologies and people (CSO), for which to manage threats. Let’s take a look at the top data breaches of 2015:
- Ashley Madison- While not the largest breach on the list this year, Ashley Madison certainly got a lot of press, bringing up uncomfortable discussions w/in many relationships as those cheaters were exposed publicly. Unfortunately the outing had many negative consequences from divorce, separation, and even death as a few Ashley Madison customers took their lives over the shame and emotional distress. In the end, over 37 million customer records were exposed. Making matters worse, other less scrupulous types then used the public personal data to then blackmail users for bitcoin payments. In short, things got way ugly and fast. The hacker group, calling themselves The Impact Team succeeded in their goal of decimating Ashley Madison’s business model as the company has struggled to regain customer trust, despite the companies position of “all is well”.
- BlueCross BlueShield – In two different hacks targeting the heath care provider in 2015, over 12 million subscribers, as well as some individuals who do business with the company, found their personal information had been stolen. The breach compromised subscriber data, which includes names, birth dates, Social Security numbers (11.2 Million SSNs), bank account information, addresses and other information. One of the breaches (CareFirst/BlueCross) was discovered as part of a 3rd party security review that found hackers had gained access to a database that members use to get access to the company’s website and services.
- Multi-Bank Cyber Heist- In February, over 100+ banks around the world discovered they’d been breached and over $1Billion in funds had been stolen. (Yes, $1 Billion). Kaspersky Lab, a Moscow based security firm, discovered that the banks’ networks had been breached via common phishing tactics, allowing hackers to gain access to employee account credentials and key systems. The cybercriminal ring, calling themselves ‘Carbanak’, then used those credentials to make fraudulent transfers and hijacked ATM machines as they funneled more than $1 billion into their own offshore accounts. While initial attacks were first detected as early as December 2013, the activity continued to ramp up until ultimately being shut down in April of 2015.
- US Government- Office of Personnel Management- Easily one of the largest and most brazen cyber attacks in history, a whopping 25.7 Million federal workers found their personal information had been stolen. What was initially reported as a breach affecting 4.2 million individuals, later spiraled into another separate attack affecting 21.5 million records. While the perpetrators and their methods have yet to be divulged to the public, we do know that they first accessed the US government databases as early as March 2014. Therefore, for over a year these hackers (reportedly traced back to China) walked away with personally identifiable information such as Social Security numbers, as well as names, dates and places of birth, and addresses. The hack went deeper than initially believed and likely involved theft of detailed security-clearance-related background information as well. The breach resulted in the resignation of the Director of the OPM, in addition to a $23Million online and mail campaign to help those affected ensure their compromised data wasn’t already being used. So yes, tax payers just paid for a campaign that’s likely to have zero effect.
The above hacks and data breaches were targeted with different intentions in mind. Some were breached with the goal of accessing credit card information and some were hacked just for the sake of pride or revenge, as in the case of Ashley Madison. Regardless of intent, one thing they all have in common is that hackers were almost always in their systems, unchecked, for over 12+ months on average. Without an increased eye on security, hackers have plenty of time to kick back and work some magic with your customer’s personal data. If you feel your site has been compromised or you’d like to test your site’s security, don’t hesitate to take a free scan today. Click here Let us find the holes in your site before someone else does.