The Worst Data Breaches of 2015
Nearly 20 million personal records were compromised by cyber-attacks in 2015, and cyber-criminals are increasingly targeting health-care companies.
The Anthem data breach is the largest health-care data breach ever and began in early 2015. Consequences: 78.8 million highly sensitive patient records breached. 8.8 to 18.8 million non-patient records breached. Exposed information: names, birth dates, Social Security numbers, addresses and employment data.
Excellus’ IT systems were hacked in December 2013, but the company announced the breach in 2015. It was the third-largest health care breach in 2015. Consequences: 10 million members’ personal identification information was compromised. Exposed information: names, birth dates, Social Security numbers, member identification numbers, financial account information and claims information.
The attack on Premera occurred in May 2014, but was discovered on Jan. 29, 2015. Consequences: 11 million members were affected. Exposed information: personal information, names, birth dates, Social Security numbers, member identification numbers and bank account information.
This data breach is the first to directly target children. An unauthorized party accessed customer data through the Learning Lodge app store and Kid Connect servers on Nov. 14. Consequences: 6.4 million children and 4.9 million parents’ accounts worldwide were compromised. Exposed information: names, passwords, IP addresses, download history, and children’s genders and birth dates.
Experian North America announced a breached server in one of its business units. Consequences: 15 million T-Mobile customers were affected. Exposed information: names, birth dates, addresses and Socials Security numbers and/or an alternative form of ID, such as driver’s license numbers.
The breach occurred partly because T-Mobile shared customer information with Experian to process required credit checks for service or device financing. This underscores that when customers share information with a business, their personal data is not always kept private.
An attack on the Federal Office of Personnel Management (OPM) exposed highly personal information resulting from background investigation applications. Consequences: 21.5 million citizen records compromised. This included 19.7 million individuals who applied for security clearance, 1.8 million relatives and other government personnel associates, and 3.6 million current and former government employees. 5.6 million fingerprint records were stolen.
Ashley Madison, which caters to people who are already in relationships but still want to date, was not only hacked but blackmailed. The Impact Team claimed credit for the Ashley Madison database breach. Consequences: 37 million users’ financial records and personal information exposed.
The Impact Team said Ashley Madison did not scrub personally identifiable information of customers who opted to have their profile and history deleted, but instead retained payment information and purchase details. The Impact Team demanded that Ashley Madison permanently delete its forums. When it refused to do so, the Impact Team released customer records.