Every year, cyber crimes seem to get increasingly sophisticated and bizarre, and last year was no exception. The year 2015 saw a record number of hacks and breaches. From one of the biggest private financial institution in the world to an extra-marital dating site, virtually everyone was affected one way or another by the attacks.
Anthem- Loses 80 Million (+18 million records)
In the last few years, health insurance providers have been becoming increasing the target of cyber attacks and data breaches. One of the biggest such example was the one on Anthem, the second largest health insurance company in the U.S. With more than 80 million of its customers, and around 18 million customers of associated agencies, almost one in three Americans were affected by the breach.
The compromised information included sensitive information including names, birthdays, social security IDs, email and home addresses. The perpetrators are still at large, and their motives remain unascertained. It is unclear if the attacks were carried out for mass identity theft or insurance fraud. Moreover, there is a widespread concern that the information stolen could be sold at the black market. The hackers were able to do so much damage because Anthem did not keep its user’s data encrypted. The insurance company is expected to face massive lawsuits for not having done so.
All in all, it remains the worst data breaks that occurred in 2015.
JPMorgan Chase – Loses 86 Million Records
Not only was it one of the biggest attacks of this year but also wins the prize for the longest one. It remained unnoticed for an astonishing three years. The attack was finally discovered in the mid of 2015. It involved coordinated attacks by hackers in more than a dozen countries, who managed to steal information of a whooping 86 million households and small businesses.
The hack, aside from JP Morgan, also targeted the customers of nine other financial institutions such as Citi-group, Scottrade Financial Services, E*Trade Financial Corp, and Dow Jones & C. All in all, it is probably the largest data theft in the history of the U.S involving financial institutions. As of now, four suspects have been charged but the damage has already been done.
Ashley Madison- Loses 37 Million Records
The one hack that had been on the news for weeks was on the Canadian-based online dating site, Ashley Madison. Done by a group of hackers known simply as “The Impact Team”, the data breach affected around 37 million accounts and possibly even more relationships.
The hackers breached into the site’s databases and leaked the identities of its users on the internet, which included many notable names from diverse background, including politics, entertainment and military. They also threatened to leak the credit card and other personal information of the site’s users if the site did not shut down.
Image: A screenshot of the message left by the hackers after hacking the official Ashley Madison website
While the attack was actually lauded by many people over the internet (apart from the red faced victims of course) for exposing cheaters, there is fear that the leaked information could be used as blackmail important citizens of U.S and its allies. After the attacks, things went from bad to worse, as apart from losing its customers in droves; Ashley Madison was also subjected to multiple class action lawsuits.
OPM- Loses 21.5 Million Records
An undisputable award for being one of worst hacks of 2015 must go to the hacking of the Federal Office of Personnel Management. The hackers (suspected to be Chinese), managed to remain hidden for more than a year after the attack, and in this duration managed to capture the data of more than 19 million people who had applied for government security clearance. The hack also affected 1.8 million connected individuals, such as applicant’s spouses and partners.
To add salt to the injury, it was also revealed that the hackers “in a separate yet related incident” managed to gain access to the fingerprints of nearly 5.6 million federal employees. Many of these employees hold information on classified clearances and use their fingerprints to gain entry into secured computers and facilities.
Experian/ T-Mobile Loses 15 Million Records
The attacks were aimed at credit reporting agency Experian, but impacted T-mobile customers. T-mobile had sent its customer’s data to the firm for credit checks on new customers and it was through Experian that hackers managed to steal sensitive information which included names, addresses, driver’s license details and passport numbers of T-mobile’s users.
According to the official statement by T-Mobile CEO John Legere:
“…the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number (such as driver’s license or passport number), and additional information used in T-Mobile’s own credit assessment”
This attack serves as a grim reminder of the vulnerabilities that cripple even the most well protected corporate infrastructures. It is a testament to the threat that is rooted in organization’s dependency upon third party firms and contractors.
Planning for Protection
2015 was overall a terrible year when it came to digital security but with the lessons learned hopefully 2016 might turn out to be a better. Users have learned to protect their data, internet freedom and online privacy through encryption and IP cloaking.
Interest in VPN services is rising exponentially, as individual users and corporate conglomerates look to implement cyber security measures at the grass root level. Visit the Ultimate Internet Privacy Guide to learn more about the threats, privacy tools and tips that matter.