Big data breaches made big news in 2015 as measured by a variety of criteria that range from the number of records compromised to the types of data stolen to the potential threat to specific groups such as children.
The recent VTech Learning Lodge hack, for example, affected about 5 million adults and 200,000 children, including photos of parents and kids. By linking stolen children’s names with their parents’ names, attackers could figure out the last names and locations of the kids.
Multiple breaches at the U.S. government’s Office of Personnel Management over nearly a year led to theft of data on 22 million current and former federal employees that included the fingerprints of about 5 million. Among those affected: members of law enforcement and intelligence communities. The agency had lots of problems, including the lack of a comprehensive inventory of its IT assets.
Two major health insurers, Anthem and Premera, were hacked, likely by the same actor, resulting in the largest theft of medical records to date. Both break-ins were discovered on the same day, leading some to think law enforcement had discovered the attacks and tipped off the victims. The perpetrators seemed to be after intelligence as opposed to data they could sell for cash, indicating that a nation might be behind it. The breaches involved methods and tactics attributed to a Chinese group known as Deep Panda.
The Hacking Team, an Italian business that sells zero-day exploits to governments so they can break into systems, was itself hacked, much to the delight of social media. The posting of gigabytes of stolen data revealed that staff used lame passwords and sold to some governments with sketchy human-rights records. It also made public zero day exploits it had in its arsenal, some of which made their way into use in the wild.
And there was Ashley Madison, the site for married people to find other married people with whom to have affairs. Its customer records were posted publicly, leading to much embarrassment, heartache and perhaps two suicides. It also represented a treasure trove of potential spear-phishing victims.
Below is a list of some of the top hacks of 2015 with a summary of what was stolen, how and the impact.
Data compromised – 37 million customer records including millions of account passwords made vulnerable by a bad MD5 hash implementation
How they got in – Unclear.
How long they went undetected – Discovered July 12, 2015, undisclosed when they got in.
How they were discovered – The hackers, called the Impact Team, pushed a screen to employees’ computers on login that announced the breach.
Sign up for CIO Asia eNewsletters.