Why it’s big – The attackers posted personal information of customers seeking extramarital affairs with other married persons, which led to embarrassment, and in two cases, possible suicides.
Office of Personnel Management
Data compromised – Personnel records on 22 million current and former federal employees
How they got in – Using a contractor’s stolen credentials to plant a malware backdoor in the network.
How long they went undetected – 343 days
How they were discovered – Anomalous SSL traffic and a decryption tool were observed within the network, leading to a forensic investigation.
Why it’s big: It appeared to be a data mining operation – seeking data on individuals for intelligence purposes as opposed to data to be exploited for cash. The stolen personnel records include those for workers with classified employees holding sensitive jobs in law enforcement and intelligence, and also includes their fingerprints.
Data compromised – Personal information about more than 80 million people
How they got in – A possible watering hole attack that yielded a compromised administrator password
How long they went undetected – Nine months
How they were discovered – A systems administrator noticed a legitimate account was querying internal databases but without the legitimate users’ knowledge.
Why it’s big – It resulted in the largest number of records compromised in a healthcare network and bore the fingerprints of Deep Panda, a group known for breaking into technology, aerospace and energy firms as well as another health insurer, Premera.
Data compromised – 400GB of internal files including zero day exploits the company planned to sell, source code, a list of its customers and emails
How they got in – Attackers gained access to an engineer’s PC while it was logged into the network. (His password was Passw0rd.)
How long they went undetected – Undisclosed
How they were discovered – Attackers announced it by commandeering the company’s Twitter account and renaming it Hacked Team
Why it’s big – It revealed the customer list for the attack tools that Hacking Team sold and gave insight into how it negotiated sales and for how much. It was ironic in that a firm selling hacking tools was itself hacked.
Data compromised – Names, dates of birth, addresses, telephone numbers, email addresses, Social Security numbers, member identification numbers, medical claims information and financial information for 11 million customers
How they got in – Perhaps using phishing to lure employees to typo domain sites that downloaded malware
How long they went undetected – May 5, 2014 to Jan. 29, 2015
How they were discovered – Undisclosed.
Why it’s big – It was the largest breach of medical records, and the methods used in the attack are similar to those used against Anthem and likely used by the same attack group. Both attacks were discovered the same day.
Sign up for CIO Asia eNewsletters.