Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Biggest data breaches of 2015

Tim Greene | Dec. 3, 2015
From Ashley Madison to VTech it has been a nasty data breach year.

Why it’s big – The attackers posted personal information of customers seeking extramarital affairs with other married persons, which led to embarrassment, and in two cases, possible suicides.

Office of Personnel Management

Data compromised – Personnel records on 22 million current and former federal employees

How they got in – Using a contractor’s stolen credentials to plant a malware backdoor in the network.

How long they went undetected – 343 days

How they were discovered – Anomalous SSL traffic and a decryption tool were observed within the network, leading to a forensic investigation.

Why it’s big: It appeared to be a data mining operation – seeking data on individuals for intelligence purposes as opposed to data to be exploited for cash. The stolen personnel records include those for workers with classified employees holding sensitive jobs in law enforcement and intelligence, and also includes their fingerprints.


Data compromised – Personal information about more than 80 million people

How they got in – A possible watering hole attack that yielded a compromised administrator password

How long they went undetected – Nine months

How they were discovered – A systems administrator noticed a legitimate account was querying internal databases but without the legitimate users’ knowledge.

Why it’s big – It resulted in the largest number of records compromised in a healthcare network and bore the fingerprints of Deep Panda, a group known for breaking into technology, aerospace and energy firms as well as another health insurer, Premera.

Hacking Team

Data compromised – 400GB of internal files including zero day exploits the company planned to sell, source code, a list of its customers and emails

How they got in – Attackers gained access to an engineer’s PC while it was logged into the network. (His password was Passw0rd.)

How long they went undetected – Undisclosed

How they were discovered – Attackers announced it by commandeering the company’s Twitter account and renaming it Hacked Team

Why it’s big – It revealed the customer list for the attack tools that Hacking Team sold and gave insight into how it negotiated sales and for how much. It was ironic in that a firm selling hacking tools was itself hacked.


Data compromised – Names, dates of birth, addresses, telephone numbers, email addresses, Social Security numbers, member identification numbers, medical claims information and financial information for 11 million customers

How they got in – Perhaps using phishing to lure employees to typo domain sites that downloaded malware

How long they went undetected – May 5, 2014 to Jan. 29, 2015

How they were discovered – Undisclosed.

Why it’s big – It was the largest breach of medical records, and the methods used in the attack are similar to those used against Anthem and likely used by the same attack group. Both attacks were discovered the same day.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.