A Look Back at the Top 7 Data Breaches of 2015

21 January 2016

In its annual year-in-review report, B2B technology public relations agency 10Fold analyzed more than 700 of the past year’s data breaches, finding that they were responsible for compromising more than 193.4 million personal records.

Charged with exposing upward of 5 million records each, seven attacks in particular stand out as the most egregious. According to Angela Griffo, vice president of the security practice at 10Fold, these were some of the most serious not only because of the number of records that were stolen, but also because of the type of information they contained:

“Our research indicates that cyber criminals are increasingly going after targets in the medical and healthcare verticals, which store valuable patient data that can’t be reissued like a credit card,” says Griffo. “Looking at the top breaches at year’s end allows us to detect patterns while also giving us a glimpse of what we can expect to see in the future.”

Here’s a countdown of the seven largest data breaches of 2015, according to 10Fold:

  1. Excellus BlueCross BlueShield: The third-largest healthcare hack of 2015, the Excellus breach put more than 10 million members at risk of identity theft as cyber criminals stole personal identifying information dating back to December 2013. Compromised information included names, birth dates, member identification numbers, financial account information and claims information.
  2. Premera Blue Cross: While Premera didn’t discover that it had become a victim of cyber crime until January 29 of this year, further investigation suggests the initial attack dates back to May 2014. The breach affected as many as 11 million accounts, compromising applicants’ and members’ personal information. Affected customers included employees of Microsoft, Starbucks and Amazon.
  3. VTech: In the first data breach to expressly target children, hackers gained access to VTech’s Learning Lodge app store customer database on November 14. The attack reportedly affected 6.4 million children and 4.9 million parent accounts worldwide.
  4. Experian/T-Mobile: When cyber criminals breached a server in one of Experian North America’s business units, they gained access to personally identifiable information for about 15 million T-Mobile customers. In addition to names, birth dates and addresses, fraudsters also stole information from alternate forms of identification, such as drivers’ license numbers, which can prove valuable when attempting ID theft.
  5. OPM: While limited to affecting only American citizens, the breach at the U.S. Federal Office of Personnel Management was large enough for companies around the world to take note. The cyber attack directed at the agency compromised the records of more than 21.5 million citizens, including those who applied for security clearances as well as their relatives and other governmental personnel associates. Attackers gained access to highly personal information contained on background investigation applications: details like fingerprints, mental health history and previous relationships.
  6. Ashley Madison: When the hacker group identified as The Impact Team accessed Ashley Madison’s user database, it found that the company did not truly delete the identifying information of customers who requested to have their profile and history deleted. Instead, the website kept their payment information and purchase details, which hold identifiable information. When Ashley Madison’s parent company failed to acquiesce The Impact Team’s request to have former customers’ details deleted, the cyber criminals released all 37 million of their customer records.
  7. Anthem: In the largest healthcare data breach in history, according to 10Fold, approximately 78.8 million highly sensitive patient records were stolen when Anthem was targeted by cyber criminals. What’s more, the fraudsters also accessed an additional 8.8 to 18.8 million non-patient records that included names, birth dates, addresses and employment data.

To help protect you from the effects of identity theft and credit fraud, consider signing up for a credit monitoring service. It can help you keep an eye on your credit file, notifying you if it detects certain activity that may indicate fraud. With this knowledge, you can take steps to protect your identity, such as activating a credit alert or security freeze.