The exponential rise in cyber attacks and data breaches on big companies has fueled concerns over vulnerable security systems for companies that lost millions of customer’s records to hackers. We’ve created a list of the most devastating cyber attacks of 2015 that have breached the maximum amount of customer data.
List of the most impacted organization in 2015 cyber attacks
According to a post, The Identity Theft Resource Center (ITRC) reported a total of 548 data breaches from January through October 2015. Of these, the majority of breaches (43%) were carried out in the business sector. The second-most popular area among cyber attackers is seen to be the medical and healthcare industry, covering 31% of the breaches. The remaining is divided amongst banking, education and government/military organizations as 10%, 9% and 7% respectively. From these breaches, we’ve discussed some of the most prominent ones that have caused the most damage and impact, violating the maximum number of records. We shall look at these in more detail to better understand the nature and impact of such attacks.
In Jan 2015, Anthem Inc., one of America’s largest health insurers, was a victim of data breach. This is considered to be one of the largest attacks, as it affected over 78.8 million customers record. There has still not been any definite identification, though there has been speculation that the hackers were criminals sponsored by China. The information obtained by the hackers included the victims’ names, birthdays, SSN, medical IDs, addresses, e-mail IDs and work information including details of income. This data might be sold on the black market to create fake IDs. There has been some discussion over whether the fact that Anthem Inc. did not have its data encrypted made its database more susceptible. It goes without saying though that the non-encryption made the hackers’ job a lot easier. Post breach, Anthem has offered free credit monitoring, advising people who were affected to remain vigilant.
United States Office of Personnel Management (OPM)
OPM is a US governmental agency that manages civil services. The agency’s database was breached, which led to the unauthorized access of personal information of more than 22 million records. The hackers who have been rummaging through the records for a year were also linked to China, though the Chinese government has denied any involvement in the attack. OPM carried out security clearances through forms known as SF-86s. These required the applicants to submit not only personal information such as their SSN, military records, addresses, employment and income history, birthdays, etc., but also details about relatives, friends, associates and foreign contacts. The forms also asked the applicants for more delicate information, such as their drug use history, mental health history, past relationships, etc. This information can be used not only for identity fraud, but also for blackmailing, or exploiting government employees. It is also expected that this data shall be used for massive spear-phishing. Like Anthem Inc., OPM had also left their databases unencrypted. In addition, large portions of the databases did not have security authorizations, whereas many central databases did not meet the federal security standards. The agency is now providing monitoring and protection services to the victims of this attack.
Experian North America/T-Mobile USA Inc.
The consumer data broker Experian North America was a victim of a cyber breach that affected about 15 million customers record, who had applied for services from T-Mobile USA Inc. No information has been found about the hackers. The information exposed by the breach included people’s names, addresses, SSN, birthdays, ID numbers, and any data submitted for T-Mobile’s credit assessment. No payment card and bank details were accessed by the hacker, which means that the victims’ financial information is still safe and secure. Nevertheless, the information breached is enough to make the affected persons victims of identity theft. Experian used encryption in their databases. It is, however, unclear as to how the breach took place so quickly. Post breach, Experian has offered two years of credit monitoring and identity protection services to all T-Mobile users, irrespective of them being affected or not.
Premera Blue Cross
Another one in the healthcare department, Premera Blue Cross, a prominent healthcare service provider, faced a cyber attack that affected more than 11 million records. The offenders are thought to be state-sponsored Chinese hackers. The data breach gave the hackers access to victims’ names, birthdays, addresses, e-mail IDs, phone numbers, SSN, bank information, and clinical information. The company is deemed negligent, as just three weeks before the attack, it received a warning from federal auditors that its security provisions for the network were not sufficient. The information is most likely to be used for identity theft, which is why the company is offering two years of free credit monitoring and identity-theft-protection services.
Excellus Blue Cross Blue Shield (BCBS)
Excellus Blue Cross Blue Shield is a non-profit health insurance company. The company suffered a cyber breach in 2013, which was discovered only in August 2015. This attack is said to have affected more than 10 million customers record, giving the hackers access to their names, date of birth, SSN, addresses, phone numbers, financial account information and claims information. The hackers have not even been vaguely identified, but the data they accessed was unencrypted. The data can be used for identity theft or by foreign governments to gather information about American personnel. Excellus BCBS is providing two years of free identity theft protection services and credit monitoring.
One common factor among all these attacks is – leaving private data exposed. No business or organization is free from attacks. To minimize your risk of exposure, it is essential that you should always be at guard and control the personal information that you make available, so that as soon as you know that there is a possible issue, you can devise a damage control program to successfully overcome the identity related problems swiftly, efficiently and thoroughly. The decision to invest in any new program must not be taken lightly.
Contact us today and one of our certified security experts will be happy to assist you in assessing your enterprise security infrastructure.
Subscribe to our Newsletter
Get the latest content from our Managed Services Blog.