Yahoo Finance 12 of the Biggest Data Hacks of 2015
These are 2015's biggest cybercrimes.
Cybersecurity and data hacks continued to be a growing problem in 2015. Government servers, financial companies, insurers -- they all were compromised by computer crime from hacks that impacted millions of people. The Ponemon Institute, which tracks privacy, data protection and information-security policy, reports that criminal attacks are the leading cause of data breaches in the health care industry, and that the average annual loss from cybercrime for companies worldwide exceeds $7.7 million. Here are some of the most prominent cybersecurity breaches of 2015.
Vtech Holdings (VTKLY)
The Hong Kong digital company was victim of one of the year's biggest hacks in November when its Learning Lodge database was compromised, allowing hackers to get adults' profile information, email addresses, passwords and the names and birthdates of millions of children and their photographs. As many as 6.4 million accounts were accessed, and the breach served as a wake-up call for many parents concerned about their child's online footprint.
Scottrade
In October, the privately held discount brokerage said hackers accessed names and addresses of as many as 4.6 million retail clients. Scottrade did not detect the breach; instead, federal authorities discovered that hackers had accessed data. The attacks occurred between late 2013 and early 2014. Scottrade said hackers only accessed client names and addresses, although email addresses and Social Security numbers were among the data held in the system. The firm says trading information was not compromised, and it offered customers a year of free identity-theft protection.
Federal Aviation Administration
In February, the FAA unearthed a malware virus, spread via email, in its computer system. Administrators found no damage to the agency's systems, but federal auditors had a more sobering assessment, saying the air traffic-control system remains vulnerable to cyberattacks. An industry advisory committee, consisting of FAA officials and representatives of the global aerospace industry, are working together to address vulnerability to cyberattacks. Manufacturer Boeing Co. (BA) has also hired hackers who attempt to compromise software onboard aircraft.
Patreon
Hackers released user names, email addresses and shipping addresses of 2.3 million users of the crowdfunding site Patreon in early October. Other data, such as site comments and chat messages, were also downloaded. Jack Conte, co-founder of the privately held Patreon, said credit card numbers and other financial data are not stored on company servers and had not been accessed. Just days before the attack, Detectify, a Swedish online security firm, warned Patreon that its system was vulnerable.
Internal Revenue Service
While customers of private-sector firms may take some comfort that not all their data was downloaded in a particular cyberattack, any sense of complacency was likely dashed by the IRS announcement that taxpayer information had been accessed by hackers in May. The data included birthdates, street addresses and Social Security numbers. The breach, which occurred in the IRS Get Transcript application, was initially believed to have affected about 114,000 taxpayers, but by August, research revealed that more than 330,000 accounts were compromised.
Experian (EXPGY) and T-Mobile U.S. (PCS)
Vendors should not be putting client data at risk, but that's exactly what happened when credit-monitoring firm Experian was hacked, exposing personal data of millions of T-Mobile customers. T-Mobile pays Experian to conduct credit checks on people applying for phone and data services. Hackers got data on about 15 million people, with the breach lasting for two years beginning in September 2013. Downloaded data included names, addresses, birthdates and potentially encrypted data such as Social Security, driver's license numbers and passport numbers.
Office of Personnel Management
The OPM said in early June that a cyberattack had compromised data for 4.2 million current and former federal workers. A few days later, the OPM revealed a second breach. In total, the OPM says breaches affected 22 million people who had applied for government jobs or security clearances. Data from some applicants' family members was also stolen. Compromised data included names, addresses, names of relatives, employment histories and health care histories, in some cases. Fingerprints were also downloaded. OPM director Katherine Archuleta resigned as a result of the breach.
U.S. Army
Even the Army couldn't defend itself from cyberattack. In June, the site was hijacked by a group calling itself the Syrian Electronic Army, which left messages, including one that read, "Your commanders admit they are training the people they have sent you to die fighting." The Army temporarily took its entire site offline and determined that hackers had not accessed any sensitive or private data pertaining to personnel or activities. The site is intended for the general public and contains no information about classified operations.
CVS Health Corp. (CVS)
In July, pharmacy chain CVS Health Corp. said a data breach at a Canadian vendor may have exposed information about customers of its online photo printing service. By September, those fears were confirmed, with CVS saying that the site, run by PNI Digital Media, was hacked, and information about an unspecified number of customers was compromised. Rite Aid Corp. (RAD), Costco Wholesale Corp. (COST) and Wal-Mart Canada (WMT), also PNI clients, were also affected. CVS's main website was not compromised, nor was any data belonging to pharmacy customers.
St. Louis Federal Reserve
In late April, hackers redirected the domain name servers of the St. Louis Fed, sending visitors instead to a rogue Web page that captured online communications between financial entities dealing with the Federal Reserve. The Fed warned that users who attempted to log onto its site may have had their passwords and user names compromised and urged users to change their passwords.
Ashley Madison
Perhaps the most infamous cyberattack of 2015 targeted clients of Ashley Madison, a website for people seeking extramarital relationships. In July, the company learned that hackers had published user profiles, credit card numbers and financial transactions, among other data. Revelations included email addresses of government employees who were using the site on the job. The situation worsened with reports that Ashley Madison parent company Avid Life Media had sold a premium service that promised to erase all client data. However, that information was never removed.
Anthem (ANTM)
In February, health insurer Anthem said hackers had accessed its servers and downloaded personal data from customers and employees. Even people who were not Anthem customers may have been affected, as Anthem handles paperwork for some smaller insurers. Hackers apparently broke into Anthem's system by using login credentials of employees with system access. Anthem said the information stolen included names, addresses, birthdates, Social Security numbers and employment information such as salaries.
More From US News & World Report
