The top 5 most damaging U.S. data breaches of 2015… so far
This year, many businesses and government organizations have fallen victim to hacker groups stealing personal information belonging to millions of people. Companies and organizations are starting to receive negative PR over large-scale data breaches, and it’s putting executive’s jobs and the businesses themselves at risk.
Out of the many cybersecurity attacks that have occurred this year, there are five that stand out by causing the most damage to both people and organizations.
1. Office of Personnel Management
In June, the U.S. government’s Office of Personnel Management had its computer network hacked, and over 22 million people had their personal information stolen as a result. The information taken by the hackers consisted of social security numbers, performance evaluations, background checks, health records, and passwords. The millions of people affected made this one of the biggest data breaches the United States has ever faced.
The cyber breach was allegedly linked to the Chinese government, which damaged the relationship between the two countries. The hack also shined light on just how outdated the cybersecurity is for the Office of Personnel Management’s computer network. Katherine Archuleta, the director of the Office of Personnel Management, resigned from her position after the office’s outdated security was made public, and many people started calling for her step down.
At the beginning of the year, Anthem, one of the largest U.S. health insurance providers, lost the records of up to 80 million customers and employees to hackers. The breach put millions of people at risk of identity theft after social security numbers, addresses, and health IDs were taken. An Anthem employee spotted the breach by accident, preventing the hackers from taking even more information. According to the FireEye cybersecurity provider the breach was pulled off with customized techniques and that it was “very advanced,” which would explain how this resulted in one of the largest health insurance network breaches to date.
3. Ashley Madison
In July, hackers released the personal information and emails of Ashley Madison customers and employees. The site promotes infidelity, so most of the customers made accounts on Ashley Madison because they were promised that their information would stay confidential.
After the information was leaked, the website’s parent company, Avid Life Media, was hit with a $578 million lawsuit over their failure to completely erase customer’s personal data. The company’s CEO, Noel Biderman, stepped down after being faced with nonstop negative PR. This data breach may force the company into a shut down, if Ashley Madison’s image doesn’t start improving.
In May, a breach was discovered in the CareFirst health insurance company’s network that had been going on since June 2014. Over a million current and former members may have had their usernames, passwords, and personal information stolen. CareFirst announced that the personal information taken didn’t include sensitive data, like “social Security Numbers, medical claims information, or financial information.” The breach may not have been found, if it wasn’t for CareFirst’s effort to tighten cybersecurity after multiple health insurance companies became the victims of large-scale data breaches.
The IRS was faced with a data breach in May after an organized crime syndicate used the agency’s website against them. Their website offers a “Get Transcript” service that allows anyone to download their past tax forms by inserting their personal information. The crime syndicate used this service to steal over 100,000 people’s financial information, and proceeded to claim about 15,000 tax refunds with the stolen data.
This group had already stolen people’s personal information ahead of time, so they would have what they needed to use the Get Transcript service in someone else’s name. The data breach may be over, but the potential damage this could cause can get worse next year. The crime syndicate has the data they need to open bank accounts in someone else’s name, and they can take victims’ tax refunds during the 2016 tax season.
What other big breaches occurred this year? What measures can companies take to prevent these large-scale hacks? Leave a comment or talk to me on Twitter @Karbowski_Devon.