It can get kind of exhausting, trying to keep up with all the data breaches surfacing in the media. It seems like almost every other week, there’s some new crisis in circulation; a new leak, hack, or exploit that puts our personal information at risk. Some are worse than others – a hospital losing a few thousand patient names versus a bank losing hundreds of thousands of financial records, but every breach of private data has the potential to wreak considerable emotional and financial harm on the people concerned.
Today, we’re going to take a look back at some of the worst data breaches we saw this year. Hopefully, as we move forward into 2016, we don’t start seeing incidents that top them (though we probably will).
Back in September, infamous cheating site Ashley Madison found itself with egg on its face as hackers released the personal information of over 37 million users, no doubt ending scores of marriages and relationships in the process. The most distressing thing about this breach isn’t the fact that it happened, but the fact that public sentiment seemed to veer towards the notion that Ashley Madison’s users got exactly what they deserve. Thing is…where do we draw the line here?
The Ashley Madison hack ruined countless lives, and put scores of users at risk. Was it really justified? Consider that almost none of the women in the database actually used the site, then answer that question again.
In February, Indianapolis-based health insurance firm Anthem Inc was hit by a cyberattack, compromising the personal information of as many as 80 million Americans including names, addresses, and social security numbers. Unfortunately, this sort of thing seems to be par for the course with healthcare which, as we know, has some of the worst security practices in the world. The attack wasn’t all that sophisticated, by the way – the hackers got access using phishing techniques.
For those of you who’ve not heard of the company, Vtech is a toymaker whose most noteworthy product is a tablet that allows children to video chat with their parents. Yeah. You can see where this is going, right?
In late November, the company suffered a major breach, as hackers accessed the details of more than six million children’s accounts. Those details included names, genders, birthdays; even photos and videos. Turns out it was all made possible by the fact that Vtech does not properly encrypt its passwords.
November evidently wasn’t a great month for cybersecurity. In addition to the Vtech breach, phone service technology firm Securus Technologies suffered a massive breach of its own, leaking over 70 million phone records from calls made across 37 states. That’s not the bad part, though.
Turns out, plenty of prisons were recording and storing conversations between inmates and their lawyers – a clear violation of client-attorney privilege. While it’s not yet clear what sort of legal action’s to be taken, there’s one thing we know for sure. Heads are going to roll for this (figuratively, of course).
Crowdfunding site Patreon was struck this October, as its entire cache of data was published online by hackers, in a dump nearly 15 GB in size. Mercifully, it was only names, email addresses, and messages that were leaked. Credit card numbers and social security numbers weren’t compromised.
So at least there’s a silver lining, right?
I think it’s safe to say that the business relationship between Experian and T- Mobile ended this year. In October – which, ironically, is National Cybersecurity Awareness Month – Experian revealed that approximately 15 million Social Security numbers (among other data) connected to T-Mobile customers were compromised. Other information included names, dates of birth, addresses, driver’s license numbers, and credit assessment details.
It’s not even the first time this has happened, notes analyst Brian Krebs in a discussion of Experian’s downright abysmal security practices.
Retail Brokerage firm Scottrade revealed this year that illegal network activity occurring “between 2013 and 2014” potentially compromised the contact details of nearly 5 million customers. The attack was later linked to a group of four men who were charged with hacking into several other major financial institutions. Although it’s not clear what they were after, authorities believe that the group planned to use stolen emails in stock manipulation schemes.
The UCLA Health breach is noteworthy solely because of how easily it could have been prevented. See, UCLA health was hit by a massive hack earlier this year in which over 4 million patient records were compromised. Here’s the kicker:
Turns out the firm never encrypted its patient data. Everything from medical data to social security numbers was stored in plaintext.
At first glance, the attack on Hacking Team is a healthy dose of ironic justice. An Italian surveillance firm, Hacking Team is infamous for tracking down vulnerabilities that governments can exploit to spy on their citizens, and even more infamous for working with some of the worst dictators and tyrants in the modern world. No one quite realized just how vile the organization was until emails, confidential documents, and communiques were published online by the attackers, however.
Here’s the unfortunate part – the information also included a ton of working Flash exploits, which criminals then happily used to target regular consumers. Kind of a double-edged sword at second glance, isn’t it?
We’ve saved the worst for last. The Office of Personnel Management was hacked back in 2014 (just revealed this year), and the records of 22 million government employees were stolen by an unknown assailant. We still don’t know who the hackers were, or what they wanted – and for the affected employees, that’s downright terrifying.