Use this interactive tool to see how BitSight empowers you to get more out of the security investments you've already made.
It goes without saying that the following data breaches were incredibly damaging, both to the companies and to those affected. Each has resulted in some level of data loss, financial loss, and reputational harm. Below, we’re exploring what some of the top breaches in 2015, 2014, and 2013 were and examining the commonalities and differences between them.
2015 Data Breaches
In late January of 2015, medical insurance company Anthem announced it had been breached, compromising data from 80 million people. This astronomical number makes it the largest publicly-disclosed breach from a healthcare company ever. The hackers may have accessed “names, dates of birth, social security numbers, healthcare ID numbers, home addresses, email addresses, and employment information, including income data.”Anthem
Premera, a medical insurance company, was hacked in May of 2014—but the breach wasn’t disclosed until March of 2015. The hack compromised the data of 11 million individuals, including “social security numbers, birthdays, emails, physical addresses, bank account information, clinical information and detailed insurance claims” to both past and present customers, dating back to 2002.
In February 2015, the Internal Revenue Service was breached. The agency first estimated that 100,000 taxpayers were affected, but later said that number had risen to 334,000. The stolen information was gathered through the IRS Get Transcript application. (You can read their statement about the incident here.)
Office Of Personnel Management
In July of 2015, the Office of Personnel Management (OPM) revealed that 21.4 million Americans were affected in their cyber breach. The hack compromised millions of background records from “current, former and prospective federal employees.”
In one of the most infamous hacks to date, hackers breached Ashley Madison, a dating website for married individuals. The hackers then allegedly posted the data online in the form of an enormous data dump on the dark web. Ashley Madison claimed 40 million users at the time, and account details for over 32 million users were posted.
In 2012, hackers breached PR Newswire—a press release distribution company that serves many of the largest names on Wall Street—and stole data from earnings reports. They then used this information to make millions in illegal trades. The reason you’re seeing it on this list is because in August 2015, charges were brought against a number of the 32 individuals who profited from these illegal trades.
2014 Data Breaches
In May 2014, online auction house eBay discovered that their corporate network had been compromised in a cyberattack. Approximately 145 million customers’ names, passwords, email addresses, and other contact details were exposed.
In the summer of 2014, a cyberattack on JPMorgan Chase—a financial institution—compromised over 76 million individuals and seven million small businesses. Just weeks before their securities filing, a New York Times article reported that executives believed only one million accounts were affected.
In February of 2014, Home Depot was the victim of a cyberattack—20,000 employee names, dates of birth, and social security numbers were stolen by three former employees and used to open fraudulent accounts. You can read more about the breach in this Forbes article.
In November 2014, Sony suffered a massive breach due to a phishing scam. Interestingly, officials have blamed North Korean hackers who were upset over the release of “The Interview,” a feature film with a “fictional plot to assassinate North Korea’s leader, Kim Jong-Un.”
See Also: How You Can Avoid Becoming The Next Sony
Office supply chain Staples was victim to a malware intrusion on their point-of-sale systems that impacted credit card information from 115 stores. The breach ended up impacting roughly 1.16 million customers. Read more in this Fortune article.
2013 Data Breaches
According to KrebsOnSecurity, at least 38 million active users—and possible many more inactive users—were impacted when software giant Adobe was hacked in 2013.
Edward Snowden, a former National Security Administration (NSA) contractor, became one of the most infamous whistleblowers in U.S. history when he stole a reported 1.7 million classified documents from the NSA.
The Department Of Energy
In July 2013, the Department of Energy (DOE) “identified approximately 104,179 past and current federal employees, including dependents and contractors, whose name, social security number, and date of birth were compromised by this cyber incident," according to a Cyber Incident report. A federal audit, as reported by the Washington Post, revealed that the DOE didn’t properly address the cybersecurity issue that resulted in the hacking.
The Target breach of 2014—which stemmed from the hack of one of their third parties—resulted in the loss of more than 70 million customer records, including “customer names, credit or debit card number, the card’s expiration date and CVV” number. Target had contracted out to Fazio Mechanical Services, an HVAC firm, to wirelessly monitor their refrigerated units—but failed to recognize the extent of what Fazio had access to.
Personal information from more than 50 million customers were compromised in a 2013 cyberattack on LivingSocial, an online deals app. The company spokesperson noted that “names, email addresses, date[s] of birth for some users, and encrypted passwords” were all compromised.
This list serves as a great reminder of why cybersecurity has become such an important issue. Senior executives and officials are becoming more involved with managing and understanding cyber risk—and they want to do everything possible to stay off of this list next year.