<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Vendor Risk Management

17 Major Data Breaches From 2013 To 2015

Melissa Stevens | March 17, 2016

It goes without saying that the following data breaches were incredibly damaging, both to the companies and to those affected. Each has resulted in some level of data loss, financial loss, and reputational harm. Below, we’re exploring what some of the top breaches in 2015, 2014, and 2013 were and examining the commonalities and differences between them.

2015 Data Breaches

In late January of 2015, medical insurance company Anthem announced it had been breached, compromising data from 80 million people. This astronomical number makes it the largest publicly-disclosed breach from a healthcare company ever. The hackers may have accessed “names, dates of birth, social security numbers, healthcare ID numbers, home addresses, email addresses, and employment information, including income data.”Anthem

See Also: Security Breaches In Healthcare: How 4 Of The Largest Cases Happened

Premera

Premera, a medical insurance company, was hacked in May of 2014—but the breach wasn’t disclosed until March of 2015. The hack compromised the data of 11 million individuals, including “social security numbers, birthdays, emails, physical addresses, bank account information, clinical information and detailed insurance claims” to both past and present customers, dating back to 2002.

IRS

In February 2015, the Internal Revenue Service was breached. The agency first estimated that 100,000 taxpayers were affected, but later said that number had risen to 334,000. The stolen information was gathered through the IRS Get Transcript application. (You can read their statement about the incident here.)12 Cybersecurity Metrics

Office Of Personnel Management

In July of 2015, the Office of Personnel Management (OPM) revealed that 21.4 million Americans were affected in their cyberbreach. The hack compromised millions of background records from “current, former and prospective federal employees.”

Ashley Madison

In one of the most infamous hacks to date, hackers breached Ashley Madison, a dating website for married individuals. The hackers then allegedly posted the data online in the form of an enormous data dump on the dark web. Ashley Madison claimed 40 million users at the time, and account details for over 32 million users were posted.

PR Newswire

In 2012, hackers breached PR Newswire—a press release distribution company that serves many of the largest names on Wall Street—and stole data from earnings reports. They then used this information to make millions in illegal trades. The reason you’re seeing it on this list is because in August 2015, charges were brought against a number of the 32 individuals who profited from these illegal trades.

2014 Data Breaches

eBay

In May 2014, online auction house eBay discovered that their corporate network had been compromised in a cyberattack. Approximately 145 million customers’ names, passwords, email addresses, and other contact details were exposed.

JPMorgan Chase

In the summer of 2014, a cyberattack on JPMorgan Chase—a financial institution—compromised over 76 million individuals and seven million small businesses. Just weeks before their securities filing, a New York Times article reported that executives believed only one million accounts were affected.

Home Depot

In February of 2014, Home Depot was the victim of a cyberattack—20,000 employee names, dates of birth, and social security numbers were stolen by three former employees and used to open fraudulent accounts. You can read more about the breach in this Forbes article.

Sony

In November 2014, Sony suffered a massive breach due to a phishing scam. Interestingly, officials have blamed North Korean hackers who were upset over the release of “The Interview,” a feature film with a “fictional plot to assassinate North Korea’s leader, Kim Jong-Un.”

See Also: How You Can Avoid Becoming The Next Sony

Staples

Office supply chain Staples was victim to a malware intrusion on their point-of-sale systems that impacted credit card information from 115 stores. The breach ended up impacting roughly 1.16 million customers. Read more in this Fortune article.

2013 Data Breaches

Adobe

According to KrebsOnSecurity, at least 38 million active users—and possible many more inactive users—were impacted when software giant Adobe was hacked in 2013.

NSA (Snowden)

Edward Snowden, a former National Security Administration (NSA) contractor, became one of the most infamous whistleblowers in U.S. history when he stole a reported 1.7 million classified documents from the NSA.

The Department Of Energy

In July 2013, the Department of Energy (DOE) “identified approximately 104,179 past and current federal employees, including dependents and contractors, whose name, social security number, and date of birth were compromised by this cyber incident," according to a Cyber Incident report. A federal audit, as reported by the Washington Post, revealed that the DOE didn’t properly address the cybersecurity issue that resulted in the hacking.

Target

The Target breach of 2014—which stemmed from the hack of one of their third parties—resulted in the loss of more than 70 million customer records, including “customer names, credit or debit card number, the card’s expiration date and CVV” number. Target had contracted out to Fazio Mechanical Services, an HVAC firm, to wirelessly monitor their refrigerated units—but failed to recognize the extent of what Fazio had access to.

LivingSocial

Personal information from more than 50 million customers were compromised in a 2013 cyberattack on LivingSocial, an online deals app. The company spokesperson noted that “names, email addresses, date[s] of birth for some users, and encrypted passwords” were all compromised.

In Conclusion

This list serves as a great reminder of why cybersecurity has become such an important issue. Senior executives and officials are becoming more involved with managing and understanding cyber risk—and they want to do everything possible to stay off of this list next year.

Download Guide: 12

 

Suggested Posts

Worthwhile TPRM Certifications for Security & Risk Professionals

As the importance of third-party risk management (TPRM) continues to grow, organizations are hiring for related roles more seriously than ever before. To compensate, security and risk professionals are seeking out certification programs in...

READ MORE »

Which Third-Party Risk Management Tools Do You Really Need?

With high-profile breaches being traced back to supply chain vulnerabilities and a regulatory environment that’s waking up to the realities of vendor risk, many organizations are investing heavily in third-party risk management (TPRM)...

READ MORE »

New Study: Organizations Struggle to Manage Cyber Risk in Their Supply Chains

A new report from McKinsey & Company sheds light on something we’ve known for many years – organizations are struggling to make significant progress in managing cybersecurity risk in their supply chains.

READ MORE »

Subscribe to get security news and updates in your inbox.