12 of the Biggest Data Hacks of 2015
Be it government, private companies or Wall Street giants, few firms were safe from cybercrime in 2015.
These are 2015's biggest cybercrimes.
Cybersecurity and data hacks continued to be a growing problem in 2015. Government servers, financial companies, insurers – they all were compromised by computer crime from hacks that impacted millions of people. The Ponemon Institute, which tracks privacy, data protection and information-security policy, reports that criminal attacks are the leading cause of data breaches in the health care industry, and that the average annual loss from cybercrime for companies worldwide exceeds $7.7 million. Here are some of the most prominent cybersecurity breaches of 2015.
Vtech Holdings (ticker: VTKLY)
The Hong Kong digital company was
victim of one of the year’s biggest hacks in November when its Learning Lodge
database was compromised, allowing hackers to get adults’ profile information,
email addresses, passwords and the names and birthdates of millions of children and their photographs. As many as 6.4 million accounts were
accessed, and the breach served as a wake-up call for many parents concerned about their child's online footprint.
Scottrade
In October, the privately held discount
brokerage said hackers accessed names and addresses of as many as 4.6 million
retail clients. Scottrade did not detect the breach; instead, federal authorities
discovered that hackers had accessed data. The
attacks occurred between late 2013 and early 2014. Scottrade said hackers only
accessed client names and addresses, although email addresses and Social
Security numbers were among the data held in the system. The firm says trading
information was not compromised, and it offered customers a year of free
identity-theft protection.
Federal Aviation Administration
In February, the FAA unearthed a malware virus,
spread via email, in its computer system. Administrators found no damage to the
agency’s systems, but federal auditors had a more sobering assessment, saying
the air traffic-control system remains vulnerable to cyberattacks. An industry
advisory committee, consisting of FAA officials and representatives of the
global aerospace industry, are working together to address vulnerability
to cyberattacks. Manufacturer Boeing Co. (BA) has also hired hackers who
attempt to compromise software onboard aircraft.
Patreon
Hackers released user names, email addresses and
shipping addresses of 2.3 million users of the crowdfunding site Patreon in early
October. Other data, such as site comments and chat messages, were also
downloaded. Jack Conte, co-founder of the privately held Patreon, said credit card numbers and other financial data are not stored on company servers
and had not been accessed. Just days before the attack, Detectify, a Swedish
online security firm, warned Patreon that its system was vulnerable.
Internal Revenue Service
While customers of private-sector firms may take
some comfort that not all their data was downloaded in a particular cyberattack,
any sense of complacency was likely dashed by the IRS announcement that
taxpayer information had been accessed by hackers in May. The data included
birthdates, street addresses and Social Security numbers. The breach, which occurred
in the IRS Get Transcript application, was initially believed to have affected about
114,000 taxpayers, but by August, research revealed that more than
330,000 accounts were compromised.
Experian (EXPGY) and T-Mobile U.S. (PCS)
Vendors should not be putting client data at
risk, but that’s exactly what happened when credit-monitoring firm Experian was
hacked, exposing personal data of millions of T-Mobile customers. T-Mobile pays
Experian to conduct credit checks on people applying for phone and data
services. Hackers got data on about 15 million people, with the breach lasting
for two years beginning in September 2013. Downloaded data included names,
addresses, birthdates and potentially encrypted data such as Social Security,
driver’s license numbers and passport numbers.
Office of Personnel Management
The OPM said in early June that
a cyberattack had compromised data for 4.2 million current and former federal
workers. A few days later, the OPM revealed a second breach. In total, the OPM
says breaches affected 22 million people who had applied for government jobs or
security clearances. Data from some applicants’ family members was also stolen.
Compromised data included names, addresses, names of relatives, employment
histories and health care histories, in some cases. Fingerprints were also
downloaded. OPM director Katherine Archuleta resigned as a result of the
breach.
U.S. Army
Even the Army couldn’t defend
itself from cyberattack. In June, the site was hijacked by a group
calling itself the Syrian Electronic Army, which left messages, including one
that read, “Your commanders admit they are training the people they have sent
you to die fighting.” The Army temporarily took its entire site offline and
determined that hackers had not accessed any sensitive or private data
pertaining to personnel or activities. The site is intended for the general
public and contains no information about classified operations.
CVS Health Corp. (CVS)
In July, pharmacy chain CVS Health
Corp. said a data breach at a Canadian vendor may have exposed information
about customers of its online photo printing service. By September, those fears
were confirmed, with CVS saying that the site, run by PNI Digital Media, was
hacked, and information about an unspecified number of customers was compromised.
Rite Aid Corp. (RAD), Costco Wholesale Corp. (COST) and Wal-Mart Canada (WMT),
also PNI clients, were also affected. CVS’s main website was not compromised, nor
was any data belonging to pharmacy customers.
St. Louis Federal Reserve
In late April, hackers
redirected the domain name servers of the St. Louis Fed, sending visitors instead to
a rogue Web page that captured online communications between financial entities
dealing with the Federal Reserve. The Fed warned that users who attempted to log onto its site may have had their passwords and user names compromised and urged users to change their passwords.
Ashley Madison
Perhaps the most infamous cyberattack
of 2015 targeted clients of Ashley Madison, a website for people seeking
extramarital relationships. In July, the company learned that hackers had
published user profiles, credit card numbers and financial transactions, among
other data. Revelations included email addresses of government employees who
were using the site on the job. The situation worsened with reports that Ashley
Madison parent company Avid Life Media had sold a premium service that promised
to erase all client data. However, that information was never removed.
Anthem (ANTM)
In February, health insurer Anthem said hackers had
accessed its servers and downloaded personal data from customers and employees.
Even people who were not Anthem customers may have been affected, as Anthem
handles paperwork for some smaller insurers. Hackers apparently broke into Anthem’s
system by using login credentials of employees with system access. Anthem said
the information stolen included names, addresses, birthdates, Social Security
numbers and employment information such as salaries.
Kate Stalter, Contributor
Kate Stalter has been a contributor to The Smarter Investor since 2017 and has written for ... Read more
Subscribe to our daily newsletter to get investing advice, rankings and stock market news.
See a newsletter example.
Subscribe to our daily newsletter to get investing advice, rankings and stock market news.
See a newsletter example.


