Top Ten Data Breaches of 2015

Whether it’s a disgruntled employee exposing sensitive company data, cyber thieves stealing credit card numbers, or hackers bent on exploiting compromising photos of celebrities, data breaches show no signs of slowing down. In fact, according to the Ponemon Cost of Data Breach Study: Global Analysis, which conducted a mid-year review for 2015, found the average total cost of a data breach increased 23% over the past two years to $3.79 million for those companies that took part in the study.

With that said, here are the ten biggest data breaches of 2015:

1. CareFirst BlueCross BlueShield: Hackers had gained access to a database that members use to get access to the company’s website and services. 1.1 million members had their names, birth dates, email addresses, and subscriber information compromised. However, member password encryption prevented cybercriminals from gaining access to Social Security numbers, medical claims, employment, credit card numbers, and financial data.
2. Kaspersky Lab: The attack on the Moscow-based security vendor was named Duqu 2.0. It was believed to be nation-state-sponsored, because some of its victims included events and venues with links to world power meetings, including recent negotiations for the Iran nuclear deal. Besides, the compromise included recent negotiations for an Iran nuclear deal. Duqu 2.0 stole sensitive data on the Kapersky Lab’s newest technologies, solutions, and services.
3. Premera BlueCross BlueShield: This breach affected 11.2 million subscribers’ vital data. According to the Seattle Times, Premera ignored warnings that its IT systems were vulnerable to attack.
4. Multi-Bank Cyberheist: In February, the cybercriminal ring known as Carbanak stole over $1 billion after making hijacked ATM machines appear legitimate. The perpetrators did this by infiltrating the banks’ network through phising tactics that gave them access sensitive information about employee account credentials and privileges so they can make fraudulent money transfers.
5. Harvard University: A July breach at the prestigious Ivy League college affected as many as eight schools and administrative offices, but no one knows what information was stolen even though information about 18,000 people were compromised. The cause for the breach included lack of funding to shore of defenses due to tight budgets.
6. Hacking Team: The breach of Hacking Team based in Milan exposed more than 1 million emails and its involvement with oppressive governments. The attackers used an Adobe Flash zero-day exploit to access data.
7. LastPass: In June, the database of the password management company LastPass was hacked. Everything from email addresses, password reminders, server per user salts, and authentication hashes were stolen. Salt is random data that is used as an additional input to a one-way function that hashes a password or passphrase. The attack has demonstrated the increasing trend for hackers to attack security vendors themselves.
8. Army National Guard: After data was transferred to a non-accredited data center, approximately 850,000 current and former National Guard members had their personal information stolen. The breach highlights the importance of strong security practices for third-party contractors.
9. Anthem: A health insurance company revealed a data breach that exposed 80 million patient and employee records. The Wall Street Journal reported that Anthem had not encrypted the data that was accessed by hackers.
10. Office of Personnel Management: The first breach in May affected the personnel data of 21.5 million federal workers. A second breach in April exposed 4.2 million individuals. The attacks were allegedly tied to China-based hackers.

Most of the cost of data breaches is spent on detection and recovery activities, followed by investigation and containment. Consequently, the longer it takes to resolve the breach, the more expensive it is. However, data leak prevention and network security are the most practical ways for IT decision makers to identify potential vulnerabilities.

Eliminating these leaks can often make the difference between a smooth-running business and massive data breaches that could damage a company’s financial stability and reputation. Cognitive security intelligence can help you sense and prioritize the threats that pose the greatest risk to your business and require immediate attention.

IBM® QRadar® Security Intelligence Platform products can provide organizations with a unified architecture for integrating security information and event management (SIEM), log management, anomaly detection, incident forensics and configuration and vulnerability management. CMA Technology Solutions can assist you in implementing this solution as part of a broader data theft and breach prevention plan.

Get started by contacting a CMA representative now or call 222-927-9200.