The hacks keep coming. It’s been a year since we rounded up the usual suspects and looked at just how vulnerable our private data is, so we decided to take another look.
We confine our lists to financial data, but we have to note the breach of ashleymadison.com, a website designed to allow spouses to carry on extramarital affairs. The data stolen from the site included that of a decidedly more personal nature, and the angst the theft caused – not to mention the media storm – was riveting to watch.
A blog on the site govtech.com noted that, indeed, the hacks in 2015 were of a more personal nature than those in the past. Instead of just stealing credit card numbers, bank account data and Social Security numbers, thieves got their hands on fingerprints, hospital records and other information not meant to be shared with strangers.
The take-home lesson is that cyber data is unsafe and more needs to be done to ensure its security. Whether 2016 is the year companies, governments and people get wise to that is unclear.
Check out 6 Big Hack Attacks Targeting Financial Data, ranked in reverse order by number of people affected.
6. Landry’s Restaurants
Going out to eat is something most of us do without a second thought; the only safety concerns crossing our minds are whether restaurants are ensuring the food is cooked properly and the place is clean.
A 2015 hack attack on a national restaurant holding company might change that. The Landry chain, which is based in Houston and includes more than 500 restaurants, reported that credit card data was stolen from some of its locations around the U.S. The breach, which occurred between May and December, was discovered when unauthorized charges were made on the credit and debit cards of customers of restaurants that include McCormick & Schmick’s, Morton’s, Rainforest Café and others.
The total scope of the hack has not been revealed. Landry’s says it took steps to enhance its data security.
5. UCLA Hospital System
Add hospitals to the list of not-so-safe computer systems. UCLA Health was hacked, and the records of 4.5 million workers and patients were accessed. The data taken included medical info, Social Security and Medicare numbers and home addresses. As with many hacks, the breach went unnoticed at first and then wasn’t made public for weeks after it was first identified. In August, a month after the hack became known publicly, a class action lawsuit was filed, according to the Los Angeles Times. The Times noted that some cybersecurity experts said UCLA was negligent for not encrypting the data.
4. Premera Blue Cross
Health insurers have lots of personal information and with records being kept online, the vulnerability is clear. The hackers who hit Premera in March 2015 found a supermarket of data ready for the taking. And take they did, according to the insurer. The claims records, bank account numbers and Social Security numbers for as many as 11 million customers, about half in Washington state, were stolen.
The data went back as far as 2002, and security experts quoted at the time of the breach said the attack started with a bogus website spoofing Premera’s site. That’s similar to the technique used to hack Anthem’s database the previous year. The idea, the experts said, is to get customers to sign in to the bogus site, allowing the hackers to collect online names and passwords.
A unit of Experian, the credit tracking company, holding T-Mobile customer data was hacked, leaving the data of 15 million people at risk of misuse. The information taken was held on servers owned by Experian. A class action lawsuit filed in the theft noted the irony of a company that promises to guard data being breached. The lawsuit stated that Experian was hacked in 2012 and the data of more than 200 million customers was stolen. Information from applications submitted to T-Mobile from 2013 to 2015 included Social Security numbers and names and addresses. The hack left open the possibility of identity theft.
2. Office of Personnel Management
In what might be the most horrifying data breach of the last year, the U.S. government’s Office of Personnel Management was hacked and information on 21 million current and former employees, as well many who had applied for positions, was stolen.
Not only did the hack illustrate the fact that no database is safe, the hackers made off with the fingerprints of more than 5 million people.
The government offered free cyber monitoring services to those affected while the search for the thieves was on. The hack was widely attributed to the Chinese government. A recent article on federaltimes.com interviewed officials who noted that under the “norms” of government espionage, the data theft might not have been illegal. Small comfort for those whose information was lifted.
1. Financial Hacking Ring Busted
In a spectacular announcement last fall, authorities said they had arrested the mastermind behind a ring of cyber thieves that had stolen the financial records of more than 100 million customer of 12 financial institutions, including JPMorgan and Fidelity. The man behind the ring was a Russian, who according to news reports, was behind many of the largest hacks in recent years. Gery Shalon, an Israeli living in the Republic of Georgia, was arrested in Israel last July. An indictment accusing him of being the mastermind of an international cyber theft ring was unsealed last fall. The criminal enterprise included more than 100 associates in multiple countries.
--- Related on ThinkAdvisor: