Health IT and Electronic Health Activate your FREE membership today |  Log-in

Community Blog

Dec 15 2015   4:15PM GMT

The 10 worst data breaches of 2015

Posted by: adelvecchio
Data breach, data breach security, health data breach, healthcare data, healthcare data breach

RickKamGuest post by Rick Kam, CIPP/US, president and co-founder, ID Experts

There’s no sugarcoating the fact that 2015 was a dizzying year for data breaches, and disastrous for many organizations and consumers. In the first half of the year alone, Gemalto NV found that 888 disclosed security incidents compromised nearly 246 million records worldwide.

There were certainly trends in data breaches this year, including the rising sophistication of hackers, the ever-increasing threat of massive state-sponsored attacks, and the continuing prevalence of large breaches in the healthcare industry. In fact, the average healthcare breach through mid-2015 was 200% larger than in the first half of 2014.

With those trends in mind, let’s take a look back at the 10 biggest and baddest breaches of 2015 — and then see what consumers and security professionals can do to make 2016 a safer and more secure year.

The five biggest breaches of 2015
The following incidents were the five biggest breaches of the year in the U.S., based on number of records compromised.

1. Anthem, 80 million
Health insurer Anthem Inc. revealed in February 2015 that hackers, likely from China, had accessed a database that included encrypted and unencrypted data on patients and employees. According to the Huffington Post, it was the fifth-largest breach of all time.

2. Ashley Madison, 37 million
A hacking group known as Impact Team stole private information on 37 million people who use the Ashley Madison website, which encourages users to cheat on their partners. The hackers are threatening to reveal customers’ personal data unless the website shuts down, which it has yet to do.

3. U.S. Office of Personnel Management, 21.5 million
The U.S. Office of Personnel Management suffered two unrelated breaches in 2015. The larger one affected more than 21 million current and past federal workers. Again, the breaches of the government agency are believed to have originated in China.

4. Experian, 15 million
Experian Information Solutions, Inc., the world’s largest consumer credit monitoring firm, suffered its second massive breach in 2015. The breach exposed the sensitive personal data of about 15 million T-Mobile customers who underwent credit checks by Experian. An earlier attack on an Experian subsidiary exposed the Social Security numbers of 200 million U.S. citizens.

5. Premera Blue Cross, 11 million
The records exposed in Premera’s breach may have been more sensitive than those leaked in the far larger Anthem breach, including Social Security numbers and financial information of subscribers and people who do business with the company.

The five baddest breaches of 2015
Now let’s take a look at the five baddest breaches of the year — an admittedly subjective category that highlights breaches that are especially damaging or disturbing because of factors such as who they targeted, how they were carried out, and their lasting ramifications.

1. LastPass, 7 million
Consumers should be rewarded for taking smart steps to protect their online security. That’s the troubling aspect of this breach of a leading password management company, which has further undermined consumer confidence and could lead to unsafe practices. It’s a big problem if consumers stop believing in their ability to achieve digital security and fail to take even basic precautions.

2. Planned Parenthood, 333
While “only” 333 employees were affected by the Planned Parenthood attack, the troubling aspect of this breach is that it was done not to achieve financial gain but to pursue ideological agendas and blackmail affected individuals.

3. Securus Technologies, thousands
Prison phone company Securus Technologies, Inc. had 70 million call records hacked, involving thousands of prisoners across 37 states. The ugliest part? Many of those recorded calls appear to have violated prisoners’ constitutional rights because they involved confidential conversations between prisoners and their attorneys.

4. IRS, 333,000
Hackers accessed extremely sensitive information through past tax returns, including Social Security data and financial details. The total cost to taxpayers in fraudulent claims was about $50 million before the IRS noticed the breach.

5. Harvard University, eight schools and offices
Harvard University joined a long list of other universities to suffer a data breach in 2015. Education is being hit hard, accounting for 6% of all data breaches — slightly more than the retail industry — in the first half of the year. Budgets are tight in the education sector, but breaches at the most esteemed U.S. universities are a reminder that security must be prioritized to protect students and employees.

What can we learn from the big and the bad?
Want even more bad news? These lists include only U.S. breaches. Two of the largest breaches of 2015 — 50 million records breached at a Turkish agency and 20 million at Russian dating site Topface — occurred outside the U.S.

Here are a few takeaways that all organizations — big and small — can put into practice now and in 2016:

  • Beware of all sources of attacks. The largest two breaches were state-sponsored attacks, but Gemalto found that type of attack accounted for just 2% of all the data breach incidents in the first half of 2015. The biggest culprit over those six months? Malicious outsiders, which accounted for 62% of total breaches and nearly half of all records taken.
  • Brace yourself, especially in healthcare and government. According to Gemalto, the healthcare and government sectors accounted for about two-thirds of all compromised data records in the first half of the year.
  • Encrypt. The data stolen from LastPass was heavily encrypted, a protection which may limit the damage done. At the very least, organizations should follow LastPass’ example and encrypt sensitive data.
  • Learn from mistakes. One breach is bad enough. If an organization suffers a second large attack, as did Experian, the damage to its reputation will grow exponentially.
  • Heed the warnings. According to the Seattle Times, Premera Blue Cross was warned three weeks before its data breach began that it lacked sufficient network security procedures. Ironically, the warning was issued following an audit by the U.S. Office of Personnel Management — which suffered an even larger breach. Premera argued that the vulnerabilities found in the audit may not have been exposed by the hackers. But the point remains: Take any warning seriously, and act as quickly as possible to upgrade your security measures.

Comment on this Post

Leave a comment:

hindiserials  |   Apr 25, 2016  10:20 PM (GMT)

The Worst Data Branch is in india. there is no sanitation nothing here. But Government Jobs and govt Servants are earning loads and loads of money. they just don’t know where to spend it.


msp7  |   Oct 18, 2016  12:25 PM (GMT)

You can also get the pokemon go hack at this website.


mario21  |   Feb 7, 2017  6:59 AM (GMT)

Thanks for the information ! Blepharitis


Petron  |   Apr 9, 2017  8:12 AM (GMT)

It can be the ideal answer for you in the event
that you completely appreciate the procedure and what it includes.  Payday Loans


mihaljhonson734  |   Jun 19, 2017  4:15 AM (GMT)

really impressed with your article, such great & usefull knowledge you
mentioned here

Make My Bio
Project For Me


sofiya  |   Nov 23, 2017  7:49 AM (GMT)

If you are looking for <a href=””>Chandigarh Escorts Service</a>, then this is the right place to have them.


avleenkaur  |   Nov 23, 2017  7:55 AM (GMT)

I am Avleen Kaur based out in Chandigarh and offer premium escort services. The best part is that I have a perfect sexy look which makes me very attractive. for more info visit: Chandigarh Escorts Service | Independent Escorts in Chandigarh


citynight  |   Nov 27, 2017  2:15 AM (GMT)

Hello, I am Independent Shimla Escorts providing a top class escorts in Shimla, I am the leading high profile female escort Shimla.


dehradunescorts  |   Nov 27, 2017  7:27 AM (GMT)

We offer the High class Dehradun Escorts service. Call now for cheap rate escorts and call girls in Dehradun. Mussoorie EscortsHaridwar Escorts



poojaescort6  |   Feb 3, 2018  1:56 AM (GMT)

IGI Airport
area neared Mahipalpur! We Pooja escorts agency Delhi
 has created its ill
fame on transfer what it guarantees and this is often basic
with a selected finish goal to stay up the
benchmarks we’ve set in escort business. We think about sense
of duty concerning our customers necessary while not a
doubt, and this is often the rationale you’ll be able to check
that all of the escorts in Delhi We work with can live up
to your wishes. With regards to participating and creating you
agreeable, our escorts girls are exceptionally tough and
glad to supply help. A hefty portion of them are extremely tough in
body massage further, thus moving within the agency of
1 of models Delhi Escorts Services will have a very individual bit, providing you
extreme fulfilment. 


delhiescorts  |   Mar 24, 2018  5:05 AM (GMT)

Hey! If you are coming out in the search of independent
female escort so you are at the right place because in the capital you will get
everything whatever you want to get. Welcome to or getting escort
girls in Delhi
If you need to spend some quality time apart from your
hectic and irritated lifestyle so you will get fantastic female companion here.
We are providing high profile escorts in
since two years. These escort girls will give you everything whatever
you will demand from them because they don’t refuse.These call
girls in Delhi
are well qualified and seem to be a high profile girl.
Now you can select whatever you like because we have a huge amount of desperate
and naughty erotic young girls in our collection


kiara001  |   Apr 2, 2018  7:07 AM (GMT)

Welcome to Dehradun Escorts Service which enables you to find in
call and outfall escorts services in Dehradun. If you are looking for escorts
and are old enough to be here, then you have come to the right place. Our
Dehradun escorts service directory had gone through various tweaking to make
it more user friendly to help you with finding the right Dehradun escorts


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: