The seemingly endless string of headline-grabbing cyberattacks this past year reinforced the notion that hacks have increasingly become a part of digital life — and no person or organization is immune.
According to the Identity Theft Resource Center, more than 750 breaches were reported in 2015 through late December, exposing nearly 178 million records. From government to tech, health care to entertainment, data thieves left no sector untouched.
“It may be that 2015 is the year cyberattacks got personal. For most people, it isn’t shocking anymore when their credit card data gets stolen,” said Hugh Thompson, senior vice president and chief technology officer of information security company Blue Coat Systems.
“In 2016 we are likely to see even more attacker resources being poured into tools, tactics and skills to steal digital information and disrupt services — wherever they are.”
Here are some of the more memorable hacks of 2015:
It’s been called the biggest breach of government data in U.S. history. Two separate but related intrusions into the databases of the Office of Personnel Management exposed the personal information of 21.5 million people and set off a war of words on Capitol Hill about whether the government was lackadaisical in protecting its data. The stolen information included the Social Security numbers of current, former and prospective federal employees and contractors, as well as millions of fingerprint records. Obama administration officials pointed the finger at China; Beijing said the massive hack was the work of criminals, not state-sponsored. The hack led to the resignation of Katherine Archuleta as OPM director. The government apologized and offered to pay for identity-theft services for the affected employees.
Those looking to cheat on their spouse might be thinking twice after a nebulous group calling itself “The Impact Team” breached the databases of extramarital affairs hookup site Ashley Madison and stole a trove of company information — including the names and addresses of millions of users. The hack sent shudders through corporate, government and entertainment circles as well-heeled Ashley Madison customers fretted over whether their dirty secrets would be exposed. Among those outed: Josh Duggar, former star of reality TV show “19 Kids and Counting.” “I am so ashamed of the double life that I have been living and am grieved for the hurt, pain and disgrace my sin has caused my wife and family, and most of all Jesus and all those who profess faith in Him,” he confessed in a statement.
Avid Life Media, the Canada-based parent company of the Ashley Madison website, posted a $500,000 (CDN) reward for information leading to the arrest of those responsible. The toll was exacting: Police in Toronto police said that the hack triggered extortion crimes and might have led to two suicides.
The hack of one of the nation’s largest health insurance companies proved that personal medical records are a hot commodity among ID crooks. The Anthem data breach exposed the account information of nearly 80 million people — or about 1 in 4 adult Americans. Unlike credit cards, notes Blue Coat’s Hugh Thompson, stolen health care data “doesn’t have an expiration date, and we are only just starting to realize the implications of this type of data being in the hands of attackers.” A few weeks after Anthem’s announcement, Premera Blue Cross revealed it was the target of a cyberattack that compromised personal or health data for as many as 11 million people.
Experian / T-Mobile
A breach of credit-tracking firm Experian exposed the personal data of 15 million people who applied for T-Mobile wireless services. T-Mobile’s flamboyant CEO, John Legere, fumed that the breach left him “incredibly angry.” The hack led to several lawsuits against Experian.
The hack of the Hong Kong-based digital toymaker was notable not for its size, but for the type of information exposed. The culprit got access to records, reportedly including photos, of 6.4 million children. “This breach is a parent’s nightmare of epic proportions,” Seth Chromick of network security firm vArmour told Reuters. Two U.S. lawmakers, Sen. Edward Markey and Rep Joe Barton, sent a letter to VTech management demanding to know what information VTech collects on children, and how that data is protected. In mid-December, British police announced the arrest of a 21-year-old man in connection with the hack.
CIA Director John Brennan
It may have sounded like fun and games to wayward teens, but not to the upper echelons of government. A self-described high schooler hacked into the AOL account of top U.S. spy official John Brennan and posted screenshots of some of the documents accessed. How did the hacker do it? Reportedly by posing as a Verizon worker and then duping a real Verizon worker into revealing the spy chief’s personal info; with that data in hand, he was then able to reset the password on Brennan’s AOL account. Although it appears no top-secret information was leaked, Brennan wasn’t amused. “I was certainly outraged by it,” the CIA chief said.
Trump Hotels, Hilton, Starwood, Hyatt
Donald Trump’s luxury hotel chain said seven of its properties were the target of a data breach that potentially exposed customer debit and credit card information. The Trump Hotel Collection said the cyberintrusion involved malware that infected its payment systems for just over a year. The Donald’s properties weren’t alone — Hilton Hotels, Starwood Hotels & Resorts Worldwide and Hyattwere also victimized by malware attacks targeting point-of-sale systems.
Though the hack of the largest bank in the U.S. occurred in 2014, it continued to make headlines because of what transpired in 2015: multiple arrests. Federal prosecutors indicted four men and one unnamed alleged co-conspirator in connection with the breach of JPMorgan and other financial institutions including ETrade and Scotttrade. Authorities described the JPMorgan hack as the largest theft of customer data from a U.S. financial institution in history. They said the perpetrators stole the personal information of 83 million account holders and then used it to perpetuate a scheme to artificially manipulate the prices of traded U.S. stocks, reaping millions in profit.