If
the FBI and the CIA can't keep their computers from being hacked what
are the rest of us supposed to do? Well, not trusting the government
with our secrets is one good idea. No wonder Hillary Clinton didn't
want her emails on a government server. Was she right? Time will
tell. Below are the biggest cases of cyber-theft of 2015 listed
in least awful to most awful order. 2016 will almost certainly be
worse. Fortunately most individuals won't be breached this way unless
they are working on secrets the Chinese really want to steal. But
everyone suffers as consumers when our data is stolen from huge companies
and insurance companies are forced to pay for the mess.
VTECHThe toymaker suffered a major breach in late
November, with hackers taking 4.8 million records, as well as a database
of first names, genders and birthdays of more than 200,000 kids. The attack
on VTech, which reportedly used poor password security among other issues,
ranks as one of the largest breaches of the year .
SECURUS
The big scandal when an anonymous hacker stole about 70 million phone
calls from inmates in US prisons wasn't the hack itself, it was the suggestion
that attorney-client privilege may have been violated on a regular basis.
Millions of call logs and thousands of call recordings were taken in the
breach. Securus provides landline phones and equipment to prisons, and
generates high profits by charging the inmates themselves -- so much so,
the FCC has taken action against the firm.
FBI
The same hackers who were able to get access to CIA director John Brennan's
private email account also got access to a law enforcement portal used
by police and federal agents to share intelligence, and book arrested
suspects. It's not clear how many records were in the system -- the FBI
declined to comment -- but hundreds of thousands of users are cleared
to use the portal. Many of those names were also leaked in the hack. The
attack was thought to be one of the widest external breaches of law enforcement
this year.
DONALD TRUMP HOTELS
A hack that
targeted seven of Donald Trump's hotels, and lasted the whole year: even
the presidential candidates aren't immune to hacks. Hackers snuck malware
onto Trump systems, stealing credit card data (including security codes
and card numbers) in the firm's hotels across the US. No final figure
of how many people were affected was ever reported, but it's thought to
be in the many thousands.
PATREON
Crowdfunding service Patreon got the "Ashley Madison"
treatment when it found its entire cache of data published online in a
massive data breach in early October. Names, email addresses, and posts
were leaked, though credit card data and Social Security was not compromised.
The scope of the breach may take time to become fully clear, but at 15GB
in size, and millions of accounts already found, the number of potential
victims is only set to get larger.
EXPERIAN/T-MOBILE
T-Mobile may have taken over Sprint to become third place in
US cellular rankings, but it's seventh place in our list of breaches,
thanks to its misplaced trust in Experian. The credit agency suffered
a breach in September, affecting as many as 15 million T-Mobile customers
who underwent credit checks. Data, such as names, addresses, social security
numbers, birth dates, and even passport numbers, may have been taken.
Encrypted Social Security numbers may also have been swiped, but the company
warned that encryption may have been compromised.
SCOTTTRADE
The retail brokerage firm said it detected "illegal activity
involving our network" two years prior. Hackers reportedly took millions
of customer contact details, which cybersecurity reporter Brian Krebs
suggested it was to facilitate stock scams through spam campaigns. It
was revealed in November after a case was unsealed that a total of four
men had been charged with hacking into JPMorgan Chase and a number of
other financial institutions, Scottrade included.
ASHLEY
MADISON
Around 37 million people were caught up in the Ashley
Madison affair (for want of a better term). The site encourages its users
to cheat on their partners. Aside from the many millions affected and
the impact on relationships, should that information get into the hands
of the enemy -- think, Russia or China -- it could lead to a considerable
blackmail and espionage effort against US, UK, and allied countries.
EXCELLUS BLUE CROSS/BLUE SHIELD
Excellus BlueCross
BlueShield suffered a major hit on its networks that ended up leaking
more than 10 million records. The attack happened two years earlier in
late December 2013. Names, birth dates, Social Security numbers and mailing
addresses -- some of the most personal data going -- was taken, including
financial account and claims information. The source of the hack remains
unknown.
CARPHONE WAREHOUSE
The UK's biggest
data breach of the year can go to Carphone Warehouse, a phone retail store.
As many as 2.4 million customers (roughly 4 percent of the country's population)
had their personal information taken in the breach. About 90,000 customers
had their encrypted credit card data stolen. The UK data privacy watchdog
is now investigating the breach.
CVS/WALLGREENS/OTHERS
Pharmacy chain CVS was forced to pull its popular online photo
print ordering site offline as it investigated a suspected hack. Credit
card data, email and postal addresses, phone numbers, and passwords were
taken, but it's not clear how many millions were affected by the breach.
No other linked data was taken in the breach, but Costco and Rite Aid,
among others, were also hit.
UCLA HEALTH
Data
breaches and hacks happen all the time. But poor security and a lack of
encryption can put the blame entirely on the body that was charged with
protecting it. UCLA Health was at least partially to blame when it was
hit by a massive hack on 4.5 million records earlier this year, because
its customer data -- including Social Security numbers, and even medical
data, such as conditions, medications, procedures, and test results --
was not encrypted.
HACKING TEAM
An unknown
group of hackers brought Italian surveillance firm Hacking Team to its
knees when its entire network was breached -- and subsequently published
online. Who were the real victims? The ordinary public, after hackers
took working Flash exploits from the cache of leaked files. It's not known
how many internet users were hit by the subsequent attacks. There may
be more to come.
IRSThe IRS data breach,
reported in May, affected around 100,000 taxpayers. That may seem like
a paltry number compared to the Anthem or UCLA breaches, but the impact
on affected taxpayers could be staggering. A flaw in the IRS' system allowed
hackers to access past filed tax returns, including sensitive financial
information and Social Security data. It's said that the breach cost taxpayers
$50 million in fraudulent claims.
UNITED STATES OFFICE
OF PERSONNEL MANAGEMENT
The big finale is the OPM breach,
which affected 22.1 million (and counting). It could be the single most
damaging breach to US national security of all time. Those who have access
to some of the most sensitive data in the world had their entire backgrounds
checks -- conducted by the OPM -- stolen by an unknown assailant. Imagine
if the enemy knew exactly which buttons to push in order to blackmail
someone into turning over vast swathes of sensitive or classified data.
We have yet to see the repercussions of the breach, but it could harm
the US' domestic and foreign diplomatic and intelligence work.
According to the New York Times, "Half of American adults had their
personal information exposed to hackers last year alone. In a recent attack
at the federal Office of Personnel Management, hackers stole the most
sensitive personal data for 21.5 million people. "