2015 was a year of large and sometimes very controversial data breaches across a broad industry spectrum. The Identity Theft Resource Center 2015 Breach List contains 780 breaches and 177,866,236 exposed records. Here are just a few that everyone should be aware of:
- 78.8 million highly sensitive patient records
- 8.8 to 18.8 million non-patient records
- Names, birth dates, Social Security numbers, addresses, employment information, and income data
- Over 11 million subscribers
- Names, birth dates, Social Security numbers, member identification numbers, and bank account information.
- 10 million members
- Names, birth dates, Social Security numbers, member identification numbers, financial account information, and claims information
Avid Life Media (ALM), the parent company of Ashley Madison
- 37 million user accounts
- Email addresses, first and last names, and phone numbers.
- 6.4 million children accounts
- 4.9 million customer (parent) accounts
- Photos, names, passwords, IP addresses, download history, and children’s gender and birth dates.
Hello Kitty (SanrioTown)
- 3.3 million customers, including children
- Full names, encoded by decipherable birth dates, email addresses, and encrypted passwords, along with password reset questions and answers.
T-Mobile via Experian
- 15 million records
- Names, birth dates, addresses and social security numbers and/or an alternative form of ID, such as drivers’ license numbers. (This was an unusual hack because the company itself (in this case T-mobile) didn’t have a data breach rather Experian (a credit reporting company) had a data breach which leaked T-mobile’s consumers’ data)
- 3 breaches affecting up to 4 million user records
- Names, addresses, dates of birth, phone numbers, email addresses, TalkTalk account details and payment card information
- Over 200,000 users
- Login credentials were sold on the dark web
Office of Personnel Management (OPM)
- Over 4 million personnel files
- Over 21 million federal employees and contractors
- Social Security numbers, security clearance information, fingerprints, and personal details that could leave federal personnel vulnerable to blackmail.
Internal Revenue Service (IRS)
- Over 100,000 taxpayers
- Online transcripts and significant personal information was accessed as a result of access to previously stolen identity information.
Wrapping up the year; on December 20th, 191 million registered U.S. voter records were exposed online. The database that was discovered contained more than the voter’s name, date of birth, gender, and address; which on their own is a good amount of personally identifiable information (PII). It also include the voter’s ethnicity, party affiliation, e-mail address, phone number, state voter ID, and whether he/she is on the “Do Not Call” list.
As we head into 2016, we will be focused on prevention and how we can best provide information and solutions to protect your sensitive & valuable data.