2015 may have come and gone, but the effects of last year's data breaches are far-reaching—for both millions of consumers and internet users as well as the companies and organizations whose systems were breached. Such events are no less devastating in terms of brand damage, and 2016 will undoubtedly bring forth a heightened collective security awareness in both organizations as well as consumers.
Cyber criminals are equal opportunity opportunists. Faulty security controls and bad infosec practices are the only prerequisites to becoming a data breach victim; this is certainly evident when surveying last year's infosec headlines—from professional sports to healthcare, a wide range of industries were hit hard by cyber attackers. Here's a retrospective featuring the top 10 data breaches of 2015.
10. St. Louis Cardinals/Houston Astros
In June of 2015, the U.S. Justice Department and FBI investigates the St. Louis Cardinals in response to allegations that their employees hacked into rival Houston Astro's network, stealing confidential information like player statistics, trading information, and other data. One of the more unconventional cyber espionage data breaches in recent years, the Cardinals/Astros Hack may be a sign of things to come in professional sports, especially given how data-driven sports strategy is in this day and age.
9. Ashley Madison
Hacker group The Impact Team steals and releases over 25 gigabytes of user records from popular extramarital affair website Ashley Madison in July/August of 2015, giving divorce attorneys around the world cause for celebration. It's unlikely that the company will recover from the life-threatening blow to its business, despite dubious claims by the company that its registrations surged post-breach.
8. Four Winds Casino
7. Vtech / Sanrio
The more important and difficult question is not why, but how—that is, how can companies not just survive, but thrive in a landscape of digital threats?
The VTech and Sanrio hacks in November/December 2015 mark an alarming trend towards breaches involving children's data. Our friend Troy Hunt was first to confirm the VTech data breach to Vice Magazine, and VTech later issues a press release announcing the compromise. A few weeks later, Sanrio—maker of iconic children's brand Hello Kitty—announces that 3.3 million user records were leaked through a gap in website security.
Cyber criminals are increasingly targeting 3rd parties connected to credit reporting agency’s data stores as an easy attack vector. The Experian/T-Mobile data breach in October 2015 is the most prominent incident to date, impacting 15 million customers of the mobile telecom giant.n
3. Systema Systems
2. U.S. Voter Database
In December 2015, security researchers discover a massive data file leaked to the public containing the personal information of 191 million voters: names, addresses, phone numbers, birth dates, political affiliations, and voting histories since 2000. Again, a misconfigured database is the culprit, but the owner of said database is yet to be determined.
1. U.S. Office of Personnel Management (OPM)
Topping the list is the OPM data breach: 21.5 million user records stolen from the U.S. agency that handles all federal employee data, as well as the data of current/former applicants and individuals referenced in background checks. The extent of the damage is still TBD, but it's clear that the worst is yet to come. In December 2015, the National Nuclear Security Administration announces that the OPM breach includes some of the U.S. Pantex nuclear plant workers, raising some new concerns around the security compromise.
The majority of these (and most) security mishaps are due to misconfigurations and unpatched software—flaws that can be hard to detect in large, heterogeneous environments. Fortunately, this is exactly what upguard was designed to do. Our platform can detect security gaps and vulnerabilities in the most disparate of infrastructures, continuously. Make continuous security monitoring with UpGuard for a stronger security/compliance posture part of your organization's agenda for 2016.
Before requesting a free UpGuard demo, get a free external assessment of your website right now.
How CSTAR Works What's In the Website Risk Grader? Understanding Risk in the 21st Century
All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >
The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >
And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Blog >