SlideShare a Scribd company logo

Biggest data breaches of 2015

Invisibits, profile picture
Invisibits

In 2015, several significant data breaches occurred, affecting millions, including Anthem (80 million records), Ashley Madison (37 million), and the U.S. Office of Personnel Management (21.5 million). Most breaches involved sensitive personal information and were attributed to various cybercriminals, including suspected state-sponsored hackers. Recommendations for improved security include better encryption, detection technologies, and heeding warnings about potential vulnerabilities.

Technology
Related topics:
Lessons Learned Data Breaches
1 of 15
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
InvisiBits 12/30/2015 Biggest Data Breaches of 2015
Anthem 80 million Ashley Madison 37 million OPM 21.5 million Experian 15 million Premera 11 million LastPass 7 million
Anthem Anthem 80 million
Anthem  Revealed in February (2015)  APT attack probably started in April 2014  5th largest data breach of all time  Breached data includes social security numbers, birthdays, street addresses, phone numbers and income data  Likely by Chinese hackers (Deep Panda)  Attackers created a bogus domain name, "we11point.com," (based onWellPoint, the former name ofAnthem) that may have been used in phishing-related attacks.
Ashley Madison Ashley Madison 37 million
Ashley Madison  A website that encourages people to cheat on their partners  A hacking group known as ImpactTeam stole private information  Hacked in July (2015)  Leaked 20 GB data inAugust (which had many social consequences including suicides)  Breached data includes e-mail addresses and account details  Suspects to be an insider attack but does not know for sure
U.S. Office of Personal Management OPM 21.5 million
U.S. Office of Personal Management  Attack started inApril 2014  Detected in May (2015) and notified in June (2015)  Breached data contains security clearance data of past and current federal workers - including fingerprints, Social Security numbers, addresses, employment history, and financial records  Believed to be originated from China  They have carried out two attacks
Experian Experian 15 million
Experian  The world’s largest consumer credit monitoring firm  Breach disclosed in October (2015)  Breached data includesT-Mobile customers who underwent credit checks by Experian (customer names, addresses, Social Security numbers, birthdays, and even sensitive identification numbers)  Consumer facing companies (e.g.T-mobile) should take more stringent measures to protect their data at data aggregators (e.g. Experian)  The attack seems to have originated in CourtVenture which Experian had acquired by a humanTrojan
Premera Blue Cross Blue Shield Premera 11 million
Premera Blue Cross Blue Shield  Occurred in May 2014, but discovered only in January  Disclosed in March  Breached data includes names, dates of birth, Social Security numbers, addresses, bank-account information and claim information, including clinical information  The same group that hackedAnthem seems to have carried out the attack  Customers are phished to a fake domain prennera.com  Fed had warned about security flaws before the attack, no action was taken
LastPass LastPass 7 million
LastPass  A cloud based password management company  Disclosed the attack in June (2015)  Breached data includes users’ email addresses, encrypted master passwords, and the reminder words and phrases that the service asks users to create for those master passwords  Due to strong encryption, breached users seem to safe, but the company advised users to reset their master passwords as a precautionary measure
What to do in 2016?  Two of the breaches include state sponsored attacks – need better security infrastructures to protect and monitor government assets  Two of the breaches on healthcare data – hackers are after personal data – similar to government data, healthcare data needs to be better protected  Encrypt your data – LastPass leaked master passwords were strongly protected which averted a catastrophic consequence  Have good detection technologies in place – most of the attacks took months to discover  Take warnings seriously – Premera was warned, but did not take any actions before the attack happened  Make sure the same mistake does not happen again – Experian got hacked twice – not enough action after the first attack  Live online the same way you live offline – internet cannot hide you forever (Ashley Madison)

More Related Content

PPTX
Data breach
srushtikadu1
 
PPTX
Data Breach
Kinza Erum
 
PPTX
Online Identity Theft
Danielle Jobe
 
PDF
Open Web Data Feeds for Cybersecurity & Homeland Security Intelligence
Ohad Flinker
 
PPTX
Top data breaches in 2013
Shoplet_
 
DOCX
Cybercriminals Are Lurking
Charlie Lewis M.S.
 
PDF
10 Steps to Creating a Corporate Phishing Awareness Program
Wiley
 
PPTX
Effective Anti-Phishing Strategies and Exercises - FISSEA 2017 Conference
Paubox, Inc.
 
Data breach
srushtikadu1
 
Data Breach
Kinza Erum
 
Online Identity Theft
Danielle Jobe
 
Open Web Data Feeds for Cybersecurity & Homeland Security Intelligence
Ohad Flinker
 
Top data breaches in 2013
Shoplet_
 
Cybercriminals Are Lurking
Charlie Lewis M.S.
 
10 Steps to Creating a Corporate Phishing Awareness Program
Wiley
 
Effective Anti-Phishing Strategies and Exercises - FISSEA 2017 Conference
Paubox, Inc.
 

What's hot (18)

DOCX
Cybercrime blog
Charlie Lewis M.S.
 
PPTX
Cyber crime final
Zeeshan Ahmed
 
PPTX
Phishing awareness
PhishingBox
 
PDF
DATA LEAK - WHAT IS IT, PREVENTION AND SOLUTIONS
Sprintzeal
 
PDF
Type of Threat Actor
SOCRadar Inc
 
PDF
Digital Gen: Security Infographic
Unisys Corporation
 
PPTX
Email phishing and countermeasures
Jorge Sebastiao
 
PPTX
Phishing ppt
Sanjay Kumar
 
PPTX
Phishing technique tanish khilani
Tanish Khilani
 
PPT
Mod7 Lab Kohne
guestc6d29da4
 
PPTX
5 Cybersecurity Threats Your Business Can't Afford to Ignore
WSI WebAnalys
 
DOCX
Five cyber threats to be careful in 2018
Ronak Jain
 
PDF
PhishingBox Presents 'What is Phishing' 2017
Ryan Hardesty
 
PPT
Cyber law
idealk
 
PPTX
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Kevin Duffey
 
PDF
Prevent phishing scams
ronpoul
 
PPTX
Social Engineering
Manish Chauhan
 
PPTX
The COVID-19 Phishing Threats to Watch Out For
Beth Rigby
 
Cybercrime blog
Charlie Lewis M.S.
 
Cyber crime final
Zeeshan Ahmed
 
Phishing awareness
PhishingBox
 
DATA LEAK - WHAT IS IT, PREVENTION AND SOLUTIONS
Sprintzeal
 
Type of Threat Actor
SOCRadar Inc
 
Digital Gen: Security Infographic
Unisys Corporation
 
Email phishing and countermeasures
Jorge Sebastiao
 
Phishing ppt
Sanjay Kumar
 
Phishing technique tanish khilani
Tanish Khilani
 
Mod7 Lab Kohne
guestc6d29da4
 
5 Cybersecurity Threats Your Business Can't Afford to Ignore
WSI WebAnalys
 
Five cyber threats to be careful in 2018
Ronak Jain
 
PhishingBox Presents 'What is Phishing' 2017
Ryan Hardesty
 
Cyber law
idealk
 
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
Kevin Duffey
 
Prevent phishing scams
ronpoul
 
Social Engineering
Manish Chauhan
 
The COVID-19 Phishing Threats to Watch Out For
Beth Rigby
 
Ad

Similar to Biggest data breaches of 2015 (20)

PPTX
Top data breaches in 2013
post_it
 
PDF
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...
ERPScan
 
PDF
Can domain intelligence help healthcare service providers combat data breaches
WhoisXML API
 
DOCX
Security Breaches and the Six Dumb Ideas Consider a recent (2014- 2015.docx
acarolyn
 
PDF
List of data breaches and cyber attacks in january 2022
ndcmanagement
 
PDF
Breach level index_report_2017_gemalto
Jonas Mercier
 
PDF
[Infographic] 7 Cyber attacks that shook the world
Seqrite
 
PDF
CSR&RSA_ACT1: Deep Roots Analytics Proff.pdf
WhyntherZaynahPorche
 
PDF
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Stanford GSB Corporate Governance Research Initiative
 
PDF
Top 10 Biggest Data Breaches of all Times.pdf
senseacademy2
 
PDF
Top Law Firm Cyber Attacks Throughout History
Protected Harbor
 
PDF
Threatsploit Adversary Report January 2019
Briskinfosec Technology and Consulting Pvt Ltd
 
PPTX
RSA Conference 2016 Review
Norman W. Mayes, CISSP, MCSE, ITIL
 
PDF
HE Mag_New Cyber Threats_ITSource
Brian Arellanes
 
PDF
2015 Labris SOC Annual Report
Labris Networks
 
PDF
Worst security data breaches till 2015 - SecPod
SecPod Technologies
 
PDF
Combating Phishing Attacks
Rapid7
 
DOCX
Case 11. What exactly occurred Twitter is one of popular soci.docx
tidwellveronique
 
PPTX
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Alisha Deboer
 
PPTX
Baker Tilly Presents: Emerging Trends in Cybersecurity
BakerTillyConsulting
 
Top data breaches in 2013
post_it
 
Chinese attack on USIS exploiting SAP vulnerability. Detailed review and comm...
ERPScan
 
Can domain intelligence help healthcare service providers combat data breaches
WhoisXML API
 
Security Breaches and the Six Dumb Ideas Consider a recent (2014- 2015.docx
acarolyn
 
List of data breaches and cyber attacks in january 2022
ndcmanagement
 
Breach level index_report_2017_gemalto
Jonas Mercier
 
[Infographic] 7 Cyber attacks that shook the world
Seqrite
 
CSR&RSA_ACT1: Deep Roots Analytics Proff.pdf
WhyntherZaynahPorche
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Stanford GSB Corporate Governance Research Initiative
 
Top 10 Biggest Data Breaches of all Times.pdf
senseacademy2
 
Top Law Firm Cyber Attacks Throughout History
Protected Harbor
 
Threatsploit Adversary Report January 2019
Briskinfosec Technology and Consulting Pvt Ltd
 
RSA Conference 2016 Review
Norman W. Mayes, CISSP, MCSE, ITIL
 
HE Mag_New Cyber Threats_ITSource
Brian Arellanes
 
2015 Labris SOC Annual Report
Labris Networks
 
Worst security data breaches till 2015 - SecPod
SecPod Technologies
 
Combating Phishing Attacks
Rapid7
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
tidwellveronique
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Alisha Deboer
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
BakerTillyConsulting
 
Ad

Recently uploaded (20)

PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PPTX
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
The various Industrial Revolutions .pptx
bandileshozi3
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
Unlock new opportunities with location data.pdf
Precisely
 
What is a Computer? Input Devices /output devices
GulJan8
 
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 

Biggest data breaches of 2015

  • 2. Anthem 80 million Ashley Madison 37 million OPM 21.5 million Experian 15 million Premera 11 million LastPass 7 million
  • 4. Anthem  Revealed in February (2015)  APT attack probably started in April 2014  5th largest data breach of all time  Breached data includes social security numbers, birthdays, street addresses, phone numbers and income data  Likely by Chinese hackers (Deep Panda)  Attackers created a bogus domain name, "we11point.com," (based onWellPoint, the former name ofAnthem) that may have been used in phishing-related attacks.
  • 6. Ashley Madison  A website that encourages people to cheat on their partners  A hacking group known as ImpactTeam stole private information  Hacked in July (2015)  Leaked 20 GB data inAugust (which had many social consequences including suicides)  Breached data includes e-mail addresses and account details  Suspects to be an insider attack but does not know for sure
  • 7. U.S. Office of Personal Management OPM 21.5 million
  • 8. U.S. Office of Personal Management  Attack started inApril 2014  Detected in May (2015) and notified in June (2015)  Breached data contains security clearance data of past and current federal workers - including fingerprints, Social Security numbers, addresses, employment history, and financial records  Believed to be originated from China  They have carried out two attacks
  • 10. Experian  The world’s largest consumer credit monitoring firm  Breach disclosed in October (2015)  Breached data includesT-Mobile customers who underwent credit checks by Experian (customer names, addresses, Social Security numbers, birthdays, and even sensitive identification numbers)  Consumer facing companies (e.g.T-mobile) should take more stringent measures to protect their data at data aggregators (e.g. Experian)  The attack seems to have originated in CourtVenture which Experian had acquired by a humanTrojan
  • 11. Premera Blue Cross Blue Shield Premera 11 million
  • 12. Premera Blue Cross Blue Shield  Occurred in May 2014, but discovered only in January  Disclosed in March  Breached data includes names, dates of birth, Social Security numbers, addresses, bank-account information and claim information, including clinical information  The same group that hackedAnthem seems to have carried out the attack  Customers are phished to a fake domain prennera.com  Fed had warned about security flaws before the attack, no action was taken
  • 14. LastPass  A cloud based password management company  Disclosed the attack in June (2015)  Breached data includes users’ email addresses, encrypted master passwords, and the reminder words and phrases that the service asks users to create for those master passwords  Due to strong encryption, breached users seem to safe, but the company advised users to reset their master passwords as a precautionary measure
  • 15. What to do in 2016?  Two of the breaches include state sponsored attacks – need better security infrastructures to protect and monitor government assets  Two of the breaches on healthcare data – hackers are after personal data – similar to government data, healthcare data needs to be better protected  Encrypt your data – LastPass leaked master passwords were strongly protected which averted a catastrophic consequence  Have good detection technologies in place – most of the attacks took months to discover  Take warnings seriously – Premera was warned, but did not take any actions before the attack happened  Make sure the same mistake does not happen again – Experian got hacked twice – not enough action after the first attack  Live online the same way you live offline – internet cannot hide you forever (Ashley Madison)