Major security breaches of 2015

Major security breaches of 2015

Many start the new year hoping for better things. Many could probably learn a lesson or two from the following companies who suffered dearly during 2015. This list does not cover all of the major breaches of the year, but it does underscore the damage that was done with merely a handful of them. We should start this 2016 by reviewing our security posture and think of how it can be improved.

Anthem and Premera Insurance Companies (February and March)

http://www.networkworld.com/article/2880366/security0/anthem-hack-personal-data-stolen-sells-for-10x-price-of-stolen-credit-card-numbers.html

http://www.networkworld.com/article/2898497/security0/hackers-compromise-18-million-medical-records-from-healthcare-provider-premera.html

With millions of records compromised between these two insurance companies, they represent the largest medical data breaches to date. Cyber thieves often look for insurance details like those stolen in these breaches, which can be sold for up to $1,000 dollars per record in the underground market—compare that to stolen credit cards which are worth between $20 and 200 dollars. Considering that health organizations spend less in security than banks, it seems hackers have found a gold mine in the healthcare industry.

U.S. government's Office of Personnel Management (July)

http://www.networkworld.com/article/2985542/security/opm-breach-4-5-million-more-individuals-open-to-future-fingerprint-abuse.html

22 million records on past and current employees stolen; 5 million of those included individuals' fingerprints.  Affected individuals include those in law enforcement and intelligence communities as well as anyone who applied for security clearance (including many at Micro Focus and Micro Focus' partners/customers that do work for the government!). Lack of good authentication and configuration controls have been cited as part of the problem in OPM's environment.

Ashley Madison (August)

http://www.scmagazineuk.com/why-should-enterprises-care-about-the-ashley-madison-breach/article/448362/

Unless you lived under a rock, you probably heard about this hack. More than 25 gigabytes of company data were stolen and user details leaked to the press and dark web. Besides being a hit on TV, which showed how people were being publicly humiliated, the consequences will extend to many other companies and services: alongside personally identifiable details, hackers also got away with users' passwords which as we all know are frequently re-used across sites. This underscores the risk of seeing many more breaches and identity thefts as a direct result of this breach.

T-Mobile and Experian (October)

http://www.wired.com/2015/10/hack-brief-hackers-steal-15m-t-mobile-customers-data-experian/

The well known ISP, along with its partner Experian (a credit bureau), suffered a major blow as 15 million records of T-Mobile users were stolen. While no credit card or banking details were included in the stolen records, the information that was stolen was enough to start a campaign of Identity Theft characterized by impersonating individuals and answering the security questions of various other service and banking providers. Experian itself has been breached several times and highlights how even major corporations who are security oriented can be breached by partnering with those that have lower security standards.

Scottrade (November)

http://www.zdnet.com/article/scottrade-hacked-about-4-6m-customers-notified-of-breach/

This retail brokerage firm had as many as 4.6 million clients compromised when it discovered the breach into its systems. While financial information such as client funds or trading platforms were not compromised, the details taken from the users have been very helpful for spammers looking to defraud people of their money with stock scams.

Juniper Networks and Fortinet Network Security (December 2015 and January 2016)

http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554

http://thehackernews.com/2016/01/fortinet-firewall-password-hack.html

This was one of the most interesting hacks of 2015. Juniper discovered that their embedded OS in networking and routing devices had a backdoor built in. Anybody who knew how to use this backdoor could not only gain admin privileges, but could decrypt VPN traffic. This showed that others could be using corporate networks for their own needs and at worst gathering sensitive information that was thought to be protected.

Not a month after the backdoor was discovered in Juniper devices, another backdoor was also publicly shared for Fortinet devices. Not actually a flaw in FortiOS, this backdoor turned out to be a method engineers had carelessly created to login to manage these devices. A python script was created and published, however, which immediately put immense pressure on network admins to get their gear updated as soon as possible.

World's Biggest Data Breaches (2004 - Present)

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

For a great visualization of a grand compendium of data breaches that spans a whole decade, visit this link at informationisbeatiful.net.

For more information to see how Micro Focus - NetIQ can help, visit us here at our website.
Tags (1)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2016-02-01 19:07
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.