The worst data-breaches that defined 2015

7562831366_66f986c3ea_oWe wrapped up 2014 thinking that we had put behind a record year in cyber-attacks and data-breaches, something that wasn’t likely to be repeated for some time to come. But 2015 proved us wrong, and came through with a new slew of hacks that dwarfed 2014 both in size and severity. Furthermore, the targeted audience of hack attacks grew vaster, with cheaters, children, and even hackers themselves joining the ranks of victims.

Here are some of the worst hacks we saw in 2015. Let’s hope for a safer year in 2016.

The OPM hack spills information of millions of U.S. federal employees

In May, the U.S. Office of Personnel Management, the body that oversees data belonging to U.S. government employees, revealed that it had been the victim of a data breach. It was later confirmed that information belonging to more than 21 million people were stolen, which included fingerprints data for more than 5.6 million people. With all the facts hinting at the Chinese government being behind the attack, the U.S. was forced to call back its spies from China.

Analyses show that the hack was made possible through the negligence and weak security measures adopted by OPM, a fact that eventually led to the resignation of its head, Katherine Archuleta.

The Hacking Team data-breach: When hackers get hacked

Italian surveillance company Hacking Team, which is a long-time vendor of spying gear and technology to government agencies and has a controversial history of providing services to oppressive governments, was hacked in July by a hacker going by the codename PhineasFisher.

The data-breach first surfaced on the firm’s Twitter account – which had gotten hacked too – where screenshots of emails and links to more than 400 gigabytes of stolen data were posted. Among the exposed data were correspondence between Hacking Team and some of its questionable customers, and also the source code to some of the firm’s most intrusive hacking tools, including the RCSAndroid spying tool.

The VTech hack: Not even children are safe anymore

In late November, electronic toy manufacturer VTech acknowledged that it had been the target of a major data breach, which had resulted in the theft of 5 million customer accounts and user profiles for 6.3 million kids connected to those accounts. The company later declared that it had fixed the problem, but not before the selfies, chat logs and home addresses of so many children found their way into the hacker’s repository. Luckily, the hacker had the grace to not publish the data online and told Vice Motherboard that he solely wanted to expose the poor security practices of VTech.

Kaspersky Lab data-breach: When hunters become the hunted

This was another state-backed hacking venture, with Israel being the most likely perpetrator of the attack. The Moscow-based tech firm Kaspersky Labs, which had previously helped uncover some of the most secretive and high-profile government-led cyberattacks, was breached by attackers who were allegedly after intelligence about nation-state attacks the company was investigating. The intruders were apparently also looking for information about how Kaspersky’s detection software worked.

The Ashley Madison hack: Millions of cheaters exposed

A group of hackers called Impact Team broke into the infamous affair website Ashley Madison, and later published a 30 gigabyte trove of data that include the names of site users, internal emails, credit card transaction details. The true identities of millions users were exposed, which led to several cases of blackmail and suicide among the desperate victims. The breach again showed the negligence exercised by the site owners made the hack possible, and its faulty full delete service only made things worse. The company was later hit by several lawsuits from customers furious at site of having failed to protect their data.

The Anthem hack: The worst healthcare data-breach in 2015

2015 was a record year in healthcare data breaches, with more than 55 recorded cases and 100 million records stolen. Healthcare provider Anthem, billed as the second largest in the U.S., took the lion’s share of the hacks, with more than 80 million customer records stolen, which included Social Security numbers, birth dates, addresses and income data. Healthcare data breaches are especially dangerous as they open up a wide array of possibilities for the hackers to target the victims, including insurance fraud, social engineering attacks, and even blackmailing over the exposure of sensitive medical data. This particular attack had many similarities with the OPM hack, which has led experts to believe the same Chinese hackers were behind it.


  1. […] こうした問題は2FAやMFAの広汎な採用を妨げるハードルとなっている。その結果、何百万ものアカウントが低いセキュリティーのまま放置され、簡単に乗っ取られる結果も招いている。 年間の統計では、2015年だけでも、ハッカーの攻撃により、2000万ものアカウント情報がリークしている。 […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.