We wrapped up 2014 thinking that we had put behind a record year in cyber-attacks and data-breaches, something that wasn’t likely to be repeated for some time to come. But 2015 proved us wrong, and came through with a new slew of hacks that dwarfed 2014 both in size and severity. Furthermore, the targeted audience of hack attacks grew vaster, with cheaters, children, and even hackers themselves joining the ranks of victims.
Here are some of the worst hacks we saw in 2015. Let’s hope for a safer year in 2016.
The OPM hack spills information of millions of U.S. federal employees
In May, the U.S. Office of Personnel Management, the body that oversees data belonging to U.S. government employees, revealed that it had been the victim of a data breach. It was later confirmed that information belonging to more than 21 million people were stolen, which included fingerprints data for more than 5.6 million people. With all the facts hinting at the Chinese government being behind the attack, the U.S. was forced to call back its spies from China.
Analyses show that the hack was made possible through the negligence and weak security measures adopted by OPM, a fact that eventually led to the resignation of its head, Katherine Archuleta.
The Hacking Team data-breach: When hackers get hacked
Italian surveillance company Hacking Team, which is a long-time vendor of spying gear and technology to government agencies and has a controversial history of providing services to oppressive governments, was hacked in July by a hacker going by the codename PhineasFisher.
The data-breach first surfaced on the firm’s Twitter account – which had gotten hacked too – where screenshots of emails and links to more than 400 gigabytes of stolen data were posted. Among the exposed data were correspondence between Hacking Team and some of its questionable customers, and also the source code to some of the firm’s most intrusive hacking tools, including the RCSAndroid spying tool.
The VTech hack: Not even children are safe anymore
In late November, electronic toy manufacturer VTech acknowledged that it had been the target of a major data breach, which had resulted in the theft of 5 million customer accounts and user profiles for 6.3 million kids connected to those accounts. The company later declared that it had fixed the problem, but not before the selfies, chat logs and home addresses of so many children found their way into the hacker’s repository. Luckily, the hacker had the grace to not publish the data online and told Vice Motherboard that he solely wanted to expose the poor security practices of VTech.
Kaspersky Lab data-breach: When hunters become the hunted
This was another state-backed hacking venture, with Israel being the most likely perpetrator of the attack. The Moscow-based tech firm Kaspersky Labs, which had previously helped uncover some of the most secretive and high-profile government-led cyberattacks, was breached by attackers who were allegedly after intelligence about nation-state attacks the company was investigating. The intruders were apparently also looking for information about how Kaspersky’s detection software worked.
The Ashley Madison hack: Millions of cheaters exposed
A group of hackers called Impact Team broke into the infamous affair website Ashley Madison, and later published a 30 gigabyte trove of data that include the names of site users, internal emails, credit card transaction details. The true identities of millions users were exposed, which led to several cases of blackmail and suicide among the desperate victims. The breach again showed the negligence exercised by the site owners made the hack possible, and its faulty full delete service only made things worse. The company was later hit by several lawsuits from customers furious at site of having failed to protect their data.
The Anthem hack: The worst healthcare data-breach in 2015
2015 was a record year in healthcare data breaches, with more than 55 recorded cases and 100 million records stolen. Healthcare provider Anthem, billed as the second largest in the U.S., took the lion’s share of the hacks, with more than 80 million customer records stolen, which included Social Security numbers, birth dates, addresses and income data. Healthcare data breaches are especially dangerous as they open up a wide array of possibilities for the hackers to target the victims, including insurance fraud, social engineering attacks, and even blackmailing over the exposure of sensitive medical data. This particular attack had many similarities with the OPM hack, which has led experts to believe the same Chinese hackers were behind it.