While politicians, pundits, law enforcement types, and tech moguls wrangle over things like encryption, cybersecurity personnel and corporation CEOs and chief Information Officers wring their hands over the growing problem of cybersecurity glitches and data hacks that reached epic proportions in 2015. What follows is a look at the biggest technical trespasses of the past year, which are costing companies millions.
Hong Kong’s Vtech Holdings made the list by virtue of a hack into its Learning Lodge location. This intrusion raised eyebrows, and sounded the alarm for parents who might not have been expecting this children’s site to be vulnerable. In all, 6.4 million identities were put at risk.
The hack into Scottrade in October that affected more than 4 million accounts, is more like the kind of attacks one would expect because the monetary motive is more apparent. What is alarming about the breach that spanned two years is that company officials didn’t have a clue that it had happened. It was only the action of federal law enforcement that brought the hack to light. Oddly, but fortunately, only names and addresses were stolen- not Social Security or other financial information such as trading histories. As a mea culpa, the company offered a year’s free identity-theft protection to customers.
Government agencies were not immune from hacking. The Federal Aviation Administration (FAA) was the target of an attack by malware sent via emails in February. Unfortunately for the traveling public, the FAA’s own in internal auditing acknowledges it is ripe and vulnerable to further illegal intrusions.
Another arm of government to feel the sting of cybercriminals, in which comprehensive personal data was compromised occurred in the Spring, was when the mighty IRS was humbled by hackers. This brazen breach affected 330,000 accounts, in which sensitive information, including Social Security numbers and birth dates, was compromised. The US Army’s twitter account and the St Louis Federal Reserve bank also experienced attacks last year.
But perhaps the biggest fallout among government calamities was registered by the Office of Personnel Management (OPM) in which more than a whopping 22 million identities were laid open to hackers. The OPM says breaches affected people who had applied for government jobs or security clearances. Data from some applicants’ family members was also stolen, making matters worse. Even fingerprints and healthcare histories were downloaded. The scope of the hack was so widespread that the OPM’s director fell on her sword and resigned.
There were some other noteworthy cyber incursions to be sure. The drug retailer, CVS’s hack was far-reaching enough to affect retailing giants like Rite-Aid and mighty Wal-Mart. And in the attack on Anthem Healthcare, the intruders used their employees’ logins and passwords to gain entry. It was truly frightening.
But the one hack that caused perhaps the most pain and angst, had the greatest fallout and spawned the longest news cycle was the hack of mating website Ashley Madison over the summer In that notorious episode, in addition to the usual data divulged, were profiles and credit card information that caused heartache and heartache for potentially millions outed by the breach. In the end, the number may have reached 14 million – no one can say with certainty.
Some things are apparent. Cybercriminals are becoming more sophisticated, and many companies are going to have to beef-up their security measures as a result. Also, many patrons of sites are going to have to give a lot more thought before parting with precious personal information in the future, or 2016 may make last year seem like a picnic by comparison…