The top 10 hacks of 2015
As 2015 draws to a close, let’s take a look at the 10 top hacks of the year according to techradar.com, from the salacious to the scary, and even one that wasn’t so bad but illustrates just how vulnerable our connected lives can be. Have corporations gotten any betterat looking out for the best interest of consumers, or are we still living on the edge?
1. Ashley Madison
The Ashley Madison hack was the most publicized hack of the year, due largely to the nature of the site: it’s essentially a service for those looking to cheat on their significant other with someone they find on site. There’s some irony to the fact that it was hacked, which of course wasn’t lost on the perpetrators.
It’s important to note that while 32 million accounts were hacked, it’s not known exactly how many people were affected: a seemingly large number of female user accounts were made up, a ploy to entice men to use the site. Other female accounts were largely inactive.
In February, Anthem disclosed it had suffered a breach that resulted in the personal information of 78.8 million people being stolen, making this hack easily the largest on our list.
Not only were Anthem’s own customers put at risk, but as many as 18.8 million people who members of other Blue Cross or Blue Shield health plans and had used their insurance in a state where Anthem operates may have been put at risk. That figure is included in the 78.8 million.
3. Fiat Chrysler
In June, a story was published by WIRED that involved journalist Andy Greenberg driving a Jeep that was remotely hacked via the car’s internet connection. The two hackers involved were Charlie Miller and Chris Valasek, who didn’t have any malicious intent, but instead aimed to warn users that their cars were vulnerable in the same way as their computers. Like a hacker can take control of a computer, Miller and Valasek were able to completely take over the Jeep, including sending commands to the car’s steering, brakes and transmission.
4. Internal Revenue Service
In August, the IRS reported that it too had suffered a hack, and while the agency first reported 114,000 people were affected by the breach, it later increased that figure to 334,000.
While the IRS did say that 334,000 accounts were compromised, it wasn’t unable to say whether information from those accounts was stolen.
The hackers themselves reportedly made use of the IRS’ own system, Get Transcript, which allows users to view their tax transactions and return information for any given year. While users have to answer a number of identifying questions to see this information, the hackers found those answers from other sources and were able to access the IRS accounts.
5. US Office Of Personnel Management
The hack of the US Office of Personnel Management, which manages employees of the US federal government and government agencies, was first reported in June. While the office itself first announced that 4 million people were affected, the FBI later put the number at around 18 million.
As far as what data was stolen, the OPM reported Social Security numbers, names, addresses and dates of birth of federal employees were taken, however it was later reported that the hack likely involved security clearance-related background information as well, meaning that non-employees who underwent background checks could have been affected, too.
6. Premera Blue Cross
The second health insurance provider on the list, Premera Blue Cross revealed that it was the victim of a cyber attack back in March. According to the company, as many as 11 million customers had their information breached as part of the hack.
Premera said data such as banking details, Social Security information, birth dates, and even clinical information was stolen. In fact, while the Anthem hack was larger by scale, it didn’t include medical information, making the Premera hack the largest to involve medical data to date.
Around 6 million of the people whose information was stolen were residents of Washington state, and included employees from Amazon, Microsoft and Starbucks.
A password management service like LastPass is probably the last account you want to be hacked. Unfortunately, that’s exactly what happened earlier this year, as LastPass disclosed in June that it had been breached.
While the service did detect an intrusion on its servers, it reported that passwords for other services stored in its database should be safe. The hackers did take email addresses, password reminders, and authentication hashes, as well as master passwords. Impacted users were instructed to immediately change their master password when they were informed of the hack. LastPass also said the authentication hashes that were stolen should be encrypted strongly enough to prevent hackers from using them to access accounts.
It didn’t disclose how many people were affected by the breach, and anyone with a LastPass account should have changed their password to the service at the time.
8. UCLA Health
The UCLA Health hack, disclosed in July of this year, is the third such breach on this list, resulting in an unsettling trend of health care provider systems being compromised more frequently. In this instance, hackers gained access to the personal information of a hefty 4.5 million users.
Information like names, Social Security and Medicare numbers, physical addresses, and health plan IDs were all potentially stolen.
The hackers first slipped into the system in September of 2014, and around a month later the computers detected suspicious activity. At that point, UCLA called in the help of the FBI, and in May, the university discovered the hackers accessed computers housing sensitive records.
UCLA says it’s not sure if any records were actually stolen, but if the hackers successfully breached the system, there’s a good chance they were.
9. Carphone Warehouse
UK phone store Carphone Warehouse disclosed in August that it suffered a hack, reporting that around 2.4 million customers may have had their personal information compromised. Not only that, but the retailer also warned the encrypted credit card details of around 90,000 people may have been taken.
(Credit: Wikimedia Commons)
While in other cases on this list companies and agencies waited months to disclose a hack, Carphone disclosed the hack to customers days after discovering it.
Among the information stolen were names, dates of birth, addresses and bank details. Customers whose information was compromised in the attack were contacted by Carphone Warehouse, and if a customer didn’t hear from the company, they don’t need to worry.
All of the hacks up till now had one thing in common – they’re prime target was adults. The VTech hack, however, raised the creepy factor to a whole new level as it exposed the personal information of 6.4 million children.
As part of the hack, the company’s “Learning Lodge” app store and “Kid Connect” messaging system were breached. According to VTech, information about children’s names, gender and birth dates was accessed. Data was also stolen about many of the children’s parents, including names, mailing addresses, encrypted passwords and secret questions and answers for password retrieval.
While the attack is horribly scary, especially for parents, it will hopefully prompt toy companies like VTech to take a serious look at their security measures. The hack, according to some experts, should also serve as a wake up call for families.