Though 2015 was considered the year of the largest security breaches, 2016 wasn’t without its own, with several sizable hacks occurring in a variety of industries ranging from government and health care to email servers and even social apps. One standout trend seen in many data breeches this year was companies uncovering hacks that had occurred not in 2016 but in previous years. Here’s a timeline outlining five of the biggest security breaches we saw this year.
February 8: FBI Homeland Security
According to a CNN report, hackers initially threatened and then followed through publishing 20,000 FBI employees’ contact information on a recently created Twitter account, @DotGov. This came just a day after a similar personal data release of nearly 10,000 Department of Homeland Security employees. It’s likely the same group is responsible for both breaches. The hackers using the @DotGov account taunted the FBI, claiming they received the information after hacking into the Department of Justice database and email. Further tweets from the account provided a possible motive behind the hack- “When will the U.S. government realize we won’t stop until they cut relations with Israel.”
March 3: Snapchat
On March 3, a hacker posed as Snapchat chief executive in an email and tricked a payroll department employee into sending over private information of 700 current and former Snapchat employees, including names, social security numbers and wage data. While no user information was leaked, this is not the first time the app has experienced security breaches, although it is the first that attacked the company’s employees rather than users. Snapchat apologized for the most recent incident, reported it to the FBI and promised to “redouble [their] already rigorous training programs around privacy and security” in the weeks following the hack.
March 10: 21st Century Oncology
Based in Fort Meyers, Florida, 21st Century Oncology announced that the company’s system was breeched in October 2015. The company, which offers cancer care services, admitted in an online statement that the hacker received access to 2.2 million patient accounts which detail everything from social security numbers and insurance information, to diagnosis and treatment information. Although the breech was discovered a month after it occurred, the FBI discouraged the company, from revealing the incident until the investigation was closed. Luckily, none of the information appears to have yet been leaked to the greater public or used in any way. The company offered one year of free identity theft protection services to potentially affected clients as a precaution.
September 22: Yahoo
This year Yahoo uncovered not one but two hacks that had occurred in previous years. First, on September 22, Yahoo confirmed that data from more than 500 million user accounts had been stolen in late 2014, allegedly by a “state-sponsored actor,” meaning an individual acting on behalf of the government. In a statement released on September 23, Yahoo said they had notified potentially effected users, encouraged password changes and provided a list of other security recommendations. The company also assured users that they were working closely with law enforcement on the investigation.
December 14: Yahoo, again
Three months later, Yahoo discovered a data breach even larger than the one they uncovered in September. This incident, now the largest data breach in history, reveals that an unauthorized third party stole the personal information of over one billion users in 2013. Once again, Yahoo encouraged current account holders to change their passwords and follow their security recommendations.
Data and security breaches can happen to anyone and the new year is a great time to brush up on ways to keep your company’s information secure. Check out our blog for more security suggestions and industry news.