If you feel like you have been hearing about a lot of major breaches this year, you are right. We are just over halfway through 2015 and, if we are being honest, it is shaping up to be another year of the data breach.
2015 data breaches
A breach can only be news for a few days before it is replaced with a new story, so in case you missed it or have forgotten, we have complied a list of this year’s biggest breaches so far and what we learned from each breach:
In February 2015, Anthem, the nation’s second-largest health insurance company, was hacked and nearly 80 million Americans had their information exposed – personal, financial and health information (healthcare data is the new credit card number). The company reported that the hackers had been in the system for at least several weeks and a human, not technology, discovered the breach; this goes to show that investing in cybersecurity technology AND talent has become a necessity for every company.
As if dealing with the IRS wasn’t painful enough, in May 2015 the IRS disclosed that hackers had gotten access to detailed tax-return information on 104,000 taxpayers. The one good thing to come of this breach was the hearing held on June 2, 2015. Law only requires that breached organizations reveal a small amount of information – how many records were breached or what types of data were stolen – but we rarely hear details on how the breach happened. This is the kind of information is what we really need to know as security professionals if we want to stay ahead of hackers and the IRS hearing provided us with it. The biggest lesson we learned from the details of the IRS breach was that breaches lead to more breaches.
Office of Personnel Management
The government is having a bad security year. In June 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of a data breach and the number of people who had their records stolen just keeps rising. Initially, the number was 4 million, but as of July 9, 2015, the number is at over 21 million. This is the largest government data breach in American history and we are just beginning to see the consequences of it. On July 10, 2015, Katherine Archuleta, director of OPM, resigned and currently OPM is trying get federal agencies to help them fund the cost of credit monitoring and related services/benefits for victims.
This breach is still fresh on everyone’s minds and details are still being exposed. What we know so far is that on July 20, 2015, reports came out that the dating website had been hacked. The hacking group, called The Impact Team, revealed that they have gotten access to all 37 million users’ personal and financial information and are threatening to expose it all. If that information comes out (some of which already has), you can bet Ashley Madison will not only lose all credibility as a company, but also face some serious lawsuits.
What do a majority of these breaches have in common? Company PR teams referred to the hackers as “sophisticated.” Obviously, with all these breaches and more, hackers in general are sophisticated – that is not an excuse for bad information security.