Invisibits, profile picture
Uploaded byInvisibits
604 views

Biggest data breaches of 2015

In 2015, several significant data breaches occurred, affecting millions, including Anthem (80 million records), Ashley Madison (37 million), and the U.S. Office of Personnel Management (21.5 million). Most breaches involved sensitive personal information and were attributed to various cybercriminals, including suspected state-sponsored hackers. Recommendations for improved security include better encryption, detection technologies, and heeding warnings about potential vulnerabilities.

Embed presentation

Downloaded 12 times
InvisiBits 12/30/2015 Biggest Data Breaches of 2015
Anthem 80 million Ashley Madison 37 million OPM 21.5 million Experian 15 million Premera 11 million LastPass 7 million
Anthem Anthem 80 million
Anthem  Revealed in February (2015)  APT attack probably started in April 2014  5th largest data breach of all time  Breached data includes social security numbers, birthdays, street addresses, phone numbers and income data  Likely by Chinese hackers (Deep Panda)  Attackers created a bogus domain name, "we11point.com," (based onWellPoint, the former name ofAnthem) that may have been used in phishing-related attacks.
Ashley Madison Ashley Madison 37 million
Ashley Madison  A website that encourages people to cheat on their partners  A hacking group known as ImpactTeam stole private information  Hacked in July (2015)  Leaked 20 GB data inAugust (which had many social consequences including suicides)  Breached data includes e-mail addresses and account details  Suspects to be an insider attack but does not know for sure
U.S. Office of Personal Management OPM 21.5 million
U.S. Office of Personal Management  Attack started inApril 2014  Detected in May (2015) and notified in June (2015)  Breached data contains security clearance data of past and current federal workers - including fingerprints, Social Security numbers, addresses, employment history, and financial records  Believed to be originated from China  They have carried out two attacks
Experian Experian 15 million
Experian  The world’s largest consumer credit monitoring firm  Breach disclosed in October (2015)  Breached data includesT-Mobile customers who underwent credit checks by Experian (customer names, addresses, Social Security numbers, birthdays, and even sensitive identification numbers)  Consumer facing companies (e.g.T-mobile) should take more stringent measures to protect their data at data aggregators (e.g. Experian)  The attack seems to have originated in CourtVenture which Experian had acquired by a humanTrojan
Premera Blue Cross Blue Shield Premera 11 million
Premera Blue Cross Blue Shield  Occurred in May 2014, but discovered only in January  Disclosed in March  Breached data includes names, dates of birth, Social Security numbers, addresses, bank-account information and claim information, including clinical information  The same group that hackedAnthem seems to have carried out the attack  Customers are phished to a fake domain prennera.com  Fed had warned about security flaws before the attack, no action was taken
LastPass LastPass 7 million
LastPass  A cloud based password management company  Disclosed the attack in June (2015)  Breached data includes users’ email addresses, encrypted master passwords, and the reminder words and phrases that the service asks users to create for those master passwords  Due to strong encryption, breached users seem to safe, but the company advised users to reset their master passwords as a precautionary measure
What to do in 2016?  Two of the breaches include state sponsored attacks – need better security infrastructures to protect and monitor government assets  Two of the breaches on healthcare data – hackers are after personal data – similar to government data, healthcare data needs to be better protected  Encrypt your data – LastPass leaked master passwords were strongly protected which averted a catastrophic consequence  Have good detection technologies in place – most of the attacks took months to discover  Take warnings seriously – Premera was warned, but did not take any actions before the attack happened  Make sure the same mistake does not happen again – Experian got hacked twice – not enough action after the first attack  Live online the same way you live offline – internet cannot hide you forever (Ashley Madison)

More Related Content

PPTX
Data breach
bysrushtikadu1
 
PPTX
Data Breach
byKinza Erum
 
PPTX
Online Identity Theft
byDanielle Jobe
 
PDF
Open Web Data Feeds for Cybersecurity & Homeland Security Intelligence
byOhad Flinker
 
PPTX
Top data breaches in 2013
byShoplet_
 
DOCX
Cybercriminals Are Lurking
byCharlie Lewis M.S.
 
PDF
10 Steps to Creating a Corporate Phishing Awareness Program
byWiley
 
PPTX
Effective Anti-Phishing Strategies and Exercises - FISSEA 2017 Conference
byPaubox, Inc.
 
Data breach
bysrushtikadu1
 
Data Breach
byKinza Erum
 
Online Identity Theft
byDanielle Jobe
 
Open Web Data Feeds for Cybersecurity & Homeland Security Intelligence
byOhad Flinker
 
Top data breaches in 2013
byShoplet_
 
Cybercriminals Are Lurking
byCharlie Lewis M.S.
 
10 Steps to Creating a Corporate Phishing Awareness Program
byWiley
 
Effective Anti-Phishing Strategies and Exercises - FISSEA 2017 Conference
byPaubox, Inc.
 

What's hot

DOCX
Cybercrime blog
byCharlie Lewis M.S.
 
PPTX
Cyber crime final
byZeeshan Ahmed
 
PPTX
Phishing awareness
byPhishingBox
 
PDF
DATA LEAK - WHAT IS IT, PREVENTION AND SOLUTIONS
bySprintzeal
 
PDF
Type of Threat Actor
bySOCRadar Inc
 
PDF
Digital Gen: Security Infographic
byUnisys Corporation
 
PPTX
Email phishing and countermeasures
byJorge Sebastiao
 
PPTX
Phishing ppt
bySanjay Kumar
 
PPTX
Phishing technique tanish khilani
byTanish Khilani
 
PPT
Mod7 Lab Kohne
byguestc6d29da4
 
PPTX
5 Cybersecurity Threats Your Business Can't Afford to Ignore
byWSI WebAnalys
 
DOCX
Five cyber threats to be careful in 2018
byRonak Jain
 
PDF
PhishingBox Presents 'What is Phishing' 2017
byRyan Hardesty
 
PPT
Cyber law
byidealk
 
PPTX
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
byKevin Duffey
 
PDF
Prevent phishing scams
byronpoul
 
PPTX
Social Engineering
byManish Chauhan
 
PPTX
The COVID-19 Phishing Threats to Watch Out For
byBeth Rigby
 
Cybercrime blog
byCharlie Lewis M.S.
 
Cyber crime final
byZeeshan Ahmed
 
Phishing awareness
byPhishingBox
 
DATA LEAK - WHAT IS IT, PREVENTION AND SOLUTIONS
bySprintzeal
 
Type of Threat Actor
bySOCRadar Inc
 
Digital Gen: Security Infographic
byUnisys Corporation
 
Email phishing and countermeasures
byJorge Sebastiao
 
Phishing ppt
bySanjay Kumar
 
Phishing technique tanish khilani
byTanish Khilani
 
Mod7 Lab Kohne
byguestc6d29da4
 
5 Cybersecurity Threats Your Business Can't Afford to Ignore
byWSI WebAnalys
 
Five cyber threats to be careful in 2018
byRonak Jain
 
PhishingBox Presents 'What is Phishing' 2017
byRyan Hardesty
 
Cyber law
byidealk
 
Equifax Breach - Lessons - Cyber Rescue - 16th may 2018
byKevin Duffey
 
Prevent phishing scams
byronpoul
 
Social Engineering
byManish Chauhan
 
The COVID-19 Phishing Threats to Watch Out For
byBeth Rigby
 

Similar to Biggest data breaches of 2015

PDF
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
byDulanja Liyanage
 
PDF
wp-follow-the-data
byNumaan Huq
 
PDF
wp-analyzing-breaches-by-industry
byNumaan Huq
 
PPTX
8 Nastiest Data Breaches In 2015
byIdentacor
 
PPTX
NumaanHuq_Hackfest2015
byNumaan Huq
 
PDF
Breach level index_report_2017_gemalto
byJonas Mercier
 
PDF
Worst security data breaches till 2015 - SecPod
bySecPod Technologies
 
PPTX
15 Most Outrageous Data Loss Incidents
byDatto
 
PDF
Can domain intelligence help healthcare service providers combat data breaches
byWhoisXML API
 
PDF
Top 10 Biggest Data Breaches of all Times.pdf
bysenseacademy2
 
PPTX
cyber attacks analysis top five organization affected by cyber attacks
bypinterestjos
 
PPTX
cyber attacks In-depth Report on five organizations affected by cyber attacks
bypinterestjos
 
PPTX
Target data breach presentation
bySreejith Nair
 
PDF
Risky Business
bySamantha Park
 
PDF
IBM X-Force Threat Intelligence Report 2016
bythinkASG
 
PPTX
Baker Tilly Presents: Emerging Trends in Cybersecurity
byBakerTillyConsulting
 
PDF
cyber attacks In-depth Report on five organizations affected by cyber attacks
bypinterestjos
 
PDF
cyber attacks analysis top five organization affected by cyber attacks
bypinterestjos
 
PPTX
RSA Conference 2016 Review
byNorman W. Mayes, CISSP, MCSE, ITIL
 
PPTX
Data breach
byBurhan Ahmed
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
byDulanja Liyanage
 
wp-follow-the-data
byNumaan Huq
 
wp-analyzing-breaches-by-industry
byNumaan Huq
 
8 Nastiest Data Breaches In 2015
byIdentacor
 
NumaanHuq_Hackfest2015
byNumaan Huq
 
Breach level index_report_2017_gemalto
byJonas Mercier
 
Worst security data breaches till 2015 - SecPod
bySecPod Technologies
 
15 Most Outrageous Data Loss Incidents
byDatto
 
Can domain intelligence help healthcare service providers combat data breaches
byWhoisXML API
 
Top 10 Biggest Data Breaches of all Times.pdf
bysenseacademy2
 
cyber attacks analysis top five organization affected by cyber attacks
bypinterestjos
 
cyber attacks In-depth Report on five organizations affected by cyber attacks
bypinterestjos
 
Target data breach presentation
bySreejith Nair
 
Risky Business
bySamantha Park
 
IBM X-Force Threat Intelligence Report 2016
bythinkASG
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
byBakerTillyConsulting
 
cyber attacks In-depth Report on five organizations affected by cyber attacks
bypinterestjos
 
cyber attacks analysis top five organization affected by cyber attacks
bypinterestjos
 
RSA Conference 2016 Review
byNorman W. Mayes, CISSP, MCSE, ITIL
 
Data breach
byBurhan Ahmed
 

Recently uploaded

PPTX
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
The year in review - MarvelClient in 2025
bypanagenda
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 

Biggest data breaches of 2015

  • 1.
  • 2.
    Anthem 80 million Ashley Madison 37million OPM 21.5 million Experian 15 million Premera 11 million LastPass 7 million
  • 3.
  • 4.
    Anthem  Revealed inFebruary (2015)  APT attack probably started in April 2014  5th largest data breach of all time  Breached data includes social security numbers, birthdays, street addresses, phone numbers and income data  Likely by Chinese hackers (Deep Panda)  Attackers created a bogus domain name, "we11point.com," (based onWellPoint, the former name ofAnthem) that may have been used in phishing-related attacks.
  • 5.
  • 6.
    Ashley Madison  Awebsite that encourages people to cheat on their partners  A hacking group known as ImpactTeam stole private information  Hacked in July (2015)  Leaked 20 GB data inAugust (which had many social consequences including suicides)  Breached data includes e-mail addresses and account details  Suspects to be an insider attack but does not know for sure
  • 7.
    U.S. Office ofPersonal Management OPM 21.5 million
  • 8.
    U.S. Office ofPersonal Management  Attack started inApril 2014  Detected in May (2015) and notified in June (2015)  Breached data contains security clearance data of past and current federal workers - including fingerprints, Social Security numbers, addresses, employment history, and financial records  Believed to be originated from China  They have carried out two attacks
  • 9.
  • 10.
    Experian  The world’slargest consumer credit monitoring firm  Breach disclosed in October (2015)  Breached data includesT-Mobile customers who underwent credit checks by Experian (customer names, addresses, Social Security numbers, birthdays, and even sensitive identification numbers)  Consumer facing companies (e.g.T-mobile) should take more stringent measures to protect their data at data aggregators (e.g. Experian)  The attack seems to have originated in CourtVenture which Experian had acquired by a humanTrojan
  • 11.
    Premera Blue CrossBlue Shield Premera 11 million
  • 12.
    Premera Blue CrossBlue Shield  Occurred in May 2014, but discovered only in January  Disclosed in March  Breached data includes names, dates of birth, Social Security numbers, addresses, bank-account information and claim information, including clinical information  The same group that hackedAnthem seems to have carried out the attack  Customers are phished to a fake domain prennera.com  Fed had warned about security flaws before the attack, no action was taken
  • 13.
  • 14.
    LastPass  A cloudbased password management company  Disclosed the attack in June (2015)  Breached data includes users’ email addresses, encrypted master passwords, and the reminder words and phrases that the service asks users to create for those master passwords  Due to strong encryption, breached users seem to safe, but the company advised users to reset their master passwords as a precautionary measure
  • 15.
    What to doin 2016?  Two of the breaches include state sponsored attacks – need better security infrastructures to protect and monitor government assets  Two of the breaches on healthcare data – hackers are after personal data – similar to government data, healthcare data needs to be better protected  Encrypt your data – LastPass leaked master passwords were strongly protected which averted a catastrophic consequence  Have good detection technologies in place – most of the attacks took months to discover  Take warnings seriously – Premera was warned, but did not take any actions before the attack happened  Make sure the same mistake does not happen again – Experian got hacked twice – not enough action after the first attack  Live online the same way you live offline – internet cannot hide you forever (Ashley Madison)