The biggest breaches of 2016

2015 was a rough year for many businesses getting hit by data breaches—two notable attacks included the scandalous Ashley Madison hack and the extortion attack on Sony. Many businesses buckled down on their security measures and focuses on protecting their organizations from these sorts of attacks, but as security measures became more advanced, so do the cyber hackers. And so, we still had some pretty big stories when it came to the same types of breaches in 2016 as well.

Here is a look at some of the major data breaches this year:

Attacks on higher ed

University of Central Florida
February 8, 2016
At the beginning of February 2016, the University of Central Florida announced a data breach that affected approximately 63,000 current and former students, faculty, and staff. The breach was discovered in January, but before making the incident public, the university reported it to law enforcement and conducted an internal investigation. Unknown cyber criminals compromised the university’s computer system and stole a variety of information including Social Security numbers, first and last names, and student/employee ID numbers.

UC Berkeley
February 29, 2016
The financial data of more than 80,000 University of California, Berkeley students, alumni, employees, and school officials was compromised around December 2015 and announced to the public in February 2016. The school says that although it was clear their system was hacked, it does not appear that any information was stolen. Those who may have been affected were notified and encouraged to keep an eye on their personal information.

Attacks on social media channels

Snapchat
March 3, 2016
700 current and former Snapchat employees had their personal information stolen when hackers used a phishing scam to trick an employee into e-mailing them the private data. Posing as Snapchat chief executive Evan Spiegel, the attackers simply requested — and received — sensitive employee information including names, Social Security numbers, and wage/payroll data. It is presently unclear who is responsible for the attack or how they may use the information they stole, but we know the consequences of that breach lasted longer than 10 seconds.

LinkedIn
May 17, 2016
A 2012 data breach came back to haunt LinkedIn when 117 million email and password combinations stolen by hackers four years ago popped up online. At the time the breach occurred, members who had been affected were told to reset their passwords. That information then became publicly available in May 2016. LinkedIn acted quickly to invalidate passwords of all LinkedIn accounts that were created prior to the 2012 breach and had not undergone a reset since the breach. It is not clear who stole the information or published it online, but LinkedIn is actively working with law enforcement officials.

Attacks on US government

U.S. Department of Justice
February 9, 2016
Hackers angry about U.S. relations with Israel tried to call attention to their cause in February 2016 by breaching the U.S. Department of Justice’s database. CNN reported the hackers released data on 10,000 Department of Homeland Security employees one day, and then released data on 20,000 FBI employees the next day. Information stolen included names, titles, phone numbers, and e-mail addresses; the Department of Justice does not believe that any sensitive information, like Social Security numbers, was obtained.

Internal Revenue Service
February 29, 2016
The Internal Revenue Service (IRS) announced that the data breach they uncovered in May 2015 was much larger than initially believed. In May, the IRS said over 100,000 American taxpayers had their personal information compromised when the agency’s “Get Transcript” system was hacked. However, in February 2016, those numbers have been increased to over 700,000. The IRS thinks a sophisticated Russia-based criminal operation is responsible for the data breach and that identities were stolen to file fraudulent tax returns in the future.

This post highlights two breaches from 3 different industries—do you know if your industry is more prone to attacks than others? Prepare yourself and your business for 2017 by attending the professional conference of choice for comprehensive security and risk management education.