Who Lost Your Data In 2015?

Category: Privacy , Security

It’s probable that your personal data was leaked this year. In 2015, over one billion personal records were illegally accessed, up 54% from the previous year. The stolen data included financial and medical data, email addresses, Social Security Numbers, and more sensitive information. Learn more and find out if YOUR personal info was leaked...

Major Data Breaches of 2015

While a final count of 2015’s looting is not yet available, we can look back on some of the biggest data breaches that occurred this year -- at least, the ones that we know of.

Most recently, tech toy maker Vtech was hacked in late November. The records of 4.8 million adult customers were stolen, but even worse is the theft of 6.4 million children’s profiles, many containing their parents' names, email addresses and home addresses, and the kids’ birthdays, names, and genders. Vtech says that the kids’ photos and chat logs it stores are encrypted. However, it seems that their encryption is easily cracked. Fortunately, this breech seems to be the work of a “white hat” hacker who has pledged not to release the stolen data.

Anthem, the second largest health insurer in the U. S., lost the records of 80 million subscribers and 19 million non-subscribers in February, 2015, to take an early lead in the “biggest data breach” race. The stolen data included client names, dates of birth, physical and email addresses, medical IDs and Social Security numbers. (For more on that, see Medical Identity Theft On The Rise.)
Data Breach - Hacker

For over a year, hackers quietly siphoned the credit card data of guests of Donald Trump’s chain of hotels. The breach was discovered and closed in June, 2015, but went unreported until the end of September.

Lawsuits were filed in October on behalf of 15 million T-mobile customers whose credit histories were stolen from Experian, a credit reporting agency that T-mobile used for credit checks. Ironically, Experian makes $4 billion a year off its “data protection services.”

Were YOU Breached?

Stock brokerage firm Scottrade informed 4.6 million customers of a data breach that lasted for several months, from late 2013 until February, 2014. Incredibly, Scottrade didn’t know it had been hacked until the FBI notified the company in August, 2015. Four crooks were indicted in November on charges of hacking Scottrade, JPMorgan Chase, and other financial firms.

Were you personally affected by any of the 2015 data breaches? Search the Have I Been Pwned? database to see if you have a compromised account.

I also strongly recommend that you see my articles on How To Get Your Free Credit Report and 10 Tips for Identity Theft Protection.

I needn’t do more than mention the Ashley Madison hack, right? Couldn’t happen to a nicer 37 million people looking to cheat on their spouse or significant other.

In mid-July drugstore CVS shut down its online photo processing website and warned customers that their personal data, including credit card number, “may have been” stolen from a third-party contractor, Canada-based PNI Digital Media, which ran the photo service for CVS. The photo sites of Rite Aid, Costco and Wal-Mart Canada also were affected. PNI is owned by office supplies giant Staples.

Los Angeles-based UCLA Health didn’t even encrypt the health data of 4.5 million patients. The network for four Southern California hospitals announced in July, 2015, that it was hacked in October, 2014, but didn’t discover the breach until the following May. UCLA Health can’t even determined what data was stolen, “if any.”

Excellus Blue Cross/Blue Shield revealed in August, 2015, that the names, birth dates, Social Security numbers, mailing addresses, telephone numbers, and a variety of account information including claims and financial payment details of 10.5 million customers had been stolen. Although the data was encrypted, the hackers gained administrative access that allowed them to get the encryption keys. The hackers had access to Excellus’ network for two years before the breach was discovered!

The in-depth dossiers of 22 million U. S. government employees were stolen from the Office of Personnel Management (OPM) in June, 2015. While not the biggest breach, this on includes all the dirt that can be dug up in a security clearance investigation that includes interviews with one’s family, friends, and neighbors.

The same teenaged hackers who cracked the AOL email account of CIA Director John Brennan also broke into the Joint Automated Booking System (JABS), a national clearinghouse for arrest and booking records maintained by the FBI. Such real-time data would be very valuable to gossip columnists, terrorists wondering where their colleagues have gone, drug gangs, and others who would like to know the law is onto them.

Everything is Fine???

In many of these and other cases, the breached companies hasten to assure everyone that “no credit card or banking data was taken.” That’s nice, but it’s the least of a consumer’s worries. The data that has been stolen allows hackers to build profiles of consumers which can be used to steal their identities. It’s easy to cancel a credit card (and repudiate bogus charges) or close a checking account; it is much harder to convince a district attorney that you are not the guy who robbed the liquor store and left his driver’s license at the scene!

It’s horrifying to note the lag times between hacks and their discovery. Equally scandalous is the amount of time that passes between discovery of a data breach and notification of affected victims (five months, in OPM’s case). The “help” offered to victims is pathetic, typically a year or two of credit monitoring services.

Brian Krebs of KrebsOnSecurity.com subscribed to one such service for two years and has researched the entire field. His conclusion: “If you’re being offered free monitoring, it probably can’t hurt to sign up, but you shouldn’t expect the service to stop identity thieves from ruining your credit.”

Your thoughts on this topic are welcome. Have you been affected by a data breach? Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 4 Dec 2015


For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 03 December 2015

The Top Twenty
Next Article:
10 Tips for SAFE Holiday Shopping

Most recent comments on "Who Lost Your Data In 2015?"

Posted by:

Annette N
04 Dec 2015

In 2013 the Comptroller of the State of Texas published the name and Social Security number of one million Texans. Information was online for a year. I was one of them. Last year Target had data stolen from their customers. I was one of them. I am a former employee of FEMA - one of the federal agencies which had employee information stolen. I was one of them.

I can't wait to see the joy coming to me in 2016.


Posted by:

Gene R
04 Dec 2015

If one does not LOCK their credit accounts at each of the 3 credit agencies - Experian, Equifax and TransUnion - they are mis-informed, lazy or stupid. NO other excuse!! Once your accounts are locked at each agency, it is impossible for thieves to open new lines of credit against your name. The service is virtually free (dependent upon the state where you reside). Don't forget to lock credit for your wife and kids.

Visit http://www.clarkhoward.com/credit-freeze-and-thaw-guide to learn how to lock your credit.


Posted by:

Monte Crooks
04 Dec 2015

I've been told, ad nauseum, that if I have nothing to "hide," then I have nothing to worry about being "hacked." Well, lets see.....hmmm....nothing to hide? I have no criminal record, no bankruptcies, not even a vehicle citation. I also have good credit....HOLY H-E-Double Hockey Sticks Batman! I have a heck of a lot to "hide" from hackers. I'm exactly what any hacker wants in an exploitable, very lucrative "identity!" What now? If I go total TOR, the gubmint will want to jail me! Unless my wife and I move to the outer Alaska Bush and forsake ALL modern conveniences, I can't very well go off the grid. So what's left? Besides prayer, just stay close to Bob Rankin's advice and just quit worrying. It will work!!!


Posted by:

Carole
04 Dec 2015

You no longer need a gun or bomb to bring down a corporation or even worse a government, all you need is computer. I am starting to feel the old fashion way of doing things is the best.


Posted by:

MmeMoxie
04 Dec 2015

While, it has been years since, I have had a Credit Card, I do use my Debit Card. I do NOT want a Credit Card. I like the convenience of purchasing products, without having to carry around a lot of money or a checkbook. I haven't written checks, in over 10 years.

However, I have had my financial institution change my Debit Card, the number and expiration date, 3 times!!! This was due to Visa being compromised with those who had certain numbers on their Credit or Debit Card. It has been quite awhile, since, I have had my Debit Card changed. So, security seems to have 'plugged up' the breaches for the moment.

I do know, that I can NOT lock my Debit Card and it is the most venerable of all the cards. Even with that knowledge it is still the easiest way, for me to conduct business.


Posted by:

Stephen
04 Dec 2015

@MmeMoxie:
First of all, I think you meant your debit card is 'vulnerable' not 'venerable.' Ok, maybe it is, but in the context, I think that's not what you were going with.

One problem with debit cards, is that if any money is taken from your account and wasn't supposed to be, then you're on the hook until the financial institution investigates and hopefully restores the money. If your card info is swiped via a skimmer while you're pumping gas or at any atm, then you run the risk of the money being taken. While you may not want to use a credit card for a lot of things, for some things, they make the most sense these days. Financial liability is on the banks not you, for one thing. All sorts of shenanigans can occur with a debit card; renting a car with one and then if the rental agency determines that there was damage (after you've already left the area), they will put in a debit to your account. Now you've got to fight to get that money back (again, it takes time and in the meantime you're out the money).
You don't need to have a breach to have a problem with a debit card.


Posted by:

Rhonda Lea Kirk Fries
04 Dec 2015

I've lost count of the incompetent security by vendors I use. Anthem, Target, Home Depot...let's see...Patreon, and more. (Patreon was a hoot--some dingaling sent me an email threatening to release all my information unless I paid some portion of a Bitcoin to secure it. Google, being very smart, sent that email to spam, and I found in my routine spam check.)

Two or three of the miscreants have given me subscriptions to ProtectMyID and AllClear, so I have that base covered for the next few years. Not that I think either service is particularly useful, but hey, it's free.

I use two-factor authentication everywhere. I now use Android Pay when possible because it doesn't give up my real card numbers. All my cards are chipped, even though most terminals are not yet in place and/or operational.

Oh, and I use LastPass for all my passwords, which are long and random. I've taken a few other protective measures, but off the top of my head, I don't remember what they are.

So far, my identity remains mine, but the lack of care on the part of those entrusted with my information is irritating, at best.


Posted by:

Richard
04 Dec 2015

On any given day the Social Security Administration, Veteran's Administration, Department of Defense and even my alma mater will either deny I ever existed or tell inquirers I am dead or that I am a criminal or .... When I have attempted to straighten out their records, I get nowhere. With information scattered all over the internet and throughout government and civilian databases, it is nearly impossible to correct something. Even if one knows where to go to get something corrected, it is likely to pop right back up as databases are updated from who knows what sources. Computers and databases while a blessing, they are also enablers for criminals.


Posted by:

Jim Rennie
04 Dec 2015

Since the Ashley Madison users names were published, I have received at least 20 e-mails letting me know that the sender found my name among the users and with the information on my Facebook account will notify all my friends of my indiscretions unless I sent a bitcoin. I am curious as to why, if they know my name, they address me by my e-mail name. Also, I have never visited Ashley Madison. I also don't have a Facebook account. I wonder how many people who did have Ashley accounts fell for that scam at $500 a pop.


Posted by:

Ray Bobo
05 Dec 2015

I lived in SC when the SC Dept of Revenue was breached; got 2 yrs ID theft protection. Now, as a resident of GA, the Sect of State's office released 6M voter registrations complete with DL & SSA. They have not yet said when or whether residents will receive ID protection. It seems that ID theft is like hard drive crash: not a matter of IF, but WHEN. Therefore, a good defense plan includes what to do when "it" hits the fan. Hey, Bob, your files containing all your followers' info haven't been hit yet have they?


Posted by:

peter O
11 Dec 2015

It seems quite clear that organisations which collect & store personal info (data) have a responsibility to handle store & maintain that info in a totally secure manner.
Simple analogy is a vault at your bank.
When system breaches are identified it is almost 100% the case that the organisation has been negligent in one or ways.
The only way to address this general laize-faire attitude is to legislate & fine offenders in a manner likely to influence greater care.
Even greater fines should be mandatory when reporting is delayed.
It is doable.
Of course, on another tack, one should question the quality & organisation of the IT staff that seem to draw salaries but do very little to improve security.



Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Who Lost Your Data In 2015? (Posted: 4 Dec 2015)
Source: http://askbobrankin.com/who_lost_your_data_in_2015.html
Copyright © 2005 - Bob Rankin - All Rights Reserved