The Top Data Breaches of 2015

Cyber criminals never fail to surprise the digital world with their innovative ways of breaching data. The year 2015 was no different and has seen some of the biggest data breaches till date. It is interesting to note how the attackers find a way to infiltrate through all the tried and tested safety measures.

Here are some data breaches that left the digital world shaken in 2015.

1. Slack

The security breach of Slack happened in the month of March.

Reports stated that a record of five lakh email addresses and personal account data has been compromised in the breach.

The company blog stated that its hashing function is bcrypt.
It is bcrypt with a salt per-password that is generated at random.

Learning:

It strongly shook the foundation of organisations that rely solely on passwords. The point was made that it is not enough to rely only on salting. Every company should invest in technologies and trained people to keep hackers from breaking through company information.

2. Hacking Team

The security breach of Hacking Team took place in July 2015.

A record of 1 million emails has been compromised in this breach.

Hacking Team is a company that develops spy tools for the government agencies. The breach resulted in the revelation of more than a million emails sent from the Italian surveillance company. This revelation highlighted a host of involvements of the company with the following:

  • Oppressive governments
  • Flash Zero-day vulnerabilities
  • Adobe Exploits

It also leaked details of Hacking Team’s customers who were mostly from the military, federal, police and the provincial governments. This breach has been quite alarming for the cyber security professionals.

Learning:

It is important to patch and inventory systems and applications.

3. LastPass

The breach of LastPass took place in July and it affected a record of seven million users.

The company revealed that it has suffered a cyber-attack that led to it compromising on details like emails addresses, server per user salts, password reminders and authentication hashes.

Learning:

  • Salts do not prevent dictionary attacks.
  • It is important to keep rotating passwords.

4. CareFirst BlueCross Blueshield

The Breach of Carefirst Bluecross Blueshield took place in May 2015 and it affected 1.1 million records. It was reported that personal details of subscribers had been exposed in this breach.

The damage was however controlled from being out of proportion because the company ensured that each member had a password encryption. This kept information like Social Security Numbers, Financial Data and Medical claims safe.

Learning:

  • Use DNS query logging as it helps to detect potential hostname lookup for suspicious C2 domains.
  • It is important to watch out for unknown certificates and files, etc.

5. Premera Bluecross BlueShield

The breach of Premera Bluecross Blueshield took place in the month of March. This breach recorded a compromise of 11.2 million records of subscribers. It also affected people who associated for business purpose with the company.

This breach exposed the following:

  • Subscriber Details
  • Social Security Numbers
  • Addresses
  • Account Details

The company suffered lawsuits and many other repercussions because of this breach.

Learning:

  • Use DNS query logging as it helps to detect potential hostname lookup for suspicious C2 domains.
  • It is important to watch out for unknown certificates and files, etc.

6. Anthem

The breach of anthem took place in February. It affected a record of eighty million patient as well as employee records.

The­ breach exposed every confidential data of the patients and the employees. The reason why this happened is because Anthem did not securely encrypt the confidential data.

Learning:

  • Encrypt important Data
  • Employ threat intelligence platform

Above mentioned data breaches made the digital world re-visit its security measures closely. There is a fierce and ongoing competition between the ‘intelligence that breach’ and the ‘intelligence who fight it’. In this game, the one who stays a step ahead of the other wins the game. Be up-to-date about data breaches and accordingly keep the company data information safe with the necessary measures.

Featured Image: Pixabay.com

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha *