Todd’s Scoreboard of Major Security Breaches of the Year
… thus far!
(Last updated 03/04/2016)
As 2016 continues, website hacking and network security breaches are hitting all time highs. The growth rate should surpass 45% of all companies. Here are some of the more unfortunate company and government breaches and hacks of the year… thus far!
FEBUARY 2016 BREACHES & HACKS
Bailey’s Inc. (Online Retailer)
Hollywood Presbyterian Hospital (Healthcare)
Magnolia Health Corporation (Healthcare)
Internal Revenue Service (More Info) Government)
Washington State Health Authority (HCA) (Healthcare)
Gyft (Online Retailer)
University of Central Florida (Education)
Hawaii Medical Service Association (HMSA) (Healthcare)
Neiman Marcus (Retail)
Tax Slayer (Media)
JANUARY 2016 BREACHES & HACKS
County of San Diego (Government)
Hyatt Hotels (Hospitality)
Time Warner Cable – California (Cable)
Indiana University Health Arnett Hospital (Healthcare)
Southern New Hampshire University (Education)
Washington Hospital Healthcare System – California (Healthcare)
Regional Income Tax Agency – Ohio (Government)
Todd’s Scoreboard of Major Hacks for the Year of 2015
2015 Total # of Breaches: 781
2015 Total # of Records Exposed: 169,068,506
DECEMBER 2015 BREACHES & HACKS
Oregon Department of Veterans Affair (Government)
Blue Cross Blue Shield – Nebraska (Healthcare/Insurance)
University of Colorado Health (Healthcare)
Center Healthcare (Healthcare)
NOVEMBER 2015 BREACHES & HACKS
Muji USA (Retail)
Santa Barbara Dept. of health (Government/Healthcare)
Cottage Health (Healthcare)
Starwood Hotels (Hospitality)
Hilton Hotels (Hospitality)
OCTOBER 2015 BREACHES & HACKS
Honey Baked Ham (Retail)
Texas Medical Center (Healthcare)
CIA Directors AOL Email (Government / Personal)
Dow Jones (Financial)
Experian / T-Mobile Accounts (Financial)
SEPTEMBER 2015 BREACHES & HACKS
Yap Stone Payment Systems (Financial)
Hilton Hotels (Hospitality)
Kardashian Website (Internet)
Bed Bath & Beyond (Retail)
Sutter Health (Healthcare)
Excellus BlueCross BlueSield – NY (Healthcare)
AUGUST 2015 BREACHES & HACKS
State of Minnesota (Government)
Carphone Warehouse (Retail)
VA Black Hills Health Care System (Government)
US Pentagon – Joint Chiefs of Staff Email Network (Government)
JULY 2015 BREACHES & HACKS
Hanes Brands (Manufacturer)
CVS Photo (Retail/Online)
Trump Hotel Collection (Travel)
HSBC Mortgage Service Center (Financial)
EPIC Games (Entertainment)
Indiana Department of Revenue (Local Government)
UCLA Health System (Healthcare)
Mandarin Oriental (Travel)
Citizens Bank (Financial)
New Horizons Computer Learning Centers, Inc (Education)
Service Systems Associates (Financial)
Evans Hotels (Travel)
Automotive Recovery Services Inc (Transportation)
Harvard University (Education)
JUNE 2015 BREACHES & HACKS
Trustmark Mutual Holding Company (Healthcare)
UC Irvine Medial Center (Healthcare)
MissingLink Networks (Online B2B)
Fred’s Inc (Retail)
Houston Astros (Sports/Recreation)
US Office of Personal Management (Government)
The HR for the government had a few breaches that may have been done by the Chinese.
Over 21.5 million personal records may have been obtained in the breach.
US Army (Government)
The Syrian government’s digital supporters linked to Syrian Electronic Army hacked the US Army’s web page and defaced the US Army’s website and steered visitors to a page championing the Syrian regime.
US Government – Part 2 (Government)The White House has confirmed that the Office of Personnel Management has had a second cyber attack, that appears to be by the same hackers who infiltrated the OPM’s server and stole 4.2 million federal employees’ data. The hackers, who show to have links to China, have this time hacked into federal security clearance forms which contain sensitive information about intelligence and military personnel.
US Government (Government)
Chinese Hackers breached the computers of the U.S. government agency OPM (Office of Personnel Management) who collects personnel information for federal workers in a massive cyber attack that compromised the data of about 4.2 million current and former employees.
MAY 2015 BREACHES & HACKS
Penn State University (Education)
Penn State University’s College of Engineering computer network has been victimized by two sophisticated cyber attacks. It appears that at least one originating from China.
Sally’s Beauty Supply (Retail)
Beauty Supply now confirms it had “sufficient evidence to confirm that an illegal intrusion into our payment system. This may be the second time this happened to them this month.
Hackers are breaching customer’s accounts via the Starbucks mobile payment application and draining what is in a customers account and reloading and doing again if the account has auto-reload.
Harbortouch Payments (Merchant Services)
The POS vender who works mostly with restaurants and bars found that roughly 4,200 of their customers were breached at the card swipe zone.
APRIL 2015 BREACHES & HACKS
White House Presidents Non-Classified Emails (Government)
Russian hackers read President Obama’s email correspondence.
Grapevine Police Departments (government)
A group demanding the dash-cam video of a shooting be released to the public, hacked the database of the Grapevine Police Department posting a video demanding this release. The police department is currently investigating the hacking of their system.
MARCH 2015 BREACHES & HACKS
Premera Blue Cross (healthcare)
Attackers appeared to have gained access to the claims data that included clinical information, banking account numbers, Social Security numbers, birth dates and other data in an attack that began in May 2014. It is the largest breach reported to date involving patient medical information.
Advantage Dental (healthcare)
Hackers had access to 151,626 patient names, dates of birth, phone numbers, Social Security numbers and home addresses.
Bistro Burger (restaurant)
The food chain had malware was installed on their point-of-sale system at their San Francisco location between October 2, 2014 and December 4, 2014. The information compromised included unknown number of names, payment card account numbers, card expiration dates and security codes.
Github (web hosting service)
The company got hit with a DDoS (distributed denial of service) attack in late March. The attack specifically targets two popular Github projects – GreatFire and CNN – NYTimes – anti-censorship tools used to help Chinese citizens circumvent the Chinese government’s censorship of Internet access in China.
Mandarin Oriental Hotel Group (hospitality)
The hotel chain Mandarin Oriental has had their point-of-sale systems hacked and infected with malware that stole unknown number of customer credit card data. The hacking, according to the hotel chain, is limited to hotels in the U.S and Europe.
FEBRUARY 2015 BREACHES & HACKS
As many as 80 million customers of Anthem Inc. had their account information stolen due to being a target of a very sophisticated external cyber attack. Access to names, birthdays, medical IDs, Social Security numbers, street addresses, e-mail addresses and employment information, including income data were taken.
Uber notified 50,000 drivers of an unauthorized access to their database which resulted in compromising driver data. The hacking took place in May of 2014. According to the company only names and driver’s license numbers were compromised.
Lime Crime (online retail)
An online cosmetics company notified customers of an unauthorized access to their website server which resulted in malware being installed. This malware allowed customer data to be captured, including credit card payment information.
The Office Of Jeb Bush (political)
Jeb Bush’s office inadvertently exposed 12,500 individuals’ personal information as part of a larger cached file of 332,999 emails sent to him when he was the Governor of Florida. The email was sent as part of a measure for transparency, however his team neglected to remove personal information if 12,500 of those individuals exposing names, Social Security numbers, and birth dates.
JANUARY 2015 BREACHES & HACKS
NVIDIA Corporation suffered a data breach when hackers infiltrated their network and stole employee usernames and passwords.
Morgan Stanley (financial)
An employee of Morgan Stanley stole customer information on 350,000 clients including account numbers. Possible other information was taken as well. Files for as many as 900 clients ended up on a website.
United Airlines (transportation)
An unauthorized access to their MileagePlus account with usernames and passwords obtained from a third-party source. The unauthorized access began on December 9, 2014, where the hackers attempted to hacks the accounts of United Mileage Plus accounts. The hackers obtained MileagePlus numbers and possible account details.
Todd’s Scoreboard of Major Hacks for the Year of 2014
DECEMBER 2014 BREACHES & HACKS
The woman’s clothing retailer discovered that hackers had stolen customer card data from stores across the country in a breach of payment cards swiped in its U.S., Puerto Rico and U.S. Virgin Islands stores between Nov. 8, 2014 and Nov. 26, 2014. The data may have included cardholder name, account number, expiration date, and verification code.
NOVEMBER 2014 BREACHES & HACKS
United States Postal Service (government)
It appears the entire USPS staff of over 800,000 employees is affected by the breach: “names, dates of birth, Social Security numbers, addresses, dates of employment and other information” were all taken. It is being investigated by the FBI and appears that the Chinese government is behind the breach.
Sony Pictures (entertainment)
Looks like either North Korea or someone linked to North Korea has hacked Sony Entertainments computers. On Nov. 24, an image of a skeleton appeared on company computers with a message that said, “Hacked by #GOP,” with the group behind it calling itself “Guardians of Peace.” The message threatened to release “secrets and top secrets” of the company. Currently being investigated is a connection between upcoming Sony movie “The Interview,” and North Korea. Movies just being released like “Fury,” have been downloaded by over 888,000 unique IP addresses since showing up on peer-to-peer networks on Nov. 27th.
OCTOBER 2014 BREACHES & HACKS
J.P. Morgan Chase (financial)
An attack in June was not noticed until August. The contact information for 76 million households and 7 million small businesses was compromised. The hackers may have originated in Russia and may have ties to the Russian government.
Dairy Queen International (restaurant)
Credit and debit card information from 395 Dairy Queen and Orange Julius stores was compromised by the Back off malware.
Reportedly, the photos of 200,000 users were hacked from Snapsave, a third-party app for saving photos from Snapchat, an instant photo-sharing app.
SEPTEMBER 2014 BREACHES & HACKS
Home Depot (retail)
Cyber criminals reportedly used malware to compromise the credit card information for roughly 56 million shoppers in Home Depot’s 2,000 U.S. and Canadian outlets.
Reportedly, 5 million GMail usernames and passwords were compromised. About 100,000 were released on a Russian forum site.
Apple iCloud (technology)
Hackers reportedly used passwords hacked with brute-force tactics and third-party applications to access Apple user’s online data storage, leading to the subsequent posting of celebrities’ private photos online. It is uncertain whether users or Apple were at fault for the attack.
Goodwill Industries International (retail)
Between February 2013 and August 2014, information for roughly 868,000 credit and debit cards was reportedly stolen from 330 Goodwill stores. Malware infected the chain store through infected third-party vendors.
SuperValu was attacked between June and July, and suffered another malware attack between late August and September. The first theft included customer and payment card information from some of its Cub Foods, Farm Fresh, Shop ‘n Save, and Shoppers stores. The second attack reportedly involved only payment card data.
Bartell Hotels (hotel)
The information for up to 55,000 customers was reportedly stolen between February and May.
U.S. Transportation Command contractors (transportation)
A Senate report revealed that networks of the U.S. Transportation Command’s contractors were successfully breached 50 times between June 2012 and May 2013. At least 20 of the breaches were attributed to attacks originating from China.
AUGUST 2014 BREACHES & HACKS
U.S. Investigations Services (services). U.S. Investigations Services, a subcontractor for federal employee background checks, suffered a data breach in August, which led to the theft of employee personnel information. Although no specific origin of attack was reported, the company believes the attack was state-sponsored.
Community Health Services (health care). At Community Health Service (CHS), the personal data for 4.5 million patients were compromised between April and June.CHS warns that any patient who visited any of its 206 hospital locations over the past five years may have had his or her data compromised. The sophisticated malware used in the attack reportedly originated in China. The FBI warns that other health care firms may also have been attacked.
UPS (services). Between January and August, customer information from more than 60 UPS stores was compromised, including financial data, reportedly as a result of the Back off malware attacks.
Defense Industries (defense).Su Bin, a 49-year-old Chinese national, was indicted for hacking defense companies such as Boeing. Between 2009 and 2013, Bin reportedly worked with two other hackers in an attempt to steal manufacturing plans for defense programs, such as the F-35 and F-22 fighter jets.
JUNE 2014 BREACHES & HACKS
Feedly’s 15 million users were temporarily affected by three distributed denial-of-service attacks.
In the same week as the Feedly cyber attack, Evernote and its 100 million users faced a similar denial-of-service attack.
P.F. Chang’s China Bistro (restaurant)
Between September 2013 and June 2014, credit and debit card information from 33 P.F. Chang’s restaurants was compromised and reportedly sold online.
MAY 2014 BREACHES & HACKS
Cyber attacks in late February and early March led to the compromise of eBay employee log-ins, allowing access to the contact and log-in information for 233 million eBay customers.eBay issued a statement asking all users to change their passwords.
Five Chinese hackers indicted.
Five Chinese nationals were indicted for computer hacking and economic espionage of U.S. companies between 2006 and 2014. The targeted companies included Westinghouse Electric (energy and utilities), U.S. subsidiaries of SolarWorld AG (industrial), United States Steel (industrial), Allegheny Technologies (technology), United Steel Workers Union (services), and Alcoa (industrial).
Unnamed public works (energy and utilities)
According to the Department of Homeland Security, an unnamed public utility’s control systems were accessed by hackers through a brute-force attack on employee’s log-in passwords.
APRIL 2014 BREACHES & HACKS
Aaron Brothers (retail)
The credit and debit card information for roughly 400,000 customers of Aaron Brothers, a subsidiary of Michaels, was compromised by the same POS system malware.
For two weeks AT&T was hacked from the inside by personnel who accessed user information, including social security information.
JANUARY 2014 BREACHES & HACKS
In January, Target announced an additional 70 million individuals’ contact information was taken during the December 2013 breach, in which 40 million customer’s credit and debit card information was stolen.
Neiman Marcus (retail)
Between July and October 2013, the credit card information of 350,000 individuals was stolen, and more than 9,000 of the credit cards have been used fraudulently since the attack. Sophisticated code written by the hackers allowed them to move through company computers, undetected by company employees for months.
Between May 2013 and January 2014, the payment cards of 2.6 million Micheal’s customers were affected. Attackers targeted the Micheal’s POS system to gain access to their systems.
Yahoo! Mail (communications)
The e-mail service for 273 million users was reportedly hacked in January, although the specific number of accounts affected was not released.