Data breach numbers still high in 2015

Last year’s number of data breaches fell two shy of tying the all-time high of 2014.

data breach title
New year, new leak

The number of U.S. data breaches tracked in 2014 hit a record high of 783 in 2014, according to a recent report released by the Identity Theft Resource Center. 2015 fell just two breaches short of tying that record. Here is a list of those breaches that compromised more than 1 million records (see the full report).

CareFirst BlueCross BlueShield
Credit: Thinkstock
CareFirst BlueCross BlueShield

CareFirst BlueCross BlueShield (CareFirst) disclosed a data breach that impacts 1.1 million current and former members, who registered to use the insurer's websites or who did business with them online prior to June 20, 2014. CareFirst stated that they detected the initial compromise and took action to contain the attack. The assumption made was that their actions helped avoid a crisis.

Read the full story.

Systema Software
Credit: Thinkstock
Systema Software

A self-described “technology enthusiast” (“TE”) downloaded random data from a publicly available subdomain on Amazon Web Services. The files contained a database of backups with “names, Social Security numbers, addresses, dates of birth, phone numbers, as well as various financial and medical injury data.”

Medical Informatics Engineering (MIE)
Medical Informatics Engineering (MIE)

On May 26, 2015, the technical team at Medical Informatics Engineering discovered suspicious activity relating to one of its servers. An investigation determined that some protected health information such as patient name, home address, email address, date of birth, and for some patients a Social Security number was exposed.

Read the background of the story.

UCLA Health
Credit: UCLA Health
UCLA Health

In July, UCLA Health said that attackers accessed parts of its network where personal and medical records are stored. However, unlike previous medical breaches this year, they have no actual evidence that the attacker actually accessed any of the data.

Read the full story.

scottrade
Credit: Thinkstock
Scottrade

In an email, brokerage firm Scottrade, alerted customers to a data breach, which affected 4.6 million people. Scottrade learned about the problem after being contacted by the FBI. According to the email sent to customers, and a public notice, the authorities learned that Scottrade was compromised while investigating other data-theft cases.

Read the full story.

Georgia Secretary of State
Credit: Ken Lund
Georgia Secretary of State

Georgia Secretary of State Brian Kemp’s office is accused of releasing personal information, such as Social Security numbers, of 6 million voters. Kemp’s office calls the issue a clerical error.

Excellus Blue Cross Blue Shield / Lifetime Healthcare
Excellus Blue Cross Blue Shield / Lifetime Healthcare

Excellus BlueCross BlueShield, a health insurer in upstate New York, said that its systems and those located at affiliates had been compromised, potentially exposing the personal information of nearly 10 million members. The breach was discovered on Aug. 5, and additional investigation revealed that the incident started around Christmas in 2013. Excellus discovered the breach after hiring FireEye to assess their network.

See full story.

Premera Blue Cross
Premera Blue Cross

As many as 11 million customers may have been affected by a data breach at U.S. health insurance provider Premera Blue Cross. The breach, discovered on Jan. 29, may have compromised customer names, birth dates, Social Security numbers, mailing and email addresses, phone numbers and bank account details, as well as claims and clinical information, Premera said on its website.

Read the full story.

T-Mobile / Experian
Credit: Mike Mozart
T-Mobile / Experian

T-Mobile US CEO, John Legere, said that the names, addresses, Social Security numbers, birthdays, and ID information on more than 15 million customers had been compromised after a breach at Experian. In an overview of the event, Experian said that on Sept. 15, they discovered that someone had accessed T-Mobile data housed on one of their servers. The company said the investigation of the incident is ongoing.

See full story.

Office of Personnel Management
Office of Personnel Management

The Office of Personnel Management was hit with a double whammy in consecutive months. The incidents exposed Social Security Numbers and biometric data for federal employees and in some cases their families. OPM became aware of the second breach while investigating the first one disclosed in June.

At the time, the OPM said that the breach impacted the personal information of 4.2 million current and former federal employees. This second incident began in May of 2014 and went undiscovered for a year, however the OPM has stated that patches applied to systems in January halted the extraction of data.

Stories: OPM says second breach compromised 21 million records

4 million federal employees affected by data breach at OPM

Anthem
Credit: REUTERS/Gus Ruelas
Anthem

Anthem, the nation's second largest health insurer, said that 8.8 to 18.8 million people who were not customers could be impacted by their recent data breach, which at last count is presumed to affect some 78.8 million people. This latest count now includes customers of independent Blue Cross Blue Shield (BCBS) plans in several states. (See the full story.)

Check for any repeat offenders at our last data breach update.