2015: The Year Of The Breach; Close To 200 Million Personal Records Exposed | Hacked: Hacking Finance
Hacked: Hacking Finance


2015: The Year Of The Breach; Close To 200 Million Personal Records Exposed

Posted on .

2015: The Year Of The Breach; Close To 200 Million Personal Records Exposed


This article was posted on Tuesday, 16:28, UTC.

ITRC logoThis year will go down as the year of the personal data breach. Consumers all over the world are learning their personal information is not safe with businesses, health insurers, financial institutions, the government, and even the educational sphere. Estimates of the number of personal records exposed in 2015 range from 176 million to more than 193 million from about 730 breaches.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Research indicates hackers are concentrating on medical and health care sectors that store patient data that cannot be replicated like credit card data.

The Identity Theft Resource Center (ITRC) data breach report tracks seven types of data losses: hacking, data on the move, insider theft, employee error and negligence, Internet exposure, -physical theft and accident. The research tracks four types of information stolen: protected health information, Social Security numbers, email/passwords-user names and credit/debit card numbers.

According to San Diego, Calif.-based ITRC, health care accounted for 68.1% of all breaches, followed by government/military, 19.4%, business, 9.2%, banking/credit/financial, 2.9%, and educational, 0.4%.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

The full extent of the personal information exposed is unknown, as the number of records compromised was not reported in many cases, the ITRC report notes.

Health Care Leads All Sectors In Exposed Data

Healthcare tab

In the health care sector, leading the list in terms of records lost was Anthem customers with 78.8 million; followed by Premera Blue Cross of Washington State, 11 million; Excellus Blue Cross
Blue Shield/Lifetime Healthcare, 10 million; Anthem Inc. – Blue Cross Blue Shield of Indiana, 8.8 million; UCLA Health, 4.2 million; Medical Informatics Engineering/NoMoreClipbo, 3.9 million; CareFirst BlueCross Blue Shield of Maryland, 1.1 million; and Empi Inc/DJO LLC of Minnesota, 160,000.

// -- Get exclusive consultation for as low as $249 per month on MoneyMakers.com -- //

In the government/military sector, the Office of Personnel Management #2 lost 21.5 million records; followed by Office of Personnel Management in Washington, D.C., 4.2 million; and Georgia Secretary of State, 6 million.

In the business category, T-Mobile/Experian had 15 million records breached, followed by Vtech with 5 million; Missing Links Networks Inc./eCellar of California, 250,000; SterlingBackcheck, 100,000; Web.com, 93,000; Alfa Specialty Insurance Corp./Alfa Vision Insu, 86,000; Firekeepers Casino in Michigan, 85,000; We End Violence/California State Universities, 79,000; Securus Technologies in Texas, 63,000; Sally Beauty Holdings, Inc. of Texas, 62.210; Service Systems Associates/Zoos of Colorado, 60,000; Blue Sky Casino/French Lick Resort of Indiana, 54,624; Uber, 50,000; Autozone, 49,967; Nobel House Hotel and Resorts – The Commons in Washington State, 19,472.

(The Ashley Madison breach, which exposed an estimated 37 million accounts, was not included in the ITRC report.)

In the banking/credit/financial sector, Scottrade had 4.6 million records exposed, followed by Morgan Stanley, 350,000; Piedmont Advantage Credit Union, 46,000; and E*trade , 31,000.

In the education sector, Auburn University in Alabama topped the list with 364,012 records breached, followed by Metropolitan State University in Minnesota, 160,000; and Career Education Corp. in Illinois, 151,6626.

Also read: 21 million more US personnel exposed in second attack

Seven Top Breaches

10Fold, a San Francisco, Calif.-based B2B technology public relations firm, reviewed the ITRC data breach report and some additional information. 10Fold analyzed 720 data breaches and compiled a review of what it considers the top seven breaches.

The top seven breaches compromised more than 5 million records. Following is a summary of these seven.


The Anthem breach of 78.8 million patient records in early 2015 marked the largest breach in history. By the end of February, Anthem reported the breach impacted an additional 8.8 to 18.8
million non-patient records, including names, Social Security numbers, birth dates, employment data and addresses.

The breach began a series of health care hacks, including Prermera Blue Cross, UCLA Health Systems, CareFirst BlueCross BlueShield and Excellus BlueCross BlueShield.

Excellus BlueCross Blue Shield

The attack on the health insurer began in December of 2013 following a series of attacks that took place earlier that year. The breach compromised personal information of more than 10 million members and leaves members vulnerable to identity theft and fraud. The information stolen included birth dates, Social Security numbers, names, member ID numbers, claims information and financial account information.

Premera Blue Cross

The health insurer discovered the attack affecting 11 million members in January of this year after it began in May of 2014. Investigators found the attackers infiltrated the information technology
system, enabling them to gain access to personal information of members and applicants, including Social Security numbers, member identification numbers, birth dates and bank account information. Members included Microsoft, Starbucks and Amazon employees.


VTech, the maker of tablets and gadgets for children, had kids’ and parents’ information compromised by the breach of the Kid Connect and Learning Lodge app store customer database. The breach affected 6.4 million kids and 4.9 million parent accounts globally and marked the first attack to directly target children. It exposed personal ID information like passwords, download history, IP addresses, names, and children’s birth dates and genders.


Attackers breached a server in a North American Experian/T-Mobile business unit containing personal ID information of about 15 million T-Mobile customers. The information included birth dates, names, Social Security numbers and alternate IDs like driver’s license numbers. One cause of the breach was that T-Mobile shared customer information with Experian to process credit card checks for device or service financing.

When customers share information with a business, the personal data is not always protected.

Office of Personnel Management

The attack affected 19.7 million individuals who applied for security clearances, plus 1.8 million relatives and other government personnel associates and 3.6 million former and current employees. The compromised data included 5.6 million fingerprint records that belong to background check applicants.

The breach alarmed intelligence officials about the theft of data on government forms submitted for security clearances. These applicants shared information about themselves, including health history and prior relationships. Hackers that gain access to information about employees with security clearances can cause irreparable damage to users’ privacy.

Ashley Madison

A hacker group called The Impact Team accessed the website’s user database, including financial and proprietary information of 37 million users. The hackers released a manifesto noting the “full delete” feature on the Ashley Madison website was false and that the company did not remove the personally identifiable customer information for those who wanted it deleted.

The statement instructed Avid Live Media (ALM), the parent company, to permanently delete the forums or all customer information would be released. The hackers released the customer information records two months later since ALM opted to keep the website running.

Images from Shutterstock and IRTC.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Lester Coleman

Lester Coleman

Lester Coleman is a veteran business journalist based in the United States. He has covered the payments industry for several years and is available for writing assignments.

There are no comments.

View Comments (0) ...
The team:
Dmitriy Lavrov
Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
Jonas Borchgrevink
Jonas Borchgrevink is the founder of Hacked.com and CryptoCoinsNews.com. He is a serial entrepreneur, trader and investor. He shares his own personal journey on Hacked.com. // -- Discuss and ask Read More
P.H. Madore
ICO Analyst
P. H. Madore lives in Arkansas with his wife and children. He has covered the cryptocurrency beat over the course of hundreds of articles for Hacked’s sister site, CryptoCoinsNews, as Read More
Mate Csar
Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
Justin O’Connell
Justin O’Connell is a cryptocurrency journalist who works have appeared in the U.S.’s third largest weekly, the San Diego Reader & VICE. // -- Discuss and ask questions in our community Read More
Mati Greenspan
Senior Market Analyst at Etoro.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
Rakesh Upadhyay
Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
Pamela Meropiali
Account Manager
Pamela Meropiali is responsible for users on Hacked.com. // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
Joseph Young
Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
We joined Activetainment's Norway launch of their new B\01 Bike…