The Worst Security Breaches of 2015

Craig Pollack | Jan 05, 2016

Topics: Cybersecurity

The Worst Security Breaches of 2015

It's hard to believe the scale and breadth that cyber attacks had on the public in 2015. With nearly 300 million records leaked and over $1 billion stolen, chances are you or someone you know has been touched by an attack.

Here's a list of some of the biggest attacks from last year:

Health Insurer Anthem, Inc.

In February, Anthem acknowledged that it was hacked and had over accessed 80 million records of people using health plans like Amerigroup and Anthem Blue Cross and Blue Shield accessed.

Birthdates, addresses, social security numbers, and emails were all exposed. On the positive side, the company said there was "no evidence" that credit card or medical information was exposed.

It's believe that this may have been the work of Chinese hackers, since the way in which it was pulled off included the "finger prints" of a nation state, according to Bloomberg.

Ashley Madison

In July, "Impact Team" stole the website's user database in an attempt to blackmail its parent company Avid Life Media into taking down the site. After 30 days the site still remained up so the hackers released everything - which included such personal info as email and physical addresses for over 37 million users.

Being in the data that was released didn't necessarily mean a person was actually one of the site's users.  However, it did led to embarrassment and public shaming of some politicians and others. Even Barack Obama's White House email was in there. A Pastor named John Gibson committed suicide six days after being found in the database.

Despite the breach, the company claims it has added millions more to its membership base, though it still faces a number of class-action lawsuits from customers whose identities were exposed.

US Office of Personnel Management 

It was learned that in June hackers gained access to the databases of the OPM (the US government agency in charge of background checks) and grabbed data on about 4.2 million federal workers. Not big enough? The number affected later rose to more than 22 million who had undergone a federal security screening at at time.

Some believe the breach to be the work of the Chinese government. It enabled access to sensitive SF-86 questionnaires - which military, intelligence officers, and others complete to acquire secret and top secret clearances.

The breach disclosed names, addresses, health information, financial history, social security numbers, family members, and even the opinions of your next-door neighbors. The hack also exposed more than a million fingerprints - which biometrics experts believe could result in even more data thefts. 

OPM Director Katherine Archuleta resigned amid bipartisan criticism just one month later.


In November, the personal data on millions of parents and kids was exposed after a hacker gained access to the server of toy manufacturer VTech. The hacker said it had no plans to release the data, though the breach of personal information such as names, addresses, birthdates, and emails could easily be sold on the dark web.

The breach also included thousands of image files, taken with VTech products and uploaded online. The company said no credit cards or social security numbers were taken.


T-Moble found themselves in a data breach that didn't even involve T-Mobile. Instead, hackers got into the database of Experian, the credit reporting agency which checks on potential T-Mobile customers. The hack exposed names, addresses, birth dates, and social security numbers. Roughly 15 million people who applied in the past three years for wireless service from T-Mobile were hit.

It also spotlighted the dangers of one company relying on another for safeguarding user data. "Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian," T-Mobile CEO John Legere said.

Hacking Team got Hacked

In July as well, the Italy-based Hacking Team had to tell all its customers to stop using its software a hacker breached its systems and Twitter account, dumping 400 gigabytes of data. The breach appeared to get "everything" on the company's servers, according to Motherboard.  The dump revealed business dealings with our own FBI, Spain and Russia, as well as other countries with poor track records on human rights - those such as Sudan, Egypt, and Saudi Arabia.


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.