Biggest Data Breaches of the Year 2016

2

With digital advancements you would expect some progress in halting cybercrime. But wait!! The graph of data breach statistics was trending up as the year progressed. While we hoped for a more secure year for our online world, the scammers showed us just the opposite. There were a total of 980 data breaches reported by ITRC in 2016. Compared to 2015 data breach statistics of 781 data breaches, it is quite clear that people’s identities are still unsafe in the digital maze.

While data protection remains a big challenge in modern multi-faceted businesses, many bigwigs have managed to get a place in the top data breaches of 2016. Here is a quick overview of the “biggest data breaches of the year 2016”.

Southern New Hampshire University-SNHU

Jan 5, 2016- The new year was just at the doorsteps and SNHU announced a data breach exposing around 140,000 data records of students while only 70,000 students were enrolled at that time (the discrepancy in numbers may include both the current and former students or some duplicate records). The reason behind this data breach is said to be a configuration error on a third-party vendor that unveiled the database of university containing student id’s, email addresses and their other course details (Source) .

Centene

Jan 26, 2016- After Anthem (the biggest healthcare data breach of 2015 putting 80 million customers life at risk), the year of 2016 witnessed another major data breach at Centene Corp.- A big warning to healthcare! January floored this multi-layer health insurer by exposing around a million (950,000) individuals. Six hard drives containing member ids, birth dates, SSN, names, addresses and other health information were lost due to this breach. Fortunately there was no financial or payment related information stored on these drives (Source).

cPanel

Jan 27, 2016- In the last week of January, cPanel Inc. which sells cPanel and WHM website hosting technologies announced an intrusion at its user base causing a great loss of bunch of contact details. It was reported that names, contact information and encrypted passwords of the customers were taken but there was no harm to the credit card numbers and other financial information as they were stored at the different server (Source).

Department of Homeland Security/ FBI

Feb 8,2016- A tech website Motherboard reported that some hackers have dumped on the systems of US department of Homeland Security and leaked personal details of more than 9000 employees. They posted these data dumps that include people’s names, email addresses, job titles and phone numbers on www.cryptobin.org. They also claimed to have a database of around 20,000 FBI employees and threatened to publish it online (Source).

Washington State Health Authority (HCA) / Medicaid

Feb 10,2016- Around 91,187 Washington Apple health clients (medicaids) were found susceptible as a consequence of this data breach- as noted by state health officials. The leaked information included client’s private health information, social security numbers, their ID’s and birth-dates. HCA employees demanded technical assistance with the spreadsheets containing the data and the information(that was not meant for any unauthorised access) is considered as the main reason behind this data intrusion (Source).

University of California Berkeley

Feb 29,2016- Campus officials recorded a criminal data breach at UCB on 28 December, 2015 but they made it public in Feb,2016. Financial information of more than 80,000 students have been exposed due to this incident. The criminals got their entry to the UCB’s systems through a security flaw that was in the process of patching at that time (Source).

Snapchat

Feb 29,2016- 2016 showed every niche a rough year when it comes to online security. From medical to education to Fortune 500 companies, it seems no one was safe from these unsophisticated hackers. The widely popular messaging app Snapchat admitted that around 700 payroll records of company’s current and former employees had been compromised. The scammer impersonated himself as the company’s CEO and asked for their payroll information via an email (Source).

21st Century Oncology

Mar 7,2016- 21st Century Oncology, A Fort- Myers based company offering cancer-care services was victim of a data intrusion of 2.2 million patient records. Hackers gained access to their names, social security numbers, doctor names, diagnosis and treatment information and their insurance information. Although It’s been noted that this information had not been used anyway (Source).

Verizon Enterprise Solutions

Mar 24,2016- The telecommunication giant Verizon was hit by hackers in March, 2016 and 1.5 million customers data records were stolen. This fraud has been identified by KrebsOnSecurity when he discovered customer data on sale in a closely-guarded cybercrime forum. The scammers put the whole package on sale for $100,000 there (Source).

Spotify

Apr 25, 2016- The music streaming service Spotify found hundreds of its credentials online at website Pastebin. Reports reveals that the company faced a security breach that uncovered its users email addresses, usernames, passwords, account type and other details. Spotify learned that the issue is due to the lack of two-factor authentication functionality and the other possible reason might be the poor habit of reusing the password on several other websites (Source).

Wendy’s

May 11,2016- May was tough on the global fast food chain Wendy’. Around 1025 Wendy’s locations were hit by a malware-driven credit card breach. Attackers pilfered cardholder names, credit and debit card numbers, expiry dates, service records and other data. So keep an eye on your bank accounts if you have also visited any of Wendy’s restaurant last year(Source).

LinkedIn

May 27,2016- The summer of 2016 was burning with major data breaches and it proved to be true when a 2012 data breach came back to haunt LinkedIn. This summer a news rolled out that hackers were selling login credentials of 117 million LinkedIn users including Mark Zuckerberg on the Dark Web(Source).

Tumblr

May 31,2016- Early 2013 had witnessed an exposure of around 65,469,298 Tumblr account credentials and May 2016 has made them publicly available for sell on black market at the cost of $225. The same scammer was reported to sell 360M credential set from Myspace as well. I just wonder if he has more data to sell…(Source)

Oracle

August 8, 2016- Oracle confirmed a data breach of over 300,000 cash registers around the world. Hackers placed malware on company computers and on the MICROS customer support portal to steal credentials around the country (Source).

Weebly

October 20,2016- Weebly notified its 43 million users about a data breach that occurred 8 months ago. This stolen data included usernames, passwords, email addresses and IP information. It was believed that no financial data was harmed because Weebly doesn’t store credit card numbers on its servers(Source).

Cisco

November 3,2016- The close of 2016 hit Cisco as well when its professional careers mobile website was made accessible to the hackers. An individual security researcher reported an incorrect security setting created a privacy hole on the website that exposed the sensitive information of job-seekers online. That information included data fields like names, addresses, email IDs, phone numbers, usernames, passwords, resumes, cover letters and other voluntary information such as gender, race, status and others (Source).

FriendFinder.com

November 14,2016- AdultFriendFinder.com was again hit by attackers in the span of two years and this time the loss was immense. The first data breach that took place in 2015 hurt slightly less than four million users but this time the hackers made around 412 million accounts public. These 412 million accounts represent 20 years of customer data. Certainly one of the biggest data breaches of the year(Source).

Yahoo

December 14, 2016- Yahoo was already struggling hard with its September disclosure that 500 million user accounts were made public in 2014, but then in December 2016 the company revealed that a different attack compromised 1 billion user accounts in 2013. This newly disclosed 2013 attack involved information like names, telephone numbers, birth dates, encrypted passwords and unencrypted security questions(Source).

With this quick round up, year 2016 proved to be a year full of online scams and data breaches. The surprising fact is that big businesses targeted for attack once in 2015 were again got hit by attackers in 2016 and caused an even larger loss than before.

So where is the cybersecurity then? Hopefully 2017 will show us some relief and people will get some peace of mind that their sensitive information is safe online.

Share.

About Author

Prince Kapoor is Marketing Analyst Lead at LoginRadius, A leading CIAM Provider. While not working, you can find him in gym or giving random health advice to his colleagues which no one agrees on :D. If you too want some of his advice (on health or on marketing), reach him out at Twitter.