Criminal Hackers Got Your Data in 2015

carefirstlogo

Carefirst Breach(1) May-  1.1 mil members   Hackers gained access to names, birthdates email, and subscriber info, passwords

premerabluecross

Anthem – Premera Blue Cross(2) January –  80 mil patients – personal information taken (all)

 

harvarduniversity

Harvard university and other universities (3) – 28 known education breaches totalling 1 million compromised records.  likely all personal information – passwords etc.

 

hackingteam

Hacking Team is a company which helps governments hack with Zero-day exploits and more was hacked(4) (gave an unprecedented look into the hack and a hacking company)  All emails and 400GB of data from the company was exposed.  It shows the capability to hack others is not that hard when the tools and knowledge is there.

lastpass-logo

Security vendors including password storage application company LastPass(5) – are being targeted because of what type of data they can store.  Although no encrypted data was stolen, email addresses and some associated data was taken.  13,000 businesses at minimum.

OPMlogo

OPM -Army National Guard

The US government offices that control some of your personal data also were hacked(6) this breach affected 4.2mil and 21.5 mil depending on your status with government entities.

Army national guard had 850,000 records stolen.

Excellus_logo

On 12/30 adding Excellus BCBS(8)  breach 10 million patients.

 

So let’s list them all in one table:

Carefirst   1.1 mil

Anthem Blue Cross   80mil

Harvard and other Universities: 1mil

OPM 25.7 mil

Army nat’l Guard .85mil

Excellus BCBS  10 mil

 

total 120million records stolen(rounded up) and countless other pieces of information

 

So what does that mean?

The criminals on the darknet are also creating a Database on you:

databaseimageaccessfromlaptops

It includes your name address, DOB, SS#, , passwords, login names, and all those questions to answer like what is your favorite book? Movie?

In fact your personal identity information(PII) is worth something: $1   (7)  so in a way the criminals are working on accumulating more data as this is worth money to them.

It is also worth noting that PHI(Personal health Information) is worth more because the information can be used for longer periods of time (does not have short shelf life) – some say it is $10/ record or more.

 

Any company that has PII has a bullseye on them. And in 2016 the criminal hackers will continue to build this dossier DB on all of us.

So now, the government has our data, Banks have our data, employer has data, and the criminals have our data.

 

So what does that mean?

In my opinion one _has_ to change their passwords and information on a yearly basis at least – just so it is a bit harder for the hacker to hack you.

Change your information as much as possible that you can digest – every six months??

 

Do you need  risk analysis performed?

What is Your Risk Level?

 

Contact Us to discuss this.

 

 

  1. http://www.wsj.com/articles/investigators-eye-china-in-anthem-hack-1423167560
  2. http://krebsonsecurity.com/2015/03/premera-blue-cross-breach-exposes-financial-medical-records/
  3. http://www.crn.com/news/security/300077365/higher-education-faces-growing-security-challenge-with-low-budgets-cultural-barriers.htm
  4. http://www.csoonline.com/article/2943968/data-breach/hacking-team-hacked-attackers-claim-400gb-in-dumped-data.html
  5. http://www.crn.com/news/security/300077155/lastpass-takes-steps-to-protect-enterprise-partners-in-wake-of-data-breach.htm
  6. http://www.crn.com/news/security/300077462/opm-national-guard-breaches-highlight-challenges-in-securing-third-party-contractors.htm
  7. http://www.techradar.com/us/news/world-of-tech/personal-information-sold-for-just-1-on-the-dark-web-1305027
  8. http://www.darkreading.com/attacks-breaches/another-healthcare-insurer-excellus-bcbs-hit-with-mega-breach/d/d-id/1322142

 

Updated 12/30/15