Zimperium Blog

Cutting through the Weekly Mobile Security Noise: The Top Breaches of 2015 (So Far)

While 2014 was named “the year of the data breach,” with Target, Home Depot and the White House, the scale and sophistication of cyber attacks has continued to escalate in 2015. Recent headlines continue to reflect insider breaches and threats to individual’s data, and the year is just getting started. This week we’ve compiled a list of the top 5 breaches hitting organizations and individuals this year:

1) In early February, the second largest insurance company in the U.S., Anthem Inc. announced a data breach affecting 80 million customers. The company reported hackers stole at least five employee’s information, usernames and passwords, sending malicious emails to customers. As facts about the breach continue to unfold, experts think this attack could be part of hacker’s plans to target organizations throughout the healthcare industry.

2) Uber, the insanely popular ride-sharing app, announced a data breach earlier this month. The hack exposed the names and license plate numbers of 50,000 current and former drivers dating back to May 2014. Uber discovered the threat in September, but didn’t notify drivers until five months later. The delay certainly isn’t uncommon, but now the company is also facing a lawsuit from a driver saying Uber didn’t do enough to prevent the breach and took far too long to disclose it. This could set an interesting precedent how future breaches are revealed.

3) In early March, news hit that another large American health insurance company, Premera, was the victim of a data breach exposing more than 11 million customers’ personal information. The company reported that attackers may have gained access to clinical information, banking account numbers, Social Security numbers, birth dates and other PMI data. According to Dave Kennedy, an expert in health care security who is chief executive of TrustedSEC, it is the largest breach reported to date involving patient medical information.

4) Researchers told the Washington Post about a newly discovered encryption known as “FREAK attack” that left users of the mobile browsers Google Android and Apple Safari vulnerable to hackers for more than a decade. According to Kelly Jackson Higgins of Dark Reading, “The FREAK problem dates back to a time when the US government had instituted a policy of only exporting weak crypto overseas to ensure the NSA could decrypt foreign communications; sale of strong encryption technology overseas was banned.”

5) Just a few days into 2015, financial investment firm, Morgan Stanley reportedly terminated a wealth advisor, Galen Marsh for stealing confidential data from the firm’s client roster. According to the New York times, “Marsh was responsible for leaking personal information and account numbers from data on about 10 percent of its 3.5 million wealth management customers, including transactional information from customer statements.” This breach shows the huge risk insider attacks pose to any company.