2015: The Year The Data Breach Got Personal

This is an excerpt from a blog post that appeared on Information Security Buzz.

Mike Sheward is a Cybersecurity expert Mike Sheward is a cybersecurity expert with a long list of certifications to go after his name, including CISSP, HCISPP, CCFP, CISA, CISM, CEH, CHFI, OSCP.

2015 will go down as another landmark year for big time data breaches. Once relegated to the pages of industry publications, and shared like traditional war stories amongst groups of information security professionals at community events, data breach stories are now almost a permanent fixture in the mainstream media.

Of course, major breaches are not a new thing. In prior years we've seen some sizable events that have all, in some way, gone down in the annals of information security history. What made 2015 any different?

It was the year data breaches got personal.

Your Credit Cards, Your Medical Records, Your Life

By now, many of us have had to replace a credit card, because it was at risk as the result of a breach. It's frustrating, it's inconvenient, and it seems to be happening with increasing frequency.

On the positive side, because of the increased frequency, responding to a compromised card record has become relatively run of the mill. Cards can be cancelled and reissued within a couple of days. The potential damage caused by a stolen card is a known quantity.

Other types of stolen record are not as easy to respond to, or mitigate the risk associated with their loss. I'm talking about records containing deeply personal information, which have become the target of choice for malicious actors.

The Most Personal Data Breaches Of 2015: Health Insurers

In February, Anthem, the second largest health insurer in the US, announced it had suffered a breach involving just under 80 million records. These records included social security numbers, dates of birth, addresses, contact information, and employment information for Anthem's direct and indirect customers. This data is everything a person with malicious intent would require to perform identity theft.

Another major U.S. health insurer, Premera Blue Cross, reported a similar breach affecting a potential 11 million people.

If you spend a short amount of time browsing the black markets of the Internet, it's easy to see why healthcare records are being targeted. A stolen credit card number fetches at most a couple of dollars while a record including a social security number can be sold for $10 or more.


Visit Mike's full post on Information Security Buzz to read further about the most personal data breaches of 2015, including the U.S. Office of Personnel Management, multiple national health insurers, and Ashley Madison.

Subscribe to our Newsletter

Get the latest from ExtraHop delivered straight to your inbox.