Page 5 - BLI Annual Report 2015
P. 5

TOP SCORING BREACHES
2015
YEAR IN REVIEW
Anthem Insurance Records: 78,800,000 Type: Identity Theft Score: 10.0
General Directorate of Population and Citizenship Affairs Records: 50,000,000
Type: Identity Theft Score: 9.9
Korea Pharmaceutical Information Center Records: 43,000,000
Type: Identity Theft Score: 9.7
U.S. Office of Personnel Management (OPM) Records: 22,000,000
Type: Identity Theft Score: 9.6
Experian
Records: 15,000,000 Type: Identity Theft Score: 9.4
The attack against U.S.-based health insurer Anthem was an identity theft breach that resulted in the theft of 78.8 million records, making it the largest data breach
of the year in terms of records compromised. The breach scored a 10 on the risk assessment scale. The company issued a statement saying that in January it had learned of a cyber attack on its IT system, and that cyber attackers tried to get private information about individuals with data on Anthem systems. Current and former members of one of Anthem’s affiliated health plans, as well as some members of
other independent Blue Cross and Blue Shield plans who received healthcare services in any of the areas that Anthem serves, were said to be affected. Investigators suspected that the hack that lead to this breach was sponsored by a foreign state.
The Turkish government agency experienced an identity theft attack at the hands of a malicious outsider. The attack exposed 50 million records and scored a 9.9 on the scale. The Presidency’s State Audit Institution (DDK) reported that the servers supporting the administration’s Web site were breached and information pertaining to citizens was stolen.
The South Korean organization, which distributes pharmacy management software to many of the country’s pharmacies, was hit by an identity theft breach launched by a malicious insider. The result was the exposure of 43 million records, and the incident scored a 9.7 on the risk assessment scale. According to the Korea Herald, medical information on nearly 90% of the South Korean population was sold to a multi-national firm, which processed and sold the data.
The OPM in June 2015 suffered an identity theft data breach that involved 22 million records. The state-sponsored attack, which was described by federal officials as being among the largest breaches of government data in the history of the U.S., scored a 9.6 on the risk assessment scale. The attack exposed data including personally identifiable information such as Social Security numbers, names, dates and places of birth, and addresses.
The U.S.-based credit bureau and consumer data broker experienced an identity theft breach by a malicious outsider that resulted in the theft of 15 million records. The attack, which the company disclosed in October 2015, scored 9.4 on the risk assessment scale. Experian North America, in a news release, said one of its business units experienced an unauthorized acquisition of information from a server that contained data on behalf of one of its clients, T-Mobile USA. The data included
some personally identifiable information about consumers in the U.S., including 5 those who applied for T-Mobile services or device financing.


































































































   3   4   5   6   7