The Year Of Living Dangerously

In 2015 at least 130 million people have had their personal data breached or hacked – including tens of millions in the UK and hundreds of millions in the USA.

January

Online greeting card service Moonpig suspends its app after claims a security flaw allowed access to any of its 3.6 million customer accounts.

The US Scout Association is told its database, which holds the contact details of 450,000 youngsters and volunteers, is ‘insecure.’

US health insurer Anthem discovers a major breach of its database which hackers have combed through for names, social security numbers and birth dates of over 78 million people.

February

Uber reveals that 50,000 drivers’ names and licence plate numbers across the United States have been made public after a hack on the cab- hailing service. US site Motherboard reported thousands of drivers’ details were available on the Dark Web for $1 a time and many phantom trips were charged to other account holders.

A database of parking ticket details for almost 10,000 motorists is published online, by PaymyPCN. net, which has a direct link to the DVLA.

March

Around two million customers of Vivastreet, the owner of Mexican classified site Vivanuncious, are revealed to have had their emails, passwords, phone numbers, postcodes and IP addresses exposed prior to the site being bought by eBay.

British Airways says hackers have accessed 10,000 frequent flyer accounts. The firm maintained no personal information had been viewed or stolen, but froze all affected accounts.

Health insurers including Premera Blue Cross, CareFirst BlueCross, Blue Shield and Excellus Health Plan reveal breaches that have affected 22 million people stretching back to March 2014. American investigators believe China targeted insurers in the US to see how medical coverage and insurers are set up.

May

The social security information of 21 million people is stolen after the US Office of Personnel Management is hacked. The personal information of all federal employees, their social security numbers, employment history, health, criminal and financial history is all included. The New York Times blames the attack on Chinese hackers.

June

JD Wetherspoons, the FTSE 250 firm and chain of 950 pubs, has its database of 656,000 customers hacked – although it claims the details of just 100 customer credit cards are revealed. The attack was only discovered in December.

Barclays agrees to pay out half a million pounds in compensation after losing a USB stick containing personal data of about 2,000 of its customers. It offers them £250 each. Data, including jobs, salaries, debts, insurance, mortgage and passport details and national insurance numbers were in the hands of at least one fraudster for seven years.

PwC find nearly nine out of 10 large organisations now suffer some form of security breach – suggesting that these incidents are now a near certainty.

August

Hackers release details of 1.2 million accounts and 25 gigabytes of company data from Ashley Madison – a website that helps users have extra marital affairs. The data includes 1,200 Saudi Arabian email addresses where adultery can be punished with death. The same month a pastor and professor at the New Orleans Baptist Theological Seminary commits suicide citing the leak that had occurred six days before. Users whose details were leaked are filing a $567 million class-action lawsuit. Analysis showed that ‘123456’ and ‘password’ were the most commonly used passwords.

Mumsnet co-founder Justine Roberts is hit in a ‘swatting’ attack that saw an armed police response team sent to her house. The parenting website was also targeted in a distributed denial of service attack. A group calling themselves @DadSecurity claimed to be behind the attacks.

Carphone Warehouse admits the encrypted data of 90,000 people may have been stolen, the firm warns its 2.4 million customers after a sophisticated attack.

September

The details of thousands of Lloyds Bank Premier customers account holders are revealed to have been lost after a data storage device is reported stolen. The data affected customers with Royal Sun Alliance emergency home cover on their premier account between 2006 and 2012.

UK government agencies and banks feature highly on a ‘hitlist’ of 385 million email addresses that has been used by cyber criminals to spread the Dridex banking Trojan.

October

157,000 TalkTalk customers’ personal details are accessed with more than 15,600 bank account numbers and sort codes stolen. The firm said 4% of customers had sensitive data at risk and warned to protect themselves from scam phone calls and emails. Five men, including a 18-year-old from South Wales and 20-year-old from Staffordshire, were arrested and are on bail until March (2016).

The British Gas emails and passwords of 2,200 customers appear online. The company writes to those affected to apologise.

Pharmacy2U is fined £130,000 for a data breach that saw the company try to sell the details of 20,000 customers names and addresses to marketing companies without telling them.

Hackers access the details of 1,837 Vodafone customers along with customers’ names, mobile numbers, bank sort codes, and the last four digits of their bank accounts.

November

Hong Kong toymaker VTech has 727,000 children’s profiles and 560,000 parent profiles hacked, the breached accounts included selifes and audio recordings. The hack was first revealed on the website Motherboard, by a man who claimed he wanted to expose the firm’s ‘s***ty security.’

British payments company Paysafe admits details of 7.8 million customers were hacked. The listed company, formerly known as Optimal Payments, admitted the customers had their accounts hacked between 2009/2010. It said limited data was taken that didn’t include passwords, card data, or bank account information. It said 1,500 people had lost money, but had no reports of other losses.

US online takeaway service Hungry House is hit by a data breach and resets the passwords of 10,000 customers.

December

The BBC is hit by a denial of service attack that locked millions out of iPlayer and live streaming and radio for three hours.