These companies lost your data in 2015's biggest hacks, breaches

Updated: Almost every American has been affected by at least one data breach this year.
By Zack Whittaker on
1 of 18 file photo

The chances are your data was leaked this year

In 2014 alone, more than one billion personal records were illegally accessed -- including health, financial, email and home address data, and other personal information like Social Security numbers. That's up more than 54 percent on the year prior, according to Gemalto. This year, there's no sign of let-up.

As we're coming up to the end of the year, we look back at some of the biggest -- and most dangerous breaches -- so far.

2 of 18 via VTech

4.8 million caught up in VTech's weak security

You can put money on it being a bad hack when kids are named as victims. The toymaker suffered a major breach in late November, with hackers taking 4.8 million records, as well as a database of first names, genders and birthdays of more than 200,000 kids.

The attack on VTech, which reportedly used poor password security among other issues, ranks as one of the largest breaches of the year.

3 of 18 Wikimedia Commons

70 million prison phone records handed to reporters

November: The big scandal when an anonymous hacker stole about 70 million phone calls from inmates in US prisons wasn't the hack itself, it was the suggestion that attorney-client privilege may have been violated on a regular basis. Millions of call logs and thousands of call recordings were taken in the breach. Securus provides landline phones and equipments to prisons, and generates high profits by charging the inmates themselves -- so much so, the FCC has taken action against the firm.

4 of 18 Wikimedia Commons

Thousands of arrestees' data at risk after FBI's portal breached

November: The same hackers who were able to get access to CIA director John Brennan's private email account also got access to a law enforcement portal used by police and federal agents to share intelligence, and book arrested suspects. It's not clear how many records were in the system -- the FBI declined to comment -- but hundreds of thousands of users are cleared to use the portal. Many of those names were also leaked in the hack. The attack was thought to be one of the widest external breaches of law enforcement this year.

5 of 18 Wikimedia Commons

Donald Trump's hotel chain hack hit thousands of hotel visitors

October: A hack that targeted seven of Donald Trump's hotels, and lasted the whole year: even the presidential candidates aren't immune to hacks. Hackers snuck malware onto Trump systems, stealing credit card data (including security codes and card numbers) in the firm's hotels across the US. No final figure of how many people were affected was ever reported, but it's thought to be in the many thousands.

6 of 18 file photo

Patreon hack led to 15GB data dump

October: Crowdfunding service Patreon got the "Ashley Madison" treatment when it found its entire cache of data published online in a massive data breach in early October. Names, email addresses, and posts were leaked, though credit card data and Social Security was not compromised. The scope of the breach may take time to become fully clear, but at 15GB in size, and millions of accounts already found, the number of potential victims is only set to get larger.

7 of 18 file photo

Experian breach hit 15 million T-Mobile customers

October: T-Mobile may have taken over Sprint to become third place in US cellular rankings, but it's seventh place in our list of breaches, thanks to its misplaced trust in Experian. The credit agency suffered a breach in September, affecting as many as 15 million T-Mobile customers who underwent credit checks. Data, such as names, addresses, social security numbers, birth dates, and even passport numbers, may have been taken. Encrypted Social Security numbers may also have been swiped, but the company warned that encryption may have been compromised.

8 of 18 Glassdoor

Scottrade hack: Details on 4.6 million customers stolen

October: The retail brokerage firm said it detected "illegal activity involving our network" two years prior. Hackers reportedly took millions of customer contact details, which cybersecurity reporter Brian Krebs suggested it was to facilitate stock scams through spam campaigns. It was revealed in November after a case was unsealed that a total of four men had been charged with hacking into JPMorgan Chase and a number of other financial institutions, Scottrade included.

9 of 18 Twitter

Ashley Madison ensnares 37 million cheaters

September: Around 37 million people were caught up in the Ashley Madison affair (for want of a better term). The site encourages its users to cheat on their partners. Aside from the many millions affected and the impact on relationships, should that information get into the hands of the enemy -- think, Russia or China -- it could lead to a considerable blackmail and espionage effort against US, UK, and allied countries.

10 of 18 Wikimedia Commons

10 million hit by Excellus BlueCross BlueShield hack

September: Excellus BlueCross BlueShield suffered a major hit on its networks that ended up leaking more than 10 million records. The attack happened two years earlier in late December 2013. Names, birth dates, Social Security numbers and mailing addresses -- some of the most personal data going -- was taken, including financial account and claims information. The source of the hack remains unknown.

11 of 18 CNET/CBS Interactive

Carphone Warehouse tops UK breach list with 2.4 million affected

August: The UK's biggest data breach of the year can go to Carphone Warehouse, a phone retail store. As many as 2.4 million customers (roughly 4 percent of the country's population) had their personal information taken in the breach. About 90,000 customers had their encrypted credit card data stolen. The UK data privacy watchdog is now investigating the breach.

12 of 18 CBSNews.com

Millions hit by CVS, Walgreens, credit card breach

July: Pharmacy chain CVS was forced to pull its popular online photo print ordering site offline as it investigated a suspected hack. Credit card data, email and postal addresses, phone numbers, and passwords were taken, but it's not clear how many millions were affected by the breach. No other linked data was taken in the breach, but Costco and Rite Aid, among others, were also hit.

13 of 18 CBSNews.com

UCLA Health failed to encrypt 4.5 million records

July: Data breaches and hacks happen all the time. But poor security and a lack of encryption can put the blame entirely on the body that was charged with protecting it. UCLA Health was at least partially to blame when it was hit by a massive hack on 4.5 million records earlier this year, because its customer data -- including Social Security numbers, and even medical data, such as conditions, medications, procedures, and test results -- was not encrypted.

14 of 18 Hacking Team via Vice/Motherboard

Hacking Team exploits put hundreds of millions of Flash users at risk

July: An unknown group of hackers brought Italian surveillance firm Hacking Team to its knees when its entire network was breached -- and subsequently published online. Who were the real victims? The ordinary public, after hackers took working Flash exploits from the cache of leaked files. It's not known how many internet users were hit by the subsequent attacks. There may be more to come.

15 of 18 stock photo

More than 22 million government workers now vulnerable to blackmail

June: The big finale is the OPM breach, which affected 22.1 million (and counting). It could be the single most damaging breach to US national security of all time. Those who have access to some of the most sensitive data in the world had their entire backgrounds checks -- conducted by the OPM -- stolen by an unknown assailant. Imagine if the enemy knew exactly which buttons to push in order to blackmail someone into turning over vast swathes of sensitive or classified data. We have yet to see the repercussions of the breach, but it could harm the US' domestic and foreign diplomatic and intelligence work.

16 of 18 stock image

LastPass customers at risk after millions of passwords accessed

June: Almost any security expert will say using a password manager makes you safer. What happens when your password manager is hit by a hack? We found out when LastPass suffered a data breach this year. It's not clear if any data was taken, and any passwords that were taken were heavily encrypted. But all it takes is a weak master password to your keychain and boom, your online life can crumble.

17 of 18 stock photo

IRS data breach led to hackers taking tax returns

May: The IRS data breach, reported in May, affected around 100,000 taxpayers. That may seem like a paltry number compared to the Anthem or UCLA breaches, but the impact on affected taxpayers could be staggering. A flaw in the IRS' system allowed hackers to access past filed tax returns, including sensitive financial information and Social Security data. It's said that the breach cost taxpayers $50 million in fraudulent claims.

18 of 18 stock photo

Anthem breach affected one-third of Americans

February: If your healthcare provider can't keep your data safe, who can you trust? Anthem, a US health insurance firm, lost more than 80 million customer records when it was hacked at the start of this year, along with around 19 million rejected customers. Reports say much of the data was not encrypted. Enough personal data was stolen -- from Social Security numbers to birth dates and addresses -- to steal identities. The FBI, the investigating agency, has yet to confirm who it thinks was behind the attack.

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos
Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup
Asian woman working at a desk in front of a computer and calculator

Related Galleries

Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup

8 Photos
Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup
Person seated at a booth in a cafe looks at their phone and laptop.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup

10 Photos
Drive Electric Day: A dizzying array of EVs in sunny Florida

Related Galleries

Drive Electric Day: A dizzying array of EVs in sunny Florida

16 Photos