Top 5 Cybersecurity Breaches in December

The holidays didn’t slow down hackers this past month. Here are the top 5 breaches reported in December:

Yahoo –Yahoo announced in December that it uncovered a breach of more than one billion users accounts dating back to August 2013, which is the largest breach ever! As everyone remembers, Yahoo reported a separate breach of 500 million user accounts back in September. So what’s the financial impact of this latest breach? It could be $4.83 billion – the amount that Verizon agreed to in order to buy Yahoo. And that’s not including any possible class action lawsuits and the erosion in their brand. The latest breach is said to include names, email addresses, telephone numbers, dates of birth, hashed passwords, and even encrypted or unencrypted security questions and answers. But don’t think the hashed passwords are protected. They used an old algorithm that is now easy to uncover.

Peachtree Orthopedic: After an ongoing investigation by a news reporter, it was determined that a breach at Peachtree Orthopedic exposed the information of 531,000 people. Information included details on current members of the Atlanta Hawks, former players of the Atlanta Braves, and former government workers. This is the largest data breach of medical records in Georgia. Hackers breached the online learning site and gained access to a database containing 9.5 million accounts. This included customer names, email addresses, and courses viewed. The company also had to reset 55,000 customer account passwords after discovering the passwords were accessed as well.

Quest Diagnostics: Quest was another company in the health care industry that was breached, with 34,000 people now dealing with exposed health information. The breach occurred when an unauthorized third party was able to access data using the mobile app MyQuest by Care 360. The data included name, birth date, lab results, and some phone numbers.

Bleacher Report: Unauthorized access was gained to the sports’ web site, exposing user information. The numbers of those affected by the breach hasn’t been disclosed yet but all users had to reset their passwords.

These breaches should be a red flag to all organizations. Whether it’s an inside threat or an external one, you need a better approach to protecting your company’s most valuable assets. Start by clicking here to learn how your cyber posture compares to other leading organizations.