If there is any lesson that using the internet in 2015 taught us, it’s that it’s getting increasingly difficult to avoid having our personal data stolen by hackers.
From children’s toys and hotels to mobile phone companies and insurance brokerages, virtually no one was safe from malicious breaches. And, if anything, hacking became a little more personal – and a little meaner – in 2015.
In June, hackers stole the records of at least 22 million United States government workers stored with the Office of Personnel Management. The full repercussions of the breach – considered the most damaging in US national security so far – aren’t yet known, but analysts are worried about the potential for blackmail of government employees by enemy powers armed with the sensitive information.
The US-based healthcare providers Anthem and Excellus BlueCross BlueShield had 80 million and 10 million customer records leaked, respectively, in September and February. Birth dates, addresses and social security numbers were included, exposing millions to potential identity theft and fraud. Law-enforcement officials failed to identify the perpetrators.
The records of 2.4 million customers, including up to 900,000 credit card numbers, were stolen from the UK electronics retailer Carphone Warehouse in August. Even LastPass, an online tool that helps users manage their many different passwords, was hit in June. The breached data was encrypted and the company said damage was minimal, but users were, nevertheless, urged to change their passwords.
The list goes on and on
Many of the victims in the disparate breaches were forced to deal with identity theft and financial turmoil, and the only thing that kept the breaches from wreaking a sort of collective mass havoc was – seemingly – the hackers’ own good graces. But even those, if they exist at all, appear to be running out.
In July, hackers calling themselves The Impact Team announced they had stolen data from adultery-enabling website Ashley Madison. The group threatened to release the information, which included the names and home addresses of the site’s 39 million members, unless it shut down immediately.
When the Toronto-based parent company, Avid Life Media, did not comply, the hackers dumped gigabytes worth of usernames and credit card transactions, plus sensitive emails from executives.
Among the revelations in those correspondences was the fact that company founder, Noel Biderman, a married man, had multiple affairs despite previous denials about infidelity. Examination of the data also revealed that most of the site’s female users were fake and that the company failed to delete user accounts even after charging fees to do so.
The fallout for users was more pronounced. Heads rolled as judges, politicians and teachers were outed as members. Families split up and fears of blackmail spread fast. A New Orleans pastor and Ashley Madison user, fearing he too would lose his job, committed suicide.
Adultery is an ethical issue, but regardless of where one stands on it, at the heart of the breach lies the fact that the Ashley Madison hackers appointed themselves moral arbiters of the site and – by extension – its users. Avid Life Media is facing a US$567 million class-action lawsuit and will probably never recover the trust of its users, even if it is claiming to have added four million new members since the breach. But the social ramifications for its users, imparted by self-appointed judges, marked it as a different kind of hack.
Ethically motivated breaches against wrongdoing companies, governments or institutions have been happening for years but in 2015, their perpetrators seemed to care less about the everyday people caught in their wake, and not just in the Ashley Madison case.
Bombastic and divisive US presidential candidate Donald Trump was also targeted last year, with his hotel chain announcing in October that it had been the victim of a year-long breach. Hackers may have gained access to thousands of customer credit card numbers during that period, the chain said.
While Mr Trump may have suffered a personal knock to his brand and reputation, as the hackers desired, the true victims – the ones who likely had to deal with the financial fallout of having their data stolen – were guilty of no crime other than staying in hotels bearing his name.
Hackers in September also went after Patreon, a Kickstarter-like crowdfunding site used by independent artists and creators to support their small-scale initiatives. The perpetrators and motives are unknown, but Patreon is the veritable opposite of the corporations normally targeted by hacktivists. Why they would want to harm independent creators trying to eke out a living through online donations is a disturbing question.
Closing out the year, hackers in November stole 4.8 million records from Hong Kong-based toy maker VTech, leaking the names, genders and birthdays of more than 200,000 children. One of the individuals who claimed responsibility later said he just wanted the company made aware of security failings that allowed the hack to be fixed. Whether the hacker was aware that thousands of children had been exposed to potential miscreants is unknown.
There’s little doubt that data breaches were one of the biggest stories of 2015 and, unfortunately, they will not be going away.
But with hackers increasingly appointing themselves arbiters of the moral behaviour of institutions and individuals, and the effects of their actions having more profound social effects than just simple financial damages, authorities are heading into this year facing more pressure to take action against what is a growing epidemic.
business@thenational.ae
Follow The National's Business section on Twitter
