List of data breaches and cyber attacks in 2015 – over 480 million leaked records

The volume of data breaches and cyber attacks that marked 2015 could be appropriately described as a ‘cascade’ or ‘torrent’, or perhaps ‘maelstrom’.

There have been breaches of highly sensitive data (including that of children), targeted attacks on government agencies such as the US’s OPM and Germany’s Bundestag, and an alarming number of well-orchestrated DDoS attacks.

Money has been stolen, data has been swiped and lives have been ruined.

However, I must not fail to mention the fantastic work law enforcement agencies around the world have been putting in to bring justice down on the cyber criminals causing havoc this year. As Stuart Winter-Tear recently called it, 2015 has been the year of collaboration, and we can only hope to see the same in 2016.

By my calculations, which is counting up all of the available numbers on the stories that I’ve reported each month, I’m at 487,731,758 leaked records in 2015. It’s very likely that the final number is significantly higher, but we know that there’s been at least 487,731,758.

Below, I’ve listed the most significant events of each month; to view the full list for each month, please click that month’s heading. I will continue to update this list until the end of January 2016, so be sure to come back.

Note: The total number alongside each month is not the definitive number, please take it as the minimum number of records leaked in each month – not the total.

January – 2,057,199

Aussie Travel Cover data breach – thousands of policyholders not informed that records were stolen

Unpatched vulnerability leaves millions of Moonpig customers at risk for 17 months

19,000 French websites suffer cyber attack in ‘unprecedented surge’

Wingstop announces payment card data security incident

Park ‘N Fly confirms data breach affecting customer’s payment cards

Chick-fil-A investigates payment card data breach

Thieves target American and United airlines, dozens of free trips booked

Minecraft data breach – usernames and passwords leaked online

Wisconsin chiropractic clinic notifies 3,000 patients of insider breach

Malware infects payment card system at French Lick Resort

February – 102,223,313

Credit card information stolen in Big Fish Games site compromise

Banks link credit card fraud to Marriott hotels

Yet another online parking hack: Book2Park loses card data in data breach

18.8 million non-customers could be affected by Anthem breach

Russian dating site Topface pays ransom to stop 20 million hacked records being made public

March – 11,342,576

Bulk Reef Supply website compromised, credit cards at risk

Malware installed at California burger joint, payment cards at risk

Hilton HHonors Awards accounts exposed by security flaw

New health care data breaches: another 11 million customer records exposed

Amazon’s Twitch game-streaming service hacked

Jamie Oliver’s website found spreading malware… again

April – 2,306,312

“Dyre Wolf” online banking campaign bypasses two-factor authentication – $1 million stolen

Belgium’s biggest French-speaking newspaper goes offline after cyber attack

Data compromised in Linux Australia server breach

Costa Coffee Club members wake up and smell the data breach

Russian hackers accessed President Obama’s emails

Hyatt Gold Passport breached – user passwords reset

160,000 students compromised in Metropolitan State University data breach

370,000 Social Security numbers exposed in Auburn University data breach

May – 1,512,825

Bundestag cyber attack confirmed

How the Washington Post was hijacked by the Syrian Electronic Army (again)

Cyber criminals steal $3.8 million from Alaska Native corporation

Anonymous hackers steal terabyte of passwords from Italy’s Expo 2015

Adult FriendFinder website breached; compromising data leaked online

Harbortouch POS malware attack – customer card data stolen

Sally Beauty data breach

Hard Rock Hotel loses customer card data over seven months

June – 22,446,450

Microsoft’s anti-surveillance site hacked

US Army website hacked

Aussie Internet provider Westnet breached – over 30,000 customers affected

FBI looks at Cardinals in Astros’ data breach

Second data breach at OPM confirmed

LastPass warns of data breach

Millions of US government workers hit by data breach

Polish airline forced to ground planes after “IT attack”

July – 64,713,144

Hacking Team hacked – cyber surveillance company tells customers to stop using its software

Nursery webcam accessed by stranger to speak to parent and child

Coordinated cyber attack hits four New Jersey gambling sites

Digital media streaming service Plex hacked, forum held for ransom

Canadian Security Intelligence Service website taken offline

Detroit Zoo, eight others across the county experience POS breach

CVS and Walmart Canada Are Investigating a Data Breach

Donald Trump hotel chain hit with credit card data breach

August – 2,841,114

Ashley Madison 9.7GB data dump posted online

Carphone Warehouse hack: 2.4 million customers affected

Mumsnet founder ‘swatted’, site attacked – users urged to change passwords

Users of dating site Plenty of Fish targeted by cyber attack

Russia launches “sophisticated cyberattack” on Pentagon computers

UVA shuts down servers after cyber attack

GitHub Again Hit by a new DDoS attack

New York magazine confirms outage was result of cyber attack

September – 17,085,880

London’s 56 Dean Street clinic leaks HIV status of 780 patients

800,000 fans of the Kardashians left exposed after privacy blunder

Malware sneaks into the iOS App Store. What you need to know about XcodeGhost

NCA website falls foul of Lizard Squad DDoS attack

Imgur suffers DDoS attack on 4chan and 8chan servers

Banks: Card Breach at Hilton Hotel Properties

Thousands of Lloyds Premier Bank customers have had their data “stolen” in security breach

October – 39,754,915

Police force blames hacker after #CyberAware tweet sent out containing bogus security advice

CIA boss has his personal email account hacked… and yes, it’s on AOL

Hacked Shopping Mall CCTV Cameras Are Launching DDoS Attacks

Payment card breach at The Commons Hotel in Minnesota

EyeBuyDirect announces website breach, payment cards affected

Payment card breach at Peppermill Resort Spa Casino in Reno

November – 11,415,000

Eclipse staggers to feet, gets smacked by second DDoS

Norwich International Airport website hacked

ProtonMail hit by mystery DDoS attack, preventing customers from accessing their secure email

JPMorgan Hackers Breached Anti-Fraud Vendor G2 Web Services

Extortionists target CCN in a DDoS attack; 5 bitcoins bounty

U.S. Government Officials Targeted by Iranian Hackers

UK pummelled with DDoS after ISIS cyber attack warning

VTech hacked: nearly 5 million parents’ and 200,000 children’s details exposed

Breach at Securus Technologies exposes 70 million prison phone calls

Hilton Hotels admits hackers planted malware and stole customer card details

Payment card data breach affects 54 Starwood Hotels

December – 210,033,030

JD Wetherspoon data breach 300% bigger than TalkTalk incident

Elephant Bar data breach includes 8 Bay Area sites since August

FBI: MaineGeneral Health Victim of Data Breach

13 Million MacKeeper Users Exposed

Database of 191 Million U.S. Voter Records Left Exposed Online

Trends and traits of data breaches

Managing Information Security Breaches - Studies from real life, 2nd EditionTo help you understand the trends and traits of data breaches, what they are, how and why they occur, and what you can do to avoid suffering a similar fate, take a look at our book of the month: Managing Information Security Breaches – Studies from real life by Michael Krausz.

This thought-provoking guide details how breaches can be treated and the direction you should take if you’ve been affected.

Buy your copy now.

To ensure that you’re kept up-to-date with the latest data breaches and cyber attacks, subscribe to our Daily Sentinel.

Share now…

Share on Twitter Share on Facebook Share on LinkedIn


  1. Frank Martin 11th January 2016
    • Lewis Morgan 12th January 2016