December 10, 2015

Share Everywhere

Monthly Breach Roundup: November 2015 Security & Data Breaches

Worried that you may have been affected by a recent data or security breach? Don’t worry, we have a roundup of recent breaches — and you can check back at the beginning of every month for more updates.

Here are the recent data breaches that were making headlines in November:

Law Enforcement Enterprise Portal

The Law Enforcement Enterprise Portal, known as, was breached in November by a hacker group called Crackas With Attitude (CWA). CWA found a vulnerability in the portal, which is where local and federal law enforcement officials connect and share information, and stole a great deal of personal data. They then posted some of that information online.

CWA said they had no intention of hurting innocent people and that their actions were directed solely at the U.S. government. They claim to be fighting for Palestine and are angry with the U.S. government for funding Israel.

JPMorgan Chase + 14 Other Companies

The true scope of a breach we told you about in October 2014 finally came to light in November 2015. Last year, it was reported that JPMorgan Chase suffered a data breach that affected 76 million households and 83 million customers. However, last month, we learned that JPMorgan Chase was part of a much larger hacking scheme that affected 14 other companies and more than 100 million people — making it the largest bank data breach, ever.

While most victims of this scheme — over 80% — were JPMorgan Chase customers, other victims included customers of TD Ameritrade, Scottrade, and News Corp.’s Dow Jones unit, among other companies. Authorities said the three main hackers, who have been officially charged, were trying to support stock manipulation schemes, payment-processing schemes, and gambling.

Hilton Worldwide

Hilton Worldwide announced a security breach right before Thanksgiving 2015. The major hotel chain said the breach may have affected any guests who stayed at one of their 4,500 hotels around the world between April 21, 2015 to July 27, 2015, or November 18, 2014 to December 5, 2014

The Wall Street Journal reported that the company found malware in their payment systems. The malware could have stolen customer names, credit or debit card numbers, security codes, and expiration dates. Hilton encourages any guests to stayed with them during the dates above to check their account statements for signs of fraud.

VTech Holdings Ltd.

On November 14, 2015, Hong Kong-based VTech Holdings Ltd. suffered a data breach that compromised the personal information of 6.4 million children and 4.9 million adults stored in their Learning Lodge database. The hacker, who spoke anonymously with Motherboard, said they were able to get the full names, genders, and birthdates of children, as well as thousands of pictures of parents and kids, chat logs, and audio recordings.

As for parent account information, the hacker took full names, e-mail addresses, secret questions/answers for password retrieval, IP addresses, mailing addresses, download histories, and encrypted passwords. Credit card information was not affected, as this information is not stored in the Learning Lodge database.

The hacker says this breach was meant to serve as a wake up call and that he or she does not intend to publish or sell the data.

Check back at the beginning of January to read about security and data breaches that occurred during the month of December. Wondering what you may have missed this year when it comes to your personal security? Browse through our list of the biggest data breaches in 2015, so far.

Follow Me

Heidi Daitch

Director, Strategic Programs at IdentityForce
Heidi is a busy working mom who juggles many of the same responsibilities and challenges at home and at work - a long list of things to do and not enough time to do everything. With so little time, Heidi tries hard to find simple, but effective strategies to save time for what’s really important – spending time with her family.
Follow Me

Join The Discussion

Your email address will never be published.