As 2015 nears an end, the tally of U.S. data breaches has reached an estimated 690 incidents as of Nov. 24, down about 2.5 percent from the 708 breaches recorded during the same time period last year, according to the nonprofit Identity Theft Resource Center.
The counseling center compiles media reports and records obtained from federal sources and state attorneys general to come up with the count. It’s likely the actual number of breaches is greater due to delayed reporting or businesses unaware their systems are compromised, according to the California-based nonprofit.
These reported incidents add up to an estimated 176.2 million compromised records so far this year exposing personal and financial information, according to the center. However, some incidents tracked by the nonprofit affect an unknown number of records.
Find below the list of the five largest known breaches of 2015. The ranking was provided by Identity Theft Resource Center.
1. Anthem Inc., 78.8 million records
The Indianapolis-based health insurer — whose Ohio division is the largest commercial health plan in the state — learned of a cyberattack to its information technology system at the end of January, according to the company.
According to the resource center, nearly 80 million records were compromised, which Anthem said could have impacted current and former members of its health plans.
2. U.S. Office of Personnel Management, over 25 million records
The federal office this year discovered two separate but related cybersecurity incidents.
In June, officials found background investigation records of current, former and prospective federal employees and contractors had been stolen including Social Security numbers of approximately 21.5 million people, according to the personnel agency. Also earlier this year, personnel data of 4.2 million current and former federal government employees had been stolen, according to the government office.
3. T-Mobile/Experian, 15 million records
Credit reporting bureau Experian learned in September an unauthorized party accessed T-Mobile data housed in a server affecting approximately 15 million records.
Records containing a name, address, Social Security number, date of birth, identification number and additional information used in T-Mobile’s credit assessment were accessed, according to an online fact page about the incident at www.t-mobile.com/landing/experian-data-breach-faq.html. No payment card or banking information was obtained, according to the companies.
4. Premera Blue Cross, 11 million records
The northwestern U.S. health insurer discovered at the end of January a cyber attack on its technology system affecting Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska and affiliate brands Vivacity and Connexion Insurance Solutions Inc., according to the company.
5. Excellus Blue Cross Blue Shield/Lifetime Healthcare Companies, 10 million records
Excellus BlueCross BlueShield, an independent licensee of the Blue Cross Blue Shield Association, learned in August cyber attackers had gained unauthorized access to its technology systems. Additionally, the investigation revealed that the initial attack occurred on Dec. 23, 2013, according to the company. The incident exposed an estimated 10 million records, according to Identity Theft Resource Center.