Inside TDV - The Data Vault Blog
Rounding Up The Largest Data Breaches Of 2014
Now that New Year’s Eve has come and gone, it’s time to see where we landed in the digital record books. Any way you cut it 2014 was the biggest year ever for data breaches – in just about every industry. While there weren’t quite as many high profile incidents like Target’s last Christmas season, statistically the amount of independent breaches were higher than ever before.
With that growth in mind, here’s a small sample of the largest we saw in the past year:
5) Michael’s Craft Stores – 2.6 million people affected
This incident was Michael’s second data breach in three years, sparking discussion over whether management had taken the threat seriously after the first. By utilizing outdated software on their point of sale systems, the chain exposed a vulnerability present in many other retailers.
4) Snapchat – 4.6 million people affected
In a surprising turn of events, a company that made it’s name with privacy features found themselves the victim of a massive attack. While financial information wasn’t compromised, real names and phone numbers were released in addition to millions of private photographs.
3) The Home Depot – 56 million people affected
While we’ve covered their issues on this blog in the past, it bears repeating that The Home Depot’s incident appears eerily similar to the one that affected Target in late 2013. Both resulted from the compromise of a 3rd party contractor’s credentials, and showed a corporate structure that was slow to respond to the allegations of information loss.
2) Ebay Inc. – 145 million people affected
Misinformation, delays in notification, disorganization, and consumer litigation have all been hallmarks of the crisis surrounding the Ebay cyber attack. Resulting in multiple government investigations and lawsuits, this incident has become the textbook example of how not to interact with the public after a large corporate breach. To this day some experts believe that a majority of affected users don’t know that their data is compromised.
1) Sony Pictures – Unknown number of people affected
In an incident that is certain to give corporate executives nightmares for years to come, Sony experienced a coordinated cyber attack (with alleged political overtones) that resulted in massive damages to both their business model and consumer trust. At least five major motion pictures were prematurely leaked online, confidential email communications were seen by the press and competitors, sensitive employee information was posted, and a movie release was canceled as a result. The ramifications of this attack are still unfolding, but with it shaping US foreign relations and dominating headlines it has certainly eclipsed anything seen up to this point.
Data breaches aren’t a joke, and are increasing exponentially every year. There are easy steps to ensure that your organization isn’t making headlines with the next large incident, and taking the time to review current policies is never wasted. If you’re interested in expert advice and guidance during these times of information insecurity, please do not hesitate to reach out to us and we’d be happy to discuss it with you!