Major breaches of 2014

This is the time of year that people make lists, so I will also.  These are not in any particular order, but the total is pretty amazing.  I had already forgotten some of these —

  • Michaels and its subsidiary Aaron Bros Art Framing (January) – 3.4 million records, credit and debit cards information from their POS system
  • LivingSocial (April) – more than 50 million records, names, emails, birthdays and encrypted passwords stolen.
  • eBay (May) – an unknown number, but eBay asked all 145 million customers to changes their passwords, so we might assume it was all of them.  Usernames, encrypted email addresses and passwords were stolen
  • American Express (June) – almost 76,000 California residents.  Names, account numbers, expiration dates and CVS numbers were stolen.  While the number of cards stolen is relatively low, since Amex doesn’t have the traditional card credit limit, the rewards might be priceless
  • P.F. Changs (August) – exact number unknown.  Credit card numbers, expiration dates and customer names were reportedly stolen
  • Staples – 1.16 million cards.  Staples said the hackers got customer names, card numbers, expiration dates and CVV numbers.
  • Snapchat (October) – Almost 98,000 files were stolen and posted on The Pirate Bay.  Again, not a large number, but an unfortunate number of pictures were child porn – selfies from kids under the age of understanding, err, 18.
  • The Home Depot (September)  – 56 million credit cards and an additional 53 million email addresses.
  • JP Morgan Chase (October) – 76 million households and 8 million small businesses.  Chase said that the hackers only got names, addresses and phone numbers.
  • Sony (December) – Hackers broke into Sony’s, erased hundreds if not thousands of machines, stole tens of millions of files and almost got the movie The Interview cancelled.  Sony is still doing damage control and trying to recover.

All in all, that is a lot of compromised information






Las Vegas Review Journal

Krebs On Security

Business Wire

 Risk Based Security