From Home Depot and USPS to NOAA and State Department, there’s news about a new data breach on a weekly, if not daily, basis. These breaches can cost organizations an average of $3.5 million per breach and $201 per record comprised, per the Ponemon Institute’s “2014 Cost of a Data Breach: Global Analysis“. They also have a lasting impact by affecting revenues, profits, stock prices, brand integrity, and much more all having a huge economic impact. According to the Identify Theft Resource Center, as of November 3rd, 2014 there have been 644 reported data breaches in the United States alone which is a 25.3% increase over the same time period last year 2013.
Below is a list of the top 10 global data breaches reported in 2014 based on the number of records exposed. Please note – this is a list of the data breaches where the number of records exposed is known or an estimate number of records are known. Several other data breaches happened in 2014 – P.F. Chang’s, iCloud, and European Central Bank – where the number of records have not been reported.
Just from these top ten, over 378 million records have been exposed in 2014.
|Organization||Records Exposed||Method||Data Type(s)||Additional Info|
|Ebay||145,000,000||Hacked||Email & online information||eBay customers have been exposed to malware for months thanks to a flaw on eBay’s website. Clicking some listing on eBay immediately redirected to a malicious sites, according to the BBC.|
|JPMorgan Chase||83,000,000||Hacked||Personal information (name, email, phone)||NYTimes – The hackers appeared to have obtained a list of the applications and programs that run on JPMorgan’s computers, which they could crosscheck with known vulnerabilities in each program and web application, in search of an entry point back into the bank’s system.|
|Home Depot||56,000,000||Hacked||Credit card information||Malware installed on cash register system across 2,200 stores providing credit card details of up to 56 million customers. This has cost Home Depot around $62m.|
|Korea Credit Bureau||27,000,000||Inside Job||Full bank account info||An employee has been arrested and accused of stealing the data from customers of three credit card firms while working for them as a temporary consultant.|
|Naver||25,000,000||Hacked||Account information – personal||A Naver official stressed that Naver was not at fault regarding the incident, rather the personal information of the users are ready to purchase from the black market of the Korea. So, the data are not abused by the internal sources, rather it is very easy for the people having a hand on users’ sensitive information.|
|Northwestern City of Verden (Germany)||18,000,000||Hacked||Email address & passwords||The story broke by the German press, Der Spiegel, when German Authorities revealed another mass hacking of private data belonged to German citizens and major Internet companies both in Germany and abroad.|
|KT Corp||12,000,000||Hacked||Personal information||South Korean telecommunications provider KT Corp. says a data breach compromised the personal information of about 12 million of its customers, according to the Yonhap News Agency.|
|Snapchat||4,600,000||Hacked||Account information||The phone numbers and usernames for as many as 4.6 million accounts have been downloaded by a website calling itself SnapchatDB.info.|
|Community Health Services||4,500,000||Hacked||Patient records||Per TrustedSec – The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability which led to the compromise of the information.|
|USPS||3,650,000||Hacked||Personal data including social security numbers.||2.9m customer records and 750k employee records were compromised according to CNN.|
*NOTE: The Gmail breach was not included in this list as the majority of the 5m records where old/outdated and it was a breach through personal accounts, not through Google directly.
As these attacks are getting increasingly sophisticated it’s becoming more difficult for organizations and government agencies to protect themselves. While it’s necessary to take defensive measures, it’s also important to take a more proactive approach with your cyber security posture by better understanding your adversaries, how they operate, who they are affiliated with, and your organization’s risks and vulnerabilities. These are the types of problems we solve at IKANOW.
If you don’t want your organization to be on this list or in the news as the latest company to be breached, contact IKANOW today to learn more about how we can help.