5 Industries Devastated by Data Breaches in 2014
- Security & Compliance
- Stephanie Crets
Cyber attacks and data breaches are on the rise as we move into the middle of the second decade of the twenty-first century. Looking back at 2014, it’s clear that hacking and the compromise of personal and business information is no longer merely something that happens to one company here or there, but it is an ongoing threat to entire industries.
Here’s our rundown of the industries that were affected the most by data breaches last year.
5. Cloud Services: Dropbox and iCloud
If there’s one thing that 2014 has taught us, it’s that we need to pay special attention to the security of personal cloud storage – which is a big reason why we offer secure dedicated private cloud hosting services.
In October, news reports indicated that Dropbox had been hacked, with the attackers accessing credentials for as many as 7 million accounts. Dropbox denied that it had been breached and blamed unnamed third-party services for the violation of security. The company also reset the passwords on affected accounts. Still, it’s probably impossible to know how much data was taken.
Earlier in the year, Apple’s iCloud service was compromised as well. The event quickly became newsworthy when hundreds of private celebrity photos were leaked online. Apple claimed that the attack was “very targeted,” with no actual breach of its systems. Instead, the celebrity accounts were apparently invaded by people who skillfully guessed passwords and security questions.
Regardless of whose fault these hacks may have been, the Dropbox and iCloud hacks should be a lesson to everyone who uses such services that there’s more to cloud security than simply using a password.
4. Entertainment: Sony Pictures, Sony PlayStation, and Xbox
The hack of Sony Pictures Entertainment has been all over the Internet, from big-name media sites to industry blogs to your Uncle Barry’s Facebook status updates. Its notoriety largely comes from the alleged reason for the attack – to stop the theatrical release of the then-forthcoming movie The Interview, starring James Franco and Seth Rogen – and the many salacious details that were revealed about celebrities and high-profile executives.
More importantly, behind all the drama and damaging emails, real people were hurt by the hack. Sony indicated that personal employee information had been compromised, such as birth dates, contact information, Social Security numbers, and financial account details. This includes not just the big-name celebrities reported about in the media, but many others who have worked for or contracted with Sony. Many of these people likely will be dealing with ramifications of the hack for years to come.
As if that wasn’t bad enough, Sony got hit again on Christmas Day, this time through its PlayStation network, while Microsoft’s Xbox network was attacked at the same time. Details about how many people were affected are still unclear. More disturbing than numbers, however, is the reason the group gave for their mischief: They wanted to ruin Christmas for everyone who got new consoles. It’s easy to chalk up hacks like this to mere pranks, but such events translate to real lost time and money, both for the businesses and those who spent hard-earned money on the devices.
3. Finance: J.P. Morgan Chase and Goldman Sachs
The J.P. Morgan Chase hack in the middle of 2014 was remarkable in part due to the number of people and businesses it affected, estimated at around 83 million. Although the hackers did not get any account numbers or other financial information, they did make off with loads of other personal data.
When knowledge of the attack first made the news circuit, there were rumors that it was made possible by sophisticated, customized software. However, later details indicated that the hackers used credentials stolen from an employee to log in to a server that was less secure than other computers throughout J.P. Morgan’s systems, which is a conglomeration of various “legacy” systems cobbled together from the remains of acquisitions. Given the high rate of such mergers that occurred between banks in the late 1990s and early 2000s, as well as fire-sale buyouts during the financial crisis of 2007-2008, it seems likely that there are plenty of other financial systems out there in similar conditions.
However, the cake-taker of finance data breaches this year goes to Goldman Sachs. Back in July, a contractor tried to send Goldman Sachs a large set of confidential customer data. However, instead of emailing the data to Goldman Sach’s domain (gs.com), the contractor sent it to a Gmail account. When Goldman Sachs tried reaching out to the individual who owned the Gmail account, they received no reply. A judge ordered Google to delete the errant email, but there’s no way to know whether the file was forwarded, downloaded, or copied.
2. Retail: eBay, Home Depot, Michaels, etc.
It seems like there is a retailer coming out every other week saying they’ve been hacked. In January alone, we saw attacks on Neiman Marcus and Michaels, affecting about 3.7 million people combined. Looking at the other eleven months in the year, the list keeps growing: Home Depot, Kmart, Staples, SuperValu, Bebe, and even Goodwill. Add in chain restaurants, such as P.F. Chang’s and Dairy Queen, and the mound of breaches becomes almost Himalayan.
Possibly the biggest retail data breach last year came from online auction site eBay. In May, the company announced that approximately 145 million accounts were exposed due to malware that had been running on its site for months. Even after the attacks were reported by the BBC, malicious code was still found on some of eBay’s listings. Ultimately, eBay forced users to change their passwords, but it’s difficult to know how much damage individual users were forced to deal with before that.
1. Education: U. Maryland, Seattle Public Schools, and more
You probably didn’t hear about them, but according to data collected by the Privacy Rights Clearinghouse, at least 32 educational institutions across the United States were subjected to cyber attacks in 2014. These range from grade schools all the way up to post-doctoral institutions, including medical training centers, such as Johns Hopkins University and University Pittsburgh Medical Center.
The largest known educational data breach last year occurred at the University of Maryland, where hackers stole more than 300,000 records that included sensitive personal data. That attack was followed closely by a hack of North Dakota University systems that garnered records for 290,000 individuals. Other big universities, such as the University of California, Berkeley, University of Illinois, Chicago, and Penn State, also experienced data breaches last year. In many cases, the extent of the breaches are unknown.
Even more disturbing are the data breaches that occurred at local schools and school districts. In mid-November, a law firm for the Seattle Public Schools “inadvertently” sent 8,000 personally identifiable student records to someone who had filed a complaint against the school district. In July, as many as 3,000 students in Massachusetts were victims of a data breach when a laptop from a third-party billing service was stolen: That laptop contained unencrypted student information, including names, addresses, Social Security numbers, and Medicaid IDs.
With cyber attacks increasing, there are bound to be more stories about hacks and data breaches in the coming year. Whether you use private cloud services or online banking, the best way to keep from being part of an attack is to check the security of the various systems you use regularly. Enable extra security measures like two-factor authentication (e.g., where you get a text with a one-time code in addition to using your password to log in), and use security questions that only you know. Also, talk to your financial institution, medical providers, and other places where sensitive data may be stored. While you can’t control everything, simply asking questions will let them know you’re paying attention – and it might make them pay attention as well.
Leave a Comment