Currently set to No Index

Top Data Breaches of 2014 and What We Have Learned

Data security is an increasingly common concern thanks to the rising awareness that security breaches pose very real threats to individuals. Companies have long been aware of the cost that such lapses can have though 2014 was a year that woke many organizations up to the fact that security measures simply cannot be left to chance. Any security shortcoming is a vulnerability that can – and very possibly will – be exploited. Here are some of the most significant data breaches of this year and what they have taught us about technological preparedness.

Aaron Brothers and Michaels

Though this data breach began in the middle of 2013, it was still making news at the beginning of 2014. These two retail outlets had credit card data, including expiration dates, stolen from point of sale systems. An investigation into the incident revealed strong indications that sophisticated malware was used specifically for the purpose of obtaining this information. Data from more than two million payment cards were obtained from Michaels stores and data from around 400,000 cards came from Aaron Brothers.

Spec’s Wine

This popular Texas retailer experienced an attack on their security that went on for seventeen months. The type of information held by this particular retailer may have made it an attractive target to criminals. Among the information possibly stolen were:

  • Bank account information
  • Customer names
  • Payment card numbers and expiration dates
  • Payment card security codes

License plate numbers may also have been part of the information collected by the criminals. Though the approximately 550,000 customers potentially impacted is a relatively small population compared to the millions affected by various other 2014 security breaches, this incident demonstrates that popular regional outlets are attractive targets for criminals. Small- and medium-sized businesses need to think about data security with the same seriousness as large organizations.

RELATED:   Dotcom vs New gTLD Extensions: What’s the Status?

eBay

The security incident affecting online auction site eBay was argueably one of the widest publicized of 2014. Assessments of the data breach suggested that a majority of the site’s 145 million members were among those likely affected. eBay stores a great deal of private information valuable to criminals, including customer names, physical addresses, birthdates, phone numbers, and much more. Even encrypted passwords were accessed but prompt action on the part of site members may have helped mitigate the damage.

The company helped bolster customer relations by quickly making contact with each member and urging them to change their password. Automated emails were used to disseminate accurate information in a timely manner.

JP Morgan

The late spring attack on eBay was quickly pushed out of the news by a troubling breach that took place at JP Morgan, the largest US bank and a major financial institution. Like several of 2014’s other major security breaches, the attack on JP Morgan was perpetrated by hackers.

Though the breach was discovered in July an investigation revealed that it had begun a month earlier. During those few weeks of vulnerability account holders’ personal information was stolen; stolen data included physical addresses, email addresses, names, and phone numbers. Notably, the hackers used high level administrative security protocols to access the company’s network servers.

RELATED:   Using Captcha Scripts to Prevent Spam

Target

Though the Target breach was somewhat smaller than the ones that impacted other organizations in 2014, the nature of this particular security threat makes it worth noting. Investigators looking into the breach that affected 70 million customers concluded that malicious software had been installed into payment card readers used in point of sale systems. This software collected customer card information though other information, such as customer names, addresses, and phone numbers were also stolen.

Payment cards have several layers of security, including the three digit code present on the back. That the thieves were able to collect this security code as well as PIN numbers and card expiration dates indicates a troublingly high degree of criminal sophistication.

Learning From 2014

It is worth noting that a few industries were especially affected by 2014 security breaches. Retail, technology, and financial service industry organizations were the most frequent targets. While these industries handle a very large amount of sensitive data, this factor alone does not account for this observation; the healthcare industry, for instance, experienced breaches on a relatively smaller scale. Since data volume is itself not the prime indicator of security risk, all organizations that handle large amounts of sensitive data have to take appropriate precautions.

This past year has also demonstrated that no industry is entirely safe. Even within specific industry sectors a wide variety of anti-security activity took place. Every industry has to take data security very seriously. While the majority of attacks came from malicious outsiders, including hackers, malicious insiders also played a small role in exposing proprietary and private data.

RELATED:   Enhanced CMS Security with Secure Live

What 2015 Holds

If the past year is any indication, we will see a few other large data security breaches affecting the retail and financial sectors in particular. Any organization that processes or stores client payment information will need to be quite vigilant about maintaining secure information storage, transfer, and access.

Since we have abundant evidence that traditional brick and mortar organizations face the same kind of security threats that online businesses do, it is possible that a more unified approach to data security will be adopted. It is no longer advisable or practical to treat the data security needs of these two business types as discrete; physical and online businesses both face threats from similar malicious outsiders.

The future holds a great deal of promise, however. Companies are learning from past mistakes and are learning how to more effectively communicate with clients who have been potentially affected by security breaches. A strong customer relations response will help restore trust and preserve public confidence. Planning a response protocol will also give companies an opportunity to anticipate necessary media outreach efforts. This helps create a proactive managed response that encompasses the concerns of many stake holders.

This year has taught us many important lessons about the evolving nature of data security. Taking these lessons to heart will help organizations in many different industries develop effective security measures as well as a multi-faceted response plan. Talk to us about developing dynamic and effective outreach solutions for all kinds of complex situations.

Top image ©GL Stock Images

whg_banner.new.10k

How-to Start a Blog – Review of the Best 10 Blogging Platforms
How-to Start a Blog – Review of the Best 10 Blogging Platforms

If you want to start a blog as fast as possible, then you need to consider choosing a blogging platform. Thankfully, there are some excellent free and paid blogging platforms...

How Referral Marketing Can Benefit Web Hosts
How Referral Marketing Can Benefit Web Hosts

Even if the niche of web hosts are fully loaded with a lot of companies they are still one of the easiest to promote because you could write your own...

Broken Links: How to Find, Fix, and Benefit from Broken Links
Broken Links: How to Find, Fix, and Benefit from Broken Links

Links are what holds the web together. Essentially, the web is named as such because of the ability for pages and sites to link to other sources and relevant information....

Brand Value & the Most Powerful Brands (with Infographic)
Brand Value & the Most Powerful Brands (with Infographic)

Brand value – everyone wants it, however, only few are able to achieve it. The subject of “brand value” holds a significant position amongst marketers, executives, and entrepreneurs. Let’s discuss...

Reasons why your business should shift to Cloud hosting
Reasons why your business should shift to Cloud hosting

Cloud hosting has been on the rise since its inception. The improvement to your website performance and business efficiency that comes with Cloud hosting is almost tangible.

Why We Love the IT Support Career?
Why We Love the IT Support Career?

In almost all of my posts I was talking about the stressful side of the IT – the long hours, end user issues, migrations, midnight calls and the like. But...

IT Manager: Ways To Show Your Appreciation To Your Team
IT Manager: Ways To Show Your Appreciation To Your Team

Surely your team struggled hard and made things happen. You cannot say “this is what you get paid for” and just leave – you cannot keep your IT staff that...

Feeling Insecure In Your Current Job Position?
Feeling Insecure In Your Current Job Position?

Job security is one of our primary concerns. We everyday we live with the question of whether or not we will be working the next day. Loyalty is not the...

Leave a Reply

Your email address will not be published. Required fields are marked *