2014’s Top Private Data Leaks

Every year millions of people become victims of a data breach. For the majority, the results are the same: hackers sell users’ data on underground websites and companies have to rush

Every year millions of people become victims of a data breach. For the majority, the results are the same: hackers sell users’ data on underground websites and companies have to rush to rescue their reputation and stop a flood of customers leaving.

So, as today is Data Privacy Day we thought we’d look at the biggest breaches of the last 12 months.

Retailers at risk

Huge retail networks are a juicy target for criminals as there’s millions of pounds worth of money sloshing around at any one time.  Think of all the pucrhases that the likes of Amazon or Ebay make each day and you begin to understand why they’re such a sought after market in the criminal world.

It’s been alleged (but never confirmed) that one group has successfully targeted three retail giants: Target (70 million records with banking information, phone numbers, emails and other data); the beauty supplier Sally Beauty (25,000 record stolen) and the home improvement store, Home Depot (banking data for 56 million cards and 53 million emails stolen).

Interestingly, the Sally Beauty breach developed into something of a parody event when the hackers were themselves, hacked:

sallybeauty

 

Another retail giant that was attacked was E-Bay with around 145 million customers having their data compromised.  As a result, the company faced a class action law-suit and according to PC World, the cost of the law-suit spiralled to upwards of $5 million.

 

Nobody is home and dry

Banks, online businesses, telecommunication companies and governmental bodies — they’re all at risk.  You will no doubt hear about the data breach at Sony Pictures and the celebrity photo hack, the most popular incidents in 2014.

Happy Weekend! #protectyourselfie

A photo posted by Kaspersky Lab (@kasperskylab) on

Banks from all over the world have been compromised by hackers and it appears nobody is safe:

Banks, online businesses, telecommunication companies and governmental bodies — they’re all at risk.
  • In the first month of the year, and with the help of one of its employees, the data of 20 million customers was leaked from the Korea Credit Bureau.
  • In February, Barclays came under fire when 27,000 records were stolen and sold on to rogue city traders. As a result, the bank credibility took a beating and it had to compensate thousands of customers whose data were sold on the black market.
  • In June, 80 million customer records were stolen from JP Morgan.
  • As a result of a major hack that led to the data exposure of 27 million customers, South Korea authorities are evaluating the possibility of completely redesigning  the national identity number system.
  • Communication giants weren’t immune either.  French telecoms group Orange was hacked twice in the first three months of 2014 resulting in the theft of 1.3 million users’ data. What was worse: the attackers compromised a software platform that the company used to send promotional emails and texts.  No doubt, many people will think twice before signing up to something as a result.
  • In October AT&T had to fire a too curious employee who obtained information from 1,600 customers’ accounts and may have viewed their Social Security and driver license numbers.
  • In October the file hosting service Dropbox was compromised. 7 million users’ records leaked out onto the internet.  The company stated that login credentials leaked from third-party sites or apps. Thus no matter how hard companies try to protect their servers they are helpless in face of users laziness and illiteracy. There will be more leaks in future until passwords like ‘123456‘ are consigned to the dust bin.

How much is the data

But once your data is compromised, how much does it sell for?  Well, the price of an individual record is relatively low. Brian Krebs, a IT security journalist reported that the offsite airport parking service Park ‘N Fly customers were selling at the range from $6 to $9 per card which included the card number, expiration date, verification code, as well as the cardholders name, address and phone number. Barclay’s bank clients’ data was valued higher — around $76 (£50) per file.

[Pullquote]Though everybody sells and buys information, the price of one separate record is relatively low[/Pullquote]

However, the price of compensation is significantly higher. Barclays offered (£250) to clients whose data was leaked, however many people saw this as an injustice and demanded more.  Barclay’s ended up offering more as a result of the complaints with some customers receiving as much as £1,000.

Yet besides this cost, companies also have to spend money purchasing added IT equipment, extra IT infrastructure and security; more calls to their call centre; expert security investigators; and other added legal costs. Home Depot, for example spent $43 million on managing the consequences of one data leak.

So remember, data breaches are difficult for everybody involved but the ultimate responsibility falls on the holder of that data.  If you’re concerned about your data security, always remember to use tough, difficult to guess passwords.  Failing that, you could always use a reliable password manager.

Happy Data Protection Day!

Tips
Sign up to receive our headlines in your inbox
  • For all other countries