Big Bad Data Hacks of 2014: Lessons Learned

Data breaches are too common. Information security professionals need to consider strong data security and secure collaboration solutions to reduce risk.


19 December 2014

Big Bad Data Hacks of 2014: Lessons Learned

Quick: What do eBay, Target, JP Morgan Chase, and Goodwill have in common?

In 2014, each reported a major data breach that compromised the personal information of thousands — even millions — of unsuspecting customers. Private records (Social Security numbers, PINs, email addresses, driver’s license numbers, and other sensitive account data) were swiped for potential use by identify thieves or other shadowy players.

In fairness, it’s important to note that these organizations are not alone in suffering a data hack —  far from it. Hardly a week goes by without another incursion making headlines. Think of the recent breaches at Bebe Stores or Sony Pictures Entertainment (whose ongoing data scandal continues to unfold amidst a media feeding frenzy).

Data breaches not only hurt the brand, they shatter customer trust. And, they can deliver a body blow to the bottom line: the average cost to a company was $3.5 million, according to the Ponemon Institute’s 2014 Cost of Data Breach Study. That’s up 15 percent from last year.

Security specialists have already tagged 2014 as “the year of the data breach.” To understand why, here’s a sampling of some of the biggest hacks to date (those involving 800,000 records or more).

Big Bad Data Hacks of 2014

Organization

Number of Records Exposed

eBay

145,000,000

JP Morgan Chase

76,000,000

Target

70,000,000

Home Depot

56,000,000

Community Health Systems

4,500,000

Michaels

2,600,000

Neiman Marcus

1,100,000

Goodwill

868,000

Oregon Employment Department/WorkSource Oregon

850,000

USPS

800,000

Sources: Insurance Business America, Privacy Rights Clearinghouse, and Information is Beautiful

 

There’s no question that the sheer size of these incidents is eye-popping. But the list also highlights the increasing frequency of breaches as well as the variety of targets (retailers, health care providers, charities, government agencies) coming under attack.

The message here? No organization or enterprise is immune to data theft today, which is why strong data security and processes are vital.

Lessons for the Future

Predicting the future is an inherently risky business. However, it’s probably safe to say we will see more and bigger data breaches in 2015. With that thought in mind, corporate leaders must consider taking preventative measures to keep their company information buttoned up. Here are three helpful suggestions from PwC’s 2014 US State of Cybercrime Survey:

  • Increase corporate investment in security. An ounce of prevention — in the form of the latest security tools, technologies, and staff — is worth of pound of cure. If you don’t have a strong security presence yet, consider hiring a Chief Information Security Officer or Chief Security Officer to monitor corporate networks and implement policies to secure and protect data.
  • Educate employees about best security practices. And don’t make it a one-time event. Ongoing training is key to keeping workers alert to new threats arising from phishing, malware, or social engineering scams.
  • Assess the security of third-party service providers. In recent high profile data breach incidents, an outside vendor was hacked in order to gain access to a company’ systems. If it could happen to Target, it could happen to any business. It’s key that outside providers have strong security and compliance practices in place to keep information safe.


Steff Gelston

Steff Gelston

Steff Gelston is a professional journalist whose editorial career spans magazines, newspapers, and websites. She spent five years at International Data Group (IDG), including three years as a senior editor at CIO magazine with coverage oversight of IT staffing and the mid-market. Before joining IDG, Gelston was an assistant business editor at The Boston Globe. She has also worked for Inc.com, the Boston Herald, and the Boston Business Journal.