2014’s Biggest Data Breaches

2014 has been declared the “year of the data breach”, and for good reason. We saw more large, publicly announced breaches this year than years past, and data security became a hotter topic than ever before. New technology like EMV and tokenization are getting press, and consumers are being more and more aware that they may be at risk. Check out the infographic below and learn the details of the top data breaches of the past year.

Announced in June, the security breach at P.F. Chang’s impacted 33 restaurants over the course of about 8 months. It had been uncovered by the Secret Service just one day before the announcement, and over the next two months they underwent an investigation to determine the depth of the breach. Ultimately, they found that it was likely credit card data had been stolen from the 33 impacted restaurants spanning 18 states. Following the breach, P.F. Chang’s launched a security page to address questions and to keep the public updated on developments.

Cosmetics and beauty retailer, Sally Beauty, discovered in March that they had been victims of a massive hack, likely by the same group that attacked Target. Less than 25,000 records were found to have been compromised, but the retailer declined to speculate about any specifics. The stolen data included “Track 2″ data, or the information ATMs and POS systems use to authorize transactions. Other stolen data included customer names, card numbers, and CVV codes. An early report by Brian Krebs speculated that up to 282,000 records could have been compromised due to a large batch that went up for sale on the same site that sold data from the Target breach, but it was never confirmed.

While there wasn’t any evidence of fraud associated with the November breach, the data of over 800,000 USPS employees was compromised. Customers who called the customer service any time in 2014 before August 16th may have also had data compromised, but the data was limited to names, numbers, addresses, and emails.

In a massive breach that surpassed Target in scale, almost every single Home Depot store was compromised in September. The infection was a variant of BlackPOS, the same malware the caused the Target breach. After the breach, there was a spike in PIN debit fraud due to the amount of data that had been leaked, including one customer who had $300,000 stolen in less than 2 hours.

The enormous data breach at JP Morgan this year impacted 76 million households and 8 million small businesses, and while there has been no evidence of any money being stolen, the news of a breached bank left many shaken and questioning the ability of large businesses to be truly secure.

Now facing a class-action lawsuit, Community Health Systems suffered a data breach impacting over 4.5 million patients. While no clinical data was taken in the attack, personal information including social security numbers were stolen–all information covered under HIPAA. Dan Munro of Forbes estimated that in total the breach could cost CHS up to $150 million when it’s all said and done.

While technically occurring in 2013, this list wouldn’t be complete without the most wildly covered data breach in years. Hackers gained access to 40 million payment cards and personal information for 70 million customers. Target suffered a 46% drop in profits in Q4 2013 as a result, and it has been estimated that the breach will cost shareholders $148 million. As of this writing, there have still been no arrests in the case.

In April Michael’s Stores Inc announced two eight-month long data breaches in their stores. Throughout 23 stores, a total of 2.6 million payment cards were compromised. Additionally, the data of 400,000 payment cards was stolen from Aaron Brothers, Michael’s subsidiary.

The high-end retailer was attacked early last year, resulting in the theft of data from 350,000 payment cards. Thousands were confirmed to have been used fraudulently. Executives reported a $68 million loss during the holiday with the breach costing them millions in legal fees.