December 17, 2014 By Jaikumar Vijayan 3 min read

Technology experts are sure to look back at 2014 as a watershed year for data breaches. Seldom has there been a 12-month period in which so many major companies experienced so many significant data compromises. The incidents have shredded assumptions about the preparedness of modern businesses to withstand cyberthreats and are sure to prompt major revisions in corporate security strategies over the next few years.

In a sense, the string of breaches began with the intrusion at Target late last year and then continued in relentless fashion through 2014, culminating with the devastating attack on Sony Pictures in late November. The following are five of the most significant breaches in terms of scope and the nature of the intrusion:

JPMorgan Chase

Few incidents caused as much consternation within the security industry and among lawmakers than the intrusion at JPMorgan Chase in September, which exposed the names, addresses, Social Security numbers and other data from a staggering 83 million account holders. Experts have warned that the personally identifiable information that was compromised in this incident could enable widespread identity theft and financial fraud for years to come. The fact that the nation’s largest bank — and a company that spends $250 million annually on cybersecurity — could still be compromised in such spectacular fashion sent shock waves through the industry and pushed some lawmakers to open investigations into cyberpractices at major banks.

Sony Pictures

November’s cyberattack on Sony is sure to go down in the annals of cybercrime as one of the worst ever in terms of scope and sheer destruction. Details of the intrusion, performed by a group called “Guardians of Peace,” are still unfolding. Still, the data that has been leaked online by the attackers suggests a complete compromise of its systems. In addition to stealing and leaking five unreleased Sony movies, the attackers have also destroyed data and leaked documents containing details on Sony’s payroll, per-employee severance costs from layoffs this year, performance reviews, executive salaries and even snarky internal email exchanges about major Hollywood actors. The breach could end up costing the company hundreds of millions in financial damages and incalculable reputational damage.

Home Depot

If the breach at JPMorgan Chase was massive, then the one disclosed by home improvement giant Home Depot in September was larger still in terms of compromised records. A total of 56 million credit and debit cards and personal information on an additional 53 million people were exposed in a weekslong intrusion at the company. Apart from its sheer size, the breach was also noteworthy for its eerie resemblance to the Target intrusion months earlier. Just like Target, the data compromise at Home Depot was set in motion when attackers stole login credentials belonging to a third-party vendor used by Home Depot. They then used those credentials to gain a foothold in the retailer’s network.

Community Health Systems

Between April and June this year, unknown intruders stole a total of 4.5 million records containing names, Social Security numbers, birth dates and other personal information belonging to patients of Community Health Systems, one of the nation’s largest health networks. The breach, executed by an advanced persistent threat group based overseas, put people in 28 states at heightened risk of identity theft. This attack highlighted the growing menace that health care organizations face from cybercriminals. Though only nonmedical patient identification data was stolen in this particular incident, security experts predict a surge in targeted attacks against health organizations in the next few years.

Michaels

A total of 3 million credit and debit cards were compromised in a data breach at arts and crafts store chain Michaels earlier this year. What made the breach noteworthy was the fact that the attackers who pulled it off managed to remain hidden on the company’s networks for eight months.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today