December 17, 2014 By Jaikumar Vijayan 3 min read

Technology experts are sure to look back at 2014 as a watershed year for data breaches. Seldom has there been a 12-month period in which so many major companies experienced so many significant data compromises. The incidents have shredded assumptions about the preparedness of modern businesses to withstand cyberthreats and are sure to prompt major revisions in corporate security strategies over the next few years.

In a sense, the string of breaches began with the intrusion at Target late last year and then continued in relentless fashion through 2014, culminating with the devastating attack on Sony Pictures in late November. The following are five of the most significant breaches in terms of scope and the nature of the intrusion:

JPMorgan Chase

Few incidents caused as much consternation within the security industry and among lawmakers than the intrusion at JPMorgan Chase in September, which exposed the names, addresses, Social Security numbers and other data from a staggering 83 million account holders. Experts have warned that the personally identifiable information that was compromised in this incident could enable widespread identity theft and financial fraud for years to come. The fact that the nation’s largest bank — and a company that spends $250 million annually on cybersecurity — could still be compromised in such spectacular fashion sent shock waves through the industry and pushed some lawmakers to open investigations into cyberpractices at major banks.

Sony Pictures

November’s cyberattack on Sony is sure to go down in the annals of cybercrime as one of the worst ever in terms of scope and sheer destruction. Details of the intrusion, performed by a group called “Guardians of Peace,” are still unfolding. Still, the data that has been leaked online by the attackers suggests a complete compromise of its systems. In addition to stealing and leaking five unreleased Sony movies, the attackers have also destroyed data and leaked documents containing details on Sony’s payroll, per-employee severance costs from layoffs this year, performance reviews, executive salaries and even snarky internal email exchanges about major Hollywood actors. The breach could end up costing the company hundreds of millions in financial damages and incalculable reputational damage.

Home Depot

If the breach at JPMorgan Chase was massive, then the one disclosed by home improvement giant Home Depot in September was larger still in terms of compromised records. A total of 56 million credit and debit cards and personal information on an additional 53 million people were exposed in a weekslong intrusion at the company. Apart from its sheer size, the breach was also noteworthy for its eerie resemblance to the Target intrusion months earlier. Just like Target, the data compromise at Home Depot was set in motion when attackers stole login credentials belonging to a third-party vendor used by Home Depot. They then used those credentials to gain a foothold in the retailer’s network.

Community Health Systems

Between April and June this year, unknown intruders stole a total of 4.5 million records containing names, Social Security numbers, birth dates and other personal information belonging to patients of Community Health Systems, one of the nation’s largest health networks. The breach, executed by an advanced persistent threat group based overseas, put people in 28 states at heightened risk of identity theft. This attack highlighted the growing menace that health care organizations face from cybercriminals. Though only nonmedical patient identification data was stolen in this particular incident, security experts predict a surge in targeted attacks against health organizations in the next few years.


A total of 3 million credit and debit cards were compromised in a data breach at arts and crafts store chain Michaels earlier this year. What made the breach noteworthy was the fact that the attackers who pulled it off managed to remain hidden on the company’s networks for eight months.

More from

ONCD releases 2024 Report on the Cybersecurity Posture of the U.S.

4 min read - On May 7, the Office of the National Cyber Director (ONCD) released the 2024 Report on the Cybersecurity Posture of the United States. This new document is a report card on how well cyber policy followed the guidelines set by the National Cybersecurity Strategy, introduced in March 2023. Here’s what you need to know about the newly released report. Fundamental shifts in cyber roles Over the past year, the U.S. national cybersecurity posture was driven by the 2023 National Cybersecurity…

CISA wants private industry to publicly commit to Secure by Design

4 min read - The tech industry has the power to protect the world from nation-state threat attacks, cyber crime and those wanting to compromise data and manipulate critical infrastructure. But with this power comes great responsibility, which, to be honest, the tech industry has not been that interested in holding. But at the RSA Conference (RSAC) in San Francisco, the cybersecurity and tech communities took steps to exert some power and take responsibility. They took the Secure by Design pledge, a promise to…

Change Healthcare discloses $22M ransomware payment

3 min read - UnitedHealth Group CEO Andrew Witty found himself answering questions in front of Congress on May 1 regarding the Change Healthcare ransomware attack that occurred in February. During the hearing, he admitted that his organization paid the attacker's ransomware request. It has been reported that the hacker organization BlackCat, also known as ALPHV, received a payment of $22 million via Bitcoin.Even though they made the ransomware payment, Witty shared that Change Healthcare did not get its data back. This is a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today