Technology experts are sure to look back at 2014 as a watershed year for data breaches. Seldom has there been a 12-month period in which so many major companies experienced so many significant data compromises. The incidents have shredded assumptions about the preparedness of modern businesses to withstand cyberthreats and are sure to prompt major revisions in corporate security strategies over the next few years.

In a sense, the string of breaches began with the intrusion at Target late last year and then continued in relentless fashion through 2014, culminating with the devastating attack on Sony Pictures in late November. The following are five of the most significant breaches in terms of scope and the nature of the intrusion:

JPMorgan Chase

Few incidents caused as much consternation within the security industry and among lawmakers than the intrusion at JPMorgan Chase in September, which exposed the names, addresses, Social Security numbers and other data from a staggering 83 million account holders. Experts have warned that the personally identifiable information that was compromised in this incident could enable widespread identity theft and financial fraud for years to come. The fact that the nation’s largest bank — and a company that spends $250 million annually on cybersecurity — could still be compromised in such spectacular fashion sent shock waves through the industry and pushed some lawmakers to open investigations into cyberpractices at major banks.

Sony Pictures

November’s cyberattack on Sony is sure to go down in the annals of cybercrime as one of the worst ever in terms of scope and sheer destruction. Details of the intrusion, performed by a group called “Guardians of Peace,” are still unfolding. Still, the data that has been leaked online by the attackers suggests a complete compromise of its systems. In addition to stealing and leaking five unreleased Sony movies, the attackers have also destroyed data and leaked documents containing details on Sony’s payroll, per-employee severance costs from layoffs this year, performance reviews, executive salaries and even snarky internal email exchanges about major Hollywood actors. The breach could end up costing the company hundreds of millions in financial damages and incalculable reputational damage.

Home Depot

If the breach at JPMorgan Chase was massive, then the one disclosed by home improvement giant Home Depot in September was larger still in terms of compromised records. A total of 56 million credit and debit cards and personal information on an additional 53 million people were exposed in a weekslong intrusion at the company. Apart from its sheer size, the breach was also noteworthy for its eerie resemblance to the Target intrusion months earlier. Just like Target, the data compromise at Home Depot was set in motion when attackers stole login credentials belonging to a third-party vendor used by Home Depot. They then used those credentials to gain a foothold in the retailer’s network.

Community Health Systems

Between April and June this year, unknown intruders stole a total of 4.5 million records containing names, Social Security numbers, birth dates and other personal information belonging to patients of Community Health Systems, one of the nation’s largest health networks. The breach, executed by an advanced persistent threat group based overseas, put people in 28 states at heightened risk of identity theft. This attack highlighted the growing menace that health care organizations face from cybercriminals. Though only nonmedical patient identification data was stolen in this particular incident, security experts predict a surge in targeted attacks against health organizations in the next few years.

Michaels

A total of 3 million credit and debit cards were compromised in a data breach at arts and crafts store chain Michaels earlier this year. What made the breach noteworthy was the fact that the attackers who pulled it off managed to remain hidden on the company’s networks for eight months.

More from

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read