Technology experts are sure to look back at 2014 as a watershed year for data breaches. Seldom has there been a 12-month period in which so many major companies experienced so many significant data compromises. The incidents have shredded assumptions about the preparedness of modern businesses to withstand cyberthreats and are sure to prompt major revisions in corporate security strategies over the next few years.

In a sense, the string of breaches began with the intrusion at Target late last year and then continued in relentless fashion through 2014, culminating with the devastating attack on Sony Pictures in late November. The following are five of the most significant breaches in terms of scope and the nature of the intrusion:

JPMorgan Chase

Few incidents caused as much consternation within the security industry and among lawmakers than the intrusion at JPMorgan Chase in September, which exposed the names, addresses, Social Security numbers and other data from a staggering 83 million account holders. Experts have warned that the personally identifiable information that was compromised in this incident could enable widespread identity theft and financial fraud for years to come. The fact that the nation’s largest bank — and a company that spends $250 million annually on cybersecurity — could still be compromised in such spectacular fashion sent shock waves through the industry and pushed some lawmakers to open investigations into cyberpractices at major banks.

Sony Pictures

November’s cyberattack on Sony is sure to go down in the annals of cybercrime as one of the worst ever in terms of scope and sheer destruction. Details of the intrusion, performed by a group called “Guardians of Peace,” are still unfolding. Still, the data that has been leaked online by the attackers suggests a complete compromise of its systems. In addition to stealing and leaking five unreleased Sony movies, the attackers have also destroyed data and leaked documents containing details on Sony’s payroll, per-employee severance costs from layoffs this year, performance reviews, executive salaries and even snarky internal email exchanges about major Hollywood actors. The breach could end up costing the company hundreds of millions in financial damages and incalculable reputational damage.

Home Depot

If the breach at JPMorgan Chase was massive, then the one disclosed by home improvement giant Home Depot in September was larger still in terms of compromised records. A total of 56 million credit and debit cards and personal information on an additional 53 million people were exposed in a weekslong intrusion at the company. Apart from its sheer size, the breach was also noteworthy for its eerie resemblance to the Target intrusion months earlier. Just like Target, the data compromise at Home Depot was set in motion when attackers stole login credentials belonging to a third-party vendor used by Home Depot. They then used those credentials to gain a foothold in the retailer’s network.

Community Health Systems

Between April and June this year, unknown intruders stole a total of 4.5 million records containing names, Social Security numbers, birth dates and other personal information belonging to patients of Community Health Systems, one of the nation’s largest health networks. The breach, executed by an advanced persistent threat group based overseas, put people in 28 states at heightened risk of identity theft. This attack highlighted the growing menace that health care organizations face from cybercriminals. Though only nonmedical patient identification data was stolen in this particular incident, security experts predict a surge in targeted attacks against health organizations in the next few years.


A total of 3 million credit and debit cards were compromised in a data breach at arts and crafts store chain Michaels earlier this year. What made the breach noteworthy was the fact that the attackers who pulled it off managed to remain hidden on the company’s networks for eight months.

More from

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Malware-as-a-Service Flaunts Its Tally of Users and Victims

As time passes, the security landscape keeps getting stranger and scarier. How long did the “not if, but when” mentality towards cyberattacks last — a few years, maybe? Now, security pros think in terms of how often will their organization be attacked and at what cost. Or they consider how the difference between legitimate Software-as-a-Service (SaaS) brands and Malware-as-a-Service (MaaS) gangs keeps getting blurrier. MaaS operators provide web-based services, slick UX, tiered subscriptions, newsletters and Telegram channels that keep users…