According to the Identity Theft Resource Center (ITRC), there have been a total of 636 data breaches occurred in 2014 as of October 2014, exposing a total of 78 million customer records at risk. The number of breaches already exceeds 614 breaches occurred in 2013, although the number of customer records exposed is a bit higher in 2013. According to ITRC, business category experienced the worst data breach at 82.7%, followed by healthcare at 9.6%. Data breaches also occurred in government (4.7%), educational (1.6%), and financial (1.5%) sectors. Here is a list of top 5 data breaches that occurred in 2014.
Data breach at Home Depot
With over 56 million customer records exposed, Home Depot data breach stands out as the biggest data breach of 2014 so far. Home Depot mentioned that between the months of April to September, its payment data systems were breached due to a malware, which has since been eliminated. Customers who used Home Depot’s payment cards at its U.S. and Canadian stores were at risk due this data breach. Several fraudulent activities were reported during this period. This is the second largest data breach in the last two years after the worst ever data breach that occurred at Target Corporation in 2013 during the months of November and December.
Data breach in healthcare
Community Health Systems Professional Services Corporation (CHSPSC), a Tennessee based healthcare company, reported that between the months of April and June, 2014, a criminal cyber attack resulted in a data breach for about 4.5 million customers. According to CHSPSC, a Chinese threat group was responsible for this incidence, which was able to bypass the security measures and transfer some of the information. After this incidence, CHSPSC added additional security measures, including advanced encryption and surveillance techniques.
On the heals of this data breach, State of Montana Department of Public Health and Human Services (DPHSS) reported that about 1.3 million customer records were exposed due to a data breach that occurred in May, 2014. Since the incidence, DPHSS has taken additional security measures to safeguard customer data.
Michaels Stores Credit Card Data Stolen
Michaels and its subsidiary, Aaron Brothers, reported that a highly sophisticated malware attack resulted in data breaches at 1,135 Michaels stores and 119 Aaron Brother locations, exposing 2.6 million customer records at risk. The breach occurred on the point-of-sale systems during the months between May, 2013 and January, 2014. It is believed that the attacks were committed by criminals from Eastern Europe, the same criminals suspected for the breach at Neiman Marcus late last year. Michaels has since reissued credit cards for the affected customers, and has strengthened its network surveillance to counter the threat. The list of stores affected by this incidence can be found here.
The IRS has been in the news lately due to data breaches that were triggered by protocol violations rather than malware attack. A CD containing records of about 1.4 million taxpayers, including social security information, was recently handed over to an unauthorized contractor for a printing services job. The IRS has now started conducting background checks for all the contractors. In yet another incidence, an IRS employee took home a USB drive containing unencrypted information on 20,000 fellow employees. While the IRS did not disclose the employee name, it said it is working with the inspector general to investigate the issue.
The impact of a data breach on the IRS could be huge as it carries the entire U.S. taxpayer data. While the IRS has implemented strong measures to boost computer security, a greater attention may need to be exercised when the information needs to be handled by personnel, especially contractors. The IRS doesn’t check the background of contractors when it comes to couriers who could have access to sensitive documents, and this has been proven to be a major flaw as was discovered when a courier with a criminal background was seen delivering sensitive IRS documents to post offices.
Goodwill nearly 1 Million Cards Stolen
Goodwill reported that between the months of February and August of 2014, a malware on a third party vendor system resulted in a data breach in which about 0.8 million cards were compromised. It was estimated that about 330 of its stored were impacted by this incidence. Because of the franchise system Goodwill uses, the impact was localized to a fewer branches instead of being widespread. Goodwill reported that it has not seen any fraudulent activities since the breach, and has published a list of stores affected on its website.
Are things getting better?
With the expansion of the international criminal networks and the advanced methods they use for malicious attacks, computer security has been under severe attack, and the whole security arena is under heavy scrutiny. The conventional security techniques such as firewalls and encryption may no longer be able to sustain attacks, and they may have to be upgraded to support latest encryption and firewall standards to counter the attack. Additionally, strong authentication measures such as two-factor authentication and requiring customers to frequently change passwords could help to boost security. However, as can be seen in the case of IRS data breach, recklessness and protocol violations can also be the cause sometimes, and utmost care needs to be exercised to protect customer and taxpayer data.