A look back at the worst breaches of 2014

December 18, 2014 Arctic Wolf Networks

As 2015 edges ever closer – just two weeks to go – it's time to reflect on the year that has passed. This year was a monumental one for data breaches, with dozens of organizations affected by some of the most devastating attacks in history. Contributors at ZDNet and BetaNews compiled lists of 2014's biggest breaches, and below are some of the highlights: 

Sony
The most recent breach on the list, multiple groups are still reeling in the wake of the hack of Sony Entertainment Studios. When the breach first occurred in late November, some speculated that North Korean cybercriminals might be behind the attack in retaliation for the release of "The Interview," an upcoming Sony movie about an assassination attempt on Kim Jung-un. However, a group known as Guardians of Peace took responsibility for the hack, as well as the subsequent leaked emails from Sony executives and files containing unreleased movies from the studio.

As the weeks went on, a growing number of threats began emerging, promising harm to anyone who went to see "The Interview" and any theater that showed the film. With possible terrorist activity linked to the movie, Sony decided to cancel the Dec. 25 release and postpone it indefinitely. This has caused U.S. officials to publicly accuse North Korea for the hack, though the dictatorship has denied responsibility.

JPMorgan Chase
At the end of the summer news broke that JPMorgan Chase's systems were breached, affecting millions of personal and enterprise customers. Nearly 80 million households in the U.S. were impacted by the attack, as well as 7 million small- and medium-sized businesses. While many assumed malware was to blame, it appears that cybercriminals were able to gain access after stealing a single employee's password. The intrusion was one of the largest breaches of a financial institution in history, and the FBI are still investigating its impact and whether other banks were also involved.

USB malware attack
While this isn't a data breach, it did help to cause quite a few. An incredibly dangerous virus, known as BadUSB, was used to infect systems by hiding in corrupted thumb drives. Exploited USB devices would install the malware onto the machines with which they were used and take over the hardware for malicious purposes. The vulnerability made it possible for drives with the malware to infect and replace a computer's BIOS, making reliable machines possible targets.

iCloud
One of the most controversial data breaches of the year, the iCloud hack lead to the exposure of numerous private photos of some of Hollywood's biggest celebrities. The attack was launched using brute force methods on targeted iCloud accounts. More than 100 explicit photos were leaked onto the now infamous forum 4chan in the wake of the attack. While Apple denied a breach of its systems, the company did increase security for iCloud after it was discovered that the service wasn't able to defend against brute force attacks where hackers are able to guess passwords again and again until the right one is found.

USPS
At the beginning of November, the U.S. Postal Service revealed that its networks had been accessed by unknown actors. This breach didn't affect the general public, but the personal information of more than 800,000 employees was exposed to the hackers, including Social Security numbers and physical addresses. While a culprit hasn't been officially confirmed, many industry experts believe that China is to blame.

eBay
Online auction house eBay announced in May that more than 145 million users' accounts were compromised in a massive breach of the site's systems. Both email and physical addresses were exposed in the hack, as well as login credentials. Luckily financial information was not stolen in the attack, but eBay still reported a $200 million decline in its annual revenue which it believes was due to the breach.

Home Depot
In September Home Depot lost nearly 110 million records to cybercriminals, making it the largest breach of a retailer in the U.S. on record. Stolen data included 56 million payment card numbers and 53 million email addresses. According to the company, the security intrusion was due to the poor security practices of a third-party vendor, whose lax policies enabled malicious actors to access multiple networks and steal information from point-of-sale systems.

In light of all of the breaches that occurred in 2014, companies need to work quickly to protect sensitive networks and start 2015 with a clean slate. One of the most reliable defense solutions enterprises can implement is security information and event management. Managed SIEM provide businesses with around-the-clock monitoring of privileged systems, learning the regular behavior of a network. Through the use of big data analytics, anomalous behavior is detected and networks searched for evidence of a breach. A SIEM solution enables organizations to identify suspicious activity as soon as it occurs, greatly increasing the security of sensitive information and improving peace of mind.

Previous Article
The 6 biggest cyberthreats of 2015

With 2015 just one day away, it's important to take a look at what types of cyberthreats and attack methods...

Next Article
Healthcare organizations hit hard by cyberattacks in 2014

One of the biggest cyberattack trends this year has been malware targeting healthcare organizations.

×

Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Company
Country
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!