Happy New Year! What better way to kick off the New Year than by talking about recent data breaches? OK, there are better ways. But thinking about and preventing cyber breaches is our business. Each month in 2015 we’ll be providing posts on prominent breaches that happened in the last month. We classify “prominent” as a breach with more than 20,000 records exposed and/or one in which a Fortune 500 organization or Government Agency was affected.
This post will cover breaches that were reported in December 2014. If you’re interested, we also wrote about the top 10 largest breaches in 2014. If you want to be sure not to miss our lists for upcoming months, follow us on Twitter or sign up for our email list.
IKANOW MAJOR BREACH INDEX: December 2014
| Total Number of Breaches | 8 |
| Total Number of US Gov. Agency Breaches | 1 |
| Total Number of Corporate Breaches | 7 |
| Potential Number of People Impacted (estimate) | 459,392,000 |
| Potential Total Cost of Records Breached (estimate)* | $89,122,048,000 |
*estimate based off the results from the Ponemon Institute’s Cost of a Data Breach (average of $194/record)
In the month of December these are some of the more prominent breaches that happened.
Highlands-Cashiers Hospitals - 25,000 records exposed
Highlands-Cashiers Hospitals is a 501c (3) org based in North Carolina. It is notifying more than 25,000 patients after identifying an exposure to their network due to their IT vendor, TruBridge. Patient information was exposed between May 2012 and September 2014, there is no evidence that the records were accessed or misused.
Bebe Stores, Inc - Unknown number of records
On December 4th, KrebsOnSecurity reported that Bebe Stores suffered a data breach. Credit and debit cards were stolen by what is suspected to be an underground cybercrime shop. An East Coast bank found that the cards had been used at Bebe stores between November 18th and November 28th.
ART Payroll - 160,000 records exposed
American Residuals and Talent, Inc. (ART Payroll) is a payroll service focused on the advertising, entertainment and events production industry with clients such as The Screen Actors Guild - American Federation of Television and Radio Artists (SAG-AFTRA). ART Payroll faced a breach in October 2014 and notified its 160,000+ customers in early December. They detected unauthorized access to their web application that may have compromised individuals social security info, emails, address, bank account info, and more. Here is the letter from ART to it’s customers.
Alibaba (AliExpress) - 300,000,000 records exposed
AliExpress is an online marketplace owned by Alibaba.com that has more than 300 million active users. An Israeli application security researcher working at Cybermoon.cc found the flaw in AliExpress that allows personal information to be easlily accessed. For more details, click here.
Staples - 1,200,000 records exposed
Cyber criminals deployed malicious software—or malware—to the point-of-sale systems at 115 Staples stores and stole personal data from 1.2 million customer credit cards. “At 113 stores, the malware may have allowed access to data from purchases made between Aug. 10 and Sept. 16, Staples said. At two other stores, the malware may have allowed access to data from purchases made between July 20 and Sept.16.” This according to USA Today.
Playstation & XBox - 158,000,000 records affected
On Christmas day, a hacker group known as Lizard Squad compromised Sony’s Playstation and Microsoft’s Xbox gaming networks and affected 48 million subscribers for Xbox and 110 million for Playstation. The hacker group attacked both networks with DDos (Distributed Denial of Service) attacks which overloaded the servers and made it difficult to login to the gaming networks.
Department of Veterans Affairs - 7,000 records exposed
The VA, which is already under pressure by Congress to improve it’s cyber security posture suffered another data breach, putting over 7,000 veterans’ data at risk.
The VA spokesperson said that a potential flaw in one of its patient databases may have exposed personal information of veterans. The VA immediately investigated and performed security scans which confirmed the vulnerability. The vendor responsible has fixed this issue and stated that only vendor staff and VA staff had access to this information. For more info, check out this article from the Federal News Radio.
Share on FacebookShare on TwitterShare on Google+Share on Linkedin
Significant Data Breaches - December 2014
Happy New Year! What better way to kick off the New Year than by talking about recent data breaches? OK, there are better ways. But thinking about and preventing cyber breaches is our business. Each month in 2015 we’ll be providing posts on prominent breaches that happened in the last month. We classify “prominent” as a breach with more than 20,000 records exposed and/or one in which a Fortune 500 organization or Government Agency was affected.
This post will cover breaches that were reported in December 2014. If you’re interested, we also wrote about the top 10 largest breaches in 2014. If you want to be sure not to miss our lists for upcoming months, follow us on Twitter or sign up for our email list.
IKANOW MAJOR BREACH INDEX: December 2014
*estimate based off the results from the Ponemon Institute’s Cost of a Data Breach (average of $194/record)
In the month of December these are some of the more prominent breaches that happened.
Highlands-Cashiers Hospitals - 25,000 records exposed
Bebe Stores, Inc - Unknown number of records
On December 4th, KrebsOnSecurity reported that Bebe Stores suffered a data breach. Credit and debit cards were stolen by what is suspected to be an underground cybercrime shop. An East Coast bank found that the cards had been used at Bebe stores between November 18th and November 28th.
ART Payroll - 160,000 records exposed
American Residuals and Talent, Inc. (ART Payroll) is a payroll service focused on the advertising, entertainment and events production industry with clients such as The Screen Actors Guild - American Federation of Television and Radio Artists (SAG-AFTRA). ART Payroll faced a breach in October 2014 and notified its 160,000+ customers in early December. They detected unauthorized access to their web application that may have compromised individuals social security info, emails, address, bank account info, and more. Here is the letter from ART to it’s customers.
Alibaba (AliExpress) - 300,000,000 records exposed
AliExpress is an online marketplace owned by Alibaba.com that has more than 300 million active users. An Israeli application security researcher working at Cybermoon.cc found the flaw in AliExpress that allows personal information to be easlily accessed. For more details, click here.
Staples - 1,200,000 records exposed
Cyber criminals deployed malicious software—or malware—to the point-of-sale systems at 115 Staples stores and stole personal data from 1.2 million customer credit cards. “At 113 stores, the malware may have allowed access to data from purchases made between Aug. 10 and Sept. 16, Staples said. At two other stores, the malware may have allowed access to data from purchases made between July 20 and Sept.16.” This according to USA Today.
Playstation & XBox - 158,000,000 records affected
On Christmas day, a hacker group known as Lizard Squad compromised Sony’s Playstation and Microsoft’s Xbox gaming networks and affected 48 million subscribers for Xbox and 110 million for Playstation. The hacker group attacked both networks with DDos (Distributed Denial of Service) attacks which overloaded the servers and made it difficult to login to the gaming networks.
Department of Veterans Affairs - 7,000 records exposed
The VA, which is already under pressure by Congress to improve it’s cyber security posture suffered another data breach, putting over 7,000 veterans’ data at risk.
The VA spokesperson said that a potential flaw in one of its patient databases may have exposed personal information of veterans. The VA immediately investigated and performed security scans which confirmed the vulnerability. The vendor responsible has fixed this issue and stated that only vendor staff and VA staff had access to this information. For more info, check out this article from the Federal News Radio.
Tags: