Last year was hailed by many experts as "the year of the breach," and for good reason. In 2014, hackers were able infiltrate some of the biggest firms across a range of industries, using both old and new approaches to data theft. Let's take a look at some of the biggest breaches to occur during 2014, including an examination of the businesses, what data was affected, and how the attacks were perpetrated.
Customer data compromised at JPMorgan Chase
One of the highest volume breaches to hit the banking sector involved financial giant JPMorgan Chase. According to ZDNet, although many news outlets noted that the attack "could have been worse," that feeling was not shared by the millions of Chase customers affected by the cybercriminal activity. An estimated 80 million American households and 7 million small and mid-size companies were affected. Currently, the FBI is still investigating the infiltration, but NetworkWorld noted that the attack was likely a result of compromised point-of-sales systems where malware went undiscovered for several months.
Celebrity photos stolen through iCloud
In another high-profile breach, targeted attacks on celebrity iCloud accounts yielded a plethora of personal photos featuring familiar faces. ZDNet noted that hackers leveraged brute force attack strategies to breach specific user accounts. As a result, hundreds of private photos of celebrities were posted on internet message boards. Apple noted that the targeted nature of these attacks did not put typical users in danger, but the company did increase its security measures following the attack.
P.F Chang's discovered months-old breach
The case of P.F. Chang's proves no industry is safe from hackers' crosshairs. According to Credit Union Times, the restaurant chain's breach was first discovered in the summer of 2014, but the cybercriminal activity dated back the fall of 2013. In all, 33 restaurants were compromised, putting at risk the payment card information of customers who visited the locations since October 2013. The attack seems to have originated with point-of-sales malware, causing some restaurant locations to abandon electronic card processing in favor of mechanical card presses to prevent any further compromise.
Hackers attacked U.S. Postal Service
While many may consider federal offices impenetrable, 2014 proved them wrong with the breach of the U.S. Postal Service. ZDNet explained that hackers attacked the organization's network and were able to make off with the personal data of over 800,000 employees, including individuals' Social Security numbers and home addresses. This event is still being investigated, but many believe the attack may have originated in China, as it appeared to be timed with a meeting between American and Chinese leaders.
Michaels customers lost payment card details
Michaels, a chain of arts, crafts and hobby stores, was also breached last year. This attack compromised an estimated three million customers' payment card details, including shoppers of both Michaels and its smaller subsidiary, Aaron Brothers. According to Credit Union Times, a statement released by the company noted that the breach came as a result of a "highly sophisticated malware that had not been encountered previously by either of the security firms."
Overall, these breaches show just how mature for-profit cybercriminal activity has become. In most attacks occurring last year, hackers gathered payment card information and other personal details that can be bought and sold on underground cybercriminal marketplaces.
Fortunately, businesses can mitigate the risk of a breach by using automated security systems like those available from HelpSystems. We helps clients running IBM i servers analyze their security and compliance needs and implement appropriate solutions.