Every year, millions of people become victims of numerous data breaches. For the majority of them, the results are sad: hackers sell users’ banking information on underground websites, companies pay huge sums of money to their clients, and consumers lose money.
On Data Privacy Day we’d like to tell you about the top data breaches in 2014. We’ve also added a few interesting facts on the cost of data and corporate reputation.
Retailers at risk
Huge retail networks are enticing to hackers as they keep millions of records containing client data.
Allegedly, the same group hacked three huge retail networks in 2014: the giant retailer Target (70 million records with banking information, phone numbers, emails and other data stolen), the beauty supplier Sally Beauty (25,000 record stolen), and the home improvement retailer Home Depot (banking data for 56 million cards and 53 million emails stolen).
— Eugene Kaspersky (@e_kaspersky) September 19, 2014
The Sally Beauty data breach case developed into a funny situation when the hackers themselves were hacked. Stolen data was for sale on several underground websites. Soon after that, someone hacked and defaced one of the sites. The ‘good hacker’ left a message and a video from the Men in Black movie on the site’s homepage:
There was another much talked about breach of private data in the retail sector: the massive breach of login and password data on eBay that affected up to 145 million customers. As a result, the company is facing a class action lawsuit. According to PC World, the combined claims of the proposed class members exceed $5 million exclusive of interest and costs.
eBay has confirmed a massive leak of personal data, denied any financial data accessed. http://t.co/4qcwvrUvwF
— Kaspersky Lab (@kaspersky) May 22, 2014
Nobody is home and dry
Banks, dot.coms, equipment manufacturers, telecommunications corporations, and government bodies — everyone is at risk. You’ve definitely heard about the data breach at Sony Pictures and the celebrity photo hack, the most popular incident in 2014. Thus, we are going to tell you about more specific cases.
Hackers compromised banks all over the world. In the first month of the year, banking data of 20 million customers was leaked from the Korea Credit Bureau bank with the help of the bank’s own employee.
In February, British bank Barclays came under fire: 27,000 records were stolen and sold on rogue City traders. As a result, the bank’s credibility took a beating and it had to compensate thousands of customers whose data was sold on the black market.
In June, the private data of 80 million customers of the American bank JP Morgan was compromised as well. The bank remained silent on the matter for several months and only reported the incident in October 2014.
As a result of a major hack that led to the data exposure of 27 million customers (80% of the country population) South Korean authorities are evaluating the possibility of completely redesigning the national identity number computer system.
Telcos had a tough year as well. French telecom group Orange was hacked twice in the first three months of 2014 resulting in the theft of 1.3 million users’ data. To make matters worse, the hackers compromised a software platform that the company used to send promotional emails and text messages to clients who had agreed to receive them. After that, it’s highly possible many people will think twice before signing up.
In October AT&T had to fire an employee who was a little too curious. The employee inappropriately obtained information from 1,600 customers’ accounts and could have viewed their Social Security and driver license numbers.
— Eugene Kaspersky (@e_kaspersky) January 23, 2015
In October bad luck overtook a file hosting service Dropbox. 7 million users’ records leaked onto the web. The company stated that login credentials leaked from third-party sites or apps. No matter how hard companies try to protect their servers they are helpless in the face of user laziness and illiteracy. There will be more leaks in the future as long as combinations like ‘123456’ remain the most used passwords.
How much is the data
Though everyone buys and sells information, the price of one separate record is relatively low. For instance, records of the offsite airport parking service Park ‘N Fly customers were sold at a range of $6 to $9 per card, which included the card number, expiration date, verification code, as well as the cardholder’s name, address, and phone number. Barclays bank clients’ data were valued higher — up to $76 (£50) per file.
The price of a reputation is a little bit higher especially when it comes to court. Barclays offered $770 (£250) in compensation to the clients whose data was leaked, but many of them described this as ‘chicken feed’. The bank had to double some of their offers for those customers who complained and held out for more. Some of them were even given about $1,520 (£1,000).
Apart from compensation there is more spending as a result of a data breach. For example, Home Depot spent $43 million to manage the consequences of one data leak in one quarter. Money was spent on investigations, providing identity theft protection services to consumers, increased call center staffing, and other legal and professional services.
— Kaspersky Lab (@kaspersky) January 26, 2015
We’d like to remind you that the 28th of January is International Data Privacy Day in the USA, Canada, and 27 European countries. You may wish to join the holiday and think about ways to improve security of your own personal data. For example, you can start using reliable passwords with ease.