There are some disturbing trends on the IT security front. According to IDTheftCenter.org, which gets updated daily, 2014 is on pace to surpass 2013 in total number of reported data breaches, possibly by a significant margin. Here’s a look at some of the absolute worst data disasters of the year and how they contributed.
- A Sweet Tooth For Data: Dairy Queen
Things aren’t always cookies and cream in the commercial ice cream business. You could say cyber thieves went straight for the money when they infected cash registers in roughly 400 Dairy Queen locations with the infamous “Backoff” Trojan. Questions swirled about whether the breach was caused by flaws in the store’s third-party point-of-sale software, or flaws in its internal security strategy. Dairy Queen planned to offer free credit monitoring services to customers affected by the breach, but that may be a mere consolation prize for those hit the hardest.
- Inside Job Unfolded: Variable Annuity Life Insurance Co.
The human elements of mistrust and bad luck has put one prominent organization in an awkward position. Earlier this year, Variable Annuity Life Insurance confessed to losing the data of more than 750,000 customers when a financial advisor appeared to go rogue. Law enforcement found an employee with a company-owned flash drive containing names, social security numbers, and other bits of personal info. Customers were notified of the breach in February, but there are still no details on how the employee, who left the company in 2007, ended up in possession of the drive.
- Retail Heavyweight Takes a Big Blow: Ebay
This year’s attack on Ebay turned out be one of the largest data breaches to claim any web giant. Back in February, the online auction site fell victim to a major breach that affected more than 200 million users, who had their names, email addresses, passwords, and other personal information stolen. The best Ebay could do was recommend that users change their login credentials. Roughly seven months later, the company was targeted in a cross-site scripting attack that brought its security infrastructure under question once again.
- Cyber Goons Get Crafty: Michaels and Company
In April, arts and craft outfit Michaels found itself targeted in an elaborate cyber assault that was possibly years in the making. Criminals hit Michaels and Aaron Brothers, a Michaels property, with a sophisticated piece of malware that compromised the collective POS system. Between both stores, nearly 3 million credit and debit card numbers, and expiration dates were stolen. No sugarcoating here. Michaels admitted that some of the exposed data was used to fuel fraudulent purchases.
- Goodwill Hunted: Goodwill Industries
Cyber villains don’t discriminate. They’ll seize any opportunity and look to victimize anyone. World renowned nonprofit charity Goodwill Industries found out just that when approximately 868,000 credit and debit cards were forcefully tapped into. Hackers were pretty strategic here as well, executing a carefully planned scheme over a span of at least six months, across well over 300 stores. An investigation found a network-based malware infection to be the source of the problem that affected 10 percent of Goodwill stores in 19 states and the DC area.
- Security World Put on Notice: JP Morgan
Some security breaches are a slap in the face reminding us that every system is vulnerable. In October, banking behemoth JP Morgan reported that hackers got a hold of anywhere from 76 million to 83 million customer accounts, in addition to about 7 million of accounts owned by small businesses. What has spectators spooked is that perception at least, tells us giants in the financial sector are more diligent with their information security practices than retailers. No direct damage was reported, but the act alone exposes those consumers involved to instances like phishing and identity theft.
- The “Target” of 2014: Home Depot
The Target breach was the IT security example of 2013. Home Depot may be the 2014 representative by the time all is said and done. The home improvement icon revealed that computer thieves penetrated its systems and nabbled individual files containing credit card information and email addresses. Security experts believe the POS-crippling Backoff Trojan that also infiltrated Target, Michaels, and Neiman Marcus was the culprit. With nearly 56 million cards exposed, it’s already considered bigger than the Target breach and could be more costly, too, with a slew of lawsuits on the way.
In many security experts’ minds, data breach isn’t so much an “if,” but a “when.” It’s beneficial for any company with sensitive records to have a data breach plan in place. Check out our guide on how to make a data breach plan.
Photo Credit: elhombredenegro via Flickr