2014 in security: The biggest hacks, leaks, and data breaches
By Zack Whittaker,
ZD Net, 28 December 2014.

Hundreds of millions of records have been stolen this year through hacks and data breaches as a result of poor, or flawed security. Here are the most notable stories of the year.

1. U.S. security contractor vetting firm hit by breaches


A contractor for U.S. Homeland Security suffered a data breach, leading to the leak of personal information on employees. The private company, USIS, conducts background checks on behalf of the government agency. USIS came under fire for being the firm that vetted Edward Snowden. The U.S. Justice Dept. also accused the company of faking more than half-a-million background checks.

2. Sony attack leads to massive data grab


Sony’s systems were thrown into disarray in late November after unknown assailants hijacked computers.

North Korea was blamed by some media outlets, but denied any involvement. The rogue state did however call the successful hack a “righteous deed,” but denied involvement.

The FBI concluded its investigation, saying North Korea was “responsible.” Since then, numerous stories about the company’s executives and Hollywood elite surfaced, including critical remarks about President Obama - even the celebrities of the movies Sony produces.

3. JPMorgan credit card hack


When news broke that hackers attacked JPMorgan’s systems, the message was that it “could’ve been worse”. Tens of millions of Chase customers were affected by the data breach - even if their bank accounts weren’t affected. The attack is said to have affected around 80 million U.S. households, and 7 million small to medium-sized businesses, making it one of the largest in history. The FBI’s investigation is continuing into attempts on other financial institutions.

4. USB security hosed, computers ruined


Researchers this year warned that an exploit dubbed “BadUSB” can transform keyboards, flash drives, and other USB-connected devices into attack platforms that can evade modern anti-malware programs. The flaw can even be used to infect and replace a computer’s BIOS, making trusted - even non-Internet connected “airgapped” computers - vulnerable to attack.

5. Chinese hacked U.S. weather systems


Chinese hackers earlier this year broke into four websites belonging to the U.S. federal agency overseeing weather systems. The U.S. National Oceanic and Atmospheric Administration carries weather data and satellite feeds to its websites. But those services were shut down by the agency for more than a week following the hack. The agency said it was “unscheduled maintenance,” but one congressman said the agency covered up the attack.

6. Celebrity data leaked amid alleged iCloud hack


A significant leak of private photos from Hollywood celebrities occurred earlier this year, as a result of using "brute force" methods on targeted iCloud accounts. Over a hundred nude photos, some extremely explicit, were posted in total on the infamous discussion board 4chan during that weekend. Apple denied any breach of its systems, but bolstered its security in the wake of the attack.

7. The Intercept releases Belgacom state-sponsored malware


Perhaps one of the most public state-sponsored hacking attacks in recent history, news emerged this year that the U.S. and British governments were behind a targeted attack on a Belgian internet provider that served much of the European Union’s executive. The so-called Regin malware was discovered around a year later. It was not long before the pieces of the jigsaw were put together. The Intercept, a website set up to publish the Snowden leaks, released the malware’s code.

8. U.S. Postal Service networks hit, employee data grabbed


Unknown assailants attacked the U.S. postal system’s networks - blame was quickly rested on China. Data of more than 800,000 employees has been compromised, including Social Security number and postal addresses. The news broke as both U.S. and Chinese leaders met in Beijing to discuss, among many items on the agenda, cybersecurity and state-sponsored hacking.

9. Snapchat data posted on 4chan after backup hack


Around 13 gigabytes of data - including photos and videos - were pilfered by hackers, which eventually made its way to image sharing site 4chan. Known as “The Snappening,” the shady backup services that were said to store snaps indefinitely quickly became the focus of blame. Snapchat cautioned its 100 million active users to stay away from such unauthorized services.

10. One tweet can lead to a back account hack


One inane tweet from mid-2012 was enough to start a chain reaction of information gathering that could have rivalled the work of a government intelligence agency. The target in question may not have been a chief executive, a rock star, or a celebrity, or a government employee with access to state secrets. But it was enough to throw that privacy-conscious person off base.

11. Target breach woes spread into 2014


An estimated 110 million records were pilfered from the company, announced at the end of 2013, but spread well into 2014. The brick-and-mortar and online retailer said its U.S. sales were “meaningfully weaker.” The company’s chief information officer, tasked with internal security, resigned three months into the new year. The total cost of the breach hit US$110 million by the mid-year.

12. European Central Bank hit by data breach


The central bank monitoring and overseeing the Eurozone in Europe suffered a security breach earlier this year that led to the theft of personal data. No internal systems or market sensitive data were compromised, but email and postal addresses, along with phone numbers, were stolen.

13. eBay hit by whopping 145 million user data breach


In a shocking breach revealed in May, more than 145 million users were affected by a massive hack of eBay’s systems, including email and postal addresses, and login credentials. Financial data was not stolen. The UK’s data watchdog launched a probe into the breach. Months after the breach, eBay said it took a US$200 million hit to its annual revenue as a result the security breach.

14. Home Depot breach saw hundreds of millions of records stolen


The company suffered in September a massive 109 million records leak, including 56 million credit cards and 53 million email addresses. Home Depot said a third-party vendor was at fault for the breach, which also led hackers to spread through networks to steal credit card data at point-of-sale terminals.

15. Spotify warns of “unauthorized access”


Android users of Spotify were warned to upgrade after an isolated incident led to the breach of just one user’s data. Despite not having any financial or payment information taken, the company contacted the individual. Spotify has an estimated 40 million users. Android users were also warned to update, leaving some to speculate the app was to blame.

Top image via Mashable.

[Source: ZD Net. Edited. Top image added.]

Post a Comment