Security Breach Recap – First Half 2014

The first half of 2014 turned out to be a banner year for security breaches. Just about every industry has been impacted by a cyber security breach, with the most recent being Community Health Systems (CHS), UPS, Goodwill, Albertson’s, SuperValu, Lions Gate, Stub Hub, eBay, USIS, and the US Nuclear Regulatory Commission. CHS had personal data on 4.5M individuals stolen, Lions Gate had a full movie stolen before it was released, and USIS, which provides background checks for government agencies, including the NSA, was also breached, and had its status suspended by the Department of Homeland Security.

However, all these breaches pale in comparison to the three attacks on the Nuclear Regulatory Commission, where employees were duped via a phising campaign. However, the NRC detected the breaches, and mitigated them quickly. Any organization that is breached and has “nuclear” in its name, really hits home. Here is security breach recap for 2014, courtesy of Risk Based Security Open Security Foundation.

 Security Breach Recap for first half of 2014
  • 502 million records stolen
  • 78.9% records exposed by result of outside activity
  • Two incidents are responsible for 318 million records being exposed
  • Business sector represents 54.96% of security incidents, followed by Government at 16.1%
  • 395M incidents due to hacking, and 104M due to fraud/social engineering
  • United States had the most records exposed at 373M, followed by South Korea at 116M
  • New York state had 218M records exposed, followed by California at 145M
 Largest US Hacks of All Time
  • 179M records exposed – NYC Taxi & Limousine Commission in 6/2014
  • 152M records exposed – Adobe Systems in 10/13
  • 145M records exposed – eBay in 5/2014
  • 130M records exposed– Heartland Payment Systems in 1/2009
  • 110M records exposed – Target in 12/13
  • 94M records exposed – TJX (TJ Max) in 1/2007
  • Total records exposed = 810 million