Top 10 security scandals of 2014

Another year, another batch of damaging security breaches. It seems that as time goes on companies are becoming more and more vulnerable to hackers, viruses and malware.

2013 saw some massive data scandals in terms of records stolen, yet 2014 has trumped it with some truly staggering breaches in security. Here at ITProPortal we’ve created a run-down of some of the 10 most damaging security scandals of the year.

10. Rex Mundi cheeses off Domino’s Pizza

In June, hacking group Rex Mundi stole the details of around 650,000 Domino’s Pizza customers in France and Belgium. They threatened over Twitter to publish their stolen data online should the company fail to pay them a ransom of £24,000.

The data included names, email and postal addresses, phone number and passwords. Domino’s told the public that they would not deal with the blackmailers and the Rex Mundi twitter account was suspended soon after. It is unknown what happened to details.

Domino's

9. Misery continues for Target

Victim of the largest data breach in US history, Target led the pack in terms of security scandals into 2014. The company disclosed in January that the breach had affected as many as 70 million individuals, whose names, emails, phone numbers and addresses had all been stolen.

The firm laballed additional data stolen at the beginning of the year as “partial in nature” but still promised to contact those affected and help them.

Target

8. Leaky Gmail loses five million passwords

Google was left red in the face when five million Gmail email addresses and passwords appeared on a Russian Bitcoin forum. The information was believed to have been stolen from multiple sites where the addresses were used as log-ins.

Luckily for the Mountain View-based firm, users began to report back that the passwords were years out of date. Google later confirmed that less than two per cent of the data was valid. It stressed to users that it is always monitoring the web for large data leaks but refused to admit that it had dropped the security ball.

Password

7. AOL remains relevant with email data breach

A cyber attack in May caused AOL to urge “a significant number of users” to change their passwords and email addresses. Reuters claimed that the data that had been leaked comprised of two per cent of all AOL accounts.

The company said that there was no indication that passwords had been deciphered, but the breach was thought to have affected up to 80 million users, who received torrents of spam emails from insecure sources their accounts had been subsequently linked to.

Email

6. Community Health Systems hack leaves patients sick

A company that operates 206 hospitals across the US was hacked in August, leading to the loss of medical data for 4.5 million patients. The hackers gained names, telephone numbers, birthdays and email addresses.

Community Health Systems had previously outsourced its cyber security due to espionage attempts made by previous hackers but were not prepared for new groups to target patient data. It eventually managed to wipe all of the attacker’s malware from its systems.

NHS

5. Home Depot is hammered by credit card hack

As if retailers hadn’t learned their lesson from the high-profile Target hack in 2013, Home Depot was hit by a breach that left 53 million people at risk. Hackers used a third-party vendor’s username and password to gain access to the firm’s network and wreak havoc.

Home Depot was quick to assure customers that they were taking the steps to protect data, including offering all people affected free credit monitoring services. The breach has so far cost the company more than $148 million (£94 million).

Home Depot

4. JP Morgan admits that it left 76 million helpless post-hack

JP Morgan & Chase was struck with a brutal cyber attack in the summer, leading to the loss of data belonging to 76 million households and 7 million businesses. Was the largest bank in America brought low by a team of terrorists, ultra-hackers or by some ferocious malware?

No, it had been compromised through a single employee’s password. Names and contact data were snapped up by the attackers yet JP Morgan insisted that account numbers and passwords had not been compromised.

Vault

3. Celebrity iCloud users learn the benefits of good passwords

As nude pictures of celebrities began to circulate the web in September, the security blame game went into overdrive. Apple insisted that the breach was not its fault, and that no-one hacked its system. The company did, however, introduce a massive security patch a few weeks after the first hacking occurred.

It was found that iPhones and iCloud accounts had no defence against brute force attacks - hackers guessing the password over and over again until they get right - it was easy for the attackers to get into celebrity accounts.

Apple does have two-step verification for its handsets, but only if you find it and enable it. The iPhone user guide, though, doesn’t even mention that it is an option.

paparazzi_contentfullwidth (1)

2. eBay slips up, allows hackers to make off with 145m accounts

Using the credentials of “a small number of employees”, hackers managed to worm their way past eBay’s security systems and make off with the data from around 145 million accounts. This data included names, addresses, phone numbers and date of births.

eBay revealed that the hackers had been at work during February and March, meaning they had a number of weeks to collect and decipher information within the website’s databases. The retailer politely suggested users change their passwords on-site and, following criticism, in circulated emails.

It did say, however that it was confident no erroneous activity had occurred as a result of the hack.

ebay

1. Sony Pictures turned inside-out by protest hackers

Things aren’t going very well over at Sony. With the memory of the massive PlayStation Network outrage in 2011 hack only just subsiding the company the company found itself targeted by a group of hackers known as “Guardians of Peace”.

In what is thought to be a response to the film The Interview, in which two journalists are recruited to assassinate Kim Jong Un, the hackers stole and released films in production and leaked company emails.

Amongst these private communications were emails between Sony Pictures chair Amy Pascal and producer Scott Rudin, insulting Barack Obama by insinuating he only likes films with African Americans in them.

North Korea stepped forward to say that it wasn't responsible for the hack, but was greatly enjoying the results of it.

Sony, guardians of peace, sony pictures hack