2014 was a turbulent year in the world of technology security and data privacy. Businesses of every size in every industry experienced data breaches of one sort or another. It doesn’t take a nationwide survey to know that these threats are increasing (although this early 2014 survey pretty much confirms that fact). Let’s take a look at some of the most significant security breaches of 2014 and see what we can learn from them.
Heartbleed
Heartbleed is a serious vulnerability in the software that helps secure the Internet and communication that happens over the Internet. Heartbleed affected thousands of companies, so it gets a special place on this list. One company in particular experienced the effects of Heartbleed more than most, however. Community Health systems (CHS) filed a massive data breach report to the US Securities and Exchange Commission claiming that, due to Heartbleed, CHS experienced a technology security breach of more than 4.5 million patients’ data. At the time, this was the second largest breach of health records in U.S. history. Read more: CSOnline
University of Pittsburgh Medical Center
Your health records remain cybercrime’s top target, fetching more than 10x the price your credit card information could on the black market. In fact, the Ponemon Institute, a security firm, estimates that data breaches have cost the healthcare industry a staggering $5.6 billion a year since 2011. The University of Pittsburgh Medical Center (UPMC) reported a breach in 2014 which compromised the data of 27,000 of the center’s 62,000 employees. While it was initially reported that only 322 employees were affected, UPMC later announced that 27,000 of the organization’s employees’ tax information and social security numbers were stolen. A class action lawsuit followed in the Allegheny County Court of Common Pleas, after which UPMC made some hasty updates to their security practices. Read more: Becker’s
Sony Pictures Entertainment
Sony was left with a bitter taste in its mouth after ‘Guardians of Peace’, a hackers group, released confidential Sony data, which included employees’ Personally Identifiable Information (PII), internal and external emails, salaries of executives, copies of unreleased Sony films, and much more. While the United States alleged that the hacks were sponsored by North Korea in protest to the release of the film The Interview, the regime denied any involvement. The aftermath of the cyber attacks led to President Obama to call for a legislative update to the current cybercrime laws. Perhaps the main thing Sony learned in this epic snafu was to not put all their passwords in a file labeled “Password” with the password being “password.” Read more: The Verge
Home Depot
Home Depot was subject to intense criticism and scrutiny back in September when the world’s largest home improvement chain had 56 million debit and credit cards stolen. In November it was disclosed that the perpetrators managed to steal 53 million email addresses as well. The hackers used usernames and passwords from third-party vendors and entered Home Depot’s network, implementing custom-made malware in its self-checkout systems. Since then, Home Depot has upgraded its security measures amid the onslaught of lawsuits. Read more: Forbes
JP Morgan Chase
One of the nation’s largest banks was subject to a massive cyber-attack that affected more than 7 million small businesses and over 76 million households back in June and July. Not just that, but Chase’s web and mobile service users were affected by the breach as well. The extent of the attack was revealed in an official filing back in October with the Securities and Exchange Commission. JP Morgan Chase claims that the PII of customers including emails, physical addresses, and phone numbers were leaked, but account information and social security numbers were not part of the breach. Still, this was one of the largest breaches of the year in terms of the sheer number of people affected. Read more: Forbes
Conclusion
Beyond this short list, there were dozens and dozens of significant breaches affecting businesses, governments, and non-profits of all sizes in 2014. The primary lesson for 2015 is to not take technology security for granted. Without tight security policies and a commitment to secure practices, every business is vulnerable.
To learn more about how Claris can help meet your technology security requirements, click here to reach out to us.
The post Top Technology Security Breaches of 2014 appeared first on Claris Networks - IT Support Company | Knoxville Chattanooga | Information Technology Services | Consulting | Cloud Computing | Hosting | EMR Solutions.