{"id":5368,"date":"2015-01-28T05:44:55","date_gmt":"2015-01-28T10:44:55","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=5368"},"modified":"2020-02-26T15:10:51","modified_gmt":"2020-02-26T15:10:51","slug":"private-data-leaks-2014","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/private-data-leaks-2014\/5368\/","title":{"rendered":"2014&#8217;s Top Private Data Leaks"},"content":{"rendered":"<p>Every year <a href=\"http:\/\/www.informationisbeautiful.net\/visualizations\/worlds-biggest-data-breaches-hacks\/\" target=\"_blank\" rel=\"noopener nofollow\">millions of people<\/a> become victims of a data breach. For the majority, the results are the same: hackers sell users\u2019 data\u00a0on underground websites and companies have to rush to rescue their reputation and stop a flood of customers leaving.<\/p>\n<p>So, as today is\u00a0<a href=\"http:\/\/www.thinksecurityguide.com\/Editor-s-Choice\/Data-Privacy-Day-2015.aspx\" target=\"_blank\" rel=\"noopener nofollow\">Data Privacy Day<\/a>\u00a0we thought we\u2019d look at the biggest breaches of the last 12 months.<\/p>\n<h3>Retailers at risk<\/h3>\n<p>Huge retail networks are a juicy target for criminals as there\u2019s millions of pounds worth of money sloshing around at any one time. \u00a0Think of all the pucrhases that the likes of Amazon or Ebay make each day and you begin to understand why they\u2019re such a sought after market in the criminal world.<\/p>\n<p>It\u2019s been alleged (but never confirmed) that one group has successfully targeted three retail giants: <a href=\"http:\/\/krebsonsecurity.com\/2014\/05\/the-target-breach-by-the-numbers\/\" target=\"_blank\" rel=\"noopener nofollow\">Target<\/a> (70 million records with banking information, phone numbers, emails and other data); the beauty supplier <a href=\"http:\/\/krebsonsecurity.com\/tag\/sally-beauty-breach\/\" target=\"_blank\" rel=\"noopener nofollow\">Sally Beauty<\/a> (25,000 record stolen) and the home improvement store, <a href=\"http:\/\/fortune.com\/2014\/11\/25\/home-depot-data-lawsuits\/\" target=\"_blank\" rel=\"noopener nofollow\">Home Depot<\/a> (banking data for 56 million cards and 53 million emails stolen).<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">56MM payment cards at risk in Home Depot data breach  <a href=\"https:\/\/t.co\/4sLyGWnLCU\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/4sLyGWnLCU<\/a> <a href=\"http:\/\/t.co\/pBNoIJwa3J\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/pBNoIJwa3J<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/513085417818554368?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 19, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Interestingly, the Sally Beauty breach developed into something of a parody event when the hackers were themselves, <a href=\"http:\/\/krebsonsecurity.com\/2014\/03\/sally-beauty-confirms-card-data-breach\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">hacked<\/a>:<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2015\/01\/05195643\/sallybeauty.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-5369\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2015\/01\/05195643\/sallybeauty.png\" alt=\"sallybeauty\" width=\"600\" height=\"413\"><\/a><\/p>\n<p>\u00a0<\/p>\n<p>Another retail giant that was attacked was E-Bay with around 145 million customers having their data compromised. \u00a0As a result, the company faced a class action law-suit and according to <a href=\"http:\/\/www.pcworld.com\/article\/2457880\/ebay-faces-class-action-suit-over-data-breach.html\" target=\"_blank\" rel=\"noopener nofollow\">PC World<\/a>, the\u00a0cost of the law-suit spiralled to upwards of $5 million.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">eBay has confirmed a massive leak of personal data, denied any financial data accessed.  <a href=\"http:\/\/t.co\/4qcwvrUvwF\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/4qcwvrUvwF<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/469524250072993793?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">May 22, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h3>Nobody is home and dry<\/h3>\n<p>Banks, online businesses, telecommunication companies and governmental bodies \u2014\u00a0they\u2019re all at risk. \u00a0You will no doubt hear about the data breach at <a href=\"https:\/\/www.kaspersky.com\/blog\/sony-hack-north-korea\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Sony Pictures<\/a> and <a href=\"http:\/\/en.wikipedia.org\/wiki\/2014_celebrity_photo_hack\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">the celebrity photo hack<\/a>, the most popular incidents in 2014.<\/p>\n<p>http:\/\/instagram.com\/p\/oHjWPhP0KA\/<\/p>\n<p>Banks from all over the world have been\u00a0compromised by hackers and it appears nobody is safe:<\/p>\n<div class=\"pullquote\"> Banks, online businesses, telecommunication companies and governmental bodies \u2014\u00a0they\u2019re all at risk.<\/div>\n<ul>\n<li>In the first month of the year, and with the help of one of its employees, the\u00a0<a href=\"http:\/\/www.zdnet.com\/article\/bank-data-of-20-million-customers-leaked-in-south-korea\/\" target=\"_blank\" rel=\"noopener nofollow\">data of 20 million customers was leaked<\/a> from the Korea Credit Bureau.<\/li>\n<li>In February,\u00a0<a href=\"http:\/\/www.bbc.com\/news\/uk-26106138\" target=\"_blank\" rel=\"noopener nofollow\">Barclays came under fire<\/a>\u00a0when 27,000 records were stolen and sold on to rogue city traders. As a result, the bank credibility took a beating and it had to compensate thousands of customers whose data were sold on the black market.<\/li>\n<li>In June,\u00a0<a href=\"http:\/\/www.reuters.com\/article\/2014\/12\/23\/us-jpmorgan-cybersecurity-idUSKBN0K105R20141223\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">80 million customer<\/a> records were stolen from JP Morgan.<\/li>\n<li>As a result of a major hack that led to the data exposure of 27 million customers,\u00a0South Korea authorities are evaluating the possibility of completely <a href=\"http:\/\/securityaffairs.co\/wordpress\/29310\/cyber-crime\/south-korea-id-system.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">redesigning\u00a0 the national identity<\/a> number system.<\/li>\n<li>Communication giants weren\u2019t immune either. \u00a0French telecoms group Orange <a href=\"http:\/\/www.techradar.com\/news\/internet\/web\/more-than-1m-customer-details-stolen-in-orange-data-breach-1247639\" target=\"_blank\" rel=\"noopener nofollow\">was hacked<\/a> twice in the first three months of 2014 resulting in the theft of 1.3 million users\u2019 data. What was worse: the attackers compromised a software platform that the company used to send promotional emails and texts. \u00a0No doubt, many people will think twice before signing up to something as a result.<\/li>\n<li>In October <a href=\"http:\/\/www.pcworld.com\/article\/2692652\/atandt-fired-employee-who-improperly-accessed-customer-accounts.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">AT&amp;T had to fire a too curious employee<\/a> who obtained information from 1,600 customers\u2019 accounts and may\u00a0have viewed their Social Security and driver license numbers.<\/li>\n<li>In October the <a href=\"http:\/\/blogs.wsj.com\/digits\/2014\/10\/14\/dropbox-blames-security-breach-on-password-reuse\/\" target=\"_blank\" rel=\"noopener nofollow\">file hosting service Dropbox<\/a>\u00a0was compromised. 7 million users\u2019 records leaked out onto\u00a0the internet. \u00a0The company stated that login credentials leaked from third-party sites or apps. Thus no matter how hard companies try to protect their servers they are helpless in face of users laziness and illiteracy. There will be more leaks in future until passwords\u00a0like \u2018<a href=\"https:\/\/www.kaspersky.com\/blog\/25-worst-passwords-2014\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">123456<\/a>\u2018\u00a0are consigned to the dust bin.<\/li>\n<\/ul>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Little has changed from the <a href=\"https:\/\/twitter.com\/Gawker?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@Gawker<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/breach?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#breach<\/a> to this year's list of bad <a href=\"https:\/\/twitter.com\/hashtag\/passwords?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#passwords<\/a> <a href=\"https:\/\/t.co\/RrsCXCy7H8\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/RrsCXCy7H8<\/a> <a href=\"http:\/\/t.co\/KQeai3snkS\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/KQeai3snkS<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/558601102925377536?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 23, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>How much is the data<\/h3>\n<p>But once your data is compromised, how much does it sell for? \u00a0Well, the price of an individual record is relatively low. Brian Krebs, a IT security journalist reported that the offsite airport parking service <a href=\"http:\/\/krebsonsecurity.com\/2014\/12\/banks-park-n-fly-online-card-breach\/\" target=\"_blank\" rel=\"noopener nofollow\">Park \u2018N Fly customers<\/a>\u00a0were\u00a0selling\u00a0at the range from $6 to $9 per card which included the card number, expiration date, verification code, as well as the cardholders name, address and phone number. Barclay\u2019s bank clients\u2019 data was\u00a0<a href=\"http:\/\/www.dailymail.co.uk\/news\/article-2554875\/Barclays-account-details-sale-gold-27-000-files-leaked.html\" target=\"_blank\" rel=\"noopener nofollow\">valued higher<\/a> \u2014 around\u00a0$76 (\u00a350) per file.<\/p>\n<p>[Pullquote]Though everybody sells and buys information, the price of one separate record is relatively low[\/Pullquote]<\/p>\n<p>However, the price of compensation is significantly higher.\u00a0<a href=\"http:\/\/www.dailymail.co.uk\/news\/article-2592420\/Barclays-customers-stolen-files-sold-rogue-City-traders-offered-just-250-compensation.html#ixzz3PrsXDzd0\" target=\"_blank\" rel=\"noopener nofollow\">Barclays offered (\u00a3250<\/a>) to clients whose data was leaked, however many people saw this as an injustice and demanded more. \u00a0Barclay\u2019s ended up offering more as a result of the complaints with some customers receiving as much as \u00a31,000.<\/p>\n<p>Yet besides this cost, companies also have to spend money purchasing added IT equipment, extra IT infrastructure and security; more calls to their call centre; expert security investigators; and other added legal costs. Home Depot, for example spent\u00a0<a href=\"http:\/\/www.pcworld.com\/article\/2852472\/home-depot-spent-43-million-on-data-breach-in-just-one-quarter.html\" target=\"_blank\" rel=\"noopener nofollow\">$43 million<\/a>\u00a0on managing the consequences of one data leak.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Data Privacy Day was first celebrated in Europe on Jan 28, 2007. Learn more <a href=\"http:\/\/t.co\/SxCL2DLjhn\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/SxCL2DLjhn<\/a>  <a href=\"https:\/\/twitter.com\/hashtag\/DPD15?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#DPD15<\/a> <a href=\"http:\/\/t.co\/GETSHdCJex\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/GETSHdCJex<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/559730085595717632?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 26, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>So remember, data breaches are difficult for everybody involved but the ultimate responsibility falls on the holder of that data. \u00a0If you\u2019re concerned about your data security, always remember to use tough, difficult to guess passwords. \u00a0Failing that, you could always use a\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/\" target=\"_blank\" rel=\"noopener nofollow\">reliable password<\/a>\u00a0manager.<\/p>\n<p>Happy Data Protection Day!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Every year millions of people become victims of a data breach. For the majority, the results are the same: hackers sell users\u2019 data\u00a0on underground websites and companies have to rush<\/p>\n","protected":false},"author":522,"featured_media":5370,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2026],"tags":[93,314,189,78,1101,363,43,97],"class_list":{"0":"post-5368","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-cybercriminals","9":"tag-data-breach","10":"tag-data-security","11":"tag-hackers","12":"tag-leaks","13":"tag-personal-data","14":"tag-privacy","15":"tag-security-2"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/private-data-leaks-2014\/5368\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/private-data-leaks-2014\/4569\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/private-data-leaks-2014\/4514\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/private-data-leaks-2014\/5070\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/private-data-leaks-2014\/6775\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/private-data-leaks-2014\/7301\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/private-data-leaks-2014\/6698\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/private-data-leaks-2014\/6775\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/private-data-leaks-2014\/7301\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/private-data-leaks-2014\/7301\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.uk\/blog\/tag\/cybercriminals\/","name":"cybercriminals"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5368"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5368\/revisions"}],"predecessor-version":[{"id":19184,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5368\/revisions\/19184"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/5370"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}