{"id":4514,"date":"2015-01-28T10:00:57","date_gmt":"2015-01-28T15:00:57","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=4514"},"modified":"2020-02-26T18:59:33","modified_gmt":"2020-02-26T14:59:33","slug":"private-data-leaks-2014","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/private-data-leaks-2014\/4514\/","title":{"rendered":"Data Privacy Day: 2014&#8217;s Top Privacy Data Leaks"},"content":{"rendered":"<p>Every year, <a href=\"http:\/\/www.informationisbeautiful.net\/visualizations\/worlds-biggest-data-breaches-hacks\/\" target=\"_blank\" rel=\"noopener nofollow\">millions of people<\/a> become victims of numerous data breaches. For the majority of them, the results are sad: hackers sell users\u2019 banking information on underground websites, companies pay huge sums of money to their clients, and consumers lose money.<\/p>\n<p style=\"text-align: center\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/01\/05111829\/Data-Privacy-Day-1-1024x768.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-7302\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/01\/05111829\/Data-Privacy-Day-1-1024x768.png\" alt=\"Data-Privacy-Day\" width=\"1067\" height=\"800\"><\/a><\/p>\n<p>On <a href=\"http:\/\/www.thinksecurityguide.com\/Editor-s-Choice\/Data-Privacy-Day-2015.aspx\" target=\"_blank\" rel=\"noopener nofollow\">Data Privacy Day<\/a> we\u2019d like to tell you about the top data breaches in 2014. We\u2019ve also added a few interesting facts on the cost of data and corporate reputation.<\/p>\n<p><strong>Retailers at risk<\/strong><\/p>\n<p>Huge retail networks are enticing to hackers as they keep millions of records containing client data.<\/p>\n<p>Allegedly, the same group hacked three huge retail networks in 2014: the giant retailer <a href=\"http:\/\/krebsonsecurity.com\/2014\/05\/the-target-breach-by-the-numbers\/\" target=\"_blank\" rel=\"noopener nofollow\">Target<\/a> (70 million records with banking information, phone numbers, emails and other data stolen), the beauty supplier <a href=\"http:\/\/krebsonsecurity.com\/tag\/sally-beauty-breach\/\" target=\"_blank\" rel=\"noopener nofollow\">Sally Beauty (25,000 record stolen)<\/a>, and the home improvement retailer <a href=\"http:\/\/fortune.com\/2014\/11\/25\/home-depot-data-lawsuits\/\" target=\"_blank\" rel=\"noopener nofollow\">Home Depot<\/a> (banking data for 56 million cards and 53 million emails stolen).<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">56MM payment cards at risk in Home Depot data breach  <a href=\"https:\/\/t.co\/4sLyGWnLCU\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/4sLyGWnLCU<\/a> <a href=\"http:\/\/t.co\/pBNoIJwa3J\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/pBNoIJwa3J<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/513085417818554368?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 19, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The Sally Beauty data breach case developed into a funny situation when the hackers themselves were hacked. Stolen data was for sale on several underground websites. Soon after that, someone <a href=\"http:\/\/krebsonsecurity.com\/2014\/03\/sally-beauty-confirms-card-data-breach\/\" target=\"_blank\" rel=\"noopener nofollow\">hacked and defaced one of the sites<\/a>. The \u2018good hacker\u2019 left a message and a video from the <em>Men in Black <\/em>movie on the site\u2019s homepage:<\/p>\n<p style=\"text-align: center\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/01\/05102842\/sallybeauty.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-7303\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2015\/01\/05102842\/sallybeauty.png\" alt=\"sallybeauty\" width=\"600\" height=\"413\"><\/a><\/p>\n<p>There was another much talked about breach of private data in the retail sector: the massive breach of login and password data on eBay that affected up to 145 million customers. As a result, the company is facing a class action lawsuit. According to <a href=\"http:\/\/www.pcworld.com\/article\/2457880\/ebay-faces-class-action-suit-over-data-breach.html\" target=\"_blank\" rel=\"noopener nofollow\">PC World<\/a>, the combined claims of the proposed class members exceed $5 million exclusive of interest and costs.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">eBay has confirmed a massive leak of personal data, denied any financial data accessed.  <a href=\"http:\/\/t.co\/4qcwvrUvwF\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/4qcwvrUvwF<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/469524250072993793?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">May 22, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>Nobody is home and dry<\/strong><\/p>\n<p>Banks, dot.coms, equipment manufacturers, telecommunications corporations, and government bodies \u2014 everyone is at risk. You\u2019ve definitely heard about the data breach at <a href=\"https:\/\/www.kaspersky.com\/blog\/sony-hack-north-korea\/\" target=\"_blank\" rel=\"noopener nofollow\">Sony Pictures<\/a> and <a href=\"http:\/\/en.wikipedia.org\/wiki\/2014_celebrity_photo_hack\" target=\"_blank\" rel=\"noopener nofollow\">the celebrity photo hack<\/a>, the most popular incident in 2014. Thus, we are going to tell you about more specific cases.<\/p>\n<p>http:\/\/instagram.com\/p\/oHjWPhP0KA\/<\/p>\n<p>Hackers compromised banks all over the world. In the first month of the year, <a href=\"http:\/\/www.zdnet.com\/article\/bank-data-of-20-million-customers-leaked-in-south-korea\/\" target=\"_blank\" rel=\"noopener nofollow\">banking data of 20 million customers was leaked<\/a> from the Korea Credit Bureau bank with the help of the bank\u2019s own employee.<\/p>\n<div class=\"pullquote\">Banks, dot.coms, equipment manufacturers, telecommunications corporations, government bodies \u2013 everyone is at risk.<\/div>\n<p>In February, British bank <a href=\"http:\/\/www.bbc.com\/news\/uk-26106138\" target=\"_blank\" rel=\"noopener nofollow\">Barclays came under fire<\/a>: 27,000 records were stolen and sold on rogue City traders. As a result, the bank\u2019s credibility took a beating and it had to compensate thousands of customers whose data was sold on the black market.<\/p>\n<p>In June, the private <a href=\"http:\/\/www.reuters.com\/article\/2014\/12\/23\/us-jpmorgan-cybersecurity-idUSKBN0K105R20141223\" target=\"_blank\" rel=\"noopener nofollow\">data of 80 million customers of the American bank JP Morgan<\/a> was compromised as well. The bank remained silent on the matter for several months and only reported the incident in October 2014.<\/p>\n<p>As a result of a major hack that led to the data exposure of 27 million customers (<a href=\"http:\/\/securityaffairs.co\/wordpress\/27776\/cyber-crime\/27-million-koreans-data-breach.html\" target=\"_blank\" rel=\"noopener nofollow\">80% of the country population<\/a>) South Korean authorities are evaluating the possibility of completely <a href=\"http:\/\/securityaffairs.co\/wordpress\/29310\/cyber-crime\/south-korea-id-system.html\" target=\"_blank\" rel=\"noopener nofollow\">redesigning the national identity number computer system<\/a>.<\/p>\n<p>Telcos had a tough year as well. French telecom group Orange <a href=\"http:\/\/www.techradar.com\/news\/internet\/web\/more-than-1m-customer-details-stolen-in-orange-data-breach-1247639\" target=\"_blank\" rel=\"noopener nofollow\">was hacked<\/a> twice in the first three months of 2014 resulting in the theft of 1.3 million users\u2019 data. To make matters worse, the hackers compromised a software platform that the company used to send promotional emails and text messages to clients who had agreed to receive them. After that, it\u2019s highly possible many people will think twice before signing up.<\/p>\n<p>In October <a href=\"http:\/\/www.pcworld.com\/article\/2692652\/atandt-fired-employee-who-improperly-accessed-customer-accounts.html\" target=\"_blank\" rel=\"noopener nofollow\">AT&amp;T had to fire an employee<\/a> who was a little too curious. The employee inappropriately obtained information from 1,600 customers\u2019 accounts and could have viewed their Social Security and driver license numbers.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Little has changed from the <a href=\"https:\/\/twitter.com\/Gawker?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@Gawker<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/breach?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#breach<\/a> to this year's list of bad <a href=\"https:\/\/twitter.com\/hashtag\/passwords?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#passwords<\/a> <a href=\"https:\/\/t.co\/RrsCXCy7H8\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/RrsCXCy7H8<\/a> <a href=\"http:\/\/t.co\/KQeai3snkS\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/KQeai3snkS<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/558601102925377536?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 23, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In October <a href=\"http:\/\/blogs.wsj.com\/digits\/2014\/10\/14\/dropbox-blames-security-breach-on-password-reuse\/\" target=\"_blank\" rel=\"noopener nofollow\">bad luck overtook a file hosting service Dropbox<\/a>. 7 million users\u2019 records leaked onto the web. The company stated that login credentials leaked from third-party sites or apps. No matter how hard companies try to protect their servers they are helpless in the face of user laziness and illiteracy. There will be more leaks in the future as long as combinations like \u2018123456\u2019 remain <a href=\"https:\/\/www.kaspersky.com\/blog\/25-worst-passwords-2014\/\" target=\"_blank\" rel=\"noopener nofollow\">the most used passwords<\/a>.<\/p>\n<p><strong>How much is the data<\/strong><\/p>\n<p>Though everyone buys and sells information, the price of one separate record is relatively low. For instance, records of the offsite airport parking service <a href=\"http:\/\/krebsonsecurity.com\/2014\/12\/banks-park-n-fly-online-card-breach\/\" target=\"_blank\" rel=\"noopener nofollow\">Park \u2018N Fly customers were sold<\/a> at a range of $6 to $9 per card, which included the card number, expiration date, verification code, as well as the cardholder\u2019s name, address, and phone number. Barclays bank clients\u2019 data <a href=\"http:\/\/www.dailymail.co.uk\/news\/article-2554875\/Barclays-account-details-sale-gold-27-000-files-leaked.html\" target=\"_blank\" rel=\"noopener nofollow\">were valued higher<\/a> \u2014 up to $76 (\u00a350) per file.<\/p>\n<div class=\"pullquote\">Though everyone buys and sells information, the price of one separate record is relatively low.<\/div>\n<p>The price of a reputation is a little bit higher especially when it comes to court. <a href=\"http:\/\/www.dailymail.co.uk\/news\/article-2592420\/Barclays-customers-stolen-files-sold-rogue-City-traders-offered-just-250-compensation.html#ixzz3PrsXDzd0\" target=\"_blank\" rel=\"noopener nofollow\">Barclays offered $770 (\u00a3250<\/a>) in compensation to the clients whose data was leaked, but many of them described this as \u2018chicken feed\u2019. The bank had to double some of their offers for those customers who complained and held out for more. Some of them were even given about $1,520 (\u00a31,000).<\/p>\n<p>Apart from compensation there is more spending as a result of a data breach. For example, <a href=\"http:\/\/www.pcworld.com\/article\/2852472\/home-depot-spent-43-million-on-data-breach-in-just-one-quarter.html\" target=\"_blank\" rel=\"noopener nofollow\">Home Depot spent $43 million<\/a> to manage the consequences of one data leak in one quarter. Money was spent on investigations, providing identity theft protection services to consumers, increased call center staffing, and other legal and professional services.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Data Privacy Day was first celebrated in Europe on Jan 28, 2007. Learn more <a href=\"http:\/\/t.co\/SxCL2DLjhn\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/SxCL2DLjhn<\/a>  <a href=\"https:\/\/twitter.com\/hashtag\/DPD15?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#DPD15<\/a> <a href=\"http:\/\/t.co\/GETSHdCJex\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/GETSHdCJex<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/559730085595717632?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 26, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>We\u2019d like to remind you that the 28th of January is International Data Privacy Day in the USA, Canada, and 27 European countries. You may wish to join the holiday and think about ways to improve security of your own personal data. For example, you can start <a href=\"https:\/\/www.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/\" target=\"_blank\" rel=\"noopener nofollow\">us<\/a><a href=\"https:\/\/www.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/\" target=\"_blank\" rel=\"noopener nofollow\">ing<\/a><a href=\"https:\/\/www.kaspersky.com\/blog\/false-perception-of-it-security-passwords\/\" target=\"_blank\" rel=\"noopener nofollow\"> reliable passwords with ease<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The top privacy data leaks in 2014 include: data breaches at Target and Home Depot, hacks of JP Morgan and Barclays banks, and leaks at Orange and Dropbox.<\/p>\n","protected":false},"author":522,"featured_media":4515,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[93,314,189,78,1183,363,43,97],"class_list":{"0":"post-4514","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-cybercriminals","9":"tag-data-breach","10":"tag-data-security","11":"tag-hackers","12":"tag-leaks","13":"tag-personal-data","14":"tag-privacy","15":"tag-security-2"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/private-data-leaks-2014\/4514\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/private-data-leaks-2014\/4569\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/private-data-leaks-2014\/5070\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/private-data-leaks-2014\/5368\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/private-data-leaks-2014\/6775\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/private-data-leaks-2014\/7301\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/private-data-leaks-2014\/6698\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/private-data-leaks-2014\/6775\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/private-data-leaks-2014\/7301\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/private-data-leaks-2014\/7301\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/cybercriminals\/","name":"cybercriminals"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4514","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4514"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4514\/revisions"}],"predecessor-version":[{"id":15976,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4514\/revisions\/15976"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/4515"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4514"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4514"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4514"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}