2014 Data Breaches
The Top 3 Data Breaches of 2014
And what they mean for small businesses
In 2014, most consumers have witnessed, while some have been victims of, high-profile data breaches in the retail industry. While cyberattacks have been prevalent for many years, Web-based criminals have increased their efforts to illegally obtain sensitive and pertinent customer information from corporate-sized businesses.
The data breach at Target® in December 2013 began a long string of attacks on similar entities in the past 12 months. According to a recent infographic by DataBreachToday®, there have been 19 notable breaches since January 2014 (1). The top three network security hacks this year were:
- eBay®: More than 145 million consumers were affected when eBay's network security was hacked last spring. The San Jose-based online retailer acknowledged the breach in May, but the perpetrators could have had access for some time. Encrypted passwords, customer names, email addresses, phone numbers and dates of birth were all compromised.
- JPMorgan Chase®: In October 2014, JPMorgan Chase®, one of the nation's largest banks, announced it breached in June and July when hackers obtained a list of applications and programs that run on Chase's computers. In a filing with the U.S. Securities and Exchange Commission, the bank revealed 76 million customers were affected (2). Clients' names, address, phone numbers and email addresses were lost, but no cases of financial theft were reported. By the time the breach was discovered in late July, cybercriminals had already obtained the highest level of administrative privilege to multiple JPMorgan Chase servers.
- Home Depot®: The do-it-yourself home retailer was arguably the first major breach since Target at the end of 2013. Although fewer individuals were affected than JPMorgan Chase and eBay, Home Depot customers lost debit and credit card numbers, which had the Atlanta-based company scrambling for months after the announcement came in September.
What does this mean for small businesses?
While the majority of high-profile data breaches have occurred at major retailers and banks, recent research suggests all types of businesses - regardless of the vertical or size - should be proactive about information security. According to the Ponemon Institute ®, an independent privacy, data protection and information security research firm, the number of businesses affected by hackers jumped 10 percent in 2014. In fact, 43 percent of companies surveyed experienced a data breach in 2014 (3).
If that's not alarming enough, financial website 24/7 Wall St. reported the business sector accounted for 64.4 million breached records in 206 incidents this year.
Since 2005, there have been 4,890 recorded information breaches to date, the result of which has exposed more than 670 million records.
Given that information, it's safe to assume small businesses are far from exempt in terms of a potential data breach. Local retailers and restaurants may not seem like high-priority targets for hackers, but the Ponemon Institute said more than 80 percent of cases data breach resolution group Experian deals with stem from employee negligence. Simple and seemingly harmless actions like giving out a password, opening up a malicious email or even losing a USB drive can open the door for cybercriminals.
SMBs need to be responsible
Given the importance of network security, small businesses need to take proper action in developing employee education and data breach response plans. Twenty-seven percent of Ponemon survey respondents didn't have a data breach response plan in place, although that figure had dropped from 39 percent in 2013.
But as the payment processing and network security landscapes evolve, action strategies need to mature as well. Thirty-seven percent of respondents said they hadn't looked at their plan since it was first implemented. Small businesses need to create a response strategy if they don't already have one. Payment processing companies can be allies for local businesses in this case and help implement the proper information security.
1. DataBreachToday, 2014
2. U.S. Securities and Exchange Commission, Oct. 2, 2014
3. Ponemon Institute, Sept. 2014
4. 24/7 Wall St., Nov. 7, 2014
Target®, DataBreachToday®, eBay®, JPMorgan Chase®, HomeDepot®, and the Ponemon Institute® are all registered or nonregistered marks belonging to their own respective owners who are unaffiliated with and do not endorse or sponsor Vantiv Integrated Payments, LLC.
- More Secure Ways To Pay
- Small merchants use tokenization
- What merchants should know
- Merchant cash advance for small business
- What is a merchant cash advance
- Bridging the Gap Part 1: New Customer Expectations
- Bridging The Gap Part 2: Merchant's current reality
- Bridging The Gap Part 3: Digital Commerce
- Breach Report
- Safe and Sound: 4 Tips to Secure Your Business
- Securing the Customer Experience
- Top Five Payment Technologies You Should Not Ignore
- Ways Merchant Can Hurdle Mobility POS Adoption Challenges
- The Time is Now to Develop a Mobile App
- Reasons Consumers Shop Online
- PCI for Retailers
- Loyalty and Payments
- E2E and Tokenization For Your Business
- Avoiding Fraud on your ecommerce site
- The Top 3 Data Breaches of 2014
- Today's Emerging Payments Trends
- EMV: What You Need To Know
- Learn What's New With PCI 3.0
- Integrated Payments and Security
- The Four Levels of PCI Compliance
- PCI Compliance For Restaurants
- POS Security Best Practices
- What does it take to be PCI compliant?
- Beyond cuisine
- What is PCI Compliance
- Article-More repeat business for your restaurant
- Protect Customer Data at the POS
At Your Fingertips
The impending shift in liability for card-present fraud is driving a transition to EMV. Are you ready? This handbook can help you prepare.
Vantiv Integrated Payments is ready for EMV and has the technology and a network of providers that merchants need to enter the new era of payments.