• (800) 846-4472

The Top 3 Data Breaches of 2014

And what they mean for small businesses

In 2014, most consumers have witnessed, while some have been victims of, high-profile data breaches in the retail industry. While cyberattacks have been prevalent for many years, Web-based criminals have increased their efforts to illegally obtain sensitive and pertinent customer information from corporate-sized businesses. 

The data breach at Target® in December 2013 began a long string of attacks on similar entities in the past 12 months. According to a recent infographic by DataBreachToday®, there have been 19 notable breaches since January 2014 (1). The top three network security hacks this year were:

  1. eBay®: More than 145 million consumers were affected when eBay's network security was hacked last spring. The San Jose-based online retailer acknowledged the breach in May, but the perpetrators could have had access for some time. Encrypted passwords, customer names, email addresses, phone numbers and dates of birth were all compromised.
  2. JPMorgan Chase®: In October 2014, JPMorgan Chase®, one of the nation's largest banks, announced it breached in June and July when hackers obtained a list of applications and programs that run on Chase's computers. In a filing with the U.S. Securities and Exchange Commission, the bank revealed 76 million customers were affected (2). Clients' names, address, phone numbers and email addresses were lost, but no cases of financial theft were reported. By the time the breach was discovered in late July, cybercriminals had already obtained the highest level of administrative privilege to multiple JPMorgan Chase servers.
  3. Home Depot®: The do-it-yourself home retailer was arguably the first major breach since Target at the end of 2013. Although fewer individuals were affected than JPMorgan Chase and eBay, Home Depot customers lost debit and credit card numbers, which had the Atlanta-based company scrambling for months after the announcement came in September. 

What does this mean for small businesses?
While the majority of high-profile data breaches have occurred at major retailers and banks, recent research suggests all types of businesses - regardless of the vertical or size - should be proactive about information security. According to the Ponemon Institute
®, an independent privacy, data protection and information security research firm, the number of businesses affected by hackers jumped 10 percent in 2014. In fact, 43 percent of companies surveyed experienced a data breach in 2014 (3). 

If that's not alarming enough, financial website 24/7 Wall St. reported the business sector accounted for 64.4 million breached records in 206 incidents this year. 

Since 2005, there have been 4,890 recorded information breaches to date, the result of which has exposed more than 670 million records.

Given that information, it's safe to assume small businesses are far from exempt in terms of a potential data breach. Local retailers and restaurants may not seem like high-priority targets for hackers, but the Ponemon Institute said more than 80 percent of cases data breach resolution group Experian deals with stem from employee negligence. Simple and seemingly harmless actions like giving out a password, opening up a malicious email or even losing a USB drive can open the door for cybercriminals.

SMBs need to be responsible
Given the importance of network security, small businesses need to take proper action in developing employee education and data breach response plans. Twenty-seven percent of Ponemon survey respondents didn't have a data breach response plan in place, although that figure had dropped from 39 percent in 2013. 

But as the payment processing and network security landscapes evolve, action strategies need to mature as well. Thirty-seven percent of respondents said they hadn't looked at their plan since it was first implemented. Small businesses need to create a response strategy if they don't already have one. Payment processing companies can be allies for local businesses in this case and help implement the proper information security.

1. DataBreachToday, 2014

2. U.S. Securities and Exchange Commission, Oct. 2, 2014

3. Ponemon Institute, Sept. 2014

4. 24/7 Wall St., Nov. 7, 2014 


Target®, DataBreachToday®, eBay®, JPMorgan Chase®, HomeDepot®, and the Ponemon Institute® are all registered or nonregistered marks belonging to their own respective owners who are unaffiliated with and do not endorse or sponsor Vantiv Integrated Payments, LLC.


At Your Fingertips

Download the EMV Handbook

The impending shift in liability for card-present fraud is driving a transition to EMV. Are you ready? This handbook can help you prepare.

Get ready for EMV. We can help.

Vantiv Integrated Payments is ready for EMV and has the technology and a network of providers that merchants need to enter the new era of payments.

Find a local POS Provider

This free service helps you find a POS provider who can help you identify and implement the best EMV solution for your business.

Thank you for your interest in
Vantiv Integrated Payments.
We just need a little info to get started.