![\"Massive](\"https:\/\/blog-en.webroot.com\/wp-content\/uploads\/2014\/12\/Massive-Data-Breaches.png\")
<\/a><\/p>\nWith the New Year only a couple weeks and change away, let’s look back at 2014, aka the ‘Year of the Breach’, and revisit\u00a010 companies who\u00a0want nothing more than to forget their breach nightmares and start fresh in 2015:<\/p>\n
Michaels<\/strong><\/p>\n Going back almost a full year to January, and you have what was one of the first post-Target breach breaches to come to light. According to numerous sources (and\u00a0reported<\/a>\u00a0by the ever-informed Brian Krebs), all signs were pointing to a potential Michaels breach. That same day (January 14), the US Secret Service said it was investigating further.<\/p>\n Fast-forward to April and we get\u00a0the confirmation, with Michaels Stores Inc. announcing that 3 million customer credit and debit cards were stolen in Michaels and Aaron Brothers stores as a result of two eight-month long security breaches.<\/p>\n Goodwill<\/strong><\/p>\n On July 21st, news of another breach started coming in. This time, the victim was Goodwill Industries. Or more specifically, the systems of a third-party vendor that processes payments for some Goodwill members (20 to be exact,\u00a0which represents ~10% of all stores).<\/p>\n This breach, which was determined to be caused by a piece of malware called ‘Rawpos’, resulted in\u00a0exposed information of 868,000 customer credit cards. Goodwill released details of the breach in September on their\u00a0site<\/a>.<\/p>\n The Home Depot<\/strong><\/p>\n Speaking of September, that was a rough month for The Home Depot, which began when the company said it was “investigating some unusual activity with regards to its customer data.”<\/p>\n That ‘unusual activity’ ended up being a massive breach that involved pretty much every Home Depot location in the country.<\/p>\n Sure enough, six days after the initial reports started filing in, the company admitted that its payment systems were in fact breached, and that the attack was going on for months. \u00a0What was not yet known was the scope of the attacks.<\/p>\n That\u00a0announcement<\/a>\u00a0came 10 days later, with The Home Depot saying that the malware was contained, 56 impacted debit and credit cards later. The disclosure made the incident\u00a0the largest retail card breach…ever recorded.<\/p>\n Japan Airlines<\/strong><\/p>\n On October 1st, with The Home Depot breach still fresh on peoples’ minds, Japan Airlines said that it was the latest\u00a0breach victim<\/a>\u00a0and that 750,000 frequent flyer club members’ information may have been stolen after hackers breached JAL’s Customer Information Management System and installed malware on computers that had access to the system.<\/p>\n The potentially stolen data included everything from customer names to membership numbers and home addresses.<\/p>\n JP Morgan<\/strong><\/p>\n And then, just one day later, JP Morgan confirmed an absolutely giant breach that affected 76 million households and 7 millions small businesses. Affected were customers who used Chase.com and JPMorganOnline websites, and the Chase and JP Morgan online apps.<\/p>\n Stolen information included names, email addresses, phone numbers, and home addresses, but more potentially-devastating information such as account numbers, passwords, and Social Security numbers were not believed to be impacted.<\/p>\n Fox Business also came out with a report saying that the nation’s largest bank was also bracing for a mass-scale spear-phishing campaign right after the breach was exposed, and that the stolen info was the ‘first wave’ that would help the cybercriminals steal the aforementioned ‘good stuff’, which they could do with legitimate-looking emails targeting those customers who’s data they already nabbed.<\/p>\n While no such campaign has yet happened, it has not yet been determined for sure who was responsible for the breach and the investigation is still ongoing.<\/p>\n You can find more detailed descriptions of The Home Depot, Japan Airlines, and JP Morgan breaches in a\u00a0previous blog\u00a0<\/a>I wrote.<\/p>\n Kmart<\/strong><\/p>\n Later\u00a0in October, Sears Holdings Corporation announced that it\u00a0discovered a breach\u00a0<\/a>at its Kmart stores that was due to malware on their POS \u00a0(Point-of-Sale) machines. At that time, Sears also announced that the malware was removed and that there was an ongoing investigation.<\/p>\n The investigation went on to reveal that the attack started in early September, which means that the breach was going on for a full month. Despite that, Kmart said that no personal customer information was stolen as a result of the breach.<\/p>\n Staples<\/strong><\/p>\n Just over a week after the Kmart breach, Brian Krebs reported that he got information from multiple banks who said they were seeing a patter of credit card fraud linking back to a series of Staples stores in the Northeastern part of the country. At that time, Staples said it was investigating the issue.<\/p>\n According to a\u00a0Bloomberg update<\/a>\u00a0from last month, Staples said that it believed the malware that caused was identified and eliminated, but that the investigation was still in its early stages and that they could not yet estimate the scope of the breach or how much data was stolen.<\/p>\n Last month, it was also reported that a\u00a0link was found<\/a>\u00a0connecting the Staples and Michaels breaches.<\/p>\n USPS<\/strong><\/p>\n On November 10th, numerous reports came out saying that the United States Postal Service was breached back in September, and that Chinese hackers were responsible.<\/p>\n This\u00a0breach<\/a>\u00a0impacted both employees and customers, compromising\u00a0data of 800,000 workers and 2.9 million customers.<\/p>\n Bebe<\/strong><\/p>\n Earlier this month, security researcher Brian Krebs got word from banks about fraudulent charges on credit cards that were recently used at Bebe women’s clothing stores across the nation.<\/p>\n Sure enough, just a day later, Bebe Stores Inc.\u00a0confirmed<\/a>\u00a0the breach, saying that the hackers got hold of customer information that may include customer names, account numbers, card expiration dates, and verification codes.<\/p>\n