Note: This post is continuously updated, as new data breaches are reported. Scroll to the bottom to see the most recent breaches.
We’ve been keeping tabs on headline-making identity theft stories this year. Now that we’ve hit the halfway mark for 2014 (can you believe it’s July?), we decided now would be a good time to step back and review some significant data breaches from the past six months. Here are five major data breaches from 2014 that got our attention, and may lead to identity theft and fraud for the data breach victims.
This May, many eBay users received unsettling news that their account information had been compromised. More than 146 million users around the world, in fact, received emails from eBay in mid-May requesting they change their passwords because of a security breach. The company determined that hackers accessed customer passwords, which gave them access to users’ names, addresses, birth dates, phone numbers, and email addresses. As eBay continues to work through the problems, the company is offering updated information on its website.
Since its launch in 2011, Snapchat users have shared more than 700 million videos and photos each day. Earlier this year a hacker collective known as SnapchatDB revealed that it accessed the app via an A.P.I. exploit, stealing 4.6 million phone numbers and usernames and loading the information into a third-party website. Since the breach, Snapchat has released multiple updates with enhanced security features.
One of the first restaurant chains to suffer a security breach in 2014, P.F. Chang’s encountered an issue in early June. The breach involved stolen data from credit and debit cards used at restaurants around the country. P.F. Chang’s CEO, Rick Federico, launched an investigation with governmental agencies. Restaurants are taking precautions to avoid losing additional information, such as using manual imprinting systems for credit cards. If you fear that your data may have been compromised you can visit P.F. Chang’s special website for more information.
AOL suffered a security breach when a former software engineer stole the screen names and email addresses of 92 million users worldwide. The engineer then sold this information to companies that sent out 7 billion spam email messages to these users. AOL since has urged its users to change all passwords and to change any security questions associated to the compromised accounts.
Popular craft store Michael’s reported that an April 2014 security breach may have exposed data from more than three million credit/debit cards. The company hired independent security firms to fix the issue and urged customers to monitor their cards for fraudulent activity.
Community Health Systems
Updated 8/22/2014: Community Health Systems (CYH), a network of 206 hospitals around the country, reported in August of 2014 that hackers stole the names, social security numbers, physical addresses, birthdays, and telephone numbers of more than 4.5 million patients. CYH owns hospitals in 28 states, with a heavier presence in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee, and Texas. Any person who received treatment at, or was referred to, a Community Health Systems hospital is now at a greater risk for identity fraud. The company is working with the FBI and an independent security firm to investigate the breach and protect consumers.
1.2 Billion Passwords Stolen Globally
Updated 8/22/2014: As we reported in August of 2014, a Russian hacking ring stole user data from more than 400,000 websites – a collection of more than 1 billion password and username combinations. Many of the companies affected by this breach are aware that their security was compromised, though it’s unclear what they are doing to improve their security measures.
UPS Data Breach
Updated 8/28/2014: UPS reported a data breach at 51 of its UPS Stores across 24 states. Customers who paid by credit card between January 20 and August 11, 2014 at any of the affected locations may have had their name, address, email, and credit card details exposed. In a press release, Tim Davis, UPS Store president, assures customers that there is “no evidence of fraud arising from this incident.” In what has become common practice for companies that have suffered security breaches, UPS plans to offer its customers’ identity protection services.
Updated 9/9/2014: Home Depot confirmed a data breach of its United States and Canadian stores. The breach is reported to span as far back as April of 2014, affecting over 2,000 stores, which is leading many analysts to predict a total of 60 million compromised payment accounts. If these predictions hold true, Home Depot’s data breach will be the largest ever in history, topping Target’s 2013 data breach by 20 million. Home Depot is encouraging customers to closely monitor their payment accounts and has offered identity protection services to any customers affected by the breach.
Updated 10/3/2014: JPMorgan Chase has reported details of their server breach to the Securities and Exchange Commission. The cyberattack is believed to have occurred in June and July of 2014 and affected 76 million households and 7 million small businesses. Contact information for customers – including names, addresses, phone numbers, and e-mail addresses – was compromised, but JPMorgan Chase says that the hackers did not steal money.
Updated 10/10/14: Kmart, owned by Sears, suffered a data breach that affected their point of sale systems. The investigation is still ongoing, but Sears says that while some debit and credit card numbers were compromised, no personal data (like social security numbers, e-mail addresses, and PIN numbers) was stolen.
Updated 10/21/14: Staples is currently investigating a possible data breach. Banks noticed a pattern of some unusual charges, primarily involving Staples stores located in Pennsylvania, New York, and New Jersey. The company says that their customers will not be held liable for any fraudulent charges if they discover that the breach did occur.
It’s always a good idea to check your credit card statements regularly, at least once a month, for suspicious activity. In addition, you should consider adding another layer of protection by enrolling in IdentityForce’s UltraSecure+Credit. Your personal information, including your credit, will be monitored 24/7, and you’ll be notified immediately of any suspicious activity so you can act before any damage is done. If anything does happen, IdentityForce will be with you every step of the way helping you restore your identity.
Image courtesy of Flickr user Dafne Cholet.