2014 in security: The biggest hacks, leaks, and data breaches

A contractor for U.S. Homeland Security suffered a data breach, leading to the leak of personal information on employees. The private company, USIS, conducts background checks on behalf of the government agency. USIS came under fire for being the firm that vetted Edward Snowden. The U.S. Justice Dept. also accused the company of faking more than half-a-million background checks.

Sony’s systems were thrown into disarray in late November after unknown assailants hijacked computers.

North Korea was blamed by some media outlets, but denied any involvement. The rogue state did however call the successful hack a “righteous deed,” but denied involvement.

The FBI concluded its investigation, saying North Korea was “responsible.” Since then, numerous stories about the company’s executives and Hollywood elite surfaced, including critical remarks about President Obama -- even the celebrities of the movies Sony produces.

When news broke that hackers attacked JPMorgan’s systems, the message was that it “could’ve been worse”. Tens of millions of Chase customers were affected by the data breach -- even if their bank accounts weren’t affected. The attack is said to have affected around 80 million U.S. households, and 7 million small to medium-sized businesses, making it one of the largest in history. The FBI’s investigation is continuing into attempts on other financial institutions.

Researchers this year warned hat an exploit dubbed “BadUSB” can transform keyboards, flash drives, and other USB-connected devices into attack platforms that can evade modern anti-malware programs. The flaw can even be used to infect and replace a computer’s BIOS, making trusted -- even non-Internet connected “airgapped” computers -- vulnerable to attack.

Chinese hackers earlier this year broke into four websites belonging to the U.S. federal agency overseeing weather systems. The U.S. National Oceanic and Atmospheric Administration carries weather data and satellite feeds to its websites. But those services were shut down by the agency for more than a week following the hack. The agency said it was “unscheduled maintenance,” but one congressman said the agency covered it the attack.

A significant leak of private photos from Hollywood celebrities landed occurred earlier this year, as a result of using "brute force" methods on targeted iCloud accounts. Over a hundred nude photos, some extremely explicit, were posted in total on the infamous discussion board 4chan during that weekend. Apple denied any breach of its systems, but bolstered its security in the wake of the attack.

Perhaps one of the most public state-sponsored hacking attacks in recent history, news emerged this year that the U.S. and British governments were behind a targeted attack on a Belgian internet provider that served much of the European Union’s executive. The so-called Regin malware was discovered around a year later. It was not long before the pieces of the jigsaw were put together. The Intercept, a website set up to publish the Snowden leaks, released the malware’s code.

Unknown assailants attacked the U.S. postal system’s networks -- blame was quickly rested on China. Data of more than 800,000 employees has been compromised, including Social Security number and postal addresses. The news broke as both U.S. and Chinese leaders met in Beijing to discuss, among many items on the agenda, cybersecurity and state-sponsored hacking.

Around 13 gigabytes of data -- including photos and videos -- were pilfered by hackers, which eventually made its way to image sharing site 4chan. Known as “The Snappening,” shady backup services that were said to store snaps indefinitely quickly became the focus of blame. Snapchat cautioned its 100 million active users to stay away from such unauthorized services.

One inane tweet from mid-2012 was enough to start a chain reaction of information gathering that could have rivaled the work of a government intelligence agency. The target in question may not have been a chief executive, a rock star, or a celebrity, or a government employee with access to state secrets. But it was enough to throw that privacy-conscious person off base.

An estimated 110 million records were pilfered from the company, announced at the end of 2013, but spread well into 2014. The brick-and-mortar and online retailer said its U.S. sales were “meaningfully weaker.” The company’s chief information officer, tasked with internal security, resigned three months into the new year. The total cost of the breach hit $110 million by the mid-year.

The central bank monitoring and overseeing the Eurozone in Europe suffered a security breach earlier this year that led to the theft of personal data. No internal systems or market sensitive data were compromised, but email and postal addresses, along with phone numbers were stolen.

In a shocking breach revealed in May, more than 145 million users were affected by a massive hack of eBay’s systems, including email and postal addresses, and login credentials. Financial data was not stolen. The UK’s data watchdog launched a probe into the breach. Months after the breach, eBay said it took a $200 million hit to its annual revenue as a result the security breach.

The company suffered in September a massive 109 million records leak, including 56 million credit cards and 53 million email addresses. Home Depot said a third-party vendor was at fault for the breach, which also led hackers to spread through networks to steal credit card data at point-of-sale terminals.