2014 in security: The biggest hacks, leaks, and data breaches

Hundreds of millions of records have been stolen this year through hacks and data breaches as a result of poor, or flawed security. Here are the most notable stories of the year.
Topic: Security
1 of 15 U.S. Postal Service

U.S. security contractor vetting firm hit by breaches

A contractor for U.S. Homeland Security suffered a data breach, leading to the leak of personal information on employees. The private company, USIS, conducts background checks on behalf of the government agency. USIS came under fire for being the firm that vetted Edward Snowden. The U.S. Justice Dept. also accused the company of faking more than half-a-million background checks.

2 of 15 CNET/CBS Interactive

Sony attack leads to massive data grab

Sony’s systems were thrown into disarray in late November after unknown assailants hijacked computers.

North Korea was blamed by some media outlets, but denied any involvement. The rogue state did however call the successful hack a “righteous deed,” but denied involvement.

The FBI concluded its investigation, saying North Korea was “responsible.” Since then, numerous stories about the company’s executives and Hollywood elite surfaced, including critical remarks about President Obama -- even the celebrities of the movies Sony produces.

3 of 15 CBSNews.com

JPMorgan credit card hack

When news broke that hackers attacked JPMorgan’s systems, the message was that it “could’ve been worse”. Tens of millions of Chase customers were affected by the data breach -- even if their bank accounts weren’t affected. The attack is said to have affected around 80 million U.S. households, and 7 million small to medium-sized businesses, making it one of the largest in history. The FBI’s investigation is continuing into attempts on other financial institutions.

4 of 15 CNET/CBS Interactive

USB security hosed, computers ruined

Researchers this year warned hat an exploit dubbed “BadUSB” can transform keyboards, flash drives, and other USB-connected devices into attack platforms that can evade modern anti-malware programs. The flaw can even be used to infect and replace a computer’s BIOS, making trusted -- even non-Internet connected “airgapped” computers -- vulnerable to attack.

5 of 15 CNET/CBS Interactive

Chinese hacked U.S. weather systems

Chinese hackers earlier this year broke into four websites belonging to the U.S. federal agency overseeing weather systems. The U.S. National Oceanic and Atmospheric Administration carries weather data and satellite feeds to its websites. But those services were shut down by the agency for more than a week following the hack. The agency said it was “unscheduled maintenance,” but one congressman said the agency covered it the attack.

6 of 15 CNET/CBS Interactive

Celebrity data leaked amid alleged iCloud hack

A significant leak of private photos from Hollywood celebrities landed occurred earlier this year, as a result of using "brute force" methods on targeted iCloud accounts. Over a hundred nude photos, some extremely explicit, were posted in total on the infamous discussion board 4chan during that weekend. Apple denied any breach of its systems, but bolstered its security in the wake of the attack.

7 of 15 Wikimedia Commons

The Intercept releases Belgacom state-sponsored malware

Perhaps one of the most public state-sponsored hacking attacks in recent history, news emerged this year that the U.S. and British governments were behind a targeted attack on a Belgian internet provider that served much of the European Union’s executive. The so-called Regin malware was discovered around a year later. It was not long before the pieces of the jigsaw were put together. The Intercept, a website set up to publish the Snowden leaks, released the malware’s code.

8 of 15 U.S. Postal Service

U.S. Postal Service networks hit, employee data grabbed

Unknown assailants attacked the U.S. postal system’s networks -- blame was quickly rested on China. Data of more than 800,000 employees has been compromised, including Social Security number and postal addresses. The news broke as both U.S. and Chinese leaders met in Beijing to discuss, among many items on the agenda, cybersecurity and state-sponsored hacking.

9 of 15 CNET/CBS Interactive

Snapchat data posted on 4chan after backup hack

Around 13 gigabytes of data -- including photos and videos -- were pilfered by hackers, which eventually made its way to image sharing site 4chan. Known as “The Snappening,” shady backup services that were said to store snaps indefinitely quickly became the focus of blame. Snapchat cautioned its 100 million active users to stay away from such unauthorized services.

10 of 15 via CNET

One tweet can lead to a back account hack

One inane tweet from mid-2012 was enough to start a chain reaction of information gathering that could have rivaled the work of a government intelligence agency. The target in question may not have been a chief executive, a rock star, or a celebrity, or a government employee with access to state secrets. But it was enough to throw that privacy-conscious person off base.

11 of 15 Target

Target breach woes spread into 2014

An estimated 110 million records were pilfered from the company, announced at the end of 2013, but spread well into 2014. The brick-and-mortar and online retailer said its U.S. sales were “meaningfully weaker.” The company’s chief information officer, tasked with internal security, resigned three months into the new year. The total cost of the breach hit $110 million by the mid-year.

12 of 15 Wikimedia Commons

European Central Bank hit by data breach

The central bank monitoring and overseeing the Eurozone in Europe suffered a security breach earlier this year that led to the theft of personal data. No internal systems or market sensitive data were compromised, but email and postal addresses, along with phone numbers were stolen.

13 of 15 CNET/CBS Interactive

eBay hit by whopping 145 million user data breach

In a shocking breach revealed in May, more than 145 million users were affected by a massive hack of eBay’s systems, including email and postal addresses, and login credentials. Financial data was not stolen. The UK’s data watchdog launched a probe into the breach. Months after the breach, eBay said it took a $200 million hit to its annual revenue as a result the security breach.

14 of 15 Home Depot

​Home Depot breach saw hundreds of millions of records stolen

The company suffered in September a massive 109 million records leak, including 56 million credit cards and 53 million email addresses. Home Depot said a third-party vendor was at fault for the breach, which also led hackers to spread through networks to steal credit card data at point-of-sale terminals.

15 of 15 CNET/CBS Interactive

Spotify warns of “unauthorized access”

Android users of Spotify were warned to upgrade after an isolated incident led to the breach of just one user’s data. Despite not having any financial or payment information taken, the company contacted the individual. Spotify has an estimated 40 million users. Android users were also warned to update, leaving some to speculate the app was to blame.

Related Galleries

Yubikey Security Key C NFC
Security Key C NFC

Related Galleries

Yubikey Security Key C NFC

First look at the YubiKey Bio
YubiKey Bio

Related Galleries

First look at the YubiKey Bio

iVerify (version 17)
iVerify for iOS and iPadOS

Related Galleries

iVerify (version 17)

OnlyKey hardware security key

Related Galleries

OnlyKey hardware security key

SoloKeys Solo V2
Solo V2

Related Galleries

SoloKeys Solo V2

iVerify: Added security for iPhone and iPad users

Related Galleries

iVerify: Added security for iPhone and iPad users

iStorage datAshur BT hardware encrypted flash drive
iStorage datAshur BT

Related Galleries

iStorage datAshur BT hardware encrypted flash drive