As we wrap up 2014 and look ahead to the New Year, it’s important to reflect on the data security lessons we learned in the past 12 months. Hundreds of millions of records were stolen this year as a result of faulty security. Here are the top five stories of the year.
iCloud Photos Leaked
In September, some very private photos of Hollywood celebrities were leaked after an iCloud data breach. A hacking group wrote a program that guessed username and password combinations for iCloud services. At the time, iCloud wasn’t limiting the number of guesses, so hackers had many chances to guess the right combination without being locked out.
This hack highlighted the need for two-factor authentication on iCloud accounts, specifically SMS authentication. Read this article to learn more about two-factor authentication.
“Once this is enabled a user would receive a four digit SMS message with a code to input in addition to their password,” Lewis said in another Forbes article. “This way, if a password is compromised the attacker would still need an SMS code to gain access to the user account.”
Sony Pictures Communication Leaked
Late last month, Sony Pictures suffered a catastrophic data breach. The information leaked includes passwords, medical information, salary information and movie scripts. Passwords were stored in plain text in many different files that hackers were able to steal from Sony.
“This is indicative of some serious lapses in judgment but, only a small window into the issue,” Dave Lewis wrote in a recent Forbes article about the breach. “We have not heard the facts as to how the attackers were able to gain such an unprecedented foot hold on the network and literally bring the company to their knees.”
JPMorgan Client Information Hacked
In July, news broke that hackers attacked JPMorgan’s systems, affecting about 80 million households and 7 million small to medium-sized businesses. Contact information, including name, address, email address and phone number was compromised.
In a statement, JPMorgan said, “there is no evidence that account information for such affected customers — account numbers, passwords, user IDs, dates of birth or Social Security numbers — was compromised during this attack."
eBay Breach Costs $200 Million in Lost Revenue
In May, 145 million eBay users were affecting by a huge hack of eBay’s systems. Hackers got access to users’ email addresses, login credentials and postal addresses. While no financial data was stolen, eBay says it lost $200 million in lost annual revenue because of the breach.
Home Depot Payment Card Breach
In September, Home Depot confirmed that its payment data systems were breached. A total of 56 million payment cards were compromised, and Home Depot faced 21 lawsuits as a result. The theft is thought to be the largest theft of payment cards from a direct attack on a retailer.
Going into 2015, it’s important to stay vigilant on emerging trends in data security. To get started on the right foot, check out “5 Information Security Trends That Will Dominate in 2015.”