Data breaches

Millions of records compromised in these data breaches

We used 1 million records exposed as our floor in creating this list. Starting with a number that big says a lot about the state of data security.

masks on wall
Trending up?

The Identity Theft Resource Center found 85,611,528 records exposed last year in the 783 breaches. The list unfortunately just seems to grow with every update. 2015 is proving to be no different with the Anthem and Premera breaches occurring (see last slide for the latest breach). But before we move on to this year's compromises, here are the greatest number of records breached from lowest to highest from 2014.

worstdatabreaches20142
Credit: REUTERS/Eric Thayer
JPMorgan Chase

JPMorgan Chase (JPMC) updated investors about their disclosed data breach in an 8-K filing with the Securities and Exchange Commission. The 8-K report says that user contact information, including names, addresses, phone numbers, and email addresses, as well as internal JPMC information relating to such users was compromised.

worstdatabreaches20143
Department of Public Health and Human Services - Montana

Hackers of unknown origin gained access to a computer server tied to the Montana Department of Public Health and Human Services, exposing sensitive or confidential information of current and former medical patients, health agency employees and contractors, according to Reuters.

worstdatabreaches20144
Neiman Marcus

Neiman Marcus was unaware attackers had harvested payment card details until six weeks after the activity had ended, when its merchant processor zeroed in on a fraudulent spending pattern. Neiman Marcus characterized the malware involved as "complex" and described in part how it collected card details despite security measures that the retailer says exceeded industry recommendations.

worstdatabreaches20145
Credit: Mike Mozart
Staples

Staples, one of the nation's largest office supply retailers, said that at least 1.16 million credit and debit cards were impacted after POS malware infected systems at 115 stores nationwide.

worstdatabreaches20146
IRS

Taxpayer and other SBU information may be at risk due to a lack of background investigation requirements in five contracts for courier, printing, document recovery, and sign language interpreter services, according to audit reports.

worstdatabreaches20147
Credit: Dennis Yang
Texas Health and Human Services (Xerox)

A report at the time said: Xerox, a company that worked on the Texas Medicaid program, may still have files that contain information about 2 million current and former Medicaid clients. The company is being sued by the state and has refused to return the files.

worstdatabreaches20148
Credit: Mr. TinDC
Sitesearch Corp., LeapLab LLC; Leads Company LLC

Security researcher Brian Krebs reported: “The Federal Trade Commission announced this week it is suing a consumer data broker that sold payday loan application data to scammers who used the information to pull money out of consumer bank accounts. The scam brings to mind an underground identity theft service I wrote about in 2012 that was gathering its data from a network of payday loan sites.”

worstdatabreaches20149
Michaels Stores

CEO Chuck Rubinsaid said "it is in the best interest of our customers to alert them to this potential issue" so they can scan payment card statements for unauthorized charges, according to the statement.

worstdatabreaches201410
Credit: Jim Trottier
Community Health Systems / Tennova / Complete Heal

The company said that in April and June of 2014, attackers believed to be from China (a determination made by Mandiant after CHS hired them to do clean-up), compromised 4.5 million records. The records contained information related to people who had been referred to or received services from CHS over the last five years. The compromised records included valuable personal data such as names, addresses, birth dates, phone numbers, and Social Security Numbers.

worstdatabreaches201411
Credit: Dean Hochman
Home Depot

Home Depot released an update on the status of their breach investigation. The update didn't include many details, but the retailer did confirm that the incident impacted 56 million customers, making their breach larger than the incident at Target.

In a statement Home Depot said that the company's investigation, with includes elements of the US Secret Service, Symantec, and their own internal teams, has determined that "unique, custom-built malware" was used in order to help the criminals evade detection. That investigators are calling the malware new puts to rest speculation that said it was related to BlackPOS, the malware used during the Target breach.

RELATED SLIDESHOW: The data breach quiz: What have we learned?

carefirst
Credit: Thinkstock
CareFirst

CareFirst BlueCross BlueShield (CareFirst) disclosed a data breach that impacts 1.1 million current and former members, who registered to use the insurer's websites or who did business with them online prior to June 20, 2014. Read the full story.