As the holidays fast approach and the New Year brings a tide of resolutions, we’ve resolved to look over the past year, specifically with regard to data breaches. The vast scale of the year’s breaches was made abundantly clear after a review of the Identity Theft Resource Center’s comprehensive data breach report for 2014.
Read it at your own risk, but be forewarned — it’s not pretty. As the ITRC found, as of Nov. 3, there have been 644 breaches this year, which cumulatively exposed more than 78 million records. And it’s not just banks and large businesses that are being targeted — it’s military organizations, educational institutions and small companies as well. To give you an idea of just how eclectic the list of enterprises breached in 2014 really is, we’ve highlighted a few from the very expansive list:
Lewisburg Area School District
# of records exposed: 1,968
It’s not often that students teach their schools an important lesson, but that’s exactly what happened in the Lewisburg, Penn., school district in October. It was there, near Halloween, that a student reportedly found his or her way into a file with cafeteria information for the schools. Unfortunately for the district, that particular file also happened to contain Social Security numbers, addresses and other identifying data for nearly 2,000 students. While the student may be facing disciplinary action, the more important question in this situation surrounds exactly how the school district enabled this to happen.
Arizona State Retirement System
# of records exposed: 44,000
You might be able to retire from your job, but you’ll never retire from the possibility of getting breached. This was the main revelation to arise from a malicious incursion into the internal infrastructure of the Arizona State Retirement System. Suddenly, 44,000 people were temporarily brought out of comfortable retirement to face the news that their personal data had been maliciously accessed. To mitigate the potential damages, the Retirement System shelled out around $291,000 to provide those affected with identity-guarding services.
Oregon Employment Department
# of records exposed: 851,322
While the Oregon Employment Department mostly concerns itself with finding other people jobs, it was tasked with an unenviable job of its own when it had to bounce back from a breach that compromised more than 850,000 records. The malicious intrusion into the Department’s computer system resulted in personal data like Social Security numbers being swiped. A breach like this could end up having a significant impact on the reputation of the Department, and it will be interesting to see how the group recovers.
University of California Davis Health System
# of records exposed: 1,326
When it comes to the places hackers like to target, there’s arguably none more appealing than an email account. After all, how easy is it to inadvertently open a message containing malware? The answer is extremely. In fact, people do it every day. At UC-Davis Health System, a member of the IT team realized something was wrong when that person observed some suspicious activity in an email account of a provider linked with UCDHS. What it boiled down to was that the provider’s email had been commandeered by a potentially criminal force. This meant that, as a customer of the provider and therefore a recipient of its emails, UCDHS was also impacted. The incident placed more than 1,300 patients at potential risk.