2014 Retail Data Breaches

     

    2014 was a year where retail data breaches dominated retail news and changed the corporate landscape of many retail organizations. The phrase, “It’s not if you will have a breach, but when you learn that you’ve had a breach” became common language for retail loss prevention departments across the country. We also found that while most data breaches were intended for financial gain, others were also initiated for malicious intent, simply to damage brands and cause financial loss. This would be an ongoing topic in 2015 as well, as business continued to react to these cyber threats and proactively address future opportunities. Below are the primary data breaches and related stories that made headlines across the US in 2014, setting the stage for many new policies, strategies, and related retail management decisions that have since followed.

    Target Says Data Breach Puts up to 110 Million People at Risk
    While the incident actually took place in late 2013, the Target data breach dominated many of the early headlines in 2014. Target said that the thieves who accessed its data system from late November through mid-December also obtained personal information on 70 million customers, an exposure of data that’s well beyond the financial information on 40 million people it initially reported. Target said, “The theft is not a new breach.” But spokeswoman Molly Snyder later said the possibility exists that the personal information exposure involves different people than the financial one. If so, as many as 110 million people had data stolen from Target’s system.

    - Sponsors -

    Neiman Marcus Investigates Possible Credit Card Data Theft
    Neiman Marcus investigated a security breach involving credit card information that was stolen from its customers during the holiday shopping season. The Secret Service, which was already probing a similar breach at Target, launched an investigation into the matter. Company spokeswoman Ginger Reeder said in a written statement, “We have begun to contain the intrusion and have taken significant steps to further enhance information security.”

    Michaels Warns of Payment Card Breach
    Michaels, the biggest U.S. arts and crafts retailer, investigated a data breach on its network and advised customers to check financial statements for fraudulent activity. “We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information,” Chief Executive Chuck Rubin said in the statement. “We are taking aggressive action to determine the nature and scope of the issue.” It was not immediately clear how many cards might have been affected, when an attack might have occurred or whether the systems were currently compromised…

    eBay Suffers Cyber Attack, Users Asked to Change Passwords
    Need any more proof that cyber threats are among the world’s most pressing concerns? Look no further than retail giant, eBay, which reported a massive data breach in its system. According to the firm, around late February or early March, cyber thieves stole sensitive customer information, such as: email addresses, encrypted passwords and birth dates. And while it said no financial information was compromised, the situation was serious enough for the company to urge its 145 million users to change their passwords…

    P.F. Chang’s Confirms Credit Card Breach
    Nationwide restaurant chain P.F. Chang’s Chinese Bistro confirmed news that customer credit and debit card data had been stolen in a cyber-crime attack on its stores. The company had few additional details to share about the data breach, other than to say that it would temporarily be switching to a manual credit card imprinting system for all P.F. Chang’s restaurants in the United States…

    Goodwill Investigates Data Breach
    Goodwill Industries International, a nonprofit agency that operates thrift stores around the country, investigated a potential security breach that may have led to the theft of customers’ credit card data. In a statement, Goodwill said it had been contacted by federal authorities and a fraud investigation unit about a possible data theft at its American store locations. Goodwill said it was working with the authorities…

    Supervalu Investigates Data Breach
    Supervalu Inc investigated a data breach that could have affected some of its retail food stores, including some of its associated stand-alone liquor stores. The intrusion may have resulted in the theft of account numbers and other numerical information from payment cards used at some point-of-sale systems at the company’s owned and franchised stores. “The intrusion was identified by our internal team, it was quickly contained, and we have had no evidence of any misuse of any customer data,” Supervalu CEO, Sam Duncan, said in a statement…

    Nearly All U.S. Home Depot Stores Breached
    New data gathered from the cyber-crime underground suggests that the apparent credit and debit card breach at Home Depot involves nearly all of the company’s stores across the nation. As with cards put up for sale in the wake of those data breaches each card is listed according to the city, state and ZIP code of the store from which each card was stolen. A comparison of the ZIP code data between the unique ZIPs and those of the Home Depot stores shows a staggering 99.4 percent overlap…

    Staples stores investigated: suspected payment card breach
    Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating “a potential issue” and has contacted law enforcement. It appears likely that fraudsters have succeeded in stealing customer card data from some subset of Staples locations…

    Kmart Says Hackers Stole Card Data in Attack
    Sears Holdings Corp’s Kmart discount chain, the latest victim of hacker attacks on retailers, detected a security breach yesterday and is investigating the incident with law enforcement officials. “According to the security experts Kmart has been working with, the Kmart store payment data systems were infected with a form of malware that was undetectable by current anti-virus systems,” the company said. “Kmart was able to quickly remove the malware. However, Kmart believes certain debit and credit card numbers have been compromised…”

    Dairy Queen Victim of Data Breach
    Sources in the financial industry say they’re seeing signs that Dairy Queen may be the latest retail chain to be victimized by cyber-crooks bent on stealing credit and debit card data. Dairy Queen says it has no indication of a data breach also acknowledges that nearly all stores are franchises and that there is no established company process or requirement to communicate card breaches to Dairy Queen headquarters…

    Possible Credit Card Breach at Bebe Stores
    Data gathered from several financial institutions and at least one underground cyber-crime shop suggest that thieves have stolen credit and debit card data from Bebe Stores Inc., a nationwide chain of some 200 women’s clothing stores…

    Sony Loses More Than $200 million Following Cyber Attack
    Sony Pictures suffered an estimated loss of more than $200 million on account of a cyber attack over the film “The Interview”, according to various analysts. The $200 million figure is expected to rise, given the expenses that the company will incur due to lawsuits that former employees have filed as a result of their personal data being stolen from Sony’s database by the hackers…

    Stay Updated

    Get critical information for loss prevention professionals, security and retail management delivered right to your inbox.