Skip to content ↓ | Skip to navigation ↓

In anticipation of the New Year, Tripwire recently published an article that surveyed some of the better-known data breaches that occurred in 2014. We now present Part 2 of our two-part series, “2014: The Year of the Breach.”

  • Home Depot (September) – On September 18th, Home Depot acknowledged that it had suffered a data breach. The attackers gained entry to the perimeter of the retailer’s networks after using a third-party vendor’s login credentials. According to Brian Krebs, only then were the hackers able to exploit a vulnerability in Microsoft Windows, which allowed them access to Home Depot’s point-of-sale (PoS) machines. In all, the hackers stole 56 million credit card numbers as well as 53 email addresses. Those figures notwithstanding, Home Depot was optimistic about its third quarter sales back in November of 2014 after noticing transaction growth in each month of Q3.
  • Gmail (September) – Around the same time as the Home Depot breach, a Reddit user posted a link to a database that featured nearly five million leaked Gmail emails and passwords. The login credentials were posted in plaintext on Russian hacker forums, prompting cybercriminals to exploit the stolen email addresses in a variety of phishing schemes. A few days after the hack was announced, Google issued a statement in which it revealed the following: “The leaked usernames and passwords were not the result of a breach of Google systems.” All of the compromised accounts were likely lifted off of websites other than Google. Even so, all Gmail users were asked to change their passwords as well as consider implementing two-factor authentication for an additional layer of security.

2014 is now officially behind us, yet we will undoubtedly continue to discuss these and other security incidents for months if not years to come. Hopefully they will provide us with lessons that we can subsequently internalize to make 2015 a better, more secure year.

Resources:

picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.

picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].

Image header courtesy of ShutterStock.com.