An unprecedented number of high profile data breaches occurred at U.S. retailers in 2014. Equally troubling were breaches that received little media attention, yet dramatically impacted those targeted, forcing many of them out of business. Following is a compilation of 2014 data breaches. For more information visit the Privacy Rights Clearinghouse website at www.privacyrights.org.
Charge Anywhere notified individuals that an unauthorized person(s) installed "sophisticated malware" that permitted hackers to "capture segments of outbound network traffic" on transactions completed Aug. 17 to Sept. 24, 2014, and possibly dating back to Nov. 5, 2009.
The women's clothier notified customers of a POS systems breach that occurred Nov. 8 to Nov. 26, 2014, that allowed hackers to obtain credit card information. A forensics investigation was launched to determine the extent of the breach. Possibly more than 200 stores were affected.
An investigation conducted on behalf of Staples revealed nearly 1.2 million customer payment cards at 115 Staples stores may have been accessed by hackers using malware that allowed access to cardholder names, payment card numbers, expiration dates and card verification codes.
A breach that occurred at K-Mart stores starting in Sept. 2014 apparently used malicious software to target POS systems, compromising cardholder information. K-Mart removed the malware from its systems and is working with investigators to assess the extent of the breach.
In two separate incidents, AB Acquisitions LLC discovered malware was used to capture cardholder data at various store locations. The first breach occurred from June 22 to July 17, 2014. The second breach impacted stores from Aug. 27 to Sept. 21, 2014.
After launching a multistate investigation, Home Depot confirmed that POS systems at 2,200 of its stores across the United States and Canada were compromised, potentially affecting as many as 56 million cardholders.
An unknown number of POS systems at the chain's 6,300 locations forced several affected stores to accept cash only until authorities investigated further. "Backoff" malware was later detected, the same malware attributed to the Target and Supervalu data breaches.
Malware was discovered on UPS systems that impacted 51 franchise store locations in 24 states. According to UPS, both credit and debit card transaction information was compromised from Jan. 20 to Aug. 11, 2014. The company said it has since removed the malware from its system.
Supervalu, which operates 3,763 corporate and franchise stores, reported a system attack that compromised credit card data on POS systems used at an unknown number of stores from June 22 to July 17, 2014. The breach is under investigation.
Upon detecting fraudulent credit card activity, a forensics investigation revealed a third-party vendor's systems had been compromised by malware, allowing fraudsters access to customer card data intermittently from Feb. 10, 2013, to Aug. 14, 2014. This affected 330 stores in 20 states.
After credit card data surfaced on an underground website, the restaurant chain confirmed a breach to its POS system had occurred. An investigation revealed customer credit and debit cards at 33 restaurant locations were affected by the breach.
Invesigators determined hackers gained access to the beauty supplier's network to steal credit card data from stores. An investigation found the breach impacted fewer than 25,000 records containing track 2 payment card data.
Smucker's Online Store was penetrated by a cyber attack that compromised cardholder data using sophisticated malware to obtain form data submitted by visitors during the checkout process.
Neiman Marcus confirmed its database of customer information was hacked. The breach, which may have dated back as far as July 2013, was fully contained on Jan. 12, 2014, the store said. Approximately 1.1 million cardholders were affected.
A POS system implemented by third-party vendor Datapark USA Inc. at several Chicago area ABM parking facilities was hacked, compromising the cardholder data of customers who paid for parking services at those locations.
The online swimwear retailer confirmed unauthorized individual(s) installed malware on the server hosting its website, allowing fraudsters access to customer data for purchases made from May 12 to Aug. 28, 2014.
The San Diego hotel group revealed that as many as 55,000 hotel visitors may have been victims of a credit card data breach that exposed cardholder data from Feb. 16 to May 13, 2014.
The Florida-based restaurant chain identified a POS systems breach that compromised transactions from vendors in Texas, New York, Massachusetts and at least four Florida restaurants. The company is working with local law enforcement to investigate the breach.
After being notified by the Secret Service of a potential breach to its system, Houstonian launched a forensics investigation and discovered that from December 2013 to June 2014, an unauthorized party gained access to cardholder data on its POS system.
Approximately 30,000 customers were notified after malware was detected on POS systems at several of the car wash chain's 13 locations in the northeastern United States.
As many as 300 cardholders were impacted by an attack that infiltrated the gas station's network.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next