Page 4 - BLI Annual Report 2014
P. 4

Home Depot 10.0 109,000,000 records
Korean Credit Bureau 10.0 104,000,000 records
JP Morgan Chase 10.0 83,000,000 records
AliExpress 9.5 300,000,000 records
Sony Pictures Entertainment 6.5
The breach against the U.S.-based home improvement specialty retailer was a financial access attack that involved 109 million records and scored a 10.0 on the risk assessment scale. It was one of the largest attacks of the year in terms of records compromised. According to a statement by the company, its payment data systems were attacked. The files containing the stolen email addresses did not contain passwords, payment card information or other sensitive personal information, it said.
The South Korean financial services provider suffered an identity theft breach that involved some 104 million records and scored a 10.0 on the risk assessment scale. CSO reported that the breach affected 27 million people, with compromised data coming from Web site registrations for various games and online gambling promotions, ringtone storefronts and movie ticketing. Records involved included names, account names and passwords, and resident registration numbers.
The U.S.-based financial services provider suffered an identity theft breach that resulted in 83 million records being compromised, scoring a 10.0 on the risk assessment scale. In a post on its Web site, the company said based its forensic investigation there was no evidence that customer account numbers, passwords, user IDs, dates of birth or Social Security numbers were compromised during the attack. However, contact information such as name, address, phone number and email address was compromised.
A critical but easily exploitable personal information disclosure vulnerability was discovered in the popular online marketplace owned by Chinese e-commerce company, which affected its millions of users worldwide, according to The Hacker News. The account access breach involved 300 million records and scored 9.5 on the risk assessment scale. The reported vulnerability could allow anyone to steal personal information about hundreds of millions of AliExpress users without knowing their account passwords.
Although it scored relatively low in terms of the number of records involved (47,000), the identity theft attack against the U.S. entertainment company was one of the most highly publicized hack attacks ever, garnering much attention because the U.S. federal government blamed the incident on North Korean attackers. The SPE breach scored a 6.5 on the risk assessment scale. But this does not take into account the loss from intellectual property theft from any videos/movies that might have been illegally obtained and released.

   2   3   4   5   6