Cyber security awareness for end users

Editor's Notes

• #5: January Target (retail). In January, Target announced an additional 70 million individuals’ contact information was taken during the December 2013 breach, in which 40 million customer’s credit and debit card information was stolen.[5] Neiman Marcus (retail). Between July and October 2013, the credit card information of 350,000 individuals was stolen, and more than 9,000 of the credit cards have been used fraudulently since the attack.[6] Sophisticated code written by the hackers allowed them to move through company computers, undetected by company employees for months. Michaels (retail). Between May 2013 and January 2014, the payment cards of 2.6 million Michaels customers were affected.[7] Attackers targeted the Michaels POS system to gain access to their systems. Yahoo! Mail (communications). The e-mail service for 273 million users was reportedly hacked in January, although the specific number of accounts affected was not released.[8] April Aaron Brothers (retail). The credit and debit card information for roughly 400,000 customers of Aaron Brothers, a subsidiary of Michaels, was compromised by the same POS system malware.[9] AT&T (communications). For two weeks AT&T was hacked from the inside by personnel who accessed user information, including social security information.[10] May eBay (retail). Cyber attacks in late February and early March led to the compromise of eBay employee log-ins, allowing access to the contact and log-in information for 233 million eBay customers.[11] eBay issued a statement asking all users to change their passwords. Five Chinese hackers indicted. Five Chinese nationals were indicted for computer hacking and economic espionage of U.S. companies between 2006 and 2014. The targeted companies included Westinghouse Electric (energy and utilities), U.S. subsidiaries of SolarWorld AG (industrial), United States Steel (industrial), Allegheny Technologies (technology), United Steel Workers Union (services), and Alcoa (industrial).[12] Unnamed public works (energy and utilities). According to the Department of Homeland Security, an unnamed public utility’s control systems were accessed by hackers through a brute-force attack[13] on employee’s log-in passwords.[14] June Feedly (communications). Feedly’s 15 million users were temporarily affected by three distributed denial-of-service attacks.[15] Evernote (technology). In the same week as the Feedly cyber attack, Evernote and its 100 million users faced a similar denial-of-service attack.[16] P.F. Chang’s China Bistro (restaurant). Between September 2013 and June 2014, credit and debit card information from 33 P.F. Chang’s restaurants was compromised and reportedly sold online.[17] August U.S. Investigations Services (services). U.S. Investigations Services, a subcontractor for federal employee background checks, suffered a data breach in August, which led to the theft of employee personnel information.[18] Although no specific origin of attack was reported, the company believes the attack was state-sponsored. Community Health Services (health care). At Community Health Service (CHS), the personal data for 4.5 million patients were compromised between April and June.[19] CHS warns that any patient who visited any of its 206 hospital locations over the past five years may have had his or her data compromised. The sophisticated malware used in the attack reportedly originated in China. The FBI warns that other health care firms may also have been attacked. UPS (services). Between January and August, customer information from more than 60 UPS stores was compromised, including financial data,[20] reportedly as a result of the Backoff malware attacks. Defense Industries (defense). Su Bin, a 49-year-old Chinese national, was indicted for hacking defense companies such as Boeing.[21] Between 2009 and 2013, Bin reportedly worked with two other hackers in an attempt to steal manufacturing plans for defense programs, such as the F-35 and F-22 fighter jets. September Home Depot (retail). Cyber criminals reportedly used malware to compromise the credit card information for roughly 56 million shoppers in Home Depot’s 2,000 U.S. and Canadian outlets.[22] Google (communications). Reportedly, 5 million Gmail usernames and passwords were compromised.[23] About 100,000 were released on a Russian forum site. Apple iCloud (technology). Hackers reportedly used passwords hacked with brute-force tactics and third-party applications to access Apple user’s online data storage, leading to the subsequent posting of celebrities’ private photos online.[24] It is uncertain whether users or Apple were at fault for the attack. Goodwill Industries International (retail). Between February 2013 and August 2014, information for roughly 868,000 credit and debit cards was reportedly stolen from 330 Goodwill stores.[25] Malware infected the chain store through infected third-party vendors. SuperValu (retail). SuperValu was attacked between June and July, and suffered another malware attack between late August and September.[26] The first theft included customer and payment card information from some of its Cub Foods, Farm Fresh, Shop ‘n Save, and Shoppers stores. The second attack reportedly involved only payment card data. Bartell Hotels (hotel). The information for up to 55,000 customers was reportedly stolen between February and May.[27] U.S. Transportation Command contractors (transportation). A Senate report revealed that networks of the U.S. Transportation Command’s contractors were successfully breached 50 times between June 2012 and May 2013.[28] At least 20 of the breaches were attributed to attacks originating from China. October J.P. Morgan Chase (financial). An attack in June was not noticed until August.[29] The contact information for 76 million households and 7 million small businesses was compromised. The hackers may have originated in Russia and may have ties to the Russian government. Dairy Queen International (restaurant). Credit and debit card information from 395 Dairy Queen and Orange Julius stores was compromised by the Backoff malware.[30] Snapsave (communications). Reportedly, the photos of 200,000 users were hacked from Snapsave, a third-party app for saving photos from Snapchat, an instant photo-sharing app.[31]