Compromises in 2014

Total compromises in 2014 were 1.37B+ plus over 250 incidents where the number exposed was unknown or not disclosed. That is about three times the number of compromises during 2013. In 2014 the number of incidents was 835, up by more than a third from the 590 incidents of 2013. 2014 had a record 2,390,893 average compromised per breach (ACB). Previously, the worst was 1,448,710 for 2009. (see bottom for more on ACB)

2014 had more breaches than any year since we started counting in 2005. The only good news is that financial accounts compromised are down from the 2013 high of 245.5 million. Still, at 70.89 million 2014 is the fourth worst year for financial account compromises since 2005.

For 2014, the single largest financial compromise was Home Depot in September 2014 exposing 59,000,000 charge accounts. The single largest non-financial breach was the compromise of an estimated one-billion user accounts reported on 08/05/2014.

Non-financial compromises expose social security numbers, names, email addresses, telephone numbers, medical information or other personal data, Financial compromises expose charge card or bank account information.


10,000+ per breach Total Records Financial Non-Financial
Affected Count 1,373,834,348 70,889,213 1,302,945,135
Incident Count 161 41 124
% by # affected 5.16% 94.84%
% by incidents 25.47% 77.02%


The incident count for financial and non-financial do not total because the Deltek breach on 4/17/2014 exposed 25,000 financial and 55,000 non-financial accounts in one breach. Similarly, the Brazil Boleto Bandits, Home Depot and Viator compromises counted as both.


Under 10,000 per breach Total Affected
Affected Count 929,113
Incident Count 410


Unknown Number affected
Incident Count 260


How to respond to a breach or security incident

Do you need a little advice on how to handle a problem? Here are 8 tips.

1) Have an incident response plan, not the size of Encyclopedia Galactica or the Hitchhiker’s Guide to the Galaxy but certainly more than a few PostIt Notes and remember: Don’t Panic.

2) Know in advance who belongs on your incident response team. Include representatives from security, human relations, legal, some executive and, (sorry) public relations people.

3) Choose your path: watch/learn or contain/recover. They are sometimes exclusive.

4) Prepare a backup communications plan. Is your phone director on a now-down network? Are your phones operated by a now compromised system? You can’t organize your people if you can’t reach them. A few printed copies containing mobile phone numbers are useful.

5) Forensic and incident response data capture. Anything on the machine under attack could be lost at any second. Do you grab the logs which might contain clues as to the attacker? Try and backup the data? How are you going to keep contemporaneous notes? The first few hours are vital and human memory is fallible [ In the gratefully few genuine disasters I used ruled paper and pen. They work when the power does not. – ed ] Decide in advance.

6) Include all the participants. A technology interruption affects I/T certainly. It also affects every user and stakeholder in the process. Know who needs to be told and ways to tell them if regular communications are ineffective. (see #4 above)

7) If you are the victim of a cyber-crime you are not alone. Contact law enforcement and report a crime.

8) Get to Carnegie Hall! How do you get to Carnegie Hall? Practice, practice, PRACTICE. Walk through, talk through, simulate, drill, pretend, and get to the point when the real thing hits you are ready to deal with it.

For more details on the above see Sophos. There are Simple Incident Handling forms from the SANS Institute.

For some light [ that is sarcasm, why don’t we have a font for that? -ed ] reading, try the Computer Security Incident Handling Guide (79 page PDF) from the National Institute of Standards and Technology (NIST).

Update: September 2015: Or, download the HP white paper via TheRegister whose motto is “Biting the Hand that feeds IT”.

7/04/2014  BitCoin/Coinbase

Coinbase is a popular electronic wallet for Bitcoin. A weakness can allow an attacker to steal authentication codes and access accounts. Security researcher Bryan Stern disclosed the problem to Coinbase 3/11/2014. About a month later Coinbase closed the report as “Won’t Fix”, and awards Stern $100 as part of their bug hunter program. Stern went public via his GitHub blog on 6/27/2014. From Sophos

Hacker Cat

A cat collar was equipped with a WiFi scanner and recorder. The orange tabby was taken for a walk and located many unsecured wireless networks which can be hacked for malicious purposes. Video 1m 43s

Is it a really bad idea to use a password more than once?

Yes. One example: Earlier in September 2014, nearly 5,000,000 Gmail account names and passwords were uploaded to a public place and WordPress had to do a bulk password reset. Why? The account names and passwords were not stolen from Google, they had been gathered over time and saved for later misuses. So why did WordPress decide to do a reset? 700,000 of the 5M in the leaked list also appeared in WordPress’ user database. So, the same exposed credentials could compromise 14% of WordPress user accounts. More at Sophos …

11/01/2014  Motion Microscope

Microphone? We don’t need no stinking microphone! An impressive use of video capture, motion detection, enhancement and analysis for tasks such as taking vital signs without making contact, baby monitoring, engineering and remote sound recovery. Think about determining sound from across space by observing motion. Or, obtaining speech from the micro vibrations of a crumpled potato chip bag through sound proof glass and around a corner. In 1998 Enemy of the State showed capabilities like this which seemed beyond our capabilities. Back then they might have been, but no longer. A presentation at TEDxBeaconStreet 13m 18s.

11/11/2014 Tennessee County Pays Crypto Ransom

$572 was extorted from the Dickson County Sheriff by locking data with the ransomware “CryptoWall.” “Our computer system was attacked from an outside source,” said Sheriff Jeff Bledsoe. Office staff was listening to Dickson radio station WDKN’s online radio stream when the “ransomware” infected the department’s report management system. WDKN disputes this. There was countdown until data would not be unlocked. (more)

It is always a temptation to an armed and agile nation
   To call upon a neighbour and to say: —
“We invaded you last night–we are quite prepared to fight,
   Unless you pay us cash to go away.”

And that is called asking for Dane-geld,
   And the people who ask it explain
That you’ve only to pay ’em the Dane-geld
   And then you’ll get rid of the Dane!

It is always a temptation for a rich and lazy nation,
   To puff and look important and to say: —
“Though we know we should defeat you, we have not the time to meet you.
   We will therefore pay you cash to go away.”

And that is called paying the Dane-geld;
   But we’ve proved it again and again,
That if once you have paid him the Dane-geld
   You never get rid of the Dane.

It is wrong to put temptation in the path of any nation,
   For fear they should succumb and go astray;
So when you are requested to pay up or be molested,
   You will find it better policy to say: —

“We never pay any-one Dane-geld,
   No matter how trifling the cost;
For the end of that game is oppression and shame,
   And the nation that pays it is lost!”

more on Rudyard Kipling, Nobel Laureate for Literature in 1907

US Smartphone Comscore

In the three months ending December 2014, 182 million people in the U.S. owned smartphones representing a 74.9% mobile market penetration. More …


Average Compromised per Breach (ACB) does not include incidents where the number compromised is unknown or undisclosed. A higher ACB means that, on average, more accounts were compromised in fewer incidents. Or, that the number of accounts compromised grew faster than the number of incidents. In any case higher is bad. For 2009 it was about 255 million compromised in 176 breaches. 2014 shatters that record with about 1.375 billion compromised in 547 breaches.
Compromises in 2014 affecting 10,000 or more
Compromises in 2014 affecting under 10,000
Compromises in 2014 affecting an unknown, or undisclosed, number

Return to References page
Return to Year Link page

Links above were active at the time they were gathered. Links shown in non-hypertext (not clickable) are known to be no longer supported on their hosts.