The top 10 data breaches of the past 12 months

If the last couple years have taught us anything, it’s that consumers can only do so much to protect themselves from fraud. While some may be distrustful of shopping online, data breaches like those at Target have proven that traditional brick-and-mortar retailers are equally susceptible to being hacked.

Of course, it’s not just debit and credit cards in need of protection — passwords, Social Security numbers and nearly every other form of personal data is also ripe for the taking under the wrong circumstances, even for those of us normally diligent enough to escape the clutches of identity theft.

Let’s take a look back at the past 12 months and see if corporations have gotten any better at looking out for the best interest of consumers.

Anthem sign


In terms of size, Anthem Inc. tops our list for the last year after a “very sophisticated external cyber attack” nabbed the account information of “tens of millions” of customers at the nation’s second-largest health insurance provider in early February.

The breached database could ultimately wind up affecting as many as 80 million customers across 14 states, and is said to have included names, birthdates, Social Security numbers, employment data, email addresses and home addresses.

About the only thing the hackers didn’t get were credit card numbers and medical information on patients, but that’s probably little consolation under the circumstances.

Home Depot store aisle

Home Depot

As far as retailer data breaches go, Home Depot actually ranks higher than the 40 million cards nabbed at Target in late 2013, with 56 million credit and debit cards affected at more than 2,200 stores across the United States and Canada.

Announced by the home improvement chain last September, the intrusions began in April, using malicious software to nab card numbers as they were swiped at Home Depot’s point-of-sale terminals.

At this writing, Home Depot is actually the second-largest security breach — the TJX attack back in 2007 remains in the top spot with bad guys nabbing some 90 million accounts.

Chase Bank robbery

JP Morgan Chase

Retail attacks may be one thing, but a data breach at one of the nation’s largest banking institutions is a far scarier proposition. That’s exactly what took place last June and July at JP Morgan Chase, when hackers nabbed the personal information of 76 million customers.

The bank was quick to note there was no unusual fraud to be found in the wake of the breach, which also included nearly seven million small business customers and affected accountholders who access data on the web or from mobile devices.

While sensitive data like account numbers, passwords and Social Security numbers were never at risk, customer names, phone numbers as well as home and email addresses definitely were; Chase suffered a much smaller invasion in mid-2013 with prepaid debit card users.


New York State

According to a report released last July by Attorney General Eric Schneiderman, no one in New York state is safe from data security breaches, with hackers cited in 40 percent of 5,000 incidents reported over the last eight years. (The remaining 60 percent involved lost or stolen equipment, errors or rogue employees.)

Although New York has about 19.5 million residents, the report noted that 22.8 million private records have been exposed in incidents reported by more than 3,000 businesses, nonprofit entities and government agencies.

The Interview


Although it ultimately had little effect on consumers outside the studio, the Sony Pictures Entertainment hack made headlines long after being discovered on November 22, 2014, when hackers first threatened to publicly distribute a veritable treasure trove of Hollywood secrets.

It’s still unknown exactly how the attackers managed to get their virtual hands on nearly everything in SPE’s network before wiping it clean, but they wasted little time publicly embarrassing the entertainment giant with private correspondence between executives and details on movies still in production or yet to be released.

North Korea has been repeatedly fingered by the US government as the culprit behind the Sony attacks, widely blamed on the studio’s portrayal of the Communist nation’s Supreme Leader in the Seth Rogan-James Franco comedy The Interview.

Staples box

Staples & Michaels

Malware was again to blame in a financial security breach affecting 1.16 million debit and credit cards used at office supply retailer Staples Inc. between April and September of last year.

Approximately 119 stores in 35 states were affected by the six-month breach, and the method of attack bore a striking resemblance to the one at arts and crafts retailer Michaels Stores Inc., which directly affected point-of-sale machines used by as many as three million customers.

Goodwill store


Compromised point-of-sale machines were once again to blame for data breaches at Goodwill, which involved an estimated 868,000 credit and debit cards and went on undetected for a whopping 18 months.

The thieves grabbed data from 330 retail stores after breaking into third-party credit card processor C&K Systems, and Goodwill remained blissfully unaware of what was going on until outside investigators and Federal officials clued them in.

Dairy Queen sign

Dairy Queen

The so-called “Backoff” malware that made headlines at Target and Home Depot also wreaked havoc at 395 stores last summer owned by International Dairy Queen, affecting up to 600,000 debit and credit cards.

It could have been much worse: Dairy Queen has 4,500 franchise locations across the United States, but the intrusion coughed up the names, card numbers and expiration dates of affected customers in search of a tasty treat.

Morgan Stanley sign

Morgan Stanley

2015 kicked off with investment firm Morgan Stanley revealing that a rogue employee managed to nab personal details for 350,000 customers (approximately 10 percent of the bank’s client base) prior to being terminated.

In one of the few cases involving actual theft of corporate data rather than an external intrusion, 900 of Morgan Stanley’s wealth management customers (i.e., rich folks) were actually at risk after their private information was sold on the black market.

PF Chang's entrance

P.F. Chang’s

Last but certainly not least, another restaurant chain suffering a high-profile security breach last summer was none other than upscale Asian cuisine outlet P.F. Chang’s China Bistro, which affected an undisclosed number of “certain” debit and credit cards over an eight-month period dating back to October, 2013.

That breach affected only 33 restaurants across 16 states, making it one of the smaller attacks over the last 12 months, but the hackers managed to swipe (pun intended) card numbers, but only some of the associated expiration dates and cardholder names.