Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Whitepapers

61 Million Retail Records Lost in 2014: IBM

IBM today released research and intelligence reports on data breaches in the retail sector and trends for the Black Friday/Cyber Monday period.

According to the company, a total of more than 61 million retail records were stolen, lost or leaked in the United States last year, which is less than the over 70 million records compromised in 2013.

IBM today released research and intelligence reports on data breaches in the retail sector and trends for the Black Friday/Cyber Monday period.

According to the company, a total of more than 61 million retail records were stolen, lost or leaked in the United States last year, which is less than the over 70 million records compromised in 2013.

There have been several massive data breaches over the past years in which tens of millions of records had been compromised. The list includes The Home Depot (56 million records), Target (70 million records), Sony (12 million records leaked in the 2011 incident), Steam (35 million records), and TJX (100 million records).

If these incidents are removed from the equation and only breaches with less than 10 million lost records are taken into consideration, we see that the total number of compromised retail records has increased considerably since 2012.

While the number of compromised records has increased over the past years, IBM has determined that the number of breaches reported has decreased since 2012 by over 50%.

Since 2005, a large majority of retail breaches involved successful deployment of malware or the exploitation of an endpoint. Other methods of loss involved portable devices, stationary devices, unintended disclosure, payment card fraud, insiders, and physical loss, IBM said.

The report shows that most of the retail attacks observed by IBM in 2014 leveraged command or SQL injections. Many of the company’s customers also noticed attempts to exploit the ShellShock vulnerability, but the attacks were unsuccessful because IBM had warned them about the exploit three weeks before it was disclosed.

As far as Black Friday/Cyber Monday is concerned, the number of security attacks during this time period has been declining since 2012. However, experts have pointed out that major data breaches are not uncommon in this period. A perfect example are the Target breach from 2013 and the recent Sony Pictures Entertainment incident.

“The lower than average daily security attacks during this time can possibly be the result of attackers performing their dirty work earlier in the year to then reap the benefits during the holiday shopping frenzy. Often, attackers infiltrate targeted systems and then spend months stealthily collecting data before any announcement is made or the organization becomes privy to the compromise,” IBM said in its report.

Retail and wholesale were the most targeted industries last year. In 2012 and 2013, finance and insurance, information and communications, and manufacturing were the most targeted industries.

In the previous two years, malicious code was the primary attack method, but in 2014 unauthorized access took its place, accounting for roughly half of incidents, IBM noted in its report.

IBM reported that 10 breaches were disclosed during the period known as Black Friday through Cyber Monday in 2014, the same number as in 2010.

Additional details are available in the retail industry overview report and the holiday trends report.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

As the year comes to a close, we thought it would be appropriate to highlight some of the best stories and columns for 2010....

Application Security

Hackers breached the systems of anti-adblocking solutions provider PageFair and used the access to deliver malware via the publishers that rely on the company’s...

Application Security

If Patch Tuesday is a party, this would be the IT security version of pre-gaming.On Aug. 9, Microsoft accidentally released information on the five...

Whitepapers

A new report from FireEye details the activities of a threat actor whose mission has been to gather valuable information on individuals and organizations...

Whitepapers

Symantec has published a new whitepaper detailing the activities of a threat group dubbed by the security firm “Waterbug.”

Tracking & Law Enforcement

SAN FRANCISCO - US regulators on Thursday announced a deal with Snapchat to settle a charge that the Internet firm misled users into believing...

Application Security

Protests against Apple and Foxconn due to furor over reports about working conditions have gone digital.