2014 might be remembered as the year of compromise. According to data publishing platform Silk, nearly 290.5 million records were compromised in the top 11 breaches of all time. With a record 783 breaches last year, according to the Identity Theft Resource Center and Identity Theft 911, breach totals are 27.5% higher than in 2013.

While cumulative losses are a moving target thanks to long-tail exposure, the average cost is rising. According to global investigations firm Kroll, the average cost of a data breach hit $5.9 million in 2014, up 9% from the previous year. Worse, few of the culprits are ever caught. Some of the worst losses, in fact, have yet to be quantified, and may not be given the ways in which stolen data has been spread globally.

Data breaches are expected to reach $2.1 trillion globally by 2019, according to a Juniper Research study. That number is four times the estimated cost of 2015 expected breach losses. Yet the full scope data breach losses may never be known. Many breaches affect records and may not show financial impact for years.

 

NYC Home Depot store

The rare NYC Home Depot.

10. The Home Depot – up to $56 million

A cyberattack in September 2014 on the big box retailer resulted in 56 million credit and debit card records being compromised. Malware launched on the company’s systems remained there for five months before being detected and removed. So far, the company has paid out $33 million in reparations, and that number is expected to reach $56 million.

 

The Culver City street sign for Sony Pictures Entertainment

The Culver City, Calif., street sign for Sony Pictures Entertainment. (MR. INTERIOR / Shutterstock.com)

9. Sony Pictures Entertainment – $100 million

In late 2014, Sony’s entertainment subsidiary was hit with a hacking attack in which hackers, calling themselves Guardians of Peace, claimed to have stolen 100 terabytes of data from Sony’s system. The group then launched a malware program on Sony’s computers to erase the company’s data. The estimated cost of recovery: $100 million.

 

Anthem health insurer building

A pedestrian walks past the Indianapolis corporate headquarters of health insurer Anthem on Dec. 3, 2014. (AP Photo/Darron Cummings)

8. Anthem – $100 million+

In February 2015, health insurer Anthem underwent a cyber attack that revealed the personal information of nearly 80 million people. The amount of information stolen, including names, addresses, and Social Security numbers, leaves Anthem’s customers and former customers open to potential identity theft. Current estimates on the breach costs are expected to surpass $100 million.

 

U.S. Attorney Paul Fishman talks about the arrest of four Russian nationals and a Ukrainian, who have been charged with running a sophisticated hacking organization that over seven years penetrated computer networks of more than a dozen major American and international corporations, during a news conference, Thursday, July 25, 2013, in Newark, N.J. (AP Photo/Julio Cortez)

7. Heartland Payment Systems – $140 million

The credit card processing company announced in early 2009 that over 130 million credit and debit card records were exposed when the company’s systems were compromised by malware in 2008. In what was, until recently, the costliest breach in history, Heartland paid over $140 million in costs, fines and penalties.

TJ Maxx store sign in Santa Clarita, Calif.

The TJ Maxx retail store located in Santa Clarita, Calif. (Ken Wolter /Shutterstock.com)

6. TJ Maxx – $162 million

In March 2007, retailer TJ Maxx was hit by a massive security breach that affected 100 million credit and debit card records. The thief, who attacked Heartland’s systems a year later, stole numbers over an 18-month period, causing an estimated $118 million in damages to the department store chain.

As late as March 2015, company officials were estimating the breach costs at $162 million. Albert Gonzalez, an American who worked as a paid undercover informant for the Secret Service, was sentenced to 20 years in prison for his part in this and other cyber attacks.

Target store sign

(Photo: Lester Balajadia / Shutterstock.com)

5. Target – $162 million

In November 2013, hackers accessed the credit and debit card information of nearly 110 million Target customers. Commencing just before Thanksgiving and continuing through Black Friday and beyond, hackers tapped in to the retailer’s third party point-of-sale payment card readers. The cost of the compromise is an estimated $162 million.

PlayStation

4. Sony PlayStation – $171 million

Before the Guardians of Peace set its sights on Sony, hackers made off with over 100 million customer records via the company’s PlayStation gaming device. The intrusion in 2011 halted operation of the PlayStation Network and resulted in Sony’s largest loss to data breach.

 

Hannaford grocery store in Topsham, Maine

A Hannaford grocery store in Topsham, Maine. (AP Photo/Robert F. Bukaty)

3. Hannaford Bros – $252 million

Maine-based grocery chain Hannaford had over 4.2 million credit and debit card numbers compromised in a 2007 cyberattack. Attackers installed malware on the store’s servers, affecting all 300 stores plus independent stores that sell the Hannaford products. The estimated costs tally $252 million.

Veterans Administration building

(Photo: Veteran’s Administration hospital, in Dayton, Ohio. AP Photo/Al Behrman)

2. Veterans Administration – up to $500 million

In 2006, an unencrypted database containing the records of 26.5 million veterans, active-duty military personnel and their families was breached. The database, housed on a laptop and an external hard drive, were stolen from an employee’s home. While the items were returned by an unknown person, the VA estimated costs would run anywhere from $100 million to $500 million for related costs from the theft.

 

Epsilon marketing firm

1. Epsilon – $100 million-$4 billion

In 2011, marketing firm Epsilon was hit by hackers, who grabbed names and email addresses from the company’s marketing division. The theft affected up to 75 client companies, including Best Buy, TiVo, JPMorgan Chase, Capital One, Citi, and Target. In a worst-case scenario, analysts are predicting the costs of the breach could reach $4 billion.

Tags: , , , , , , ,