<THE COST OF HACKING>

The threat hackers pose to businesses is undeniable, but what costs exactly do those threats entail? Let's take a closer look at some of the costliest attacks hackers have ever performed:

Click this icon to tweet information from each slide.

HEARTLAND (2008)

In 2008, hackers broke into the network at Heartland Payment Systems, the fifth largest payments processor in the U.S. Thirteen pieces of malware capitalized on weaknesses in Microsoft software. When card issuers reported a possible breach in October, Heartland hired two companies to search the network. The following January, they located the breach.

TYPE OF DATA STOLENcardholder namesaccount numberstrack data from credit

card magnetic strips

555687950361555687950361

MONEY LOSTRECORDS LOST

130 Million$12.6 Million

In May of 2014, global online retailer eBay discovered a breach in its main database, which held user passwords. Compromised between late February and early March, the system remained vulnerable for at least three months. Financial costs are not specified, but “Non-GAAP operating margin was 24.4 percent, down 190 basis points.”

EBAY(2014)

phone numbers dates of birth

TYPE OF DATA STOLEN

email registered addressespasswordscustomer names

RECORDS LOST

145 Million

TJ MAXX(2005-07)

In 2005, hackers broke into wireless networks that made use of WEP, a relatively weak security

protocol. The bad guys then accessed TJX internal systems, and remained undetected for 1 1/2 to 2 years. In the end, the hackers accessed

94 million records -- more than twice the 46 million originally estimated.

RECORDS LOST

94 MillionMONEY LOST

$130 Million

TYPE OF DATA STOLENcredit card numbers

RECORDS LOST

145 Million

LIVINGSOCIAL(2013)

In April of 2013, hackers tapped into LivingSocial computer systems, accessing customer data from servers. Among the stolen data: encrypted passwords, though LivingSocial does "hash" and "salt" its PWs. Thankfully, credit card information lived elsewhere and was untouched.

TYPE OF DATA STOLEN

names email addresses

dates of birth encryptedpasswords

MONEY LOSTRECORDS LOST

56 Million$43 Million

Attackers used a 3rd-party vendor's login information to gain entry into Home Depot's network—then acquired elevated rights, which enabled them to release customized malware into the retailer's self-checkout systems. Home Depot reported $43 million of pre-tax expenses linked to the breach in the 3rd quarter of 2014 alone. These included costs to investigate the breach, protect the identities of affected customers, staff additional call centers, and secure legal and professional services. The home-improvement giant expects additional lawsuits from payment card networks that suffered fraud losses, and that incurred additional operating expenses, such as card replacement costs. As of November 2014, 44 lawsuits were in the wings.

HOME DEPOT (2014)

TYPE OF DATA STOLEN

credit & debit card information

email addresses

MONEY LOST

RECORDS LOST

77 Million

$15 Million

customer names billing addresses birthdates PSN passwords and logins

profile data securirtyquestions

purchase histories

TYPE OF DATA STOLEN

SONY PSN(2011)

On April 19, 2011, Sony discovered hackers had breached its Playstation Network (PSN) and stolen data from 77 million user accounts over the

previous two days. The mega-brand immediately shut down the network... but waited a week to announce the reason. Sony denies that

any credit card data was taken, while attorneys involved in a class-action suit claim the hackers offered for purchase 2.2 million credit card

numbers and verification codes.

RECORDS LOST

700 MillionMONEY LOST

$38 Million

ADOBE(2013)

TYPE OF DATA STOLENusernames encryptedpasswords

********credit & debit

card information source code for products like

Photoshop & Acrobat

In October of 2013, attackers stole several million usernames and encrypted passwords, as well as

approximately 2.9 million encrypted credit or debit card numbers. Shortly after, a 3.8GB file with more

passwords showed up online though Adobe claimed that this could include inactive IDs, test

accounts, and IDs with invalid passwords.

RECORDS LOST

10 Million

SONY PICTURES(2014)

TYPE OF DATA STOLEN

5 filmspasswordssalaries of 6000 employees

In November 2014, anonymous hackers e-mailed execs at Sony Pictures, alleging "great damage by Sony Pictures (sic)," and threatening the company would be "bombarded as a whole" if demands weren't met. A few days later, suspicions indicated that the attack was related to the pending release of The Interview, a Sony comedy about the assassination of the North Korean Leader Kim Jong Un. As well, several pieces of sensitive data leaked online, including Sony employee salaries and contact information, and torrents of unreleased Sony films, including Annie, Mr. Turner, Still Alice, and To Write Love on Her Arms. Specific numbers aren't yet available, but even brand reputation costs are huge. Sony canceled the release of The Interview, and employees filed a class-action lawsuit against their own company for not securing networks, nor protecting companies after their personal information was compromised.

Heartland http://krebsonsecurity.com/tag/heartland-payment-systems/http://www.bloomberg.com/bw/stories/2009-07-06/lessons-from-the-data-breach-at-heartlandbusinessweek-business-news-stock-market-and-financial-advicehttp://www.networkworld.com/article/2254061/lan-wan/security-breach-cost-heartland--12-6-million-so-far.html eBayhttp://www.forbes.com/sites/gordonkelly/2014/05/21/ebay-suffers-massive-security-breach-all-users-must-their-change-passwords/

TK / TJ Maxxhttp://money.cnn.com/gallery/technology/security/2013/12/19/biggest-credit-card-hacks/3.htmlhttp://www.internetnews.com/ent-news/article.php/3714611/How+TJX+Became+a+Lesson+In+Proper+Security.htm Sony PSNhttps://www.cocc.com/whitepaper/16/lessons-sony-playstation-breacheshttp://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73P6WB20110426http://www.polygon.com/2014/7/23/5931793/sony-2011-data-breach-class-action-lawsuit

Home Depothttp://phx.corporate-ir.net/phoenix.zhtml?c=63646&p=irol-newsArticle&ID=1964976https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdfhttp://www.esecurityplanet.com/network-security/home-depot-breach-has-already-cost-the-company-43-million.html

LivingSocial http://www.crn.com/news/security/240153803/livingsocial-data-breach-affects-millions.htmhttps://www.livingsocial.com/createpassword

Adobehttp://www.pcworld.com/article/2059002/adobe-security-breach-worse-than-originally-thought.htmlhttps://www.wisepiggy.com/credit_tutorial/credit_score/major-security-breaches.html

Sony Pictures http://thenextweb.com/insider/2014/12/13/timeline-sony-breach-data-leaks-far/http://rt.com/usa/229291-sony-hack-cost-millions/

REFERENCES

</THE COST OF HACKING>