Cyber Attacks on U.S. Companies in 2014 by Riley Walters

The spate of recent data breaches at big-name companies such as JPMorgan Chase, Home Depot, and Target raises questions about the effectiveness of the private sector’s information security. According to FBI Director James Comey, “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.”[1]


A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014.[2] The annual average cost per company of successful cyber attacks increased to $20.8 million in financial services, $14.5 million in the technology sector, and $12.7 million in communications industries.


This paper lists known cyber attacks on private U.S. companies since the beginning of 2014. (A companion paper discussed cyber breaches in the federal government.)[3] By its very nature, a list of this sort is incomplete. The scope of many attacks is not fully known. For example, in July, the U.S. Computer Emergency Readiness Team issued an advisory that more than 1,000 U.S. businesses have been affected by the Backoff malware, which targets point-of-sale (POS) systems used by most retail industries.[4] These attacks targeted administrative and customer data and, in some cases, financial data.


This list includes only cyber attacks that have been made known to the public. Most companies encounter multiple cyber attacks every day, many unknown to the public and many unknown to the companies themselves.

The data breaches below are listed chronologically by month of public notice.



  • Target (retail). In January, Target announced an additional 70 million individuals’ contact information was taken during the December 2013 breach, in which 40 million customer’s credit and debit card information was stolen.[5]
  • Neiman Marcus (retail). Between July and October 2013, the credit card information of 350,000 individuals was stolen, and more than 9,000 of the credit cards have been used fraudulently since the attack.[6] Sophisticated code written by the hackers allowed them to move through company computers, undetected by company employees for months.
  • Michaels (retail). Between May 2013 and January 2014, the payment cards of 2.6 million Michaels customers were affected.[7] Attackers targeted the Michaels POS system to gain access to their systems.
  • Yahoo! Mail (communications). The e-mail service for 273 million users was reportedly hacked in January, although the specific number of accounts affected was not released.[8] 


  • Aaron Brothers (retail). The credit and debit card information for roughly 400,000 customers of Aaron Brothers, a subsidiary of Michaels, was compromised by the same POS system malware.[9]
  • AT&T (communications). For two weeks AT&T was hacked from the inside by personnel who accessed user information, including social security information.[10]


  • eBay (retail). Cyber attacks in late February and early March led to the compromise of eBay employee log-ins, allowing access to the contact and log-in information for 233 million eBay customers.[11] eBay issued a statement asking all users to change their passwords.
  • Five Chinese hackers indicted. Five Chinese nationals were indicted for computer hacking and economic espionage of U.S. companies between 2006 and 2014. The targeted companies included Westinghouse Electric (energy and utilities), U.S. subsidiaries of SolarWorld AG (industrial), United States Steel (industrial), Allegheny Technologies (technology), United Steel Workers Union (services), and Alcoa (industrial).[12]
  • Unnamed public works (energy and utilities). According to the Department of Homeland Security, an unnamed public utility’s control systems were accessed by hackers through a brute-force attack[13] on employee’s log-in passwords.[14]


  • Feedly (communications). Feedly’s 15 million users were temporarily affected by three distributed denial-of-service attacks.[15]
  • Evernote (technology). In the same week as the Feedly cyber attack, Evernote and its 100 million users faced a similar denial-of-service attack.[16]
  • P.F. Chang’s China Bistro (restaurant). Between September 2013 and June 2014, credit and debit card information from 33 P.F. Chang’s restaurants was compromised and reportedly sold online.[17]


  •  U.S. Investigations Services (services). U.S. Investigations Services, a subcontractor for federal employee background checks, suffered a data breach in August, which led to the theft of employee personnel information.[18] Although no specific origin of attack was reported, the company believes the attack was state-sponsored.
  • Community Health Services (health care). At Community Health Service (CHS), the personal data for 4.5 million patients were compromised between April and June.[19] CHS warns that any patient who visited any of its 206 hospital locations over the past five years may have had his or her data compromised. The sophisticated malware used in the attack reportedly originated in China. The FBI warns that other health care firms may also have been attacked.
  • UPS (services). Between January and August, customer information from more than 60 UPS stores was compromised, including financial data,[20] reportedly as a result of the Backoff malware attacks.
  • Defense Industries (defense). Su Bin, a 49-year-old Chinese national, was indicted for hacking defense companies such as Boeing.[21] Between 2009 and 2013, Bin reportedly worked with two other hackers in an attempt to steal manufacturing plans for defense programs, such as the F-35 and F-22 fighter jets.


  • Home Depot (retail). Cyber criminals reportedly used malware to compromise the credit card information for roughly 56 million shoppers in Home Depot’s 2,000 U.S. and Canadian outlets.[22]
  • Google (communications). Reportedly, 5 million Gmail usernames and passwords were compromised.[23] About 100,000 were released on a Russian forum site.
  • Apple iCloud (technology). Hackers reportedly used passwords hacked with brute-force tactics and third-party applications to access Apple user’s online data storage, leading to the subsequent posting of celebrities’ private photos online.[24] It is uncertain whether users or Apple were at fault for the attack.
  • Goodwill Industries International (retail). Between February 2013 and August 2014, information for roughly 868,000 credit and debit cards was reportedly stolen from 330 Goodwill stores.[25] Malware infected the chain store through infected third-party vendors.
  • SuperValu (retail). SuperValu was attacked between June and July, and suffered another malware attack between late August and September.[26] The first theft included customer and payment card information from some of its Cub Foods, Farm Fresh, Shop ‘n Save, and Shoppers stores. The second attack reportedly involved only payment card data.
  • Bartell Hotels (hotel). The information for up to 55,000 customers was reportedly stolen between February and May.[27]
  • U.S. Transportation Command contractors (transportation). A Senate report revealed that networks of the U.S. Transportation Command’s contractors were successfully breached 50 times between June 2012 and May 2013.[28] At least 20 of the breaches were attributed to attacks originating from China.


  • J.P. Morgan Chase (financial). An attack in June was not noticed until August.[29] The contact information for 76 million households and 7 million small businesses was compromised. The hackers may have originated in Russia and may have ties to the Russian government.
  • Dairy Queen International (restaurant). Credit and debit card information from 395 Dairy Queen and Orange Julius stores was compromised by the Backoff malware.[30]
  • Snapsave (communications). Reportedly, the photos of 200,000 users were hacked from Snapsave, a third-party app for saving photos from Snapchat, an instant photo-sharing app.[31]

Securing Information

As cyber attacks on retail, technology, and industrial companies increase so does the importance of cybersecurity. From brute-force attacks on networks to malware compromising credit card information to disgruntled employees sabotaging their companies’ networks from the inside, companies and their customers need to secure their data. To improve the private sector’s ability to defend itself, Congress should:

  • Create a safe legal environment for sharing information. As the leaders of technological growth, private companies are in most ways at the forefront of cyber security. Much like government agencies, companies must share information that concerns cyber threats and attack among themselves and with appropriate private-public organizations.[32] Congress needs to create a safe environment in which companies can voluntarily share information without fear of legal or regulatory backlash.
  • Work with international partners. As with the Backoff malware attacks, attacks can affect hundreds if not thousands of individual networks. These infected networks can then infect companies outside the U.S. and vice versa. U.S. and foreign companies and governments need to work together to increase overall cybersecurity and to enable action against individual cyber criminals and known state-sponsored cyber aggressors.[33]
  • Encourage cyber insurance. Successful cyber attacks are inevitable because no security is perfect. With the number of breaches growing daily, a cybersecurity insurance market is developing to mitigate the cost of breaches. Congress and the Administration should encourage the proper allocation of liability and the establishment of a cyber insurance system to mitigate faulty cyber practices and human error.[34]


The recent increases in the rate and the severity of cyber attacks on U.S. companies indicate a clear threat to businesses and customers. As businesses come to terms with the increasing threat of hackers, instituting the right policies is critical to harnessing the power of the private sector. In a cyber environment with ever-changing risks and threats, the government needs to do more to support the private sector in establishing sound cybersecurity while not creating regulations that hinder businesses more than help them.

—Riley Walters is a Research Assistant in the Asian Studies Center, of the Kathryn and Shelby Cullom Davis Institute for National Security and Foreign Policy, at The Heritage Foundation.


October 2014 Cyber Attacks Statistics

Rate This


CountriesHere we are with the statistics extracted from the October cyber attacks timelines (part I and part II).

I have already stressed this concept many times, but some readers keep on asking where the data is scraped from. The answer is simple and always the same: I compile the timelines each month, quoting the sources in the footnotes. Each month I elaborate the data trying to represent them in charts, which of course cannot be exhaustive, but just give an idea of what’s going on in the cyberspace.

That said, this month I added again an old acquaintance: the graph related to the Country Distribution of attacks divided into categories: of course US rank of top, except for Cyber Espionage operations, which privilege multiple countries.

Instead, the Trend of Attacks chart shows an overall high level of activity throughout the month, with a prominent peak around the 9th, corresponding to the spree of attacks between India and Pakistan.

Daily Trend Of Attacks

As usual Cyber Crime leads the Motivations Behind Attacks chart with nearly 60% (10 points below the previous month, but always at a remarkable level). Cyber Espionage jumps at number two with a new record (17.2%). Hacktivism ranks at number three with a “modest” 13.8%. You will notice also a small presence of attacks related to Cyber War (9.2%). I decided to classify in this group the events behind India and Pakistan and an alleged (unconfirmed) attack to the Warsaw Stock Exchange, for which an hacker affiliated to IS claimed responsibility.

Distribution Oct 2014

And for the first time after so many months, SQL Injection leads the Attack Techniqueschart with 18.4%. Particularly important is also the 13.8% of targeted attacks, which steadily places this category at the third place. On the opposite site, the number of DDoS attacks is constantly decreasing, and this explains its “miserable” 3.4%. I do not remember such a low level for this category.

Attack Techniques Oct 2014

Again, for the second month in a row, industry ranks on top of the Distribution of TargetsChart (28.7%), nearly 7 points ahead of governmental targets (21.8%). Attacks against single individuals are the new entry at number three (10.3%), slightly ahead of organizations (9.2%).

Targets Oct 2014

A deeper look at the distribution of the industrial targets, shows a predominance of E-Commerce (24%), while, as it often happens, political parties lead the chart of the Organizations.

Industry Distribution Oct 2014Organization Distribution Oct 2014

As usual, the sample must be taken very carefully since it refers only to discovered attacks included in my timelines. The sample does not pretend to be exhaustive but only aims to provide an high level overview of the “cyber landscape”, or at least of the ones that gained space in the media (yes, using an abused expression this is just the tip of the Iceberg).

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 201120122013 and now 2014 (regularly updated). You may also want to have a look at the Cyber Attack Statistics.

Of course follow @paulsparrows on Twitter for the latest updates, and feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).


2013 Cyber Attacks Statistics (Summary)

2 Votes



This post has been possible thanks to the contribution of @piz69, who kindly (and patiently) took care to aggregate the data for 2013!

Finally we can consolidate the data related to 2013 and draw some global stats summarizing the infosec landscape for the past year. Of course this data cannot absolutely pretend to be exhaustive, but rather we could define the charts  as macro-indicators of the threat landscape and the corresponding trend, since the sources of the timelines (from which the stats are derived) are open and therefore only show cyber attacks that were discovered and gained space in the news.

Before drilling down into the data for the past year, it’s worth to have a look to the trend of the last three years (with the caveat that data for 2011 are incomplete as it was consolidated into a form comparable with 2012 and 2013 only starting from September).

Apparently 2012 and 2013 have a very different shape: 2012 shows a constant trend (with a high activity between May and June), while, after an initial peak, the line for 2013 experiences a progressive decrease, reaching a stable state. This is probably due to the minor influence of attacks motivated by hacktivism throughout the year (see the next chart).


2011-2013 Data Trend (data for 2011 consolidated starting from September)

A closer look to 2013 allows to understand the influence of the motivations throughout the different months. The initial part of the year is characterized by hacktivism. Cyber Crime is quite constant and ends up dominating the second half. This trend does not mean a decrease of hacktivism, but rather a different connotation throughout the year: the global-scale operations executed by the Anonymous have progressively been replaced by local phenomena (for instance the cyber attacks in India and Pakistan). Also the first months of the year are influenced by the DDos attacks of Izz ad-Din al-Qassam Cyber Fighters against US Banks.


2013 Attack Trend with the Drill-down of Motivations

Exploring the motivations shows a slight advantage of Cyber Crime (47%) over Hacktivism (44%), well above Cyber Espionage (5%) and Cyber Warfare (4%).


Motivations Behind Attacks (2013)

DDoS leads the chart of known Attack Techniques (23%) ahead of SQLi (19%) and Defacements (14%). It’s also worth to mention the rank number five achieved by Account Hijacking (with 9%) and the growing influence of Targeted Attacks ranking at number six with 6%.


Top 10 Attack Techniques (2013)

Governments and Industries have been the most preferred targets for Cyber Attackers with similar values (respectively 23% and 22%). Targets belonging to finance rank at number three (7%), immediately ahead of News (6%) and Education (5%).


Top 10 Targets (2013)

And, last but not least, the Top 10 Countries chart is lead by US which suffered nearly 1 attack on 2, well ahead of UK (5%) and India (3%).


Top 10 Countries (2013)

As usual, bear in mind that the sample must be taken very carefully since it refers only to discovered attacks, published in the news, and included in my timelines. The sample cannot be exhaustive but only aims to provide an high level overview of the “cyber landscape”.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012. You may also want to have a look at the Cyber Attack Statistics, and follow @paulsparrows on Twitter for the latest updates.

Also, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts).