The point-of-sale systems at 54 Michaels and Aaron Brothers stores "were attacked by criminals using highly sophisticated malware" between May 2013 and January 2014. The company said up to 2.6 million payment card numbers and expiration dates at Michaels stores and 400,000 at Aaron Brothers could have been obtained in the attack. The company received confirmation of at least some fraudulent use.
Montana Department of Public Health and Human Services
Triggered by suspicious activity, officials conducted an investigation in mid-May that led to the conclusion that a server at the Montana Department of Public Health and Human Services had been hacked. The server held names, addresses, dates of birth and Social Security numbers on roughly 1.3 million people, although the department said it has "no reason to believe that any information contained on the server has been used improperly or even accessed."
Variable Annuity Life Insurance Co.
A former financial adviser at the company was found in possession of a thumb drive that contained details on 774,723 of the company's customers. The drive was provided to the company by law enforcement as the result of a search warrant served on the former adviser. The thumb drive included full or partial Social Security numbers, but the insurance company said it didn't believe any of the data had been used to access customer accounts. It's not the first time the company has lost data on a thumb drive. In 2006, it wrapped up a lawsuit against a former financial adviser for downloading "confidential customer information" onto "a portable flash drive."
A 17-month-long "criminal attack" on the Texas wine retailer's network resulted in the loss of information of as many as 550,000 customers. The intrusion began in October 2012 and affected 34 of the company's stores across the state. It continued until as late as March 20 this year, and the company fears hackers got away with customer names, debit or credit card details, card expiration dates, card security codes, bank account information from checks and possibly driver's license numbers.
St. Joseph Health System
A server at the Texas health care provider was attacked between Dec. 16 and 18 last year. It contained "approximately 405,000 former and current patients', employees' and some employees' beneficiaries' information." This included names, Social Security numbers, dates of birth, medical information and, in some cases, addresses and bank account information. As with many other hacks, an investigation wasn't able to determine if the data was accessed or stolen.
Sign up for CIO Asia eNewsletters.