How they got in Via a third-party vendor's credentials followed up by exploiting an unpatched Windows flaw.
How long they went undetected From April to September.
How they were discovered The stores' executives were told by bank and law-enforcement officials.
Goodwill Industries (C&K Systems)
Data compromised 868,000 credit/debit card numbers.
How they got in By infecting point of sales card-swipe machines after compromising the network of the operator of the machines. Two other unnamed clients of C&K Systems were also compromised.
How long they went undetected 18 months.
How they were discovered Federal officials and payment card investigators told them.
Data compromised Phone numbers and email addresses for 76 million households plus 7 million small businesses.
How long they went undetected Three months
How they were discovered Internal investigation as well as outside data about a massive stolen credit card ring.
Data compromised An unconfirmed number of credit card numbers, but possibly as many as an estimated 7 million
How they got in Undisclosed but point-of-sales systems were compromised
How long they went undetected Nine months.
How they were discovered The Secret Service told them about the breach
Data compromised 350,000 payment cards
How they got in Uncertain but point of sales systems were compromised
How long they went undetected Three months.
How they were discovered Credit card processors warned about a possible breach and a consultant confirmed it.
Data compromised 2.6 million credit/debit cards
How they got in Undisclosed but point-of-sale machines were infected
How long they went undetected Eight months
How they were discovered Undisclosed
Sign up for CIO Asia eNewsletters.