IE 11 is not supported. For an optimal experience visit our site on another browser.

Year of the Hack? A Billion Records Compromised in 2014

Over a billion personal data records were compromised by cyberattacks in 2014, a new report has revealed, driven by high-profile breaches.
Get more newsLiveon
/ Source: CNBC.com

Over a billion personal data records were compromised by cyberattacks in 2014, a new report has revealed, driven by high-profile breaches on Home Depot, JPMorgan and eBay.

The 1,023,108,267 records breached in 2014 came from just 1,541 incidents, according to the Breach Level Index report by digital security company Gemalto. It marked a 78 percent surge in the number of personal data records compromised compared to 2013.

Last year saw a number of major hacking attacks on companies including Sony Pictures Entertainment and investment bank JPMorgan. The biggest incident occurred when AliExpress, a service run by New York-listed Alibaba, was breached, leaving 300 million personal records open to hackers, who didn't need passwords to access the accounts.

U.S. auction website eBay was also hit by a cyberattack which led to145 million personal piece of data being compromised -- the second-biggest incident of the year. EBay said hackers got access to "encrypted passwords and other non-financial data", in a statement in May, when it published details of the breach.

The third biggest incident of the year was an attack on retailer Home Depot, in which 109 million records were compromised. When the cyberattack was revealed, the company said that hackers had stolen files containing email addresses, but not "passwords, payment card information or other sensitive personal information."

Hackers shifting tactics

The Gemalto researchers noted that cyber criminals had switched their focus to the hijacking of identities for long-term gain.

"We're clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number," Jason Hart, vice president of cloud services, identity and data protection at Gemalto, said in the report.

More from CNBC: Obama Cyber Czar: Anthem Hack 'Quite Concerning'

"Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes. As data breaches become more personal, we're starting to see that the universe of risk exposure for the average person is expanding."

Identity theft accounted for more than half of the breaches in 2014, a dramatic rise from 20 percent in 2013, while hacking for the purpose of financial access dropped from 50 percent of breaches in 2013, to 17 percent last year.

Retailers vulnerable

Interestingly, there were 176 data breaches among retailers, accounting for just 11 percent of the total number of incidents. Yet this accounted for 55 percent of the total number of records stolen in 2014, highlighting the vulnerability of retailers in particular.

Experts said this could be because users often have one passwords across several retailer websites, making it easy for hackers to gain access to several accounts.

More from CNBC: More Connected Cars May Mean More Hacked Cars

"Hackers know people use the same passwords for multiple accounts. If you can infiltrate one retailer, the chances that the data you steal from one retailer can be used again and again," David Emm, senior security researcher at Kaspersky Lab, told CNBC by phone.

He added that retailers in particular may not have the security expertise and, as such, data protection could be lax.

"A lot of providers are not securing passwords and not storing information in encrypted formats. If the data is not protected, not only does the breach happen, but then data can leak out," Emm added.