Cyber Attacks on U.S. Companies Since November 2014

Researchers are concerned over the strength and comprehensiveness of cybersecurity in the U.S., as companies across the country are being targeted in cyber attacks at an increasing rate of both occurrence and cost. Concerns continue to grow as both the number of attacks on companies’ networks and the cost to companies are increasing. The quantity and quality of information being hacked, stolen, destroyed, or leaked is becoming more of a problem for consumers and businesses alike.

The Ponemon Institute recently released its 2015 Cost of Cyber Crime, which analyzes the cost of all cyber crime for a variety of 58 U.S. organizations both public and private.[1] The U.S., in comparison with other nations in the Ponemon study, continues to rank highest in its cost of cyber crime at an annual average of $15.4 million per company.

This paper continues the “Cyber Attacks on U.S. Companies in 2014” paper released last October.[2] The dates listed for each hack reflect the time when these attacks were released to the public and not the date of when the breach actually occurred.

November 2014

  • Sony Pictures Entertainment (entertainment). In November, hackers linked to the North Korean government launched an attack on Sony Entertainment, allegedly over a movie depicting North Korea in a negative light. The hackers took terabytes of private data and released confidential information to the public as well as a number of Sony movies.[3]
  • GoDaddy and Gigya (online). The Syrian Electronic Army—a group of hackers loyal to Syrian President Bashar al-Assad—claimed responsibility for an attack on a variety of news outlet Web sites such as CNBC, Forbes, the Chicago Tribune, PCWorld, and The Independent via the Gigya Domain Name Service from[4] No personal information was affected.[5]

December 2014

  • Las Vegas Sands Corp (gaming). In February 2014, the Sands Casino was hacked by a group out of Iran. The hackers brought the $14 billion operation to a standstill as they shut down PCs, servers, and wiped hard drives clean. The attack was suspected to be in retaliation for comments that Sands CEO Sheldo Adelson made about the Iranian government.[6]

January 2015

  • Morgan Stanley (finance). An employee was fired from Morgan Stanley after allegedly stealing data and account numbers from as many as 350,000 clients. The disgruntled employee was able to post some personal information online, but no money was lost and the personal data was removed promptly after being detected.[9]

September 2015

  • Excellus BlueCross BlueShield (health care). In another health insurer cyber attack the company Excellus had the financial and medical information of 10 million of its customers compromised. The hackers found their way around the encrypted data and were able to access names, addresses, Social Security Numbers, medical claims information, etc.[30]
  • Trump Hotel Collection (hotel). Seven Trump hotels across the U.S. and Canada reportedly had their systems breached, affecting the information of customers who may have visited those locations between May 2014 and June 2015. While the malware collecting the information has been removed, it has been unconfirmed what and how much information was extracted.[31]
  • WhatsApp (communications). The cross-platform messaging application reported that up to 200,000 of their Web-based service users are either at risk of a cyber attack or have already had personal information compromised. vCards—electronic contact information—were loaded with malicious code and sent to random users’ phone numbers.[32]

It should be noted this list is incomplete. A simple search through the Department of Homeland Security’s Daily Open Source Infrastructure Reports[36] or the Department of Health and Human Services’ Breach Portal[37] will show a greater number of breaches than recounted in this list.


Cyber attacks are on the rise and will continue to be of concern for the foreseeable future. It will be up to private industry to meet these concerns head-on and support the government in its ability to act lawfully against cyber criminals—so long as businesses lack the authority to fight back against those who threaten their systems.

Full article: Cyber Attacks on U.S. Companies Since November 2014 (The Heritage Foundation)

Comments are closed.