[1] James Cook, “FBI Director: China Has Hacked Every Big US Company,” Business Insider, October 6, 2014,http://www.businessinsider.com/fbi-director-china-has-hacked-every-big-us-company-2014-10 (accessed October 10, 2014).
[2] Ponemon Institute, “2014 Cost of Cyber Crime Study: United States,” Hewlett-Packard, October 9, 2014, https://ssl.www8.hp.com/us/en/ssl/leadgen/document_download.html?objid=4AA5-5208ENW (accessed October 24, 2014).
[3] For a list of federal cyber breaches, see David Inserra and Paul Rosenzweig, “Continuing Federal Cyber Breaches Warn Against Cybersecurity Regulation,” Heritage Foundation Issue Brief No. 4288, October 27, 2014,http://www.heritage.org/research/reports/2014/10/continuing-federal-cyber-breaches-warn-against-cybersecurity-regulation.
[4] U.S. Department of Homeland Security, Computer Emergency Readiness Team, “Backoff Point-of-Sale Malware,” July 31, 2014, https://www.us-cert.gov/ncas/alerts/TA14-212A(accessed October 10, 2014).
[5] News release, “Target Provides Update on Data Breach and Financial Performance,” Target, January 10, 2014, http://pressroom.target.com/news/target-provides-update-on-data-breach-and-financial-performance(accessed October 10, 2014).
[6] Benjamin Elgin, Dune Lawrence, and Michael Riley, “Neiman Marcus Hackers Set Off 60,000 Alerts with Card Thefts,” Bloomberg, February 21, 2014, http://www.bloomberg.com/news/2014-02-21/neiman-marcus-hackers-set-off-60-000-alerts-in-bagging-card-data.html(accessed October 9, 2014).
[7] Chuck Rubin, “A Letter from Our CEO,” Michaels Stores, Inc., April 17, 2014, http://www.michaels.com/payment-card-notice-ceo-letter/payment-card-notice-CEO.html (accessed October 9, 2014).
[8] Hayley Tsukayama, “Yahoo Mail Hacked: What to Do If You’ve Been Affected,” The Washington Post, January 31, 2014, http://www.washingtonpost.com/business/technology/yahoo-mail-hacked-what-to-do-if-youve-been-affected/2014/01/31/2857ef8a-8a7d-11e3-833c-33098f9e5267_story.html (accessed October 14, 2014).
[9] News release, “Michaels Identifies and Contains Previously Announced Data Security Issue,” Michaels Stores, April 17, 2014, http://demandware.edgesuite.net/aaeo_prd/on/demandware.static/Sites-MichaelsUS-Site/Sites-MichaelsUS-Library/default/v1412927934297/docs/press-releases/Michaels-FINAL-Press-Release-041714.pdf (accessed October 10, 2014).
[10] Dave Smith, “AT&T; Was Hacked in April and Some Customers Had Their Social Security Numbers Stolen,” Business Insider, June 16, 2014, http://www.businessinsider.com/att-hacked-2014-6 (accessed October 14, 2014).
[11] News release, “eBay Inc. to Ask eBay Users to Change Passwords,” eBay, May 21, 2014, http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords (accessed October 10, 2014).
[12] News release, “U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage,” U.S. Department of Justice, May 19, 2014, http://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor (accessed October 9, 2014).
[13] A brute-force attack involves repeatedly guessing a password.
[14] Jim Finkle, “U.S. Utility’s Control System Was Hacked, Says Homeland Security,” Reuters, May 20, 2014, http://www.reuters.com/article/2014/05/21/us-usa-cybercrime-infrastructure-idUSBREA4J10D20140521 (accessed October 14, 2014).
[15] Oliv, Seb, and Edwin, “Denial of Service Attack [Neutralized],” Feedly, June 11, 2014, http://blog.feedly.com/2014/06/11/denial-of-service-attack/ (accessed October 10, 2014).
[16] Leo Kelion, “Feedly and Evernote Struck by Denial of Service Cyber-Attacks,” BBC News, June 11, 2014, http://www.bbc.com/news/technology-27790068 (accessed October 14, 2014).
[17] News release, P.F. Chang’s, August 4, 2014, http://pfchangs.com/security/ (accessed October 10, 2014).
[18] News release, “USIS Comments on Recent Self-Reported Cyber-Attack on Corporate Network,” US Investigations Services, August 6, 2014, http://www.usis.com/Media-Release-Detail.aspx?dpid=151 (accessed October 10, 2014).
[19] Jose Pagliery, “Hospital Network Hacked, 4.5 Million Records Stolen,” CNN Money, August 18, 2014, http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/ (accessed October 10, 2014).
[20] Hannah Kuchler, “UPS Hit by Cyber Attack,” Financial Times, August 21, 2014, http://www.ft.com/intl/cms/s/0/fb206340-28be-11e4-8bda-00144feabdc0.html (accessed October 14, 2014).
[21] News release, “Los Angeles Grand Jury Indicts Chinese National in Computer Hacking Scheme Allegedly Involving Theft of Trade Secrets,” Federal Bureau of Investigation, Los Angeles Division, August 15, 2014, http://www.fbi.gov/losangeles/press-releases/2014/los-angeles-grand-jury-indicts-chinese-national-in-computer-hacking-scheme-allegedly-involving-theft-of-trade-secrets (accessed October 10, 2014).
[22] Press release, “The Home Depot Completes Malware Elimination and Enhanced Encryption of Payment Data in All U.S. Stores,” Home Depot, September 18, 2014, https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdf (accessed October 10, 2014).
[23] Alexis Kleinman, “5 Million Gmail Usernames and Associated Passwords Leaked,” The Huffington Post, September 11, 2014, http://www.huffingtonpost.com/2014/09/11/gmail-passwords-hacked_n_5805104.html (accessed October 14, 2014).
[24] Steve Kovach, “We Still Don’t Have Assurance from Apple That iCloud Is Safe,” Business Insider, September 2, 2014, http://www.businessinsider.com/apple-statement-on-icloud-hack-2014-9 (accessed October 14, 2014).
[25] Charlene Sarmiento, “Goodwill Provides Update on Data Security Issue,” Goodwill Industries International, http://www.goodwill.org/press-releases/goodwill-provides-update-on-data-security-issue/ (accessed October 14, 2014).
[26] Martyn Williams, “Second Cyberattack Hits SuperValu Grocery Stores’ Payment Systems,” PCWorld, September 29, 2014, http://www.pcworld.com/article/2689372/second-cyberattack-hits-supervalu-grocery-stores-payment-systems.html (accessed October 10, 2014).
[27] Mike Freeman, “Cyber Attack Hits San Diego Hotel Chain,” San Diego Union-Tribune, September 9, 2014, http://www.utsandiego.com/news/2014/sep/09/target-home-depot-bartell-hotels-cyber-hacking/ (accessed October 10, 2014).
[28] U.S. Senate, Committee on Armed Services, Inquiry into Cyber Intrusions Affecting U.S. Transportation Command Contractors, 2014, http://www.armed-services.senate.gov/imo/media/doc/SASC_Cyberreport_091714.pdf (accessed October 9, 2014).
[29] Emily Glazer, “J.P. Morgan’s Cyber Attack: How the Bank Responded,” The Wall Street Journal, October 3, 2014, http://blogs.wsj.com/moneybeat/2014/10/03/j-p-morgans-cyber-attack-how-the-bank-responded/ (accessed October 9, 2014).
[30] News release, “International Dairy Queen Confirms Malware Intrusion at Some U.S. Locations,” American Dairy Queen Corporation, October 9, 2014, http://www.dq.com/datasecurityincident/press-release/ (accessed October 10, 2014).
[31] Alexis Kleinman, “200,000 Snapchat Photos Leaked on 4Chan,” The Huffington Post, October 10, 2014, http://www.huffingtonpost.com/2014/10/10/snapchat-leak_n_5965590.html (accessed October 10, 2014).
[32] Paul Rosenzweig and David Inserra, “Government Cyber Failures Reveal Weaknesses of Regulatory Approach to Cybersecurity,” Heritage Foundation Issue Brief No. 3968, June 12, 2013, http://www.heritage.org/research/reports/2013/06/weaknesses-of-a-regulatory-approach-to-cybersecurity (accessed October 14, 2014).
[33] Steven P. Bucci, Paul Rosenzweig, and David Inserra, “A Congressional Guide: Seven Steps to U.S. Security, Prosperity, and Freedom in Cyberspace,” Heritage Foundation Backgrounder No. 2785, April 1, 2013, http://www.heritage.org/research/reports/2013/04/a-congressional-guide-seven-steps-to-us-security-prosperity-and-freedom-in-cyberspace.
[34] Ibid.