The holidays began and ended with the bang of newsworthy cyberbreaches that illustrated the complexity of hacking scenarios,which vary in their intent and fallout on targeted companies andtheir customers, who are viewed as the victims. 

Beginning on Black Friday in December and lasting until Dec. 15,Target experienced a data breach involving 40 million credit,debit, and RedCard records. The retailer announced the leak in apublic blog post on Dec. 19. 

"The legal framework for data theft notification is governed bystates, which makes handling a multistate breach very challenging,"says Matt Donovan, assistant vice president and underwriting leaderof technology and privacy at Hiscox. "In Target's instance, theyposted a public disclosure on their website to direct customers tocall their banking providers, but they didn't directly issue mailedletters to customers notifying them of exposed information, as abreached healthcare provider would do." 

According to Donovan, the main concern for retailers facingleaked payment data is the Merchant Services Agreement between itand a payment card processor, such as Heartland Payment Systems(which itself suffered a breach years ago), which would make theretailer liable for card reissuance expenses and fraudulentcharges. 

Further complicating Target's situation is that whilerepresentatives denied the possibility of compromised customer PINnumbers, it admitted just after Christmas that this information hadbeen captured as well. 

Shortly after this incident, on New Year's Day 2014, securityresearchers from SnapchatDB.info captured and posted 4.6 millionusernames and phone numbers from Snapchat, a "private" service thatlets users send each other photos or videos that disappear afterviewing. 

The New York Times reports that Snapchat users send upto 350 million photos a day.  

Cyber analysis firm Gibson Security wrote to Snapchat that itsdatabase was vulnerable to hacking, and posted about it on the webafter its message was ignored. 

"Theoretically, if someone were able to upload a huge set ofphone numbers, like every number in an area code, or every possiblenumber in the U.S., they could create a database of the results andmatch usernames to phone numbers that way," said Snapchat creatorsEvan Spiegel and Bobby Murphy, in a blog post responding to the warning on December 27, just beforethe data dump. "Over the past year we've implemented varioussafeguards to make it more difficult to do."

Donovan says that Snapchat's breach would be handled differentlythan one affecting a retailer. 

"Unlike Target's hack that was done for direct financial gain,Snapchat's breach was an example of hacktivism to expose thevulnerability of the company," he says. "The hackers do not seem tohave breached Snapchat for a financial gain; rather to expose howsecurity vulnerabilities can affect individuals."

One thing the breaches had in common was their influence onraising awareness regarding the imperative of companies to watchtheir data.  

"Newsworthy issues like this drive awareness to the generalpublic," says Donovan. "It always helps to see real worldexamples."