Cybercriminals found their sweet spot this past year with the retail industry, where some of the biggest big-box brand names and franchises were infiltrated by malware that helped the bad guys steal millions of credit and debit-card account numbers of shoppers. 

Data breaches are nothing new for the retail industry -- think TJX in 2005, Dave & Buster's in 2007, to name a few -- but this year's wave of attacks was different and more dramatic in its widespread scope and seemingly constant battering of big box retailers, with more than a dozen of them disclosing data breaches, including Target, Home Depot, Michael's, Dairy Queen, and most recently, Kmart. 

Target became the poster child for how not to conduct an incident response operation, with more than 40 million payment cards pilfered from its computers after ignoring security alarms from the attack and then experiencing a public disclosure disaster that ultimately resulted in the departure of its CIO and CEO.

[The next Dark Reading Radio episode on Nov. 19 at 1:00 p.m. ET (10:00 a.m. PT) features retail security experts from Mandiant and the retail industry. Read Retail Hacking: What To Expect This Holiday Season.]

So just in time for the 2014 holiday shopping season, here's a look at 13 major retailers who revealed this past year that they had suffered data breaches. Don't be suprised if a few more come forward before we ring in 2015.