Tag Archives: Data Breaches

Data Breaches Becoming More Damaging

Recent breaches of customer data at retailer Target and banking giant Barclays are making headlines and underscore the growing risk to businesses from data breaches.

Of course, there’s a personal impact too.

The just-released 2014 Identity Fraud Report by Javelin Strategy & Research reveals that data breaches are now the greatest risk factor for identity fraud.

In 2013, one in three consumers who received notification of a data breach became a victim of fraud, up from one in four in 2012, the report found.

Some 46 percent of consumers with breached debit cards in 2013 became fraud victims in the same year, compared to only 16 percent of consumers with a social security number breached.

Other key takeaways from the report are that the overall incidence of fraud has increased even though the amount stolen has decreased.

The number of identity fraud victims increased by more than 500,000 to 13.1 million people in 2013, the second highest number since the study began. However, the dollar amount stolen fell to $18 billion, down from $21 billion in 2012.

This reflects more aggressive actions from financial institutions, identity theft protection providers and consumers, Javelin Strategy said.

There has also been a dramatic increase in account turnover fraud in the past year. According to the findings, account takeover fraud accounted for 28 percent of all identity fraud in 2013, a new record for the second year in a row.

Fraudsters also increasingly turned to eBay, PayPal and Amazon with the stolen information to make purchases.

Check out I.I.I. information on identity theft and cyber security here.

Data Breach Opportunism

As commentators debate next steps in the wake of the Global Payments data breach disclosed two weeks ago, a perhaps surprising finding of a recent report by Verizon is that most data breaches are opportunistic.

The 2012 Verizon Data Breach Investigations Report finds that 79 percent of attacks represented in the report were opportunistic.

By opportunistic, Verizon means that the victim isn’t specifically chosen as a target. Rather, they were identified and attacked because they exhibited a weakness the attacker knew how to exploit.

In addition, 97 percent of the attacks were avoidable, without the need for organizations to resort to difficult or expensive countermeasures.

According to Verizon, some 85 percent of targets of opportunity are organizations with fewer than 1,000 employees and nearly three-quarters of them hit the retail/trade and accommodation/food service industries.

Verizon says this appears to support the argument that large-scale automated attacks are opportunistically attacking small to medium businesses, and POS (point of sale) systems frequently provide the opportunity.

It observes:

Smaller organizations often do not have the knowledge or resources necessary to address flagrant weaknesses in their Internet accessible assets that cause them to be identified for opportunistic attacks.†

At the end of the report Verizon encourages readers to cut out a card listing POS security tips to give to restaurants, retailers, hotels or other establishments that they frequent.

Key tips for small businesses:

— Change administrative passwords on all POS systems; and

— Implement a firewall or access control list on remote access/administration services

Verizon adds:

These tips may seem simple, but all the evidence at our disposal suggests a huge chunk of the problem for smaller businesses would be knocked out if they were widely adopted.†

The 2012 Verizon report spans 855 data breaches across 174 million stolen records, with the participation of law enforcement partners around the globe.

Check out I.I.I. facts and statistics on identity theft and cyber security.