More bad news about data security today: Not only are mobile malware infections on the rise, but the number and severity of data breaches are on the rise as well. A new study from Dutch security firm Gemalto shows that 1 billion data records were stolen in over 1,500 attacks in 2014. This is an increase of 78% over the 575 million records lost or stolen in 2013.
Regular readers of Techlicious will be able to identify some of last year’s biggest data breach offenders. In September 2014, Home Depot admitted that crooks had made off with “56 million unique payment cards” by infecting point-of-sale terminals with malware. Shortly after, banking giant JPMorgan Chase admitted that it too was hacked, with the bad guys making off with records belonging to 83 million accounts. And just this month, we learned that a December 2014 compromise at insurer Anthem BlueCross BlueShield put 80 million past and present subscriber accounts into the hands of Chinese hackers.
Why do so many hackings keep happening? Part of the blame lies with companies who continue to store data without encryption on their servers. According to the Gemalto report, only 4% of last year’s data breach incidents involved encrypted data.
The big draw for hackers, of course, is money. One single successful attack can be a massive multimillion-dollar windfall for cybercrooks. Take the hack of Home Depot for instance – the bad guys quickly sold payment card data in bulk to smaller crooks. These smaller criminals, in turn, cloned the stolen cards and used them to make cash withdrawals at ATMs across the country. Retail point-of-sale attacks and other store-related breaches made up 55% of all attacks in 2014, Gemalto says.
As for the hackings at JPMorgan Chase and Anthem, where criminals “only” made off with names, addresses, phone numbers, social security numbers and other data not associated with payment cards? These may actually be the most lucrative types of attacks of all. Stolen data is now being used to target people with sophisticated phishing attacks, and in some cases, to outright steal peoples’ identities. Credit cards are easily canceled, but with your name, address and social security number, a criminal can keep opening up new cards that stick you with the tab.
“We’re clearly seeing a shift in the tactics of cybercriminals, with long-term identity theft becoming more of a goal than the immediacy of stealing a credit card number,” Gemalto Vice President Jason Hart told the Wall Street Journal. A stolen identity now fetches nearly 1,000 times more than a stolen credit card number can on the black market.
Data breaches are a serious problem. If you’ve been the victim of a data breach over the past year, you should consider taking advantage of the free credit monitoring services made available to you by the affected companies. For everyone else, strongly consider using a free credit-monitoring app like CreditKarma or Mint. I also recommend you read up on the best way to stop identity theft to educate yourself on whether placing a security freeze on your credit report is the right move for you.
[Open lock on circuit board via Shutterstock]