Crime Rings Target Consumer Information in Corporate Databases
Criminals have figured out that business databases are a goldmine of valuable data.
February 22 , 2010
You don’t carry your Social Security card. You’ve switched to paperless statements. You would never give any information to a caller claiming to be from your credit card company. You protect yourself against Identity Theft.
But you also trust many other entities to protect you as well and no matter how hard they work to do that, sometimes criminals break through their defenses. In fact, several recent studies have shown that malicious data security breaches are a steadily growing threat.
Most data security incidents experienced by companies that store sensitive consumer data are accidental, like a lost backup tape and often harmless.
However, in a disturbing trend, researchers at the Ponemon Institute recently noted that the percentage of data security incidents caused by a malicious attack in which hackers intentionally seek consumer data to steal for fraudulent use doubled in the past year to 24 percent of all incidents.
Criminals Have Figured Out That Business Databases Are a Goldmine of Valuable Data
Experts note that organized crime rings are getting into the identity-theft game and actually hiring development teams of programmers and computer-networking experts to figure out ways to break into databases and steal consumer information. Because just one of these databases can contain millions of valuable records, they may even consider it worth their trouble to write “malware” code targeting one company’s unique systems.
But large-scale data thefts aren’t necessarily high tech. Just one rogue employee entrusted with access — or clever enough to break through a company’s data security controls — can steal thousands of records and put them in the hands of criminals. In fact, the Identity Theft Resource Center’s 2009 Data Breach Report identifies an insider attack as the most common type of security breach experienced by financial institutions last year.
Sometimes an insider is placed in the victim company by a crime ring for the purposes of a carefully planned fraud. A large ring might train one of its members with no arrest record, for example and have them work for several months in the target company until they get the access they needs to start stealing information.
In addition, experts worry that while the economy remains poor, previously honest employees may become disgruntled or desperate and resort to insider data theft they might not have considered in better times.
It’s Not Just Banks, Either
Although the financial institutions most of us do business with everyday are certainly appealing targets for criminals, many other companies have similarly rich databases. Your information may be stolen from companies you have never even heard of.
Notably, the largest data security breach in 2009, in which an estimated 130 million credit and debit card numbers were stolen, was an attack on a behind-the-scenes card payment processing firm. Retailers and banks rely on these companies to process the millions of transactions involving payment by plastic every day and hackers correctly identified their database as a lucrative target.
Other kinds of companies that have been hacked for consumer data include large retail chains, whose systems may have stored customers’ personal and/or payment information and payroll processing firms that store and process numerous companies’ employee records — including full names and Social Security numbers.
So What Can You Do When It’s Out of Your Hands?