Crime Rings Target Consumer Information in Corporate Databases

Criminals have figured out that business databases are a goldmine of valuable data.

February 22 , 2010
Sponsored by ProtectMyID.com

You don’t carry your Social Security card. You’ve switched to paperless statements. You would never give any information to a caller claiming to be from your credit card company. You protect yourself against Identity Theft.

But you also trust many other entities to protect you as well and no matter how hard they work to do that, sometimes criminals break through their defenses. In fact, several recent studies have shown that malicious data security breaches are a steadily growing threat.

Most data security incidents experienced by companies that store sensitive consumer data are accidental, like a lost backup tape and often harmless.

However, in a disturbing trend, researchers at the Ponemon Institute recently noted that the percentage of data security incidents caused by a malicious attack in which hackers intentionally seek consumer data to steal for fraudulent use doubled in the past year to 24 percent of all incidents.

Criminals Have Figured Out That Business Databases Are a Goldmine of Valuable Data

Experts note that organized crime rings are getting into the identity-theft game and actually hiring development teams of programmers and computer-networking experts to figure out ways to break into databases and steal consumer information. Because just one of these databases can contain millions of valuable records, they may even consider it worth their trouble to write “malware” code targeting one company’s unique systems.

But large-scale data thefts aren’t necessarily high tech. Just one rogue employee entrusted with access — or clever enough to break through a company’s data security controls — can steal thousands of records and put them in the hands of criminals. In fact, the Identity Theft Resource Center’s 2009 Data Breach Report identifies an insider attack as the most common type of security breach experienced by financial institutions last year.

Sometimes an insider is placed in the victim company by a crime ring for the purposes of a carefully planned fraud. A large ring might train one of its members with no arrest record, for example and have them work for several months in the target company until they get the access they needs to start stealing information.

In addition, experts worry that while the economy remains poor, previously honest employees may become disgruntled or desperate and resort to insider data theft they might not have considered in better times.

It’s Not Just Banks, Either

Although the financial institutions most of us do business with everyday are certainly appealing targets for criminals, many other companies have similarly rich databases. Your information may be stolen from companies you have never even heard of.

Notably, the largest data security breach in 2009, in which an estimated 130 million credit and debit card numbers were stolen, was an attack on a behind-the-scenes card payment processing firm. Retailers and banks rely on these companies to process the millions of transactions involving payment by plastic every day and hackers correctly identified their database as a lucrative target.

Other kinds of companies that have been hacked for consumer data include large retail chains, whose systems may have stored customers’ personal and/or payment information and payroll processing firms that store and process numerous companies’ employee records — including full names and Social Security numbers.

So What Can You Do When It’s Out of Your Hands?

  1. Take advantage of the data security controls your banks and business partners provide for you, such as the opportunity to create strong passwords. A hacker with access to somebody’s database may successfully steal information about consumers who have used very common and predictable passwords but not be able to access data protected by a strong password.
  2. If you do receive a data security breach notification from a company, read it carefully. Experts worry that because inadvertent data security losses may not result in identity theft, many consumers may disregard the notices. But given the rising incidence of malicious data breaches, it is unfortunately more likely than ever that if your data is exposed in a breach, it will make its way into the hands of identity thieves.
  3. Protect yourself against the worst effects of an identity theft you may not personally be able to prevent with the help of an identity theft protection product, such as ProtectMyID.com, which will monitor your personal credit information, scour the Internet for unauthorized use of your Social Security number, credit cards and debit cards, alert you if key changes are detected — possibly even before you receive a consumer notification — and help you recover both your good name and any stolen funds.