Data breaches spiked by 86 percent in 2016 with over 1.4 billion records being compromised. Hackers, cyber criminals and other malicious outsiders were responsible for just over two-thirds of last year’s data breaches. The healthcare industry suffered the most with 28 percent of all reported breaches in 2016.
With hackers casting wider nets, they are accessing easily attainable account and identity information as the starting point and moving on to high value targets. Where will it stop?
Data breaches have gained widespread attention as businesses of all sizes become increasingly reliant on digital data, cloud computing, and workforce mobility. With sensitive business data stored on local machines, enterprise databases, and cloud servers, breaching a company’s data has become as simple as gaining access to restricted networks.
But data breaches didn’t begin when companies began storing their protected data digitally. In fact, data breaches have existed for as long as individuals and companies have maintained records and stored private information. Before computing became commonplace, a data breach could be something as simple as viewing an individual’s medical file without authorization or finding sensitive documents that weren’t properly disposed of.
Fraudsters, or as I like to call them, thieves, are shifting from attacks targeted at financial organizations to infiltrating large data bases such as entertainment and healthcare platforms. Encryption has become a weapon of fraudsters whereby they make breached data unreadable, then hold it for ransom and decrypt it if they are paid. This malicious software is referred to as ransomware. It threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim’s files, making them inaccessible.
The largest data breach in history indirectly involved Experian, one of the three main credit reporting agencies. Experian acquired a company called Court Ventures, which gathers and aggregates information from public records, in March 2012. At the time of acquisition, Court Ventures had a contract with a company called U.S. Info Search which enabled customers to access U.S. Info Search’s data to find individuals’ addresses to determine which court records to review.
Court Ventures sold information to a number of third parties, including a Vietnamese fraudster, which then provided its own customers with the opportunity to look up personal information of Americans, including financial information and Social Security numbers, which was then used for identity theft. Some news sources cited 200 million records breached in this incident, which continued for more than 10 months.
This scary scenario wasn’t shared for comparison’s sake, but to remind us all to stay diligent and alert to the nefarious efforts of those who try to access databases and networks. The digital world is great, until it isn’t.
Melody K. Smith
Sponsored by Access Innovations, the world leader in taxonomies, metadata, and semantic enrichment to make your content findable.