Cybersecurity Update: Hackers’ Gains, Target’s Losses, and E-Commerce
There are a few recent news stories that business owners, fraud investigators, and consumers should be aware of. Though not necessarily related, they point out the ever-growing need to protect digital information and the consequences for those who do not. Cybersecurity, it seems, is something that will affect everyone, eventually.
The topic of the first story, unfortunately, is common; the numbers, thankfully, are not, though we should all hope they stay that way. According to an article by Danny Yidron in the Wall Street Journal, which was last updated at 2043 hrs Eastern Time on August 5, 2014, a gang of Russian hackers has amassed 1.2 billion stolen user names and passwords from approximately 500 million unsuspecting people. According to the private security firm that discovered the theft, Hold Security in Milwaukee, the hackers obtained the information from 420,000 websites, allegedly ranging from leaders in major industries to small businesses and personal websites. No measurable harm evidently has come from the theft, at least not yet. The hackers reportedly so far are using the data only to send spam messages on social media accounts. That doesn’t mean the people whose information was stolen are free and clear: There is a growing trend in recent years, according to the report, where cybercriminals amass online credentials for later use. While that later use isn’t specified, it shouldn’t be all that hard to determine. Consumers, according to the report, often use the same user names and passwords across various websites. If a hacker learns a user name and password for one account, it’s not that hard to imagine that the hacker also could gain access to the consumer’s other accounts, including on websites that store, or have access to, the consumers’ financial information, including credit card numbers.
In order to see the harm that was done already, merely because the hackers have the user names and passwords, you have to remember that just exposing your customers’ confidential information sometimes is enough to trigger an enforcement action by the Federal Trade Commission to force businesses to take reasonable precautions to protect their customers’ digital information. If you remember the LabMD case, which we already spent some time discussing, the FTC’s claims of unfair or deceptive acts or practices in, or affecting, commerce, were directed against LabMD for allegedly inadvertently posting the confidential information of less than 10,000 individuals on a file sharing platform that was intended to share music files instead. During the FTC’s administrative law trial against LabMD, it reportedly did not even plan to present any witnesses who were the victims of the alleged ID theft; exposing the information, allegedly, was enough.
We’re not comparing the theft of user names and passwords to exposing confidential health information, which allegedly is what occurred in the LabMD case. Allowing the theft of user names and passwords could lead to some real trouble, though, especially if it leads to the theft of user financial information, such as credit card numbers. That leads straight to the second news story.
Target, it seems, is still suffering, more than six months later, from the effects of the large data breach that occurred this past Holiday Season. Target lowered its earnings estimates for the recently completed quarter, according to a story by Michael Calia in The Wall Street Journal, which was last updated on Aug. 5, 2014 at 1532 hrs Eastern Time. This reportedly is based, in part, on the estimated $148 million of expenses tied to the data breach in the last quarter, only $38 million of which will be reimbursed by an expected insurance payment.
At the same time that the risks are becoming more apparent, more people are shopping online, which means ever more information potentially is at risk and has to be safeguarded. Retail stores are facing ever decreasing in-store traffic: In each month but one over the last two years, in-store visits have decreased by at least 5% from a year earlier. At the same time, online sales have increased by at least 15% per quarter for every quarter for the last two years. This is all according to another story in the Wall Street Journal, this time by Shelly Banjo and Paul Ziobro, which was last updated on August 5, 2014 at 1929 hours Eastern Time.
When you add these three stories together, you get a good view of the dangers, and benefits, of digital information in commerce. How to obtain the benefits, and minimize the risks, is something business owners and consumers alike have to grapple with. Since the risk involves potentially large amounts of money, fraud investigators will have ample opportunity to demonstrate their skills in tracking down the inevitable fraud that will follow.
Go raibh maith agat.