There’s an awful lot of data out there in the great big digital universe, and, as everyone should know by now, it can create a record of people’s activities that they may not always fully appreciate. We’ve previously written about how metadata, when used the right way, can help investigate insurance fraud. As recent news stories point out, however, when used the wrong way by the wrong people, it can be used to steal and defraud innocent people and companies.
Everyone, every time they go online, leaves a digital footprint. Whether it’s social media, where you just have to post your latest thought for all to see; e-commerce, where you browse, select and pay for everything on-line; or even shopping at the local brick and mortar store where you pay by credit card, there’s a record created and information left behind. Cyber-security, which is just another name for at least trying to keep that digital information safe, was much in the news this Christmas Season. Unfortunately, for shoppers, retailers and broadcasters, alike, cyber-security often seems to be more of a goal than a reality.
By now, the security breach at Target stores may seem like old news, but it’s not. On Friday, January 10, 2014, Target said that 70 million people had their names, addresses, and telephone numbers taken by cyber-thieves. This is in addition to the 40 million people who had their credit and debit card information, including Personal Identification Numbers, or PIN’s, hacked from Target’s servers. Thankfully, a lot of the information, including the PIN’s, evidently was encrypted, which at least means it has to be cracked open before a thief can get at it. Whether that will be enough to protect the stolen information is something only time will tell. Unfortunately, even the loss of seemingly benign personal information, like your address, email address, and telephone number, can make you more susceptible to identity theft.
Neiman Marcus, just this past Saturday, January 11, 2014, announced that it, too, had been a victim of a cyber-security attack, in which thieves stole some of its customers’ credit card information and made unauthorized purchases during the holiday season.
On December 25, 2013, the BBC was hacked. Just so you don’t think that retail customers are the only targets, or that retail sales are the only source of ill-gotten gains, communications companies, even staid government-run ones like the British Broadcasting Corporation, are vulnerable. The story broke because someone saw the thief trying to sell access to the BBC servers, online. That would be kind of like coming home from work and not realizing your house was broken into until you see a commercial trying to sell your heirloom jewelry on TV.
The supposed thief, according the BBC story, is a notorious Russian hacker known by the names “”HASH” and “Rev0lver”. From the sound of it, it’s not the first time he’s done this, and it won’t be the last time he’ll try. He attempted to sell access on underground, which is another word for clandestine, marketplaces on the web. It was first noticed by the Milwaukee based cyber-security firm Hold Security LLC, which reportedly makes a practice of monitoring such sites to locate people who try to deal in stolen information like this. HASH tried to convince buyers he had something worthwhile by showing them files which only someone with access to the servers would be able to get at.
Now you might think to yourself, what’s the big deal about the BBC? After all, it’s just information. It’s not like anyone stole money directly out of your pocket.