Data Breaches, Cyber Security, and Insurance Fraud: How Information Can Help and Hurt
There’s an awful lot of data out there in the great big digital universe, and, as everyone should know by now, it can create a record of people’s activities that they may not always fully appreciate. We’ve previously written about how metadata, when used the right way, can help investigate insurance fraud. As recent news stories point out, however, when used the wrong way by the wrong people, it can be used to steal and defraud innocent people and companies.
Everyone, every time they go online, leaves a digital footprint. Whether it’s social media, where you just have to post your latest thought for all to see; e-commerce, where you browse, select and pay for everything on-line; or even shopping at the local brick and mortar store where you pay by credit card, there’s a record created and information left behind. Cyber-security, which is just another name for at least trying to keep that digital information safe, was much in the news this Christmas Season. Unfortunately, for shoppers, retailers and broadcasters, alike, cyber-security often seems to be more of a goal than a reality.
By now, the security breach at Target stores may seem like old news, but it’s not. On Friday, January 10, 2014, Target said that 70 million people had their names, addresses, and telephone numbers taken by cyber-thieves. This is in addition to the 40 million people who had their credit and debit card information, including Personal Identification Numbers, or PIN’s, hacked from Target’s servers. Thankfully, a lot of the information, including the PIN’s, evidently was encrypted, which at least means it has to be cracked open before a thief can get at it. Whether that will be enough to protect the stolen information is something only time will tell. Unfortunately, even the loss of seemingly benign personal information, like your address, email address, and telephone number, can make you more susceptible to identity theft.
Neiman Marcus, just this past Saturday, January 11, 2014, announced that it, too, had been a victim of a cyber-security attack, in which thieves stole some of its customers’ credit card information and made unauthorized purchases during the holiday season.
On December 25, 2013, the BBC was hacked. Just so you don’t think that retail customers are the only targets, or that retail sales are the only source of ill-gotten gains, communications companies, even staid government-run ones like the British Broadcasting Corporation, are vulnerable. The story broke because someone saw the thief trying to sell access to the BBC servers, online. That would be kind of like coming home from work and not realizing your house was broken into until you see a commercial trying to sell your heirloom jewelry on TV.
The supposed thief, according the BBC story, is a notorious Russian hacker known by the names “”HASH” and “Rev0lver”. From the sound of it, it’s not the first time he’s done this, and it won’t be the last time he’ll try. He attempted to sell access on underground, which is another word for clandestine, marketplaces on the web. It was first noticed by the Milwaukee based cyber-security firm Hold Security LLC, which reportedly makes a practice of monitoring such sites to locate people who try to deal in stolen information like this. HASH tried to convince buyers he had something worthwhile by showing them files which only someone with access to the servers would be able to get at.
Now you might think to yourself, what’s the big deal about the BBC? After all, it’s just information. It’s not like anyone stole money directly out of your pocket.
There evidently is a large market for access to computers, evidently the stronger the better, to be used for computer attacks, denial of access attacks, and phishing. The bad guys gain control of computers and use them for their own nefarious ends. They hack into a computer, take control of it remotely, and make it do what they want; as long as it is connected to the internet it can be controlled, often without the owner knowing a thing about it and often without the owner even being there. They are called “Bots,” which sounds like some really cool neo-card game or electronic bad guys that you can do battle with on a video-game console.
Retailers and communications companies alike all deal in large amounts of information.
Target reportedly is one of the industry leaders in data mining, by which they gather, analyze, and utilize information from their customers to gain insights on their shopping habits and preferences.
Communications companies have been hacked before. The Associated Press was reportedly attacked by Syrian hackers in April 2013. According to the International Business Times, the hackers planted a false story about the White House being attacked, and the U.S. Stock Market fell 143 points in a matter of seconds.
These are just some interesting stories that have come out recently. The thing is, stories like these are coming out more and more often. Though every good story has a moral, this time you’ll have to fill in the blanks. It’s just something to think about at the beginning of the year.