Are Data Breaches Becoming More Common?

Chloe Moore  | 

Data breaches have occurred for essentially as long as humans have recorded and stored information. In the past, this obviously meant a manual invasion happened; someone would acquire and go through someone else’s physical bank or medical records.

As information has increasingly been stored on digital platforms it has increased in volume as well. Before, the amount of storage was very much a static thing, but now for those willing to pay for the digital real estate, storage is essentially endless.

Thus, a shift has occurred because criminals have access to more data, data that can be taken in essentially a single sweep. And they aren’t restricted by the need to hide the data in a fingerprint free zone. The more there is to steal, the more that will be stolen.

And that means that the implications are seemingly endless. One of the biggest myths surrounding identity theft is that it’s a victimless crime. But the harsh reality is that each, individual piece of big data almost always represents a real human being with a life that can be drastically altered.

Who Hackers Targeted with Major Data Breaches

The scope of data breaches almost can’t be overstated. There is no entity that has escaped the reach of cyber-criminals. From credit reporting bureaus to the government, and from phone numbers to social security numbers, hackers seem to be able to infiltrate and steal it all.

Department of Defense: In 2015, the DoD had to inform roughly 14 million current and former government employees that their information had been stolen. Unidentified U.S. government officials cited the Chinese as the likely offenders.

Experian: The credit card monitoring bureau Experian lost the personal information, including social security numbers, of 15 million in the year 2015. Not only that, but they also were unable to protect information pertaining to T-Mobile’s credit assessment.

TJX: When the TJX (parent company of Office Max, T.J. Maxx, and Marshall’s) hack was discovered in March of 2007 the number of impacted was believed to be around 45 million, and it was cited as the largest breach ever. It turned out hackers had actually stolen the information of 94 million over an eighteen month period.

Heartland: In 2008, Heartland Payment Systems attackers gained access to the debit and credit cards belonging to 100 million people. Again, at the time it was largest known breach in history.  

In January of 2015 Heartland released a “Breach Warranty” which says, “Heartland is confident in its solutions and committed to improving card data security. Demonstrating this commitment, we offer an unprecedented breach warranty to all merchants who are Heartland Secure and employing Heartland Secure-certified devices—for as long as they’re processing with us, at no additional cost.”

But that very May unencrypted computers were stolen from their Santa Ana, California office. The dust hadn’t even had time to settle after the major breach they suffered seven years prior, but they themselves point out, “If you store it, they will come.”

Yahoo: In terms of sheer numbers, Yahoo takes the cake and it’s a very, very large cake. In 2013, a breach affected more than one billion users, and then at the end of 2014 at least 500 million users were affected. In October of 2017, they revealed that all Yahoo accounts, more than 3 billion, had been breached. 

In a somewhat surprising turn of events Jonathan Stempel of Reuters reported, “A U.S. judge said Yahoo must face nationwide litigation brought on behalf of well over 1 billion users who said their personal information was compromised in three massive data breaches.” This comes after Yahoo’s assertion that the victims did not have the legal standing to do so.

And the problem tying all of these events together is that in terms of credit card fraud brought on by merchant security breaches, “It’s hard to protect yourself against both merchant and processor breaches, as it’s largely out of your hands. You aren’t in control of the database, so you hope the company’s security is up to snuff.”

Security Failure: the Equifax Credit Bureau Breach

The most recent major cyber-crime to date has been the Equifax credit bureau breach, which occurred in May-July 2017 and reportedly led to 145 million consumers suffering from stolen personal information. The Equifax credit bureau hack was startling given the fact that the extensive amount of information compromised was just about as sensitive as it could possibly b,e everything up to and including the social security numbers.

Not only that, but there’s also the fact that unlike those who were using Yahoo’s email platform or were shopping at a TJX store, the Equifax breach impacted those who weren’t even actual customers. To a credit reporting bureau like Equifax, they’re the products; they represent the information that Equifax capitalizes on.

Despite the fact that the information that has come in the aftermath of the breach has been increasingly negative (Executives selling stocks before the breach was public, questionable contract clauses, etc.) what is clear is that Equifax is not a trailblazer in terms of lacking appropriate security, not even for a credit reporting bureau. In fact, at some point it has to be asked, does the appropriate security even exist?

Equifax’s “Remedy”

After the Equifax credit bureau breach, after the CEO stepped down, an interim CEO was appointed who announced that consumers would be able to sign up for free credit freezes and free credit monitoring into the new year. He also introduced a new, free service that would allow individuals to control access to their credit reports.

That’s what always happens, the breached entity attempts to patch things up with the public by offering free services aimed at giving back some semblance of control.

Also following the Equifax breach The Los Angeles times reported that the identity theft protection company LifeLock tailored their advertising to reflect the current news and that their internet traffic increased six times over.

What LifeLock wasn’t advertising though, was that the protection they offer was provided by — you’ll never guess — Equifax. Yes, the same breached credit bureau whose security had prompted their boom in business.

And while companies work to offer the public options that present a picture of remorse and goodwill, the truth is that for those whose data is used illegally, the costs often range in the thousands of dollars, considerably more than the cost of a year of free credit monitoring.

And in terms of the big picture of something like credit card fraud, “The information is then sold in bulk (often online), to the tune of thousands of credit card numbers at a time. A scammer buys the information, and can then methodically work their way down the list, testing credit cards by making small purchases, hoping you won’t notice — like a $10 iTunes gift card.”

Again, it’s almost hard to imagine the extent of the impact of numbers like that being distributed across criminal channels.

What does this mean for the future?

The aforementioned breaches are a mere handful that collectively have seemingly endless repercussions. And in each instance, there’s an attempt to make things right. But how much is damage control worth, when the damage seems unending?

While data has solved a lot of problems of convenience for the consumer and of marketing for the businesses buying it, the side effects are causing most to question whether it’s as valuable as was once believed.

Too Much Data, Not Enough Security

Experts expect that by 2020 yearly data generation will have increased by 4,300 percent. That’s huge. Given the fact that we’re already living in a world where businesses have the most important personal information of billions of people, it’s hard to even imagine the possible implications.

Data is the name of the game for business success, and as companies struggle with pressure not to be left behind, it begs the question, is it ever too much?

Forbes Tech contributor Bernard Marr says, “Most companies I interact with already have too much data… I would like to make the point that people and companies already can’t cope with the data they have today, let alone the data that is around the corner.”

He goes on to say that often companies keep data long after it’s even relevant for fear that they may end up needing it. Not only are companies utilizing all of the virtual storage available, in some instances they may straight up being abusing the ability.  

Especially in light of the fact that virtually every time you agree to share your data with another party, you’re guaranteed they will only hold onto it for as long as they need it to tailor your experience.

What’s an informed consumer to do?

“For Americans who want to protect their personal financial information, there is no way, in our current system, to do so,” claims Gillian White at The Atlantic. Is there really no way?

Transparency and Accountability

Here’s where the good news lies: We live in a climate of entrepreneurial creativity. Humanity has historically done a pretty good job of figuring out complex problems. Surely, if we can figure out the nuts and bolts of the diseases that plague the human body, we can figure out the problems that accompany big data.

Digital Transformation refers to the constant change required by entities to adopt new technologies to avoid antiquated processes; the push of Digital Transformation is remaining relevant and competitive within the current marketplace.

In a culture where consumers oftentimes feel betrayed by their lack of ability and the lack of ability or apparent effort by third-parties to protect their most sensitive information, the clear path forward for both organizations and the companies that provide those organizations with their technology, is a way to safeguard data, and all that that entails.

Identity theft is the crime everyone is worried about because, “about one in every 16 U.S. adults were victims of identity theft last year — or an estimated 15.4 million consumers.” Too many.

Thus, the future of a credit monitoring company like Equifax depends on their dependability, because even if they don’t see consumers as customers, their customers do.

The consumer, the driving force behind everything, wants accountability and security. And that means that while the current problems are clear, so is the only truly profitable path forward for the organization of tomorrow.


Image Source: https://depositphotos.com/

This post was updated October 4, 2017. It was originally published October 6, 2017.