2014: THE YEAR OF THE BIG DATA BREACH
Data breaches are nothing new but 2014 saw some major breaches of both online and brick-and-mortar retailers. Attackers have become increasingly sophisticated and rather than just attacking wireless access points and sniffing data as we have seen in the past, they have successfully installed malware on point of sale (P.O.S.) systems in major retailers’ stores. Some of the most significant breaches of 2014 include:
• Target Corporation: While this breach took part during the holiday season of 2013, it wasn’t reported until early 2014. Approximately 70 million credit card records were compromised in this attack. This incident was the first in the wave of large scale breaches that took place over the course of 2014.
• JPMorgan Chase: At the present time it is unclear exactly what type of data was compromised in this attack. The New York Times reports that as many as 76 million personal records and 7 million small-business records (addresses and phone numbers) may have been breached.
• Home Depot: Attackers were able to install malware on (P.O.S.) systems in stores and compromised about 56 million credit card records.
• Michaels Stores (and subsidiary Aaron Brothers): These stores fell victim to a malware attack that compromised approximately 3 million customer credit and debit cards. Security firms analyzing the malware claim it was highly sophisticated and had not been seen in the wild before.
Protecting yourself from a large scale breach can be difficult as you must entrust retailers to secure your data properly. Obviously the only sure way of protecting yourself is to pay for all transactions in cash but this can be inconvenient. It is important to monitor your credit/debit cards when merchants that you conduct business with report a breach. Even the smallest inconsistencies should be reported to your financial institution as attackers will often process a small charge against a stolen credit or debit card to ensure that the card is still active. Often times it may be several months after a breach takes place before a card is fraudulently used so active monitoring of your accounts is crucial.
For more up-to-date security information visit the Security Blog: securitynews.fullerton.edu/