Exposed: Hacking and Data Breaches The Business of Stealing Your Information

EXPOSED: HACKING AND DATA BREACHES THE BUSINESS OF STEALING INFORMATION While the increase of technology has proven to provide countless modern conveniences, it has also paved the way for a niche of cyber criminals who are intent on stealing your private information. Anything personal, including your social security number, medical information, drivers license, and banking numbers, is considered fair game by these "sleuth" hackers and data thieves. Part of being a citizen in the modern world includes a new definition of consumer data responsibility, as well as ethical policies for companies and corporations. By being vigilant about your online profile and passwords, you stand a much better chance of frustrating the hacker so you become a more difficult target. O EXPOSED RECORDS IN 2013 57,868,922 DATA BREACHES IN 2013 A breach is defined as an event in which an indi- WARNING 614 vidual's name plus Social Security Number (SSN), driver's license number, medical record, or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format. O UNKNOWN BREACHES IN 2013 29.2% Of the breaches did not disclose any kind of attributes clarifying the method or type of breach. O BREACH NUMBERS BY YEAR 2013 614 Though the number of breaches reported is certainly an important factor, it does not necessarily tell the full story about the magnitude of the overall breaches for year, such as the number of records exposed. What's noticable here is the proportion of health/medical breaches that took place in 2014, a substantial increase from years past. 2012 473 MEDICAL BREACH INCREASE 2013 2011 43.8% 421 Health/Medical breaches saw the biggest jump here since data started in 2005, with 269 of the 614 breaches being related these kinds of records. 2010 HACKING SUBCONTRACTOR 662 25.8% 14.4% OBREACHES BY TYPE 2013 Breach types generally fall into these 6 categories. It's important to note that encrypted data does not necessarily constitute a security breach, since the data has not been exposed yet. DATA ON INSIDER THEFT THE MOVE 11.6% 12.9% Insider with 72 incidents falling in this category, compared to 40 recorded in 2012. ared 80% over 2012 figures, 80%4 73%4 Another drastic change was the jump of 72.7% over 2012 figures attributed to Employee Error/Negligence. EMPLOYEE ACCIDENTAL The Subcontractor/Third Party category 68% NEGLIGENCE EXPOSURE also saw a dramatic increase of 67.9% over 9.2% 7.6% 2012, with 89 compared to 53 breaches. BREACH STATISTICS FROM 2005-FEB 2014 (SINCE RECORDS BEGAN) 623,030,087 4327 Exposed Records // Breaches MOST COMMONLY BREACHED ENTITIES 35.54% 22.2% 960 1,538 1 BUSINESS HEALTH/MEDICAL BREACHES BREACHES YEAR BY YEAR BREAKDOWN OF BREACHES Business Educational Government/Military Health/Medical Financial/Credit B. 2005 B. 2006 B. 2007 A. C. A. C. A. C. E. E. D. E. D. B. 2008 B. 2009 B. 2010 A. C. A. C. A. C. E. E. D. E. D. B. 2012 B. 2013 2011 A. C. A. C. A. C. E. D. E. D. E. D. Although Educational breaches start off on a high note, they decrease as the years go by. What's notable is that Business breaches rise considerably to practically dominate the share of breaches after the year 2007. What's more compelling is that Medical breaches have also shot up significantly over the past few years. It would appear as though Medical records have taken on a new fixation when it comes to the types of breaches that occur. Whatever the reason, these charts make it clear that Medical and Business breaches are taking larger slices of the pie now more than ever before. One can't help but ask, "why"? O SOME OF THE BIGGEST BREACHES IN HISTORY TARGET - 12/13 ADOBE - 11/13 HEARTLAND - 2008 40 MIL A150 MIL ) 130 MIL When a credit-card payment processing company gets hacked, the ripple effect can be huge. A 2008 attack on Heartland Payment Systems (HPY) affected an estimated 130 million customers, impacting holders of a variety of credit card types. The major hack of discount retailer Target that stole When this hack initially took place, Adobe had put the amount of compromised accounts at 38 million. credit and debit card data from 40 million accounts was still reverberating several days later. In early November, respected security blog Naked Security revealed that hackers had published data for a whopping 150 million Adobe customers. The blog also claimed Adobe did not encrypt customers' credit and debit card numbers. What was stolen? The hack affected customers who shopped at U.S. Target stores between November 27 and December 15, Target said. Customer names, credit or debit card numbers, expiration dates and CVVS were involved in the information theft, Target said. Heartland eventually paid more than $110 million to Visa (V, Fortune 500), MasterCard (MA, Fortune 500), American Express (AXP, Fortune 500) and other card associations to settle claims related to the breach. Adobe, however, stood by the 38 million figure. TJX COMPANIES - 03/07 TRW/SEARS - 1984 SONY - 2007 TX 94 MIL Sears 90 MIL 77 MIL SONY. Credit card breaches aren't new. In 1984, someone stole a password to a file kept by credit-reporting company TRW Information Systems, which gave the thief access to the credit histories of 90 million people. On April 22, Sony disclosed that an "external intrusion" on its systems between April 17 and 19 affected its PlayStation Network and its media streaming service Qriocity. It pulled the plug on both services on April 20. The hack of TJX Companies stores -- brands like T.J. Maxx and Marshalls -- affected millions of retail shoppers. In March 2007, TJX said at least 46 million customers' MasterCard and Visa cards had been compromised. Several banks sued to recoup losses related to the breach. According to The New York Times, the thief posted the file password on an "electronic bulletin board," or a "computer file accessible to subscribers by phone." (Oh, pre-Internet days.) Someone with access to the password could have combined that with information like a Then, on April 27, Sony announced personal information and perhaps credit card numbers had been stolen in the PlayStation Network and Qriocity breaches. That put sensitive information at risk for a whopping 77 million In October 2007 court filings related to that case revealed at least 94 million TJX (TJX, Fortune 500) customers had been affected -- more than twice the original estimate. customers. cardholder's name, address, etc., to obtain credit card numbers. HOW DOES THE BUSINESS OF HACKING WORK? THE HIDDEN HACKER Hackers will disguise their work through a series of com- plex IP addresses and networks that make it difficult to track where they are and what they're doing. HACKER INFORMATION 2. STEAL THE INFO STOLEN Whether it's card swiping (stealing info from a POS in the retail world), a key swipe software, or accessing a remote database, the info will then be removed for further use. 3. THE DARK NET & BROKERS Card numbers are sold to back room "brokers", fetching as high as $100 or more per card number. Many sites offer a guarantee on the quality of the number. DARK NET/DEEP WEB/BROKERS 4. THE SHELL GAME One lucritive method is where stolen cards are used to charge pre-paid cards. These cards are then used to pur- chase specific gift cards, such as Amazon. 5. SHIP AND RESHIP Goods are shipped to an "agent" or intermediary who then reships the package so that it becomes that much harder to track. 6. PAY DAY The carder may then sell the electronics through legita- mite channels such as through eBay, or to avoid risk can sell the goods through a "deep web" site. Most people are familiar with the "deep web" from the Silk Road, which was recently shut down by the FBI. STEPS YOU CAN TAKE TO PROTECT YOURSELF Often times, we are our own worst enemy when it comes to hackers being successful with stealing our information. From Social Networks to giving away information on a well-made lookalike website, it's crucial to become an informed consumer and know where to safeguard yourself. Below are some tips to help you. 04 HTTPS - SECURE LOGIN 01 PASSWORD SECURITY E Never provide information without being logged into a secure website with an SSL and HTTPS. Experian revealed in a study that the average user has 26 passwords, for online accounts protected by 5 different passwords. Make your passwords more complex and keep a database in a safe place. 05 DIFFERENT SECURITY QUESTIONS Use different security questions for each application you use, as well as information that cannot easily be found on the internet. 02 SHARE LESS With just about everyone attached to social media these days, it can be easy to over-share information. Bottom line - if you wouldn't be comfortable telling a complete stranger, don't share it. 03 ELIMINATE MALWARE E Make sure you install anit-virus software on your computer that will keep out malware. This type of malicious software is often what cyber-thieves use to gain access to personal information on your PC or other commonly browsed device. 06 RECOGNIZE PHISHING Thieves are getting increasingly clever with ways to mimic popular ecommerce and banking sites so that you login and give your information away. If you get an email asking you to login to an account, think twice before doing it. O SOURCES 1. http://finance.yahoo.com/blogs/the-exchange/password-isn-t-safe-90-vulnerable-hacking-213820350.html 2. http://money.cnn.com/2013/12/22/news/companies/target-credit-card-hack/ 3. http://money.cnn.com/gallery/technology/security/2013/12/19/biggest-credit-card-hacks/3.html 4. http://www.idtheftcenter.org/ITRC-Surveys-Studies/2013-data-breaches.html 5. http://www.tripwire.com/state-of-security/vulnerability-management/how-stolen-target-credit-cards-are-used-on-the-black-market 6. http://blog.malwarebytes.org/online-security/2013/04/too-tough-to-crack/ PRESENTED BY: CNI (855) 417-6645 www.CenturyNI.com Debt Settlement Services CENTURY NEGOTIATIONS, INC 000 D00 D. D. B. O000000 0000000 0000000