5 LESSONS LEARNED FROM RECENT RETAIL J DATA BREACHES Presented by: VendorSAfe TECHNOLOGIES Protect Data. Secure Business. ON APRIL 7, 2014, THE HEARTBLEED BUG WAS EXPOSED Since 2011, approx. 66% of the internet had been incredibly vulnerable to cyberattacks and hackers. Affected OpenSSL software, a popular encryption software - HACKERS WERE STEALING INFORMATION protecting names, passwords, and content through the web WITHOUT BEING DETECTED OR LEAVING e-mail instant messaging virtual private networks (VPNS) A TRACE, FOR YEARS Online companies affected amazon Etsy Instagram THE SAME DAY THAT HEARTBLEED WAS EXPOSED, A PATCH FOR THE OPENSSL WAS facebook. hulu NETFLIK RELEASED AND THE ENTIRE WORLD WAS URGED TO CHANGE ALL ONLINE PASSWORDS 87% OF PEOPLE ARE "NOT AT ALL LIKELY" OR "NOT VERY LIKELY" TO DO BUSINESS WITH AN ORGANIZATION THAT HAD SUFFERED A DATA BREACH INVOLVING CREDIT OR DEBIT CARD DETAILS HERE ARE SOME HARD LESSONS LEARNED FOR RETAILERS CONCERNING DATA BREACHES THE WOR 1. DATA BREACHING OCCURS A LOT MORE THAN YOU THINK RETAILERS UNDERESTIMATE HOW OFTEN IT HAPPENS AND THE SCOPE + IT'S ONLY GETTING WORSE. 2013 saw an increase of 30% over the total number of breaches tracked in 2012 619 600 45% MILLION total breaches on of hacked businesses records containing personal information have been stolen are made up by the retail industry the ITRC Breach List [2013] since 2005 CONCLUSION: 89% WERE AVOIDABLE 2 MILLION RECORDS ALREADY BREACHED IN 2014 90% of US businesses report being hacked 59% report being hacked more than once 2. THERE ARE MANY WAYS HACKERS CAN ACCESS RETAIL CUSTOMER INFORMATION RETAILERS HAVE MANY DIFFERENT AND COMPLICATED VULNERABILITIES Point-of-sale terminal: where you swipe your credit card The hackers scrape the data from the magnetic strip on your credit card E-commerce site Some businesses don't require minimum password lengths, diverse characters or capitalization 76% of e-commerce breaches were due to weak or stolen account logins and passwords Stored customer info within the company Phishing: A total of 31% of company breaches were due to insider theft or mistakes Social Engineering: 29% of compromises resulted from social engineering - tricks account holders into giving up credentials 3. HACKERS CAN DO A VARIETY OF THINGS WITH CUSTOMER INFORMATION HACKERS NAIL RETAILER CUSTOMERS IN MANY DIFFERENT WAYS What can the hackers do with customer information? Get a new credit Make purchases with your credit card Sell your credit card information to the black market card/bank loans/mortgages in your name Batches of up to 1 million cards were selling for anywhere from $20 to as high as $100 per card 47% OF REPORTED BREACHES INVOLVE THE EXPOSURE OF SOCIAL SECURITY NUMBERS 56% OF RESPONDENTS REPORTED THEFT OR MISUSE OF A CHILD'S SOCIAL SECURITY NUMBER 1 in 4 data breach recipients became a victim of identity fraud 1 identity theft victim every 3 seconds 29% of victims spent a month or more resolving problems O TARGET CARD DATA WAS SIPHONED FROM TARGET'S POINT-OF-SALE SYSTEMS Point-of-sale systems process more than $3 TRILLION in U.S. transactions a year The hackers stole approximately 70 million records that included phone numbers, email and mailing addresses and more The breach, that began Nov. 27 - Dec. 15 2013, affected at least 40 million credit card accounts 4. DATA BREACHES TAKES A LARGE TOLL ON BUSINESSES HACKERS COST RETAILERS MORE THAN JUST CUSTOMER SATISFACTION data breaches cost merchants -$200 per breached record With data breaches comprising of an average of 28,765 records, this costs orginizations on average: $5,400,000 O TARGET. Cost to Target: $61 Million Cost to Financial Institutions: $200 Million Cost of card replacement alone: $172 million Cost to Credit Unions $30.6 Million Doesn't take into account any fraudulent activity, which would push the cost of the data breach to the industry higher as consumers are not held liable recent massive data breaches damaged credit scores could negatively affect real estate transactions loan applications jeopardized home sales knocked off track waiting for bureau's to clean up credit reports 5. YOU CAN PREVENT BREACHES SAFETY TIPS TO PROTECT YOURSELF "It's 2014. We expect retailers of this magnitude to have better security, weigh their risks and spend the resources necessary to secure their data." * If you believe your debit card was exposed then immediately request a new card * Get credit monitoring and identity theft protection using protection services * Get a free fraud alert on yo credit report Check and monitor your statements * Don't over share on social networks Fraud plummeted 34% in England when implementing chip-and-PIN cards It will cost at least $8 billion to upgrade the nation's 610 million credit cards, 520 million debit cards, 15 million card terminals and 360,000 ATMS. Using a magnetic strip with a zip code promises up to 60% higher returns Spending on e-security will rise to $720.3 million in 2014, an increase of 5.7% Sources: Presented by evigo.com/13043-heartbleed-bug-affected-major-e-retailers/ Retailexperience customer huffingtonpost.com/2014/02/18/target-data-breach-cost_n_4810787.html latimes.com/business/realestate/la-fi-harney-20140202,0,7259625.story reuters.com/article/2014/02/26/us-target-results-idUSBREA1POWC20140226 .com digitaltrends.com/mobile/heartbleed-bug-apps-affected-list/#IWJuOt www4.symantec.com/mktginfo/whitepaper/053013_GL_NA_WP_Ponemon-2013-Cost-of-a-Data-Breach-Report_daiNA_cta72382.pdf