Data breaches have become more of a regular occurrence as of late and even larger retailers and major brands are being effected. Banks are doing what they can to protect you and find the perpetrators involved, but, the bad news is, that the attacks are more and more sophisticated.
To protect yourself:
1. Check your banking account online more often.
2. make sure you bank with an institution with security measures in place to protect you.
3. make sure your credit cards are secured by whatever institution you have credit with
4. ensure you have the proper insurance on your check and credit cards
5. ensure you have some type of identity theft insurance or protection.
6. be careful and verify security measures on websites where you shop online.
7. be very cautious and observant in situations where your check/credit card leaves your presence … for example in a restaurant with wait service.
8. check your credit report and score on a more frequent basis.
These are just some of the ideas that can help. If you have more, feel free to contact us to share your thoughts or simply share your ideas in a comment below.
Following is one of the more recent stories to come from the Cyber Security threat to our nation:
Neiman Marcus Breach Could Be Part Of Larger Holiday Cyberattack On U.S. Retailers
In the weeks following Thanksgiving, Target became the unlucky victim of a massive attack and data hack, which reportedly affected as many as 110 million people and exposed an array of personal data, including names, addresses and credit card information. With a second retail giant beginning to notify customers that it, too, has been hacked, it seems that we may just be scratching the surface of a larger cyberattack that took place during the holiday season.
This morning, Krebs On Security reported that upscale retailer Neiman Marcus has teamed up with the U.S. Secret Service to investigate its own data breach which led to the theft of credit card and personal information. The company reportedly discovered the cyberattack in December from its credit card processor but has still yet to disclose how many shoppers have been affected by the hack.
However, the company said via its Twitter account that it is beginning to notify customers whose credit card information has been “used fraudulently” since the breach in December. The company said that the forensics team it has been working with had discovered that customer personal information had been compromised, but that it has “begun to contain the intrusion and have taken significant steps to further enhance information security,” it said in a statement about the breach.
Beyond how many of its customers were exposed to the attack, the company has yet to share details on how the breach occurred. There is no concrete evidence that the two attacks on Neiman Marcus and Target were linked, as, at least according to Krebs. Target has yet to publicly share details on its investigation which could help other retailers discover whether or not the attacks were perpetrated by the same hackers.
However, Reuters has since reported that Neiman Marcus and Target were not the only victims of the Holiday Hack Attack ’13, as I’m calling it. According to Reuters, at least three other “well-known U.S. retailers” were subject to data breaches, which used “similar techniques” to the attack on Target. Not only that, but those investigating the events indicated that similar breaches may also have “occurred earlier last year.”
The report claims that hackers used “malicious software” to infiltrate the retailers’ databases and steal credit card information. Reuters’ sources indicated that one of the Trojan horses used by hackers was a “RAM scraper,” which allows the burglar to snatch encrypted data at a moment of vulnerability. This happens when the data appears in plain text as it moves through the live memory of the customer’s computer, according to Reuters.
Visa apparently warned of a series of attacks using this method that had been attempted on its network earlier last year, but while this kind of “RAM scraping” attack has been around for years, the report said that the attacks on Target and others were much more sophisticated. While cyber security itself has increased dramatically (and improved) over the last few years, it appears there’s still headway to be made.
While the attacks reportedly took place during the holiday season, the major retailers affected have delayed any public announcement about the cyberattack. The reason is that many credit card companies and banks are “forbidden” from naming merchants affected by attacks unless “they disclose that information themselves.” Naturally, big brand merchants would rather protect their image and business, rather than publicly announcing a breach.
It’s an understandable move to protect their business and prevent mass hysteria, but it’s also frustrating to customers, banks and many others who may not become aware of exposure until days, weeks or months after the attacks occur. Many states require companies to contact customers when their information is exposed, and usually it’s payment processors who bear that responsibility. But that’s not the case everywhere.
As more information on this comes to light, we may learn that the hackers ran a series of test-runs of their new methods involving RAM scraping and other techniques, which could be (or could have been) a harbinger of things to come. We also may learn that a host of companies have been exposed to these sorts of attacks, even though those companies may resolve try to prevent that information from coming to light.