Data Breaches 101: How They Happen, What Gets Stolen, and Where It All Goes
October 23, 2015
It has come to a point that people have become desensitized with the news of a data breach. Every now and then, companies announce that their systems were breached, followed by the extent of the damage, and what they’re doing about it. Compromised data is a subject that needs the public’s full attention. Data breaches can result in millions of private records and sensitive data stolen, affecting not just the breached organization, but also everyone whose personal information may have been stolen.
What is a Data Breach?
A data breach occurs when a cybercriminal successfully infiltrates a data source and extracts sensitive information. This can be done physically by accessing a computer or network to steal local files, or by bypassing network security remotely. The latter is often the method used to target companies. The following are the steps usually involved in a typical a breach operation:
- Research – the cybercriminals look for weaknesses in the company’s security may it be people, systems, or network.
- Attack – the cybercriminal makes initial contact using either a network attack or a social attack
- Network/Social attack – a network attack is when a cybercriminal uses infrastructure, system, and application weaknesses to penetrate through the organization’s network. Social attacks involve tricking or baiting employees into giving access to the company’s network. An employee can be duped into giving his or her log-in credentials, or may be fooled into opening a malicious attachment.
- Exfiltration – once the cybercriminal gets into one computer, he can then attack the network and tunnel his way toward confidential company data. Once the hacker extracts the data, the attack is considered successful.
What types of data are usually stolen?
The motive of Cybercriminals directly impacts what companies they attack. Different sources yield different information. The following are common targets, as well as notable cases on the attack.
- Office of Personnel and Management (April, 2015)
Hackers gained access to over 18 million federal employee records which included social security numbers, job assignments, and other training details.
- Ashley Madison (July, 2015)
Hacktivists stole information from Ashley Madison and dumped 10GB of data on the Deep Web. This included the account details and personally identifiable information of some 32 million users, as well as credit card transactions.
- TARGET (January, 2014)
Hackers penetrated Target’s network and were able to infect all Point of Sales machines. They were able to expose nearly 40 million debit and credit cards to fraud. The information stolen included PIN numbers, names, as well as other banking information.
- JP Morgan Chase & Co. (October, 2014)
The company disclosed that the data of an estimated 76 million households and 7 million businesses were compromised. The information included names, addresses, phone numbers, email addresses, and others.
- Anthem Inc.(May, 2015)
An attack that started last April 2014 resulted in the data theft of over 80 million current and former customers. Data stolen included names, birthdays, social IDs, email addresses, as well as employment information
Based on the data stolen, here are specific types of information that are of value to cybercriminals. Hackers search for these data because they can be used to make money by duplicating credit cards, and using personal information for fraud, identity theft , and even blackmail. They can also be sold in bulk in deep web marketplaces.
[Read: where do all the stolen information go?]
- Member name
- Date of birth
- Social Security number
- Member identification numbers
- Email address
- Mailing and/or physical address
- Telephone numbers
- Banking account numbers
- Clinical information
- Claims information
End users are almost never the target of cybercriminals who are out to steal sensitive information in bulk, unless an individual is connected to an industry (see Spear Phishing). However, end users can be affected when their records were part of the information stolen from big companies. In such cases, it is best to take note of the following practices.
- Notify your bank. Verify your account details and change PIN codes.
- Double check email addresses from incoming emails. Cybercriminals can pose as bank representatives and ask for credentials.
- Do not click suspicious looking links or download files from unknown sources.
- If credentials or financials have been tampered, contact the breached company and ask if they can assist in enrolling in a fraud victim assistance program.
[More: Data breach news, incidents, and resources]
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.