Tuesday, September 9, 2014

Stitches to close wound caused by personal information breaches

“We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred." With these words, Frank Blake, chairman and CEO of the largest DIY retailer in the world, Home Depot, confirmed the worst fears.

Data from credit cards of million Home Depot’s customers may have been stolen by cybercriminals between April and September 2014, and would be selling at a clandestine Internet corner known as Rescator.cc. It is still not confirmed the number of customers affected, but it is speculated that could be the biggest information breach in history. The criminal group have infected the point-of-sale systems from more than 2,200 stores that Home Depot has in North America with a malware called BlackPOS. This malicious code captures credit card numbers from memory before being encrypted. In an attempt to reassure consumers, DIY giant has stated that they will not have to take any responsibility for fraudulent charges made on their cards.
With much more limited scope, the California State University, East Bay, has also recognized to have suffered an attack on one of their servers in August that left the personal information of more than 6,000 people exposed. Most of them were university’s staff.

AltaMed Medical Group also has found itself forced to warn its customers from Orange and Los Angeles Counties in USA of the potential exposure of their personal data due to the theft of a hard drive by a former employee.

In all these cases, the affected organizations have offered free credit monitoring services to its clients in order to detect fraudulent movements on their accounts. In addition, both Home Depot and AltaMed also provide the, with identity protection services for free.

To cope with all these expenses is necessary to have adequate insurance. Therefore, "cyber insurance" is sexier than ever. In fact, the firm Marsh & McLennan believes that this market could double to $ 2 billion in 2014. However, the expert in technology and information security writer, Paul Roberts, argues that insurance companies rushing into this area are at high risk for two main reasons: first, their lack of experience and knowledge about the world of cyber threats; on the other hand, their lack of understanding about what exactly they are insuring could lead them to very uncomfortable unforeseen situations.

To combat both information leaks and other cyber threats is important that both the private and the public sector are well coordinated and share cross-industry information. The Cyber ​​Threat Alliance was born in May with this objective and, step by step, new members has been joining it. The last two were security companies McAfee and Symantec.

Therefore, information is essential to limit the risks that we all face on the Internet. Consequently we invite you to stay constantly informed through our social channels (find the links at the right sidebar) or here on our blog.


Post a Comment