By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
As the digital world grows with the addition of every new user, data security threats continue to plague some of the world’s largest retailers, websites, and online storefronts. Cyber criminals are keeping pace with the advancements in online security while finding new and sophisticated ways to breach systems, which is exactly why the Federal Trade Commission is looking to fight back with new regulations.
And the Senate Commerce Committee seems to agree, having recently called for a strengthening of federal standards and increased accountability in protecting customer data following last year’s Target debacle. And the need for such legislation is self-evident. From stolen credit card information and email addresses to compromised social security numbers, here are seven examples of data security breaches that the FTC is trying to fight.
1. Target’s Massive Security Breach
When it comes to data security threats, sometimes even the giants are just as susceptible to breaches as smaller businesses. Such is the case with the retail megastore Target, which experienced a staggering security breach during the 2013 holiday shopping season. The retailer fell victim to hackers, resulting in more than 40 million stolen credit card records and 70 million hijacked personal records, including customer email addresses.
With reports of ignored security warnings and other forms of negligence on Target’s part, the FTC is investigating the massive breach. If the FTC finds that Target took part in negligent data security practices, the ruling could lead to new regulations for businesses and their customer information safeguarding procedures.
2. Security Threats and the Social Media Empire
As the number of social media users increases by the millisecond, it’s no wonder hackers are targeting social sites. Early last year, Zendesk, the customer service provider for sites like Tumblr, Twitter, and Pinterest, announced that it was hacked. The incident, which was minor compared to Target’s breach, nonetheless resulted in hackers obtaining thousands of user emails, which were then likely used for phishing scam attempts.
In a similar incident, Twitter was hacked again in late 2013, along with some social powerhouses like LinkedIn and Facebook, as well as Google and Yahoo. All told, the malware security breach struck 93,000 websites, resulting in hackers stealing approximately 2 million passwords and usernames. The malware flew under the radar for a month while user login information was compromised.
3. Hacking on the Collegiate Level
Hackers are becoming more brazen, going so far as to hack into college and university databases. In fact, in March 2014, the University of Wisconsin-Parkside had a high level security breach where over 15,000 current students and recent graduates had their personal information hacked through the university’s own student portal webpage.
Although the University of Wisconsin doesn’t yet know the full extent of the damage, university investigators believe everything from phone numbers and addresses to information as sensitive as social security numbers and email addresses are at risk.
4. Adobe’s Source Code Leak
Whether it’s for personal gain, to leak information, or both — cyber criminals hack into online systems for many different reasons. In October 2013, the software giant Adobe reported a breach in which the credit card information of more than 3 million customers was stolen. To add insult to injury, the hackers also posted the usernames and passwords of another 150 million customers to different websites on the cyber black market, as a result of the same hacking incident.
Although Adobe reports that cyber criminals were able to infiltrate the system because of a rare source code leak, the breach created far-reaching damages, because many of the hacking victims had personal banking information tied to their accounts in the form of password hints. Adobe Photoshop users were at the heart of the security breach, which is likely due to the software’s popularity creating a high number of registered users.
5. Online Security and Sears
Because massive companies have a harder time monitoring their online livelihoods because of the sheer size of their databases, the larger the corporation, the better for hackers. Although no official reports have been filed as of yet, Sears is under investigation for a possible ongoing security breach that could expose the personal information of millions of its customers.
Sears Holding Corporation currently has digital forensic experts scouring their databases and systems to see whether or not cyber attacks are, or ever were, a threat. Sears is taking the matter seriously, going as far as enlisting the help of the Secret Service to assist in the security review. As of March 2014, Sears reports that no system breaches have been found so far.
6. LivingSocial Password Encryption
In the spring of 2013, the coupon king LivingSocial fell victim to a particularly nasty security breach in the form of the cryptographic unscrambling of more than 50 million of its users’ passwords. Before the system breach, LivingSocial was using a fairly straightforward password algorithm that simply couldn’t hold up to the repeated encryption attempts of hackers.
Because the poorly designed algorithm protected the company’s password storage database, hackers were able to essentially reverse customers’ encrypted passwords with ease, which opened access to their accounts. The LivingSocial security breach exposed customers’ names and email addresses, which allowed hackers to use the information to break into other personal accounts.
7. Target’s Two-Fold Attack: Security Breach Aftermath
As data security breaches for large corporations gain nationwide and worldwide attention, more cyber criminals are jumping on the security breach bandwagon and trying to get a piece of the hacking pie. This is exactly what happened to Target with the phishing scam that came about after its follow-up security breach emails.
In order to better inform its customers about the situation, Target sent out emails to all of its affected customers regarding the details of the security breach. As a result, hackers also sent out phishing emails disguised as Target emails that asked customers to check their credit scores using the email’s provided link.
Although Target sent another round of emails informing customers not to click on any email links that ask for personal information along with other helpful online security tips, there were still an untold number of customers who fell victim to the phishing scam.
With data security breaches happening all across the Internet, the cases above are just a handful of the many reasons why the FTC needs to heighten its regulations. Failure to do so could potentially result in an Earth-shattering financial fallout for the global economy.