The Random Nature of Data Breaches
With the ever-present news of yet another data breach, it’s easy for the public to fall victim to “data breach fatigue.” This very real phenomenon occurs when we’re bombarded with another headline, another notification letter, another alert from our credit card company. The public might easily think data breaches are commonplace and impossible to prevent, but that’s actually the worst reaction any of us could have.
One thing that the public must remember is that different data breaches can be connected due to the vast troves of stolen information floating around the internet. At the same time, recent news clearly shows that these hacking events can also be completely random and committed against every type of organization. There is no single business that is more or less susceptible due to its size or the type of industry, and there is not necessarily a connection between different breaches that happen in the same geographic location or even on the same day.
Take the following three examples: all three happened during 2016, but their company sizes and industries couldn’t be more diverse. Even the methods the criminals employed weren’t identical but ran the spectrum of known data breach tools.
1. LA County Phishing Attack – Los Angeles County sent out data breach notification letters to affected individuals, informing them that their information had been compromised due to a phishing email attack. In that event, 108 county employees received an email that seemed to come from someone trustworthy. The employees handed over the email usernames and passwords for more than 750,000 county employees.
2. Malware Affecting an Online Gun Store – One Pennsylvania gun shop experienced a data breach after malware was detected on its website. Fortunately, the malware was meant to attack the online shopping section of the site in order to steal names, credit card information, and CVV codes at the time of purchase, rather than more sensitive stored data like Social Security numbers and birthdates.
3. Stored Hotel Data Accessed by Unauthorized Users – One of the most important considerations for any company looking to prevent data breaches is how they secure their stored data; in many cases, they need to take a good look at why they’re storing their customers’ data in the first place. In a breach affecting one hotel and casino, someone accessed the stored security reports for the property and was able to steal names, Social Security numbers, and more.
All three breaches employed different methods of attack, stole different types of information and targeted very different businesses, yet the end result is the same: a data breach notification letter had to be sent to affected individuals and the state’s attorney general. In one instance, a year’s worth of credit monitoring was offered to the victims, while in another case it was a simple matter of changing the users’ email passwords. Data breaches can happen anywhere and to any business, and the characteristics of the breach can be vastly different, but the outcome—a potential loss of control over your information—can be the same.
Questions about identity theft? Contact the ITRC toll-free at (888) 400-5530 or on-the-go with the new IDTheftHelp app for iOS and Android.
Read next: Your Identity Theft Holiday Checklist