A December of Hackers
December was a bad month for anyone who didn’t want their personal information leaked to hackers or other third-party sources.
Retail giant Target had a problem about two weeks ago when 40 million customer records were stolen. The information contained on the records included names, credit and debit numbers, expiration dates, and security codes. The hackers with that information could easily use it to make fraudulent purchases on customers’ cards.
Popular messaging application Snapchat released that several million of their users’ usernames and corresponding phone numbers were leaked late on New Year’s Eve. There’s actually a site to check if your username was leaked, and it provides tips on how to handle it if it was. If your username was breached, it means that your phone number could be given to spammers or the like.
Skype was also recently breached by the Syrian Electronic Army, a hacking group. Skype has reported, however, that no user information was stolen or lost.
Obviously a breach involving credit card information and a breach involving usernames and phone numbers seem very different, but the truth is that they’re both notably problematic. They indicate a reliance we have on technology that is utterly new to our time, and because that reliance is new, ways to steal from us have also evolved. Everything can be done online, from banking to applying to college to planning a trip. And it’s easy to do those things, it’s easy to trust a site when they say they are secure. But we have to remember that every time we provide our information, there is the possibility that it makes its way into the wrong hands. And retailers have to realize that storing information online can be just as dangerous for them as for a teenager using Snapchat.
The types of breaches that we saw this month definitely aren’t new, and they aren’t the worst in recent history. TJ Maxx Corporation actually had a similar incident in 2006, but instead of 40 million customer records lost, it totaled about 90 million. And in 2009, Heartland, a credit card processing system, had 130 million records stolen.
The former chief security officer of Heartland, Steven M. Elefant, made an important point about security breaches and theft propagated through the internet. He stated, “it’s a game of cat and mouse. We’re dealing with sophisticated bad guys that have many ways to attack.” New security features can be installed and developed. But for every new feature that is developed, a hacker will probably be able to find a way around it. It might take time and effort, but it’s possible.
There are some solutions that could be put in place, but they might be logistically complicated. In Europe, smart chip technology is used. The United States use magnetic strips to hold information, but European cards usually little chips that are much harder to counterfeit. Since the smart-chips were implemented in Europe, fraud and theft have declined. The JobsUnited States seems to be stuck in a time warp. Most of our allies and trading partners use smart-chip cards, but we use the strip cards that were invented in the 1960s. As a result, by October 2015, new chip card standards will be put into place by most major credit card companies, like Visa and MasterCard. While this won’t completely eliminate fraud, it should make some impact.
Anneliese Mahoney (@AMahoney8672) is Lead Editor at Law Street and a Connecticut transplant to Washington D.C. She has a Bachelor’s degree in International Affairs from the George Washington University, and a passion for law, politics, and social issues. Contact Anneliese at amahoney@LawStreetMedia.com.
Featured image courtesy of [Brian Klug via Flickr]