Despite the hundreds of millions of dollars that organizations have invested in information security technology to secure their critical business-technology infrastructures, the bad news keeps breaking. In the past year, dozens of companies have had to inform their customers that the exposure of their personally-identifiable financial information had placed them at great risk of identity theft. The incidents range from fraudsters successfully establishing bogus access accounts to steal legitimate consumer information to hacked networks to lost backup tapes containing the financial information of millions of consumers.
It’s not just the widely-publicized cases that count. In the past several years the federal government has prosecuted individuals for criminally abusing their insider access. In February of 2005, federal prosecutors indicted an IT manager for gaining unauthorized access to his former employer’s network to read e-mail and causing damage to its systems. Federal prosecutors have also prosecuted and found employees guilty of password trafficking, selling customer financial information —including detailed credit reports -- to organized crime.
Recently, IT managers and even customer service representatives, have been prosecuted and convicted for using their privileged access rights to destroy or steal their company’s information and selling customer financial data to organized crime. High-tech companies aren’t immune, as even network equipment and software manufacturers have had their proprietary source code stolen and made accessible on the Internet.
The sheer scope of the impact is mind-boggling. A recent security breach at a major credit card processor reportedly exposed more than 40 million card-holder names and account numbers. In February, a well-known information-broker revealed that criminals had managed to steal the names, addresses, and Social Security numbers of as many as 145,000 individuals by using previously stolen identities to create 50 fake businesses to access the company’s information stores. In another widely-publicized breach, one of the country’s largest information services providers announced that hackers managed to gain access a database to seize the names, social security and driver’s license numbers, and addresses of more than 300,000 individuals. According to Gartner, 9.4 million U.S. adults were identity theft victims between May 2003 and April 2004. Their financial losses totaled $11.7 billion.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.