In This Article

• One database can contain millions of valuable records
• Retail chains and payroll processing companies have been targeted
• A crime ring may place someone inside a company to carry out a data breach

• PDF
• share
• print

You don’t carry your Social Security card. You’ve switched to paperless statements. You would never give any information to a caller claiming to be from your credit card company. You protect yourself against identity theft.

But, you also trust many other entities to protect you as well, and no matter how hard they work to do that, sometimes criminals break through their defenses. In fact, several recent studies have shown that malicious data security breaches are a steadily growing threat.

Most data security incidents experienced by companies that store sensitive consumer data are accidental, like a lost backup tape, and often harmless.

However, in a disturbing trend, researchers at the Ponemon Institute recently noted that the percentage of data security incidents caused by a malicious attack in which hackers intentionally seek consumer data to steal for fraudulent use doubled in the past year to 24% of all incidents.

Business Databases are a Goldmine of Valuable Data for Criminals

Experts note that organized crime rings are getting into the identity theft game and actually hiring development teams of programmers and computer networking experts to figure out ways to break into databases and steal consumer information. Because just one of these databases can contain millions of valuable records, they may even consider it worth their trouble to write “malware” code targeting one company’s unique systems.

Large-scale data thefts aren’t necessarily high tech. Just one rogue employee entrusted with access—or clever enough to break through a company’s data security controls—can steal thousands of records and put them in the hands of criminals. In fact, the Identity Theft Resource Center’s 2010 Data Breach Report identifies an insider attack as the most common type of security breach experienced by financial institutions last year.

Sometimes, an insider is placed in the victim company by a crime ring for the purposes of a carefully planned fraud. A large ring might train one of its members with no arrest record, for example, and have him or her work for several months in the target company until she gets the access she needs to start stealing information.

In addition, experts worry that while the economy remains poor, previously honest employees may become disgruntled or desperate and resort to insider data theft they might not have considered in better times.

It’s Not Just Banks, Either

Although the financial institutions most of us do business with every day are certainly appealing targets for criminals, many other companies have similarly rich databases. Your information may be stolen from companies you would never think of as appealing to a hacker.

Notably, in the one of largest data security breaches in 2011, Sony’s three cloud services for PlayStation (games, music and video and online gaming) were compromised by attackers while the company was distracted by a distributed denial of service attack from a different source. Sony's customers' lost email addresses, login credentials and some credit card information. Hackers correctly identified this database as an extremely vulnerable and lucrative target.

What Can You Do When It’s Out of Your Hands?

1. Take advantage of the data security controls your banks and business partners provide for you, such as the opportunity to create strong passwords. A hacker with access to somebody’s database may successfully steal information about consumers who have used very common and predictable passwords but not be able to access data protected by a strong password.

2. If you do receive a data security breach notification from a company, read it carefully. Experts worry that because inadvertent data security losses may not result in identity theft, many consumers may disregard the notices. But given the rising incidence of malicious data breaches, it is unfortunately more likely than ever that if your data is exposed in a breach, it will make its way into the hands of identity thieves.

3. Protect yourself against the worst effects of an identity theft you may not personally be able to prevent with the help of an identity theft protection product, such as ProtectMyID™, which will monitor your personal credit information, scour the Internet for unauthorized use of your Social Security number, credit cards and debit cards and alert you if key changes are detected—possibly even before you receive a consumer notification.

©2011 ConsumerInfo.com, Inc. All rights reserved.