Another day, another attack by hackers intent on stealing financial and personal information about the customers of banks and retailers. Even ATMs are vulnerable, it turns out.
What’s a consumer supposed to do?
When we did our 8 Massive Hack Attacks Aimed at Financial Data, we got a few tips from security expert Gary Raphael, senior vice president, risk consulting for ACE Private Risk Services.
Vigilance is key, it seems. Changing passwords, not divulging personal information unless there’s a real need to do so and using encryption can all help.
The fact is that we all live online now. Because of that, we are vulnerable. In a large measure, our fate is being left up to companies and institutions large and small. Hopefully, they are paying attention and making sure they keep up with the increasingly sophisticated hackers.
We’ve assembled a list of 6 Big Hack Attacks Targeting Financial Data. They’re listed in ascending order from fewest to most people affected.
6. Chicago Taxis, unknown number affected
In March, the First American Bank of Illinois warned its customers (and anyone else listening) that they were the target of what seems to be an unusual hack attack. The thieves set their sights on the city’s taxi payment system. It didn’t matter which of several Chicago taxi companies a rider used, their data was put at risk if payment was made with plastic. The bank said it stumbled onto the scheme when it heard from several customers about fraudulent transactions in their accounts. The bank First American said it was able to trace the problem back to the taxi system. So far, officials have not reported finding any proof of a data breach beyond the initial reports.
5. Neiman Marcus, 2,400 affected
In January, the upscale retailer reported that the data associated with 1.1 million credit cards had been put at risk of being stolen through point-of-sale malware. The retailer didn’t know about the problem for months, and even after learning of it in October waited to announce it. In all, credit card companies notified 2,400 Neiman Marcus customers that their cards might have been used illicitly.
4. Michaels, 3 million affected
As the year dawned, the arts and crafts giant let it be known that it was looking into a possible breach of its security measures. In April, it confirmed that credit card data had indeed been pilfered. The store said as many as 2.6 million cards were affected, plus another 400,000 at its subsidiary, Aaron Brothers. Customers were offered credit monitoring and fraud protection for their cards.
3. Target, 110 million affected
The mother of all credit card breaches (at least at the time) was the attack on Target during last year’s holiday shopping season. The giant retailer let it be known that the data for 40 million credit cards and the personal data of 70 million customers were stolen from its nearly 1,800 stores. The thieves used malware to collect the information at the point of sale.
Bloomberg Businessweek reported that Target had installed elaborate security measures to detect just such an attack, but for unknown reasons alarms were ignored by Target’s security team. (Target is installing new security measures in the wake of the attack.)
The store, according to the website, has spent at least $61 million responding to the problem and faces about 100 lawsuits. It probably isn’t much consolation to Target or its customers, but it’s been reported that at least six other stores have faced similar attacks. Target offered customers a year of fraud protection, credit monitoring and other help.
2. eBay, 145 million affected
As often happens, this hack attack was kept from the public for what seems to be too long. In this case it was three months. Not to worry, though, eBay assured its users the hackers did not access any financial data. OK, maybe you should worry. The company says the hackers were able to copy a large portion of the 145 million records they accessed. Those records included encrypted passwords. Although eBay said it would be difficult to decode the passwords, the online auction house recommended that its customer change them. The hackers also made off with email addresses and other personal information, but did not get any credit card numbers, according to eBay.
1. ATM Hacks, hundreds of millions worldwide
In April, the Secret Service warned that hackers had wormed their way into ATMs to the extent they could schedule withdrawals of just about any amount they desired. The hackers are sophisticated. They have the ability, the Secret Service said, to wait until ATMs were loaded with cash before striking. An alert sent out by the Federal Financial Institutions Council said the thieves had netted $40 million using just a dozen debit cards. The alert advised small and medium size banks to upgrade their security systems because they are most vulnerable. A report on zdnet.com said the ATMs were vulnerable because they run on Windows XP, which is no longer being supported by Microsoft.
Related on ThinkAdvisor: