Just when consumers were starting to regain some company trust and safe-shopping stability after last year’s massive Target breach, a string of new large-scale company breaches quickly reminded us consumers just how insecure our personal data can be.
Needless to say, it’s been a rough year for some major companies and an even rougher year for thousands of unlucky customers. Let’s look at three of the major breaches of the last couple of months.
Home Depot
(Source: Krebs On Security)
Early last month, reports started coming in that the home improvement giant was investigating “some unusual activity with regards to its customer data.” Security reporter Brian Krebs immediately called credit card breach, especially since multiple banks came out to say that they were seeing evidence that Home Depot was the likely source of a batch of stolen credit and debit cards that went on sale in the cybercrime black market that morning.
Sure enough, six days later, the company admitted that its payment systems were in fact breached and that the hack was going on for months. They went on to say that while credit card data was exposed, personal pins were not. Reassurance (not really). And while the exact number of affected cards wasn’t known at that time, one thing was for certain: If you used a credit card at one of Home Depot’s U.S or Canadian stores in the past 4-5 months, you needed to consider your credit card stolen and get on the phone with your bank ASAP.
About two weeks later (September 18th), Home Depot announced the number. A whopping 56 million cards were impacted, making the incident the biggest retail card breach…ever (on record, at least). The ‘silver lining’? Home Depot also said that the malware was now contained.
Japan Airlines
(Source: Google Images)
Before the month of September passed (and with Home Depot still fresh on everyone’s minds), another large company from a completely different industry had some bad news to share with its customers…
On September 30th, Japan Airlines (JAL) confirmed that as many as 750,000 JAL Mileage Bank (JMB) frequent flyer club members’ personal info was at risk thanks to a breach. Apparently, hackers were able to get into JAL’s ‘Customer Information Management System’ by installing malware onto computers that had access to the system. The data that was accessed? Everything from names to home addresses to birthdates to JMB member numbers and enrollment dates. The good news is that credit card numbers and passwords did not appear to be exposed.
There have not been any new developments about this breach, but you here is the official statement by JAL from September 29th.
JP Morgan
(Source: Reuters)
October 2014 was only two days young when yet another major company confirmed a data breach. This time, the victim was JP Morgan. Or rather, JP Morgan customers who used Chase.com and JPMorganOnline websites, as well as the Chase and JP Morgan mobile apps.
Last Thursday, the nation’s largest bank revealed that a mid-August cyberattack exposed personal info for 76 million households, as well as 7 million small businesses. More specifically, names, email addresses, phone numbers and addresses were stolen, while JP Morgan went on to say that there was no evidence that account numbers, passwords, Social Security numbers or birthdates were exposed. While the bank found out about the breach of it’s servers in August, it has since been determined that it began as early as June.
Unfortunately, not much else is certain at this time. What we do know is that Russian hackers are suspected (still not confirmed), over 90 over JP Morgan’s servers were affected, and it is believed that nine other financial institutions were also targeted (although we don’t know their identities). The lack of concrete information is scary in it’s own right, but the fact that JP Morgan is staying mum on the matter is even more troubling. According to a Huffington Post report from earlier today, the bank is refusing to say how many people were actually hit by the breach, with spokeswoman Trish Wexler saying that JP Morgan isn’t offering more details beyond what was announced last Thursday. This could mean that the breach, already the largest (against a bank) in history, could potentially be even larger than the reported 76 million households and 7 million small businesses, keeping in mind that ‘households’ is not the same thing as ‘individuals’.
Additionally, Fox Business is reporting that the bank is now bracing for a massive-scale spear-phishing campaign in the wake of the breach. according to their sources. Considering that no bank info was compromised in the original breach (JP Morgan said in a statement that they haven’t “seen unusual fraud activity related to the incident”), this is a plausible next-step. Using the personal info obtained in the ‘first wave’, the attackers can send out legitimate-looking emails to the affected customers that say there is a problem with the user’s account and ask for Social Security numbers, passwords, etc. Alternatively, the emails could ask the customer to click an embedded link to update their account info, but in reality, the customer is taken to a official-looking fake site from which the attackers can nab the important financial information. In either case, the virtual trap is activated at that point.
What to do?
It’s no secret that data breaches are on a steep rise. According to a the Identity Theft Research center, there have been 579 data breaches this year, 27.5% more than there were at this time last year. And that number is only going to continue to increase.
In any of these three breaches, it’s important for customers to take basic security steps to ensure their information is safe, whether that means calling your bank and getting a new credit card issued (in the case of Home Depot), changing your password if you’re a JAL frequent flyer and JMB club member, or changing your log-in information and monitoring your online accounts if you bank with JP Morgan or Chase.
As more and more people choose to bank online (and become more internet-dependent in general), it’s also no secret that employing powerful and always up-to-date internet security on your devices is more crucial than ever before. Company breaches and spear-phishing attacks aren’t going anywhere. Take the necessary steps to keep your personal info protected!
This seems to be happening a lot recently, it is a shame that companies do not add more secure measures like encrypting data or making it more difficult to access data on their servers from the outside. But the fact remains that as long as a person coded the security measures or the system in use, it can be hacked as it won’t be 100% secure. I personally believe it is not only their duty to protect our data, but also ours to protect it, by being up to date with current events and to be able to change banking details, emails, etc. on the fly when something like this happens.
This is a very interesting post. The majority of our society are oblivious to how easy their information can be stolen or hacked from emails or even the institutions they trust to keep their information secure. I believe people should be more informed of these crimes and they should start using more secure password methods like Apples keychain.
Oh, so THAT’S why Target sent me a new Visa! I shopped at Home Depot twice in the last month. And here I thought they were being oversensitive. Having had my little giggle, it really is a shame that companies don’t encode their data better. WTF? The technology is out there!
I just got notified by my bank that the VISA card will be replaced due to the Home Depot breach. Oh the irony. I had used it to buy bug killers for the d@mn roaches…
About a couple of weeks ago I was informed about this and had my Card replaced. Weird that The Home depot , A company I work for, Didn’t even Bother to inform it’s own employee(s) about this. I feel somewhat Betrayed by this.
ShariStowell They don’t encode their data better, because it would cost them MONEY! They don’t want to spend $$ if they think they don’t have to. All they are is MONEY GRUBBING THEIVES to begin with. My opinion is the businesses are just as bad as the hackers!
Also likely why USAA sent out new Visa cards and I had the pleasure of changing all my auto-pay accounts to the new card.
While people ask about better encryption and the like, I am going to ask USAA just one question: Will you make available one-time disposable card numbers that, while not eliminating the risk of hacking, greatly reduces lower level credit card fraud? I had this years ago with Citi but I don’t see USAA offering it. I got off of Citi, Bank of America and Chase cards because I WILL NOT support institutions with their banking practices but I may have to find a company I believe in that offers this service. I’m tired of being inconvenienced because companies in the business of financial security don’t seem to take it that seriously…as in investing in the needed solutions.
Armgame Thing is, they do not want to spend the $$$ to get this done because the CEOs do not want o cut into their profit shares.