In this day and age, the need for solid security is more vital than ever, and its importance shouldn’t be underestimated. Even the dwarves of Erebor knew to protect their treasure horde with the most stalwart defenses imaginable, sealing off even the back entrance into the Lonely Mountain with a door whose keyhole would only be visible when the thrush knocked and the door was struck by the setting sun with the last light of Durin’s Day, the first day of their new year. Not an easy defense system to crack!
But, for employees of a major healthcare provider to go around with unencrypted laptops is to invite disaster. It is just not wise to trust the personal information of hundreds of thousands of customers to a defense as flimsy as password protection; even cable-locking the computers to workstations isn’t sufficient to deter the more determined thieves. Horizon Blue Cross Blue Shield of New Jersey (BCBSNJ) discovered this when they had to notify around 840,000 members that two such laptops had indeed been stolen in November. Prior to sending the notifications, Horizon contacted local law enforcement and conducted an internal investigation to determine what information had been stolen, and concluded that names, addresses, dates of birth, Horizon BCBSNJ identification numbers, Social Security numbers and clinical information were among the at-risk.
As major as that is, every so often, these fonts of vast riches will inevitably lure a truly dragon-sized attack, one that makes headlines while affecting countless numbers of people. Between the Thanksgiving weekend and December 15, Target was the…target (I’m sorry) of a credit card attack second in scope only to a scam involving retailer TJX Cox that began in 2005 and affected over 45 million customers. This one? The debit and credit card information of around 40 million was stolen, for those who had shopped at a US Target between the aforementioned dates. While Target denies that the information included card PIN numbers—which, if taken, would allow thieves to use cloned cards to withdraw funds from victims’ bank account—there are hundreds of online “card shops” that sell the stolen credit card information as “dumps,” data mined from the magnetic stripe on the back sides of credit and debit cards. Shortly after the incident, one of these shops, reported KrebsOnSecurity, suddenly began advertising their new stock of over a million dumps, which, upon analysis by fraud investigators of a major bank affected by the theft, were determined to contain accounts of the bank’s own cards. The bank was quick to buy these back.
They are not the only bank to do so. So far, in fact, some of the main customers buying back card accounts related to the Target breach are banks in full damage control. For some, whose cards were discovered to have confirmed fraudulent charges, it is a case of too little, too late. For Target, the retailer’s nightmare of a cybercrime incident during the busy holiday shopping season has been in full effect, as well as the gathering clouds of facing at least 11 class-action lawsuits from angry consumers, and questions from the Department of Justice and attorneys general from various states.
While the outcome of this attack and the extent of the damage done to consumers remains unknown, it also speaks to the current state of consumer protection technology in the United States and experts’ concerns on the matter. Unlike in other countries, credit cards in the US stay tethered to old technology wherein the aforementioned magnetic stripes contain the card holders’ personal information, which are vulnerable and easily duplicated. In Europe, meanwhile, a smart card technology known as “chip and pin” is in place, where every swipe of the card generates a new number, making it that much harder to compromise.
Cost seems to be the primary factor in the inhibition of implementing this technology in the states: to replace the current card readers would cost billions, and new cards themselves would be bumped up from $3 to $5. Be that as it may, when it comes to colossal data breaches like this, the key to keeping out the old worm is to ensure the best fortifications are in place to protect the wealth customers have entrusted these institutions with. Because thieves, like dragons, love treasure.
Written by Jonathan Weicher
No comments:
Post a Comment