August 1, 2015

NY Times Shows Breadth of Hacks—and Questions Impacts

Categories:
News, Scenario 1

The New York Times recently published a jaw-dropping visualization to depict how much of Americans’ private information is already in the hands of hackers.

The questionnaire asks first whether you have “applied for a job with or worked for the federal government since 2000? (following the wake of the hack of the Office of Personnel Management), then screens whether you have signed up for services like AOL, Adobe, eBay, and Twitter; used health-care providers like Anthem; or paid with credit cards at Dairy Queen, Albertsons, Kmart, Goodwill Industries, Nieman Marcus, or other retailers.

For each box checked, the graphic shows which dimensions of your sensitive information—from passwords and addresses to credit card details and birthdays—are likely to have been accessed by hackers.

“How can you protect yourself in the future?” the report asks. “It’s pretty simple: You can’t. But you can take a few steps to make things harder for criminals.” The two recommendations: adopting two-factor authentication, changing passwords frequently, and never entering sensitive information into sites that do not encrypt information.

In the same week, the Times published an article entitled “Stolen Consumer Data is a Smaller Problem Than It Seems,” by Nathaniel Popper. “Only a tiny number of people exposed by leaks end up paying any costs, and for the rare victims who do, the average cost has actually been falling steadily,” Popper writes.

Popper argues that the hype associated with large-scale attacks is often overblown by companies that stand to benefit, namely security companies. “It’s not so different from the soap company that advertises how many different types of bacteria are on a subway pole without mentioning how unlikely it is that any of those bacteria would make you sick.”

He notes that the impacts tend to be minimized as a result of laws that protect consumers from bearing financial losses related to hackers, as well as increasing adeptness by companies in catching intrusions and preventing theft. The piece cites David Robertson, publisher of The Nilson Report: “The bad guys are getting good and the good guys are getting even better.”

Popper also acknowledges that banks and merchants bear a significant burden from these attacks (to the tune of $7.8 billion in fraudulent purchases), and notes the recent attacks on Sony and Ashley Madison represent a different kind of damage.

“There are also serious geopolitical concerns about foreign hackers compromising national security if they get a hold of military maps or staff lists from the C.I.A.,” Popper writes.

While noting that the rates of identity theft due to compromised social security numbers have been on the decline, Popper raises a flag about the importance of protecting the social security number, which Karen Barney, a program director at the Identity Theft Resource Center, describes as “the be-all and end-all for successful attempts at identity theft.”

The Nilson Report‘s Robertson similarly points to social security numbers as a significant factor in the future. “For the bad guys, your five-year growth plan is not data breaches and stealing credit cards,” Mr. Robertson said. “It involves stealing all the info you can and opening legitimate accounts in people’s names.”

Image Credit: Frankieleon, “Rainbow of Credit”