Kroll Cyber Security Blog – A Dialogue on Data Security

A recent Chicago Tribune article, titled “Data breaches persist despite heightened security,” brings to the forefront the persistent and growing problems resulting from data breach. While the article focuses specifically on breaches that have hit the Chicago area, the themes presented here are ones that are echoed – and in some cases, accelerating – across the country:

• Despite increasing awareness of the need for cyber security, data breaches continue to make headlines.
• Aggregated data, increased connectivity, and convenience of mobile devices all contribute to the ease with which data can be accessed electronically.

Big Data is certainly a hot topic and a common buzz word in today’s privacy conversation. Often overlooked is the cyber security component. Global corporations with siloed business units own very valuable consumer data that’s been captured over the last several years. These organizations are just starting to act on aggregating and mapping this data for market purposes. As companies reach across business units and leverage their untapped assets, as this article addresses, many new opportunities will arise. With an increase in federal regulations and global efforts aimed at improving privacy controls, there will be a growing need for data privacy and security lawyers, IT Security professionals, Incident Response investigators and possibly even data breach notification providers. I recommend this quick read, written by Maria Sendra from Jones Day, “Untapped ‘Big Data’ could be wellspring of opportunity.” It provides a good overview of the buzz over Big Data and related cyber security issues.

National Taxpayer Advocate (NTA) Nina Olson delivered her annual report to Congress last month and, for the sixth time since 2004, identity theft has been included as a Most Serious Problem. As might be expected, the problem has only grown worse, but the surprise is just how bad it’s gotten: The Taxpayer Advocate Service (TAS) says its case receipts have increased more than 650 percent from 2008 to 2012. The IRS itself saw a 78 percent increase in identity theft cases last year alone.

After the death of a family member or a loved one, it may be unfathomable to think that identity theft could still occur, but sadly, decedent identity theft is a very real problem. The identity theft of deceased individuals occurs when an imposter uses the Personal Identifying Information of the decedent to commit fraudulent acts, such as obtaining credit or medical benefits, setting up utilities, and filing taxes.

The hacker group known as GhostShell reports having compromised the networks at dozens of top universities potentially exposing many hundreds of thousands of personal records.  To validate its claim, the group has apparently posted more than 120,000 personal records to the internet site Pastebin, a popular site used by hackers to post stolen data.  Initial reports indicate that the attackers exploited a well-known vulnerability in Microsoft SQL to carry out the attack.  As alarming as these claims may be, what may be of greater concern is the group’s statement that it observed many instances of injected malware in the systems it accessed, which suggests that other attackers may also be inside or at least have access to sensitive network information, including credit card data.