What do JPMorgan Chase, Home Depot, Target, Adobe, TJX and Sony all have in common? They have all been hacked and have given up tens of thousands or millions of records containing credit/debit cards, email addresses and/or usernames and passwords. To be exact:
- JPM: 76 million households and 7 million small businesses
- Home Depot: 56 million credit cards and 53 million email addresses
- Target: 40 million credit and debit cards
- Adobe: 130 million user records stolen
- TJX: 46 million cards
- Sony: 47,000 employee and celebrity records and emails
According to a Ponemon Institute study, reported by USA Today, 43% of companies have had a data breach in the last year, up 10% from the year before, and it is not just in the US. In South Korea, the Korea Credit Bureau was hacked and resulted in the personal data and credit cards of 27 million to be compromised, affecting more than 70% of South Koreans between the ages of 15 and 65. The New York Times reported that a loose-knit gang of Russian hackers had infiltrated 420,000 websites.
It’s scary to think that these are the very companies that hire the best and the brightest to defend against hackers. The attacks are thought to be coming from Eastern Europe (especially Russia), Egypt, China, North Korea and Brazil, to name a few. As we all know, hackers are relentless. They are very resourceful, probing until they find a weakness to be exploited.
Finding and exploiting a weak spot
In JPMorgan’s case, hackers got in through a weakness in a separate third-party website set up for managing charity races for Chase and other corporate employees. Hackers posed as the website operator and intercepted data, including login credentials. From there, they worked their way to 90 bank servers to collect personal information, though, according to the bank, the most sensitive information was not compromised.
In the case of Home Depot, hackers infiltrated 7,500 self-checkout lanes (but missed 70,000 standard cash registers) and posed as employees with high-level permissions. The malicious software went undetected for five months.
The exposure: purchases made using stolen credit cards; identity theft and phishing; cost to notify customers and cancel/replace the stolen card numbers; not to mention, lost customer confidence.
The most trusted and widely accepted way to send documents with protected health information (PHI) and financial information is to use the US Postal Service. It is illegal to open someone else’s mail, and that makes us feel safe. Dishonest people must be able to physically access your mailbox to take and open one of your letters, making physical mail threats self-limiting in terms of number of potential letters stolen.
When we switch from paper mail to email and websites, the threat becomes global, hence, the greater need to secure our communications from prying eyes.
Companies will always need to battle global hackers. The war will not end, but fighting the last war will not be enough. Looking ahead to new potential threats will be necessary to protect your customers, your employees and your company.
So, where do we go from here? Every week I delay releasing this blog, I read about another data security breach or a website denial of service. Moving forward, it is important to think one step ahead of the crooks and, if all else fails, be sure to limit the extent of exposure in the event of a breach. Next month, I’ll share one idea that allows you to enhance customer communications without the risk of a massive data breach.
Richard Rosen is the chief executive officer of The RH Rosen Group, a firm that provides solutions to help businesses improve processes and customer communications with the intent to create real, recurring benefits in: cost reduction, electronic payment, shipment tracking and printing/mailing. Contact him at RichR@RHRosenGroup.com or visit www.rhrosengroup.com.