How they happened and what we should do differently
Data breaches, it would seem, are a fact of life. On a regular basis, the information obtained by companies is compromised in one way or another, but only the largest scale breaches are brought to the attention of the public. The biggest data breaches in history have compromised the names, addresses, personal information, and social security numbers of millions of individuals.
Target Data Breach – December 2013
What Happened? Target was victim to a massive data breach that compromised the accounts of about 110 million shoppers. Information including names, addresses, and debit and credit card numbers were compromised during the attack. Taking place over the course of two weeks, beginning on November 27th, 2013 and finally being mitigated on December 15, 2013, hackers were able to gain access to Target’s network and eventually take over their point of sale (POS), mining data each time shoppers swiped their cards during the holiday season.
How did it Happen? Hackers used a phishing scheme to trick a third-party vendor into installing malware. The third-party vendor downloaded a file that contained a virus, which collected all of the data placed into the system. Once they were given the Target login credentials that the third-party vendor used, they were able to gain access to the system. From there, they were able to move about freely in the network and install malware to attack the POS system. After the malware was installed, they were able to enter the system over and over again to mine information from the 110 million people who shopped at target over the period of two weeks.
Chase Data Breach – July and August 2014
What Happened? In October of 2014, Chase issued a statement that the accounts of 75 million individuals and 7 million small businesses were compromised by a data breach. Hackers were able to obtain the names, addresses, and email addresses of individuals using the mobile Chase app, and the website to access their account. Chase, however, noted that account numbers and usernames and passwords were not stolen by the hackers. The main concern from the breach was the potential for large-scale phishing scams.
How did it Happen? Hackers, likely stationed abroad, were able to gain access to Chase’s mainframe through the installation of Malware. Once inside the network, they were able to launch a digital attack, stealing gigabytes worth of data. It is believed the original attack was launched in June, however, it was not discovered until late July and took until August for the threat to be neutralized. This was not the first attack on Chase; previous attacks focused on ATM machines, and allowed for the collection of account numbers from users. This attack was limited to names, addresses, and email addresses. More sensitive data was spared.
IRS Data Breach – February 2016
What Happened? In February 2016, the IRS announced a major data breach that compromised the names, social security numbers, and other identifying factors of about 700,000 United States taxpayers. The IRS’s digital filing system was attacked and hacked, allowing hackers, believed to be based in Russia, to collect sensitive data that would allow for fraudulent tax returns to be submitted.
How did it Happen? Hackers were able to gain access to the “Get Transcript” feature on the IRS website. The feature allows taxpayers to view and download their previous tax returns. This feature brings up all identifying information about the taxpayer. When used for the purpose intended, it’s a feature that makes comparing files easy and quick. When placed into the wrong hands, the data collected can be used to file fraudulent claims and extract tax refunds that are not actually associated with the taxpayer in question. Hackers took control of the "Get Transcript" feature and collected all data submitted by taxpayers while they had control of the system. Nearly 700,000 victims were identified.
While data breaches happen, and even the most secure servers can be compromised, there are ways to protect yourself from potentially falling victim to the breaches. You should remain proactive about your personal information, and regularly check your credit report for inconsistencies. Experts also suggest setting up alerts on all of your accounts to inform you when strange or uncharacteristic changes happen. You should also change your passwords regularly to ensure your information doesn’t fall into the wrong hands. Companies are constantly working to raise security, but until we live in a perfect world, behaving proactively and keeping an eye on your information can help mitigate damages if your information is compromised.
Equal Housing Lender