Times are changing and fraud is climbing in some areas. Data breaches are up 35% across the industry. Malware has hit Kmart hard. Phishing scams are getting more sophisticated and scams to steal card data are rising. See article below for the whole story.
Eye on Security: Data Breaches up 35%; Malware Hits Kmart
By Jim Daly
The number of data breaches tracked by the Identity Theft Resource Center in 2017 hit 698 as of May 30, a 35.3% increase over the record pace of a year ago when the ITRC flagged 516 breaches in 2016’s first five months.
The San Diego-based nonprofit monitors breaches affecting virtually every type of organization—including businesses, financial institutions, government, health-care providers, and schools—and data records with personal information, including credit and debit card accounts, Social Security numbers, and medical files. The ITRC says the nearly 700 breaches may have compromised 10.2 million records. Since most breach reports don’t list the number of records exposed, however, the total probably is far higher.
Some 80, or 11.3%, of 2017’s breaches have compromised payment card records, Karen A. Barney, the ITRC’s director of research and publications, tells Digital Transactions News by email. The card records compromised add up to 364,611, or 3.6%, of the total.
Major known breaches this year affecting payment cards involve restaurant chains, including one at Arby’s that might have compromised up to 355,000 cards, and another at Chipotle, for which the number of cards exposed has not been disclosed. Another breach may have compromised an unknown number of cards used at car washes nationwide that use a point-of-sale system from DRB Systems LLC that was infected by malware.
In fact, only one-third of the breaches tracked by the ITRC include a publicly available number on the records compromised, Barney says. The organization gathers its breach data from reports filed by breached entities to state governments, media reports, and other sources, and many contain only partial information.
Fraudsters are hitting companies and organizations with increasingly sophisticated phishing emails that induce the recipient to open them, upon which the email often plants malware on the recipient’s computer system. Or, in highly targeted “spear-phishing” attacks, what appears to be a legitimate email to a lower-level employee from a higher-up executive in the same company asks the employee for sensitive information or to arrange a wire transfer to a fraudulent recipient.