After a Record Year for Cybercrime, Little Hope Hackers Will Slow Down

There is no calendar for cybercrime. Just one continuous cycle to steal data, identities and funds. A review of 2019 reveals how many incidents affected financial institutions either directly or indirectly.

San Diego-based Identity Theft Resource Center said, “It is important to spend a little time reflecting on the 2019 identity crimes, some of the things that went right in 2019 and the things that did not go as well. This is true for so many subjects, especially identity crime – which includes scams, fraud, data breaches, cybercrime and all of the other types of crimes that go with it.”

The ITRC observed 2019 saw continued fallout from 2018, which included the Facebook/Cambridge Analytica privacy fiasco; and Congress still at work on what to do about consumer privacy in the social media age. Also: “The news that phishing attacks more than doubled last year over the year before had researchers, businesses, lawmakers and consumers alike paying closer attention to the messages they receive.”

The ITRC also noted, “Accidental exposure breaches were a common 2019 identity crime for major-name companies, which happens when businesses store huge databases of private information – in an online server then fail to password protect it as an example.” Even entertainment was not safe, the center pointed out, as many apps and online gaming portals suffered data breaches traced back to reusing passwords on multiple sites.

Data breaches last year resulted in a number of record settlements. In July, Equifax reached a $700 million settlement, the largest in data breach history up to that point, for issues caused by their data breach. Just two days later, Facebook blew it out of the water with a $5 billion settlement. A month and a half later a Yahoo paid $117.5 million for exposing 3 billion user accounts. 

Identity Theft Resource Center CEO Eva Velasquez stated in a media alert that the settlement trend is moving the needle in the right direction for both consumers and victims.

However, the fundamental challenge is that no matter what regulations or technology arrive, it does not mean consumers are safe or that hackers are ready to give up. “With every new platform, tool or technology, there is even greater potential for new avenues of attack,” the ITRC pointed out, noting that healthcare providers and insurance companies continued to be one of the hardest-hit targets in 2019, thanks to the overwhelming amount of personally identifiable information they gather. 

The 2019 “Financial Breach Report,” from Campbell, Calif.-based Bitglass, revealed that despite financial services firms suffering only 6% of all 2019 breaches, the incidents caused more damage to financial organizations than other sectors, accounting for 61.4% of all leaked records. A big part of that damage came from the Capital One mega breach, which compromised more than 100 million records alone. 

The ITRC noted that over the last several years, new regulations arrived to secure privacy, such as the General Data Protection Regulation regulations, which took effect in Europe in 2018, and new laws in California and Colorado, which took effect January 1, 2020.

Rebecca Herold, founder of SIMBUS and CEO of The Privacy Professor, wrote on her blog, “Whereas healthcare and big tech were once the chief industries impacted, it’s now hard to think of an industry NOT affected. From travel and entertainment to agriculture, there is not a single sector that does not need to pay attention to the data security and privacy of its customers, employees, partners and others.”

Herold explained data security and privacy issues have plagued the financial sector for a long time. “The highly sensitive information contained within the servers and cloud platforms of even small financial institutions is the golden goose for cybercriminals. Add increasingly sophisticated attack models to the wealth of data, and you can see why the industry is such a high-priority target for crooks.”

The real trouble Herold noted for financial institutions is that they are often liable for the mistakes of their customers. She described, for instance, how data thieves trick unsuspecting online shoppers into believing they landed on an authorized payment processor location. “Instead, it is a site that secretly steals payment card information.” 

How do the cybercrooks do it? Herold said, “They simply add a few lines of code and graphics that mimic legitimate payment processing sites. Subtle hints as to the sites’ illegitimacy are practically indecipherable even to the most discerning online shopper.” 

Herold added scams like this put us on high alert. “They can even make us skeptical of every site. That is not necessarily a bad thing, though.” Today’s environment calls for heightened due diligence, especially when entering payment information or any other personal data.