Russian, Euro cybermafia own your data

This report from Verion Business (PDF), as reported in the Washington Post, offers some interesting numbers amid the obvious conclusion that cybercrime is conducted by organized crime.100 data breaches involving 285 million consumer records (think you weren't touched)?

This report from Verion Business (PDF), as reported in the Washington Post, offers some interesting numbers amid the obvious conclusion that cybercrime is conducted by organized crime.

  • 100 data breaches involving 285 million consumer records (think you weren't touched)?
  • 93 percent of attacks aimed at financial institutions
  • Breached records in 2008 > 2004-2007 combined

Andrew Storms at nCircle told me:

The problems have become so significant, that institutions might just as well reissue credit cards to every customer every quarter, regardless. The combination of the attack level sophistication, breadth and strategic targeting suggest the perpetrators have both high intellect and organization. The bottom line is that the stereotypical teenage boy working alone from his parent¹s garage is not launching these attacks.

Verizon Business's Bryan Sartin says 50 percent of cases "shared perpetrators" and that FBI and Secret Service are combing cybercrime case files trying to figure out who the nvaders are.

One Russian group broke into more than 300 companies, mostly banks, using a "sophisticated Web-based exploitation service," according to VISA. Digging in revealed proof of previously unknown breaches.

Check out this list:

  • RBS WorldPay: $10 million by inflating balances on prepaid cards, distributing the cards to "money mules" around the country, who withdrew the funds in a coordinated attack that lasted just 24 hours.
  • Okemo Mountain Ski Resort: data on 28,000 credit/debit cards stolen in February.
  • OmniAmerican Bank: criminals fabricated debit cards and PINs, withdrew money from ATMs in Russia and Ukraine.
  • Euronet Worldwide (based, ironically, in Kansas): data from 38,000 cards compromised. All international customers not covered by US laws so the company never alerted customers.
  • TSYS (No. 2 credit card processor): says breach detected and contained
  • FirstData: says no personal information was stolen

It was another group that broke into Heartland Payment Systems, compromising data on an undisclosed number of accounts, but reaching to at least 600 banks.

Are you ready to turn off your online banking yet?