When the details of an estimated 33–39 million users of the pro-adultery website Ashley Madison, the public was reminded once again that everyone’s data is vulnerable. But this breach represents a different type of data breach than we are used to — one where the financial data was not the most dangerous part of the breach.
The Identity Theft Resource Center (ITRC) has been tracking security breaches since 2005, and in the past 10 years has cataloged a total of 5,497 breaches of varying sizes for a total of 818,004,561 records that have been compromised.
Most of these breaches expose data that puts the people at risk of financial or identity theft and includes “Social Security numbers, financial account information, medical information, or email addresses and passwords”, ITRC reports.
Obviously the release of this data, either to an individual or to the public can have serious consequences, both financially and in terms of the time it takes to restore your good name. If someone steals your credit card information, they can make unauthorized purchases, costing you money. If your SSN falls into the wrong hands, it is possible that someone could apply for new credit in your name and put your entire credit rating at risk.
The Ashley Madison data breach goes a step further than either of these. The credit card information that was released on the Ashley Madison data breach only included the last four digits or each card, just enough to confirm that is was your card that was being used, and the passwords for the accounts were encrypted, so that you can’t simply log into someone else’s account. While you don’t really want that information in the public domain, the damage that was done with the Ashley Madison data breach is through the mere existence of an account on a website that touts the motto, “Life is short. Have an affair.”
But how did this happen? This is a large company that knows they are holding sensitive personal data. How did they let the information slip? In this case, no one is quite sure, but ITRC has identified the 7 major sources of data breaches:
1. Insider Theft — An employee of the company taking information; 2. Hacking — A external source breaching the firewall of the company and gaining access; 3. Data on the Move — When data is being transferred in an insecure way and is lost or intercepted; 4. Subcontractor/Third Party — A contractor that has access to the data for a short period of time and makes a copy; 5. Employee Error/Negligence — Someone losing data, such as losing a laptop or thumb drive with sensitive information on it; 6. Accidental Web/Internet Exposure — The company accidently posting information to their website, or allowing uncontrolled access to their data;
7. Physical Theft — Someone physically taking hardware from a site, either in the form of digitized data or physical papers.
Aug 25, 2015
Aug 25, 2015
