Data Breach Ripples: Week of August 28

Posted by Zach Walker on Aug 28, 2015 1:22:00 PM
Find me on:

DBR-Email-Header-4215

In this week's issue: extortionists have begun targeting Ashley Madison users, one-third of employees would sell their company secrets, FTC can now fine companies for poor data security, phishing attacks can cost organizations millions and in this week's Rippleshot blog post, Rippleshot CEO Canh Tran compares the major mobile payment platforms to determine if any of these will win the battle against fraud.

Extortionists Target Ashley Madison Users

Just over a week has passed since the Impact Team released the personal information of Ashley Madison’s roughly 35 million users. Since then, bad news continues to follow the breached company and its users. Those responsible for the hack released a second data dump, including the emails of Avid Life Media CEO Noel Biderman. Reports of class action lawsuits being filed against Avid Life Media are becoming more frequent and now extortionists are targeting Ashley Madison users.    

Users are receiving emails from random blackmailers threatening to reveal their infidelity to their partners unless one bitcoin, currently valued at $225 USD, is sent to a specific address. Because the list of Ashley Madison users is available on the Internet, there is not a guarantee that users targeted in these extortions will no longer receive emails from other criminals.  

Survey: One-Third of Employees Would Sell Corporate Information For Right Price

In a survey conducted by Clearswift, a cybersecurity and data loss prevention firm, 35 percent of respondents said they would sell corporate information or protected customer information for the right price.  Clearswift reached out to 500 decision makers and 4,000 employees in Australia, Europe and the United States to determine what it would take for an employee to compromise an organization’s sensitive information.

Of the 35 percent of respondents who would sell financial data, 55 percent would sell the data for $1,500, or the price of a high-end laptop. Depending on an employee’s position within a targeted organization, that offer could be very tempting. One of the more eye-opening takeaways from this survey is that 22 percent of the same group would sell their company’s financial data for $155, or the cost of a meal for two at popular restaurant. Many security professionals and executives would gladly take their disgruntled employees out to a nice dinner to ensure their organization's sensitive information stays secure. 

Court Says FTC Can Slap Companies With Fines For Getting Hacked

On Monday, a U.S. appellate court released a decision ruling that the Federal Trade Commission (FTC) can regulate and fine companies that fall victim to a data breach due to “unfair” or “deceptive” business practices. In 2012, the FTC sued the Wyndham Hotels and Resorts over a data breach that compromised the personal and payment information of more than 600,000 customers of Wyndham’s hotels. Wyndham took the case to a higher court and was able to win an appeal, claiming that the FTC did not have the authority to punish Wyndham. Following the U.S. appellate decision earlier this week, companies that do not follow through on their data security and privacy policies can be subject to fines and lawsuits.

Report: Phishing Costs Average organization $3.7 Million per year  

In a recent report conducted by Ponemon Instiute and Wombat Security Technologies, the total annual cost of phishing attacks for the average organization is more than $3.7 million. In the report, more than 375 IT professionals were surveyed to determine how beneficial employee training can be in reducing the potential for a security incident and the financial cost associated with said incident. 

According to the report, productivity losses account for nearly half of the average cost of a phishing attack totaling $1.8 million. Security researchers from Wombat Security Technologies noted that organizations that allocate resources to train their employees to spot phishing attempts, can cut down the cost of a phishing attack by nearly $2 million.

Want to learn more about the various ways cybercriminals can steal sensitive information? Click here.

Rippleshot Content: Which mobile payment platform will win the battle against fraud?

This week, Rippleshot CEO Canh Tran compares the various mobile payment platforms including Apple Pay, Android Pay, Samsung Pay and more. The four front-runners - Samsung Pay, Apple Pay, Android Pay and CurrentC - are all competing for market share in a crowded and quickly changing payments space. Curious what the differences are between them, and which, if any, will be the answer to a growing payment card fraud problem? We break down and compare the strengths and weaknesses of each mobile payment platform.

 

SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.

 

New Call-to-action  

Topics: Data Breach Ripples