In this week's issue, Scottrade announces that it has been breached, compromised identities are used at a greater frequency for fraudulent attempts, the company behind SamsungPay has been hacked, an IP address linked to the Uber data breach allegedly connected to Lyft's CTO and in this week's blog post, we continue our blog series on cybersecurity and foreign affairs.
Over the weekend, investment firm Scottrade Inc. announced that it fallen victim to a data breach, compromising the personal information of 4.6 million individuals. Scottrade sent out notices via email to its customers, informing that law enforcement officials approached the organization after investigating other security incidents at other financial services firms. It was determined that the information was stolen during the breach contained, names, client funds, email addresses, street addresses, passwords and Social Security numbers. The unauthorized access appears to have occurred between 2013 and early 2014. Scottrade is offering a year’s worth of credit monitoring services to the affected customers.
Identity theft has always been a concern for consumers. In the past, the biggest fear was improperly disposing of sensitive information and having a fraudster piece together an identity from stolen from information. With an increase in both the number and severity of data breaches in the past few years, there are new avenues for fraudsters to obtain the necessary information to assume one’s identity. ID Analytics looked at 68 million Social Security numbers of individuals involved in fraud and those with their personal information not compromised.
In ID Analytics’ latest report, the majority of fraud attempts using compromised identities occur during the first 48 hours. Fraud attempts using stolen personally identifiable information (PII) occurred 7.5 times more in the first 24 to 48 hours than non-compromised identities. After that 48-hour window, compromised identities were still 3.4 times more likely to be used.
Yesterday morning, the company behind Samsung Pay’s mobile payment platform, LoopPay, confirmed that it had been the victim of a security breach. LoopPay was acquired by Samsung in February in order to compete with Apple Pay and other upcoming mobile payment platforms. According to Samsung’s chief privacy officer, Darlene Cedres, Samsung Pay and the sensitive payment information used within the platform were not impacted by the breach. In a statement issued by Samsung , it appears that the hackers responsible for the attack were after the payment technology used by LoopPay.
LoopPay’s core MST (magnetic secure transaction) allows Samsung users to transact with older payment systems that only accept magnetic stripe cards, a feature that is currently not available on Apple Pay. Interested in learning more about the various mobile payment platforms currently available? Check out our comparison of the four major payment platforms here.
Earlier this year Uber disclosed that it had suffered a data breach, compromising the personal information of roughly 50,000 of its drivers. Following the announcement, Uber filed a lawsuit with the hopes of uncovering who was responsible for the hack. In what could be another shocking case of corporate espionage, sources close to the lawsuit say that an IP address used in the hack could be traced back to competitor Lyft’s CTO, Chris Lambert. In the court papers, an unidentified person using a Comcast IP address breached Uber’s systems via a security key. At this time, nothing within the court papers indicates that Lyft’s CTO is behind the breach. Uber was able to obtain the IP address by working through all the IP addresses that accessed a critical security key deposited on code-sharing platform, Github, in March of 2014.
We’re excited to bring you the second part of our blog series on cybersecurity and foreign affairs for this week’s Rippleshot content. Last week, we covered the current political standing between Russia and the United States following recent data breaches including the attacks on the Internal Revenue Service and the White House. This week, we shift our focus to the United States’ relationship with the People’s Republic of China. Learn more about the data breaches that target the Office of Personnel Management, the University of Connecticut and President Xi Jinping of China’s recent state visit here in the United States.