In this week's issue, Russian hackers breached the DOW Jones, a new survey shows 1 in 5 American households are victims Of a data breach, EA studios denies data breach after data dump discovered online, another EMV exploit has been discovered by security researchers and for this week's Rippleshot content, we look at the effect EMV is having on small businesses and how it's grabbed the attention of Capitol Hill.
Late last week, news broke that a group of Russian hackers had compromised Dow Jones & Co. servers. Initially, there was still speculation if the data breach had actually occurred. In less than a week, the Federal Bureau of Investigations, the Secret Service and the Security and Exchange Commission have allocated resources into investigating this security breach, dating as far back as a year ago. Initially, it was believed that this group of hackers targeted the personal and payment information of roughly 3,500 Dow Jones & Co. customers. As the investigation continues, it appears that the hackers were searching for sensitive market information that could be used for insider trading.
In the past 12 months, we’ve seen a series of high-profile data breaches carried out by Russian-based hackers. Learn more about these breaches in our two-part blog series here.
October is National Cyber Security Awareness Month, and in support of this movement, a new survey was released by ESET and the National Cyber Security Alliance (NCSA). In the survey, one in five American households received at least one data breach notification letter in the last twelve months. Out of those households, more than 50 percent had received multiple notifications. According to the Identity Theft Resource Center (ITRC) of October 20, there have been 620 confirmed data breaches in this year alone, compromising over 175 million personal records.
To read a summary of the survey, click here.
A data dump of EA user account credentials and emails has recently appeared on Pastebin, prompting concerns of an intrusion of EA’s servers. First reported on CSO, EA users began seeing their login information including email, EA username and password. When EA was approached by CSO for a comment, the video game developer stated that there is no indication that a security intrusion had taken place but would look into the matter in the meantime. While the data dump did not include any payment information, the theft of these accounts could be used in future phishing attacks to take over an unsuspecting user’s identity.
Last year, EA announced that one of its development studios based in Melbourne, Australia had been the victim of a security breach, compromising the login credentials of 40,000 users. According to one source in the matter, EA chose to not inform the affected users and instead told the affected users that the forum was being taken down for temporary maintenance.
Security researchers in France have uncovered a new method in which fraudsters have outsmarted the key security feature in chip-and-PIN payment cards. Researchers from École Normale Supérieure university and the CEA technology institute published a paper detailing an instance of credit card fraud in 2011 and 2012. Five French citizens were arrested under suspicion that they were able to physically alter stolen chip-enabled credit cards by implanting a second chip inside of the card. This second chip has the capability to fool the PIN verification required by point-of-sale (POS) terminals during each transaction.
These five fraudsters were able to spend roughly $680,000 from the stolen credit cards before being caught by French law enforcement. After publishing the paper, the ENS and CEA researchers noted that the security exploit has since been fixed in Europe. As the chip-and-signature payment cards continue to roll out here in America, more stories are coming out highlighting fraudsters’ commitment to breaking the latest in payment technology.
For this week’s Rippleshot blog post, members of Congress have held two hearings to learn more about EMV’s adoption here in America and the implications it will have on small businesses. The House Small Business Committee has held two hearings recently, inviting a variety of witnesses from various parties including the National Retail Federation, the NAFCU, small business owners and Visa. Each testimony has helped members of Congress better understand the payments ecosystem and how EMV adoption will change an already fragile ecosystem. We are less than month in to the EMV migration and representatives from consumer interest groups, merchants and financial institutions all view the EMV shift as a hindrance to their everyday operations.
Get our take on EMV adoption in the U.S. and how it will shape the payment ecosystem by downloading our white paper here.