The Rippleshot Data Breach Blog

Data Breach Ripples: Week of September 18

Written by Zach Walker | Sep 18, 2015 6:00:00 PM

In this week's issue, the Department of Energy has been hacked over 150 times, nearly 80 percent of SMBs are not ready for EMV, more news surrounding the Ashley Madison breach, the cyber insurance market is expected to reach $7.5 billion by 2020 and this week, we look at the recent court ruling making it easier for consumers to sue businesses over data breaches.  

Department of energy hacked over 150 times in four years

Following the data breach at the Office of Personnel Management, the public’s focus has been shifted to attacks on governmental agencies. USA Today obtained a series of federal records via the Freedom of Information Act (FOIA) that highlights the constant risk we as a nation face. Based on the records, the US Department of Energy has been hacked over 150 times over the course of four years.

The Department of Energy is responsible for regulating policies regarding energy production and usage, among other responsibilities. In a four-year period, the Department of Energy faced 1,131 attempted cyber attacks, and 159 of those attempts were successful. While those behind these attacks have yet to be publicly identified, NBC News acquired a secret NSA map detailing Chinese-sponsored cyber espionage that targeted U.S. companies and governmental agencies.

Report: Nearly 80% of SMBs not prepared for emv

One of the most frequently asked questions surrounding the upcoming switch to EMV payments cards focuses on the small to medium-sized businesses (SMBs) that will undergo a transformation to allow chip-enabled cards to transact at their businesses. In a new report conducted by Software Advice, a company that researchers and compares various software, seventy-eight percent of SMBs that were surveyed do not have the capability to accept EMV transactions. For merchants that are not EMV compliant by October 1st of this year, will cover the cost of any fraudulent transactions or claims due to this new liability shift.

When asked as to why these SMBs haven’t adopted EMV terminals, one third of respondents believed that they did not have adequate time to research and implement EMV readers. Want to learn more about EMV and the upcoming liability shift that will change how we transact with retailers and businesses? Click here.

Ashley madison data breach escalates with password encryption failure

Nearly every other week, a new piece of information surrounding the Ashley Madison data breach reaches the surface, refocusing the spotlight on the breached organization. After the personal information of roughly 32 million of Ashley Madison’s users were compromised, it was later discovered that at least 15 million passwords were improperly encrypted.

First reported by Ars Technica, a group of password crackers were able to identify a weakness in Ashley Madison’s password encryption. It took said group just ten days to reportedly crack those 15 million millions. With 56 percent of office employees polled use the same passwords for their personal and corporate logins, this could have lasting ramifications for Ashley Madison users and the organizations they work for.

 

Report: Cyber insurance market expected to reach $7.5 Billion by 2020

It is safe to say that organizations will be better off with some form of cyber insurance than they would be without it. Cyber insurance has been shown to reduce the impact of a data breach but it is important to recognize that cyber insurance will not prevent or eliminate the chance of a data breach occurring. In a new study conducted by PricewaterhouseCoopers, the cyber insurance market is expected to reach $7.5 billion in annual premiums by the end of the decade.

In the study, 61 percent of business leaders, 71 percent of insurance CEOs and 79 percent of banking CEOs view cyber attacks as the biggest threat to growth. This threat ranked higher than social instability, deflation and supply chain disruption. Learn more about cyber insurance and its potential to alleviate the pains associated with a data breach in our blog post here.

Rippleshot Content: It's Now easier for consumers to sue over data breaches

For this week’s Rippleshot content, we look at the July 2015 court ruling surrounding a previously dismissed lawsuit against Neiman Marcus following their 2013 data breach. Since then, it’s been difficult for breached customers to bring the companies they transact with to justice. Thanks to a reversal in the initial ruling, consumers will now have an easier time bringing class action suits against breached retailers that expose their personal or payment information. Learn about the initial suit that limited the legal power of breached customers, how the new ruling came about and how businesses, consumers and their legal teams will be affected moving forward.  

 SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.