The Rippleshot Data Breach Blog

Data Breach Ripples: Week of September 25

Written by Zach Walker | Sep 25, 2015 7:00:00 PM

In this week's issue, the cost of retail fraud increases by 94%, an ex-Morgan Stanley adviser pleads guilty In connection with data breach, a total cost required to recover from a data breach has been identified, the OPM data breach is worse than expected...again, and for this week's Rippleshot content, we ask if consumers and merchants are ready for the EMV migration. 

Cost of retail fraud rises 94 percent from 2014

A recent study has found that retail fraud has nearly doubled in the past twelve months. In LexisNexis’ True Cost of Fraud 2015 study, fraud losses related to total revenue for all merchants continues to rise, reaching 1.32% in 2015. This uptick in fraud losses is a 94-percent increase when compared to last year. The costs associated with a fraudulent transaction continue to rise as we move closer to the October 2015 transition to chip-enabled cards. For every $100 of fraud, retailers reported spending roughly $220 trying to mitigate additional financial costs. This high cost associated to confirmed fraud is due to the manual review of suspicious activity that is required for said transactions.

To download a copy of the study, click here.

Ex-morgan stanley adviser pleads guilty in connection with breach

On Monday, a former Morgan Stanley adviser pleaded guilty in connection with a data breach in 2014. The former adviser admitted to stealing the personal information of hundreds of thousands of Morgan Stanley customers from a bank computer. The names, account numbers, addresses and investment information of Morgan Stanley customers were copied as the former employee was in talks with two of Morgan Stanley’s competitors. When the details of the breach became available in January, Morgan Stanley stated that up to 10 percent of its wealth management clients were affected by the breach.

Survey: it usually takes half a million dollars to recover from a data breach

To quantify the impact of a data breach on an organization is no easy task. There are a myriad of factors that can increase or decrease the cost associated with a data breach, ranging from the type of data that was stolen in a breach to how stolen information was used. Security researchers at Kaspersky Lab have determined on average, that it costs more than half a million US dollars for an enterprise organization to recover from a data breach.

Based on responses from companies that reported a data breach, the direct spend on professional services associated with a breach, lost contracts and downtime totaled $551,000. In the Kaspersky study, Damage Control: The Cost of Security Breaches, the money allocated for such costs as IT infrastructure upgrades and employee training can cost an enterprise organization roughly $69,000. For SMBs, the average total cost to recover from a data breach is $46,000.

OPM says 5.6 million fingerprints were stolen in cyberattack

Another week, another story surrounding the Office of Personnel Management’s (OPM) 2015 data breach. Earlier this month, the OPM announced that a nine-figure deal had been completed to protect the 21.5 million affected individuals. On Wednesday, OPM officials updated their projections on the number of affected individuals that had their fingerprints stolen. The initial estimates listed the theft of only one million fingerprints, but officials have now increased that number to 5.6 million. Lawmakers and security professionals look on in confusion as to how the number of stolen fingerprints increased by a factor of five, even after a forensic investigation took place.

Rippleshot Content: one week to go - how ready are we for emv?

With just over one week left before the EMV liability shift, recent reports and surveys paint a bleak picture when discussing the U.S. preparedness for this change. Previously, we have covered the expected impact that EMV migration will have on U.S. cardholders and how fraud will shift to card-not-present transactions. In this week’s Rippleshot content, we take a look at how recent findings indicate that neither consumers nor merchants are prepared for the October 1st deadline. In an ACI Worldwide survey, sixty-seven percent of respondents indicated that they have not received any sort of information regarding new chip-enabled cards.

SHARING IS CARING. TO GET YOUR FRIENDS AND COWORKERS SUBSCRIBED, SEND THEM HERE.