Rippleshot Blog

Home Chef, a Chicago-based meal kit and food delivery company, announced a data breach after a hacker attempted to  sell information on a dark web marketplace.

Home Chef said the last four digits of a customer's credit card was accessed, as they don’t store complete payment information in their databases. Home Chef emailed affected customers. The company didn’t officially announced how many customers were impacted by the security incident, but the security site Bleeping Computer reported that hackers claimed to be selling a database of 8 million users.

Another major data breach was announced this week. This time it was Landry’s Inc., a Houston-based company that owns and operates more than 600 restaurants, hotels, casinos and entertainment destinations. According to what has been publicly reported, malware was installed on Landry’s’ payment processing system servers, and was used to exfiltrate customers’ card numbers, expiration dates and internal verification codes.

The year 2017 won’t be the last year that’s remembered for producing a record number of data breaches. There’s a good chance the same story will be repeated for years to come. But what everyone can learn from the growing number of incidents is why greater breach prevention and detection is needed more now than ever.

To wrap up the year, we’ve gathered a list of major data breaches that made headlines in 2017, starting with the incident that will continue to make news long into 2018.

As if issuers didn’t have enough to worry about as they combat rising card fraud rates, the dark web market continues to be a haven for hackers to scoop up droves of credit card data — which is then used to commit even more fraud.

From advanced techniques, bots that make online fraudulent purchases to hacking payment systems, the packaging and auctioning of compromised cards across the dark web to commit and monetize card fraud occurs faster than a bank can detect a compromise, identify compromise cards, reissue the cards and call the cardholders. This has created endless troubles for banks and credit unions looking to stop fraud in its tracks.

Data breaches are expensive for banks, merchants, and consumers, but just how costly are they? A new report from Ponemon Institute breaks down today’s security landscape in its new ‘Cost of Data Breach Study’. We pulled out some of the highlights and interesting facts below.

Let’s start with the good news…The study shows the global average cost of a data breach is $3.62 million – down 10% compared to previous years. The not so good news? The average size of the data breach, according to this research, increased 1.8%.

The cost of a breach is dependent on many factors, including location. There were significant increases in the cost for organizations in the Middle East, United States and Japan, while organizations in Germany, France, Australia and the UK reduced costs associated with responding to and remediating the breach.  

The fallout suffered by companies that experience data breaches is expansive, but one of the largest areas of impact is customer trust. Brand value is greatly lowered in the event of a security breach — even when decisive action is taken to shut down the fraudulent activity and minimize the damage as quickly as possible. And while brand value can be difficult to quantify, several studies have revealed the effects of data breaches on consumer trust — a key indicator of a brand's strength.

In one of the first scientific studies analyzing the international market for stolen data, Michigan State University criminologist Thomas Holt found that a batch of 50 stolen credit or debit cards can make a seller between $250,000 and $1 million on average. While those earnings certainly aren't small potatoes, they pale in comparison to what buyers can net from the illegal data itself: From that same batch of 50 cards, a buyer can swindle card companies and cardholders out of approximately $2 million if only 25 percent of the cards work — and nearly $8 million if all cards work.

The Identity Theft Resource Center (ITRC) and CyberScout issued a new report stating that the number of U.S. data breaches reached an all-time high last year, totaling 1,093. This is a 40% increase from 2015 – quite a substantial increase indicating that rising concerns around cybercrime isn’t just hype, it’s a growing epidemic across not only the U.S but also across the globe.

2 years ago, security professional and evangelist David Holmes dubbed 2014 as the “The Year of the Mega-Breach”, and reasonably so, as multiple headlines featured news of massive data breaches at Home Depot, J.P. Morgan Chase, and eBay. However, the following year had a roster of mega-breaches that made the previous year’s incidents pale in comparison, causing the term to quickly become obsolete. After a holistic review of the data breaches that have occurred throughout the current year, the Rippleshot Team has decided to resurrect the concept- with a little twist. Follow along as we discuss why 2016 is “The Year Of The SMB Breach”, how data breaches can be catastrophic to small to mid-size businesses (SMBs), and what implications SMB breaches have for the overall cybersecurity industry.

We have a good idea of the short-term consequences of data breaches- lawsuits, chargebacks, etc. But what about the long-term? A recent research report published by Claire Greene and Joanna Stavins of the Federal Reserve Bank of Boston sought to find a conclusive answer, leveraging consumer perceptions surrounding Target’s data breach as a case study. By examining longitudinal data on 1,908 US adults from results of the Survey of Consumer Payment Choice (SCPC), the report took advantage of a naturally ripe environment for experimentation, as some respondents were asked to rate payment instrument security before the Target data breach became public knowledge, and others answered the survey after news of the breach became widespread. Although the research has merit in identifying the inelastic behavior of consumers regarding payment instrument usage, it fails to address how data breaches contribute to costly card-reissuance and false-positive declines for banks and credit unions.

It’s easy to get caught up in the headlines, particularly when stories of large-scale breaches of cardholder information seem to graze the front of newspapers on a weekly basis. But the truth is, even though the Targets, Home Depots, Michaels and Wendy’s are all-encompassing as far as the media goes, they’re actually not the majority of the card compromises that take place - not by a long shot.

As we start 2016 off, is security against data breaches on your company’s new year’s resolutions list? Over 750 data breaches were reported in 2015 and we will likely see an increase in quantity as well as impact in 2016. Experian recently released their annual Data Breach Industry Forecast and while breaches are expected to increase, who they are targeting and their methods are expected to change. Based on this report, we’ve created a helpful list of three things to add to your company’s new year’s resolutions for 2016.

As we approached the end of 2014, dubbed “the year of the data breach”, the US had experienced a record high of 783 publicly announced data breaches. You could not turn on the TV, open a newspaper or surf the internet without hearing how globally recognized organizations like Home Depot, JPMorgan Chase, UPS, Target and many more fell victim to a breach. Consumers experienced data breach fatigue and started to become unfazed as breach after breach was uncovered. With the 2015 holiday season nearing, analysts are looking to see if 2014’s stretch of breaches will affect consumer shopping habits in 2015.

Back in March of this year, we put together ten data breach statistics that should have your attention, followed shortly there after with ten more statistics that needed your attention. After the publishing of the 2015 Trustwave Global Security Report, and the 2015 Ponemon Institute Cost of A Data Breach Study, we’ve pulled 10 new stats that financial institutions, retailers and cardholders need to be aware of moving forward.

The introduction to Trustwave’s latest Global Security Report said it best - “Compromises are nothing new, of course, but 2014 just felt different.” Many called it the “Year of the Data Breach.” Many more were affected directly, with billions of personal records being compromised. But maybe most importantly, 2014 thrust data security into the public eye, forcing merchants, financial institutions, government and everyone in between to place a higher priority on breach prevention and detection.

Trustwave’s report provides a unique overview of the global security landscape, what trends emerged over the past year, and what the payments industry should keep an eye on moving forward.