There have been more than 200 cases of lost or stolen personal data affecting 8.5 million Americans during the first half of this year, according to a San Diego research group, as a new wave of political and amateur hackers commit data breaches such as last week’s theft of 450,000 e-mail passwords from the Internet content company Yahoo Inc.
The Identity Theft Resource Center, sponsored by technology companies and government agencies, listed 213 cases of data breaches through July 2, suggesting that 2012 won’t show much of an improvement over 2011. Last year, the center tracked 419 cases affecting the personal records of 22.9 million Americans.
http://liarcatchers.com/identity_theft_investigation.html
“Systems are under nonstop attack,” said Marcus Carey, a computer security researcher at the data security company Rapid7 Inc. in Boston.
The number of data breaches has fallen in recent years from a peak in 2009, partly due to the breakup of the massive credit card fraud ring that attacked credit card company Heartland Payment Systems Inc., ensnaring the records of 130 million cardholders.
But in 2011, data thefts began rising again, mainly due to efforts of politically oriented groups like the global hacker collectives Anonymous and LulzSec.
“The spike last year was due to the reintroduction of activist groups, or ‘hacktivism,’ ” said Marc Spitler, a data security analyst at Verizon Communications Inc. “They’re not going after financial data.”
Instead, these attackers have published personal data in an effort to embarrass corporations or government agencies. For example, LulzSec released personal information about 1 million users of a Sony Corp. website last year in retaliation for the company’s lawsuit against a hacker who broke into the security features on its PlayStation 3 video game console.
Some data thefts are committed by amateur hackers with no particular political agenda, according to Spitler. For example, a group of hackers called D33D Company claimed credit for the recent Yahoo attack, suggesting they did it merely to demonstrate flaws in the company’s security.
“These don’t seem to have philosophical or political influence,” Spitler said. “This is really more someone showing, ‘Hey, I‘m able to do this. I’m going to embarrass them just for laughs.’ ”
Carey said the rise of social networks like Facebook and Twitter has made the exploits of such hackers far more visible.
“Before, they would be relatively small defacements,” Carey said. “Now they’re attacking the site, taking all the information, going on Twitter and other social networks like that, and publicizing these breaches.”
Many attacks continue to be committed by criminals seeking financial gain. In March, credit card processor Global Payments Inc. said that a breach of its network may have exposed up to 1.5 million Visa and MasterCard accounts.
One criminal or group can be responsible for the thefts of huge amounts of personal data. Perhaps the most notorious of such hackers, Albert Gonzalez, is serving a 20-year term in prison. Gonzalez was the hacker behind the 2006 theft of 45 million credit and debit card numbers from Framingham-based retailer TJX Cos. The massive Heartland breach was also attributed to Gonzalez.
Verizon’s Spitler held out little hope that networks can be made impervious to such attacks in the near future.
Banks, credit card companies, and other large organizations run thousands of computers, and it’s almost impossible to be sure that all are updated with the latest security software, or to ensure that every worker follows correct safety procedures at all times, he said. A single human error or software bug can compromise an entire network.
“We haven’t had any reports of any new techniques being used, or anything that isn’t preventable,” he said. Data thieves “are using techniques that have been around for well over 10 years.”
