Every year around this time, Verizon releases its Data Breach Investigations Report, referred to in the trade as simply the “DBIR.” Verizon is one of two companies you call if you’ve been breached and you really want to get to the bottom of what happened and try to keep it from happening again. (Mandiant is the other.)
My CISO hates this year’s edition because of its Joy Division-inspired cover and some of the cutesy writing. But it still makes some valid points that I wish everyone would take to heart–and those points remind me why so many people in my field of work listen to Joy Division.
Tax fraud is one of big payoffs from data breaches. But there’s a simple thing you can do to make it harder for a scammer to file your taxes if your employer or health insurance provider gets breached and your social security number is one of the ones that gets stolen.
Change your social networking profile.
What seems like a million years ago, when Sony Pictures got breached, some pundits were predicting that was the end of the company. I always thought that was hyperbole, but I have to admit I never went to the extreme of saying breaches are nearly harmless, which seems to be the current popular thinking.
Indeed, a financial analyst went on the Down the Security Rabbit Hole podcast and said breaches are an investment opportunity. Just buy the dip.
Late last week, Home Depot finally released a statement about its data breach. At least they had the decency to call the attack “custom” and not spin it as “advanced” or “sophisticated.” Even “custom” is really a euphemism, as the attack wasn’t all that different from what other retailers experienced earlier in the year. It may have been as simple as recompressing the BlackPOS malware using a different compression algorithm or compression ratio to evade antivirus.
The breach involves about 56 million cards, making it a bigger breach than Target. Read more
So Minnesota-based Supervalu, an operator of grocery stores, had a data breach in the midwest last week. If you’ve shopped at Cub Foods, Farm Fresh, Hornbacher’s, Shop ’n Save, Shoppers Food and Pharmacy, or former Supervalu chains Albertsons and Jewel-Osco between the dates of June 22 and July 17, and you paid with a credit or debit card, call your credit card company or bank.
If you need a new card, it’s much faster to let them know than for them to try to figure it out. And in the meantime, continue to use the card for everyday purchases to establish normal behavior. Don’t run up debt, but you want to establish where you are, so if someone buys the card info and tries to use it, it will stick out. And if their small transaction did happen to go through and they tried a larger one, it’s a little less likely to go through if you’ve run the balance up a little. These are little things you can do to make things harder for the criminals and easier for the banks, and potentially make it easier for the authorities to find the criminals.
As you probably know, last year some still-unknown criminals stole a whole bunch of credit and debit card data from Target. And the story keeps changing. First there weren’t any PINs. Then they got the PINs, but no personally identifiable data. Well, the latest news indicates they got credit card numbers, names, addresses, phone numbers, e-mail addresses, and for a whole lot more people, and probably from a longer length of time than just late November to mid-December.
There are a few things you ought to do if you shop at Target, which many people do. Read more
As you’ve probably heard, Target had a bad month. Between the days of 27 November and 15 December, about 40 million credit card numbers were stolen, making it one of the biggest breaches of its kind in history. As far as we know, the card number and security code were stolen, but debit-card PINs and addresses were not.
Target says they have contained the breach and are cooperating with credit card companies and authorities. Cringely has some analysis, but it has more for people like me to think about how we do things at work than it does for consumers.
And, well, as luck would have it, I shopped a lot at Target between the days in question. And I used both my credit and debit card during that time. Here’s what I’m doing, some of which may be counter-intuitive.