Data Breach Collateral Damage

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://risnews.edgl.com/retail-news/Data-Breach-Collateral-Damage94462

We all know the evolving stories of popular retailers and their disastrous
data breaches. The obvious discussion point is the financial impact of the
breach ─ fraudulent use of consumers' credit card data and the impact on
end users' credit, to say nothing of the constant monitoring (and worry) of
all their accounts. There are a number of tangential effects of a serious
data breach for institutions, as well as end users. These effects go way
beyond the financial impact, and the industry should look to address them.

First, consider the impact on institutions that have experienced a breach.
The reputations of retailers whose data breaches have been reported
recently are being questioned along with consumer trust. That's not
something that can be easily remedied, and it will take a long time before
consumers again start to trust these retailers with their personal data.
This is an indirect financial impact that will affect the retailers for
years.

The associated impact of being a publically traded company also comes into
play. When investors know the organization's reputation has been sullied by
a data breach, there is bound to be a negative impact on how they view the
company and invest, according to their long-term view of company viability.
It's an intangible that many companies are concerned about, but the reality
is that little can be done.

It's important to be transparent and proactive with services like consumer
credit monitoring, because once damage is done, it's harder to regain a
position of trust with consumers. Users who once wouldn't have thought
twice about using a retailer's online services now will weigh their
options, and potentially could take their business to a company that hasn't
experienced a data breach – although, as time goes on, those options are
dwindling.

By changing the focus to consumer – and the impact a data breach has on
them – we find areas most people don't tend to think about, but need to be
aware of. First and most importantly, of course, is the financial impact.
It's important for consumers to take advantage of any credit monitoring
services offered; consumers are expected to take ownership.

As a credit consumer, there is a need to keep an eye on any and all
transactions charged to all sources of credit. It's the only way to be 100
percent certain of all charges. Credit card companies have gotten better,
and continue to improve in the area of fraud detection, but there is
nothing like your own oversight and missing charges Google App Store,
Domino's Pizza and JDate.com that you didn't initiate.

Other information usually associated with user accounts, which can be
negatively impacted, as well, includes things like email, physical
addresses, social network names, and any other usernames and passwords
(because, like most people, many consumers reuse usernames and passwords).
Hackers and data thieves have gotten more intelligent about using
associated data for their benefit.

The good old days of simple credit card data theft are gone – today
consumers and retailers have much more to worry about. While not a
foolproof solution, maintaining different and strong passwords for each
external account is a practice both retailers and consumers should be
employing. It's especially important to change those passwords every couple
of months or so. It may seem like a lot of work, but there are services
that can help you maintain your passwords properly.

Why be concerned about these seemingly inconsequential pieces of
information? Because hackers now can set up bots on computer and access
email addresses as a source of SPAM. With little consumer information,
hackers can mine LinkedIn data, Facebook friends, photos, posts, etc.

It's a whole new world out there. It's a big data world where information
can be linked, and, many times, data breaches mean consumer information has
been compromised. The faster retailers and consumers act to change all the
information associated with a data breach, the better off they'll be. In
the meantime, it's important for both retailers and consumers to remain
diligent, ensure security and be ready to act quickly in the case of a data
breach.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!