BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Officials warn 500 million financial records hacked

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 20 Oct 2014 19:55:51 -0600
http://www.usatoday.com/story/news/politics/2014/10/20/secret-service-fbi-hack-cybersecuurity/17615029/

Federal officials warned companies Monday that hackers have stolen more
than 500 million financial records over the past 12 months, essentially
breaking into banks without ever entering a building.

"We're in a day when a person can commit about 15,000 bank robberies
sitting in their basement," said Robert Anderson, executive assistant
director of the FBI's Criminal Cyber Response and Services Branch.

The U.S. financial sector is one of the most targeted in the world, FBI and
Secret Service officials told business leaders at a cybersecurity event
organized by the Financial Services Roundtable. The event came in the wake
of mass hacking attacks against Target, Home Depot, JPMorgan Chase and
other financial institutions.

"You're going to be hacked," Joseph Demarest, assistant director of the
FBI's cyberdivision, told the business leaders. "Have a plan."

Nearly 439 million records were stolen in the past six months, said
Supervisory Special Agent Jason Truppi of the FBI. Nearly 519 million
records were stolen in the past 12 months, he said.

About 35% of the thefts were from website breaches, 22% were from
cyberespionage, 14% occurred at the point of sale when someone bought
something at a retail store, and 9% came when someone swiped a credit or
debit card, the FBI said.

About 110 million Americans — equivalent to about 50% of U.S. adults — have
had their personal data exposed in some form in the past year, said Tim
Pawlenty, president of the Financial Services Roundtable and the former
governor of Minnesota.

About 80% of hacking victims in the business community didn't even realize
they'd been hacked until they were told by government investigators,
vendors or customers, according to a recent study by Verizon cited by
Pawlenty.

Businesses need to reach out to the FBI and Secret Service for tips on how
to protect their data before something happens, agents said. If a business
is hacked, company officials need to contact government agents rather than
trying to keep the attack quiet and deal with it internally, the FBI said.
"No one is going to solve this problem on their own," said Supervisory
Special Agent Thomas Grasso of the FBI. "This is something we all need to
work together on."

FBI and Secret Service officials say they have taken down international
hackers with the help of U.S. companies and international law enforcement
allies overseas. Agents said many of the attacks against U.S. companies are
done by cybercriminals in other nations.

One Romanian hacker was lured to Boston by Secret Service Special Agent
Matt O'Neill, who used the Internet to pose as a woman and invite the
cybercriminal on a trip to the USA to enjoy gambling and romance. "He was
quite surprised that I was the one meeting him when he arrived," said
O'Neill, who worked on the case for months.

The man was arrested and is serving seven years in a U.S. prison. Romanian
authorities extradited one of his co-conspirators to the USA, reflecting
stronger partnerships between U.S. law enforcement authorities and U.S.
allies to catch hackers.

"Five years ago, we would have focused on whether the (hacker) was in the
United States where we could get our hands on them," Grasso said. "Today,
we're going to team up with our overseas law enforcement partners and go
after them."

Congress could help by passing cybersecurity legislation to update
surveillance laws and give federal agents greater authority to go after
cybercriminals, Pawlenty said. The House has passed a bill that the Senate
has not taken up. The Senate has taken a piecemeal approach, approving one
bill that would make it easier for the Department of Homeland Security to
hire cybersecurity experts.

"Our government and our businesses are in a daily fight against hackers,"
Pawlenty said. "It's getting increasingly concerning, and it needs to be
met with action by Congress."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: