News & Resources

Publications & Media

“High value of personal data attracts more sophisticated hackers”

Safe and Sound By Margaret Utterback

Since the beginning of 2014, the press has released almost daily news of companies that have experienced significant data breaches.

Although retail companies tend to garner the most press, retailers aren’t the only targets. Other companies, such as social media sites, are falling victim as well. In those cases, hackers have successfully obtained thousands of users’ email addresses and sometimes account passwords.

As the occurrences of major data breaches increases for companies all over the world, so too does the threat that a significant breach can happen to any organization—big or small, retail or not. And for good reason.

According to research by Juniper Networks, personal data — including name, date of birth, address and social security number— can carry a value of around $20 to $40 per person. Bank account information is worth a staggering $187 per person, CNNMoney recently reported.

And credit card information values vary, running as high as $102 per number, according to CNNMoney, to as low as 75 cents per number, The Wall Street Journal reported, depending on the size of the data breach, the freshness of the information and from where data was stolen.

But even when the market is flooded with data and the value is lower than average, hackers obtain hundreds of thousands and sometimes millions of credit card numbers in these large-scale breaches, still offering a lofty payoff for offenders.

Another concern about the increasing number of data breaches is the people behind them. Gone are the days of the lone teenager sitting at his computer wreaking havoc on some poor unsuspecting company. Hackers today are much more sophisticated. In early August, theNew York Times reported that a “Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses.”

Because of this shift in the level of experience and resources hackers today possess, the Department of Justice has been forced to shift its tactics from looking for a lone offender to seeking out large and sophisticated crime syndicates. And Reuters reported that President Barack Obama signed an executive order on Oct. 17 to increase security on federal credit cards, and urged banks and retailers to follow suit in an effort to combat the growing threat of fraud.

“The idea that somebody halfway around the world could run up thousands of dollars in charges in your name just because they stole your number, or because you swiped your card at the wrong place in the wrong time, that’s infuriating,” Obama said in the Reuters story.

Organizations—both inside and outside retail industry—must take notice. Hackers are after more than just credit card numbers. Names, addresses, social security numbers, bank account information, health records and email addresses carry high values and are consistently and actively being sought out by hackers. Considering the values placed on personal data, hackers are likely here to stay, and companies must be prepared to defend themselves against these criminals.