News & Resources

Hackers put millions at risk of identity theft

Oct 22, 2013 Dave King

The ease with which data can be misdirected, illegally accessed or otherwise breached in the digital age is well-documented. Yet despite the ever-growing knowledge base we have about such breaches, hackers continue to succeed in penetrating systems - and in doing so, they can damage victims' consumer credit reports.

Recently, law graduates at the University of Arizona (UA) dealt with these concerns. According to the Arizona Daily Star, the names and Social Security numbers of more than 9,000 former students of UA's law school were accessed by hackers. The breach appeared to have occurred in July. The College of Law at UA admitted that the compromised information had been stored erroneously on the same server that hosts the college's public website. The data had remained on file because the university at one time used Social Security numbers as identifiers for applicants.

Access to very straightforward documents was all the hackers needed to compromise the sensitive data. According to the news source, applicant lists and class rosters may have been targeted.

"We're working to help make sure people are not harmed by this incident," law school Dean Mark L. Miller assured students, according to the Phoenix Business Journal.

The Arizona Daily Star noted that UA has offered alumni whose data was compromised one year of free consumer credit data monitoring, paid for by the university.

Hackers target data brokers, Adobe
Companies with large customer bases or those that specialize in storing data have also been compromised in recent weeks.

Krebs on Security reported that a group of major data brokers - firms who aggregate information about consumers and businesses - was hacked by cybercriminals who sell Social Security numbers, credit reports and other sensitive data to identity thieves. The hacking ring operates a website called SSNDOB on which criminals pay for subscriptions to stolen information using unregulated currencies.

In the breach, hackers accessed two servers belonging to LexisNexis, a firm that controls the largest database of public records in the world, according to the news source.

Days later, Adobe announced that hackers had stolen the source code of one its products and compromised the account IDs, encrypted passwords and credit or debit card information of 2.9 million customers. The company said it would respond to the incident by notifying affected consumers and resetting their passwords. Adobe assured those concerned that payment information was accessed in encrypted form and was not likely to be used, although the banks that process the firm's payments were promptly notified.

According to a separate Krebs on Security article, researcher Alex Holden discovered the stolen Adobe source code on a server belonging to the same hackers who had recently breached the major data brokers.

The struggle for mobile security
As smartphones, tablets and other devices become storage places for private and company data, concerns have arisen that hackers will begin targeting mobile, too.

As such, the need for secure devices is pressing. According to Digital Spy, the fingerprint sensor originally released with the iPhone 5S left users vulnerable to identity theft. The sensor could be bypassed if the Control Center was enabled on the lock screen, allowing hackers to take over the owner's Apple and Gmail accounts.

Apple responded by providing an updated version of iOS 7 that fixed the glitch, the news source wrote.

However, as the number of mobile devices in use grows, so do the options for hackers.

"Cybercriminals have begun capitalizing on the fact that many of the mundane digital devices we tie into the Web are easy to locate and wide open to hacking," WLTX reported.

In light of the recent string of hacks, businesses might consider reassessing how secure they keep customer information - and whether their solutions are mobile-ready.