Oct 02, 2013 Dave King
Consumers and businesses are advised to closely guard their personal information to prevent the possibility of identity theft, and a new investigative report underscores the very real threat of cybercriminals.
In a post for his blog, Krebs On Security, former Washington Post staff member Brian Krebs revealed that a website devoted to selling individuals personal information, including Social Security numbers, birth records, credit reports and background checks has been operating on underground cybercrime forums for approximately two years.
The website, ssndob[dot]ms (SSNBOD), sells this information for relatively low prices: $0.50 to $2.50 per record, and $5 to $15 for credit and background checks, Krebs wrote. Until recently, it was unknown how the website's administrators were getting access to this information. However, following an analysis of the SSNBOD's networks, activity and credentials, Krebs determined that its was operated through a very "small but very potent botnet," which is a collection of hacked computers.
Some of the data aggregators affected by this breach include legal and public records database LexisNexis, Dun & Bradstreet and background check company HireRight, according to the source. In response to the breach, many of these companies are taking action.
"Immediately upon becoming aware of this matter, we contacted the FBI and initiated a comprehensive investigation," Aurobindo Sundaram, vice president of information assurance and data protection at Reed Elsevier, the parent company of LexisNexis, told Krebs. "In that investigation, we have identified an intrusion targeting our data but to date have found no evidence that customer or consumer data were reached or retrieved."
Major banks are worried about what this breach means for their use of knowledge authentication, CSO online wrote. Instead of asking customers personal questions, they will now need to leverage a more layered approach.