Freely subscribe to our NEWSLETTER

If you’re planning on covering this news, or would like to add to an existing story, please feel free to use the comment below from Ryan Wilk, director at NuData Security.

NuData Security predicts and prevents online fraud, protecting businesses from brand damage and financial loss caused by fraudulent or malicious attacks. They analyse and score billions of users per year, and service some of the largest e-commerce and Web properties around the globe. Its online fraud engine, which uses continuous behavioural analysis and compiled behavioural biometric data, is able to predict fraud as early as 15 days before a fraud attempt is made! The early detection it offers provides organisations the time to monitor, understand and prevent fraudulent transactions from taking place.

“This breach exposed records including incredibly personal data such as a person’s bank account number, name, address, date of birth and so on. Data thieves sell this information to aggregators, who cross-reference and compile full identities – called “fullz” on the data black market. This increases the value and usefulness of the stolen data, which may have been gathered from multiple data breaches. With this level of information, fraudsters can create new bank accounts or take out loans under an actual person’s name, causing problems for fraud victims for years down the road.

We’ve seen among our clients that account creation fraud attempts are on a sharp rise. Of the 500+ million account creations we analysed, more than 57% of them were flagged fraudulent and account creation fraud has risen over 100% since February of this year alone. That kind of long-term, big payout fraud can only happen with stolen customer PII.

This underscores why it’s vital to switch from traditional and insecure KBA-based authentication – easily stolen, hard to replace – to user behavioral analytics (UBA) and passive biometrics. Harness the power of behavioral attributes to authenticate users in ways that are less intrusive yet more secure. We learn how a legitimate users act and get a front row seat to watch thieves try and fail to game the system with their stolen data. Becoming complacent in an age of massive data breaches is both a financial and reputational hazard.”

Mark Bower, global enterprise director at HP Data Security say: “This hack underscores the need for companies to protect all of the sensitive information they hold on their customers – particularly fields like in this scenario that should not have been accessible in the clear so easily. Criminals are always looking for a way to exploit a system in a way that they can then monetize in various ways. In this case there is a further risk in that personal information about the user such as their name, account information and so on. Criminals could then use this information or sell it on for use in more targeted larger-scale spear-phishing or potential identity theft attacks, especially when combined with other identity information available for that consumer online or from other data thefts. Beyond the threat to customers’ sensitive data, companies need to be concerned with the impact such an event can have on their reputation and, ultimately, on their bottom line. A data-centric approach to security is the key cornerstone needed to allow companies to mitigate the risk and impact of these types of attacks.

With the available technologies today to protect sensitive data fields in applications very easily and quickly, it’s a simple matter to cover all sensitive data to protect consumer trust and satisfaction. Securing sensitive personal data, which is commonly attacked to conduct fraud and irritating phone scams and phishing attacks at the expense and inconvenience of the British consumer, is a duty of every UK business today and not optional – and indeed a compliance requirement to the UK ICO privacy regulator”