Hello McFly….Epsilon Breach Shows Cybercriminals Has Moved Way Past ID Theft
Major media outlets around the globe are giving greater coverage to the Epsilon data breach story today. This might be the biggest breach of non-regulated PII (personally identifiable information) in US history. Read more in on the story in this CyberJungle posting Sunday night.
Typically, the mainstream media has focused on Personally Identifiable Information (PII) ID theft: credit card breaches, financial account information theft, and healthcare data breaches. There has been little attention paid to business data theft, by the media, pressure groups and many of the businesses that house the data, since business data is not typically regulated like PII is.
This might be a watershed moment when the attention is shifted to business data. According to a report released last week by McAfee/Intel and SAIC, “…cybercriminals have made the shift from stealing personal information, to targeting the corporate intellectual capital of some of the most well-known global organizations. Cybercriminals understand there is greater value in selling a corporations’ proprietary information and trade secrets which have little to no protection, making intellectual capital their new currency of choice…”
The focus of attention in the Epsilon story is consumer data. Big story number one not yet getting much attention: the wide-spread theft and re-sale on the digital black market of business intellectual property like trade secrets, technologies, sales data, price lists, key customer contacts, manufacturing processes, software code, salary info, and more.
Another big story not getting much attention: contrary to the spin from data collectors and pressure groups, the biggest data risks associated with the collection of consumer information is not that the data collector will sell the data to another firm. The biggest risk is that the data these data collectors will end up in the hands of cyber criminals, a government agency, or become part of damaging civil litigation, all risks that can cause much great harm.
The CyberJungle Radio program that will post Monday, will cover this story and other news about security, privacy and the law. Other stories we are covering include the wide-spread SQL injection attack; a new panic button smart phone app: and an in-depth look at the Advanced Persistant Threat (APT) with Rob Lee of the SANS Institute. Listen to Episode 207 at TheCyberJungle listening options page.
Posted by Ira Victor