Everyone recalls the massive wave of computer attacks that hit the nation’s six biggest banks in September and October. Some of those banks and financial institutions were hit more than once, too. The group is believed to have been from the Middle East with ties to several smaller terrorist groups.
Now, though, Experian, one of the three big credit reporting agencies, is facing its own problems with a massive cyber hack that exposed consumer data and has both security officials and consumers demanding it up the ante in its own efforts to ensure these attacks don’t happen again.
And it could be that an international ring has nothing to do with these attacks. American Banker released a report that identified 10,000 identity fraud rings in the United States. And there appears to be an “identity theft belt” that encompasses the southeast United States.
In my previous research into identity fraud, most ID fraudsters have tended to be in urban areas, in high-population-density areas,
says Dr. Stephen Coggeshall, ID Analytics’ chief technology officer.
I expected the fraud rings to be there, too, but it turned out to be the opposite – these groups of people tend to be in rural areas. There’s a striking belt of fraud that cuts across the Southeast, going from Virginia across the Carolinas, across Georgia and into Alabama. It’s the rural parts of those states where this fraud belt is occurring.
Wondering which states have the highest number of fraud rings? It’s not New York, California or even Texas. It’s the states you’d least expect, including Alabama, the Carolinas, Mississippi, Georgia and Delaware.
Washington DC, Tampa Florida and Greenville, Mississippi appear to be the “hot spots”. And it’s likely the recent Experian hack originated right here in the U.S.
One spokesperson for Experian, Gerry Tschopp, insists the cyber attack was isolated to consumers in the U.S. instead of a bigger exposure in North America, as some had feared earlier. Tschopp spoke with American Banker last week and said,
The issue is indicative of the larger problem of cybercrimes facing many companies and many industries, which is the growing sophistication of financial malware.
The first incident, which occurred at a Texas credit union, was penetrated by using Experian’s networks to gain access. Passwords were stolen and could have potentially affected more than 740 million consumers.
It was later discovered that the thieves then spent time downloading both credit reports and even social security numbers on close to one thousand customers. The credit reports are what sounded the bell that brought Experian into the mix.
One agency reports more than 17,300 credit reports have been stolen from the three reporting agencies in the past few years.
Worse, those analysts said compromising the Experian system was easy and required only “basic credentials”. Raising the threshold for gaining access is a simple solution, say those analysts; however, Experian had none of those additional safety layers in place.
Still, Experian insists its systems requires more than just the basics to gain access and uses a “risk based authentication system” partnered with a technical network that detects any kind of anomalies found.
We require and expect our clients to routinely and securely manage their authentication credentials to the highest standards and monitor the security of their systems,
Tschopp told American Banker reports.
In the instances where credentials might be compromised, our security systems monitor 24/7 for any anomalies that could suggest suspicious activity.
In the meantime, efforts are still underway to locate those hackers that wreaked havoc for close to a month on the six big banks. You may recall Senator Joseph Lieberman’s insistence that Iran played a role in the attacks.
That’s yet to have been proven, though a growing number of security experts say Iran was aware of the attacks, at a minimum.
The lack of answers resulted in many bank customers demanding some kind of action. With no explanations proffered by the banks, those customers have no doubt wondered every day since if this would be the day they faced another inability to gain access to their online accounts.
None of those accounts were tampered with, unlike the credit union’s hack in Texas.
It was probably the least impressive corporate presentation of bad news I’ve ever seen,
said Paul Downs, a small-business owner in Pennsylvania. He said the entire episode was “extremely disconcerting”.
As mentioned, the attacks were considerably different with the banks suffering denial of service attacks and the credit union and credit bureaus seeing actual compromises to those accounts, including the theft of personal information.
Unlike the bank hacks, where the thieves staged a massive amount of web traffic to crash the bank servers, the Experian hackers instead found a quiet entrance with no one realizing what was going on as it happened.
Are you alarmed by all of these cyber attacks? Share your thoughts with us.
Similar Personal Finance News
- 3 Years In, Credit CARD Act Working – February 25, 2013
- Overwhelming Financial Truths: How They Affect Everything – May 27, 2013