BEFORE YOU GO...

Check how Shufti Pro can verify your customers within seconds

No thanks

Blog

Data Breaches – Types, Sources, and Preventive Measures

Richard Marley
October 29, 2019
7 minutes read
12478

A large number of well-renowned companies are under the threat of high-scale data breaches. After one data breach, it does not mean that the same company could not again be exposed to a data breach. Exceptions are there if that company successfully take in place stringent actions after tackling the vulnerabilities exploited before. An example of frequent data breaches is Yahoo data breach. Statistics show that in August 2016, Yahoo hack was uncovered that took place in 2014. It affected user accounts of around 500 million people. The same company faced another hack in December 2016 due to which 1 billion accounts were affected. In October 2017, this report was updated, stating a total of 3 billion affected users and is considered biggest data breach in history.

With the advent of digital file transfers and reliance on digital communication means by multiple industries, data breaches are residing fairly at a high rate. In the U.S, in 2015 data breaches increased to 781 million which were 157 million ten years back i.e. in 2005. In the same time period, compromised user records increased from 67 million to about 169 million. An aforementioned data breach of Yahoo was absolutely contributing to these exposed records. The company advised its users to immediately change passwords and guarantees its users that it will take stringent measures to eliminate the risks of further attacks.

There is a lose-lose situation when a data breach occurs. It is not only the customers whose information is compromised, not just the deceived organization which is dealing with the recovery of hijacked information, meeting legal compliance needs and doing the aftermath of reputational damage. This breach cycle has to break. Otherwise, the lose-lose situation will never end.

What Data is Breached?

Personal, as well as a sensitive chunk of information, is breached. The information which online platforms ask to recognize some identity is compromised. This data includes first and last name, email address, residential address, contact number, username, passwords and some encryption keys that are a secret between user and organization for identification purposes. This information is called personally Identifiable Information (PII).

This hijacked information is sold to third parties and are also weaponized by cybercriminals who use this information to conduct a large number of fraudulent activities. Credit card information is stolen through which fraudsters perform transactions, account takeover frauds are done, real identities are used in several other cybercrimes. Identities of children and adults are used to perform money laundering and terrorist financing. The reason is that these names have not been previously used or involved in any criminal activity before.

Emerging Forms of Data Breaches

The dark web and emerging data breaches are threatening industries. Phishing attacks and account takeover frauds are looming online websites. E-commerce businesses, online gaming, charity, banking websites, etc. are highly prone to cyberattacks because of the assets it deals with. Any loophole in the system can cost businesses with heavy monetary and reputational loss. Online websites need to ensure that they authenticate each onboarding entity thoroughly against a bunch of checks that are enough to filter out bad actors from honest ones. Along with this, existing users should continuously be verified to make sure that identity is not switched with any fraudulent entity.

Identity Theft

It is one of the most common data breaches. Identity theft was estimated to be accounted for about 50% of data breaches globally in 2015. It included about 40% of compromised records in the same year. Due to identity theft, a large number of financial institutions are affected. These sectors hold highly sensitive information in which financial information is common. This information if gets compromised results in huge damage for both the victim and the organization. Among this, the second most common type is the financial data breach. The financial sector lost 120 million identities in 2015. Cybercrimes are high in these sectors due to the attracting opportunities that fraudsters look for. The annual loss is an average of $13.5 million, which is highest as compared to other industries.

Phishing Attacks

The emergence of social engineering is giving rise to multiple other frauds. Among which, email phishing attacks and website phishing attacks are common. End-users are targeted with email phishing attacks. A phishing email from a renowned brand is sent to the legitimate customers which ask users to enter their credentials and credit card information. This email is from a fraudster who is trying to hack the account of end-users. This could be done by clicking the malicious link which redirects the user to a website that seems real but is just a clone of that website. Right after suer enter credentials, the account is hacked through that phishing attacks.

Last year, most of the phishing attacks targeted e-commerce businesses, financial systems, and payment websites. Hackers are all active to exploit weaknesses in the system thorugh innovative tricks. On the same side, online businesses should take in place technological solutions to acter to these tricks.

Credentials Stuffing

Credential stuffing is more or less similar to account takeover fraud. It is a cyberattack in which username and password related information are compromised and that account is hijacked. Fraudster gets unauthorized access to the account by stuffing combinations of username and passwords through automated requests for login. This stuffing is done by automated bots who fit in every possible combination to hack the account and use it for malevolent purposes. Research shows that stuffing attacks are 8% successful while attempting to account for takeover.

Overcoming Data Breaches with Biometric Authentication

Understanding the nature of data breaches, now there is a need for taking into account measures that mitigate future damage. Considering the common methods of user authentication i.e. 2-factor SMS based authentication ensures security when a user tries to access the account from different devices or locations. But unfortunately, this method of user verification is not most adopted. Only 10% of Gmail users use two-step verification.

Well, that was one choice, data breaches take place as a result of unauthorized data access. Therefore, this should be catered with the immediate security layer that ensures an authentic user is trying to access the data/account, edit it or delete it.

Biometric authentication is another option. For identity proofing and online user verification, a prompt, efficient and robust method is to verify the end-user based on biometrics. This could be through fingerprint scanning, iris/retina scanning or face verification.

Face Verification: Through unique facial features, an end-user can be verified. Every time a user gives an access request to the backend system, it will ask to verify the face biometrics. If the traits match, the user will be authenticated and get access to the account. Face verification uses Artificial Intelligence and Machine learning technology to map the facial features and decide in real-time whether the characteristics match the real user or not.

Yes, fraudsters use tricks to fool the system, but facial recognition systems are strong enough to cater to those. The tricks of the printed image, or already taken selfie are used, which are tackled through liveness detection. Liveness detection ensures that the user is physically present at the time of verification. This can be done by recognizing the blinking of an eye, minor facial movements, 3D depth perception, etc. It ensures that the end-user is not fooling the system in any way.

Biometric authentication is the primary step to cut the roots of growing data breaches. All possible cyberattacks are the result of unauthorized access which compromises user data and costs the businesses way more than the technical solution installment. Also, the regulatory authorities are set up to evaluate industries that are prone to data breaches and whether or not they take in place security measures to deter the risks. Identity verification through biometrics contributes to combat the risks of cyberattacks and hefty compliance fines.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Interpol Seizes $130M Worth of Virtual Assets from Cybercriminals Worldwide
What Data is Breached?
The International Criminal Police Organization Interpol has seized $130 million worth of virtual assets that are linked to money laundering operations and different cybercrimes worldwide.

The “HAECHI III” law enforcement operation, which lasted between June 28 and November 23, 2022, enabled INTERPOL to arrest nearly a thousand suspects.

“In total, the operation resulted in the arrest of 975 individuals and allowed investigators to resolve more than 1,600 cases,” reads Interpol’s announcement. “In addition, almost 2,800 bank and virtual-asset accounts linked to the illicit proceeds of online financial crime were blocked.”

The various cybercrimes that contributed to the aforementioned sum include voice phishing, investment fraud, romance scams, sextortion, and money laundering linked to illegitimate online gambling.

Due to the activity, Interpol also produced 95 alerts and diffusions and identified 16 novel crime trends that would enable law enforcement agencies all around the world to concentrate on their efforts against cybercriminals more effectively.

The latest scams include types of financial fraud and romantic scams that criminals are continually improving to maintain novelty.

Additionally, Interpol noticed an increase in the usage of encrypted messaging applications by scammers to communicate with their victims in investment schemes.

Interpol’s statement also highlights the success of its fresh Anti Money Laundering Rapid Response Protocol (ARRP) mechanism, which was first put to the test during the organization’s prior operation, known as “Operation Jackal.”

Scammers had $1,250,000M returned to them due to ARRP, an Irish firm that was the victim of the Business Email Compromise (BEC). This was the total sum that the business lost to the BEC fraudsters, who ARRP assisted in identifying and seizing.

Since the beginning of ARRP’s pilot testing phase in January 2022, the technology has assisted in the recovery of $120M in cybercriminal proceeds.

Suggested Read: Interpol Warns of the Rise in Romance Scams as Valentine’s Day Approaches

Data Breaches – Types, Sources, and Preventive Measures

What Data is Breached?

Emerging Forms of Data Breaches

Identity Theft

Phishing Attacks

Credentials Stuffing

Overcoming Data Breaches with Biometric Authentication

Identity Theft – A Looming Threat for Digital Businesses

How Law Enforcement Authorities are Countering Cybercriminals

Gang Members Sentenced to 60 Months in Prison for Identity Theft

Criminals Jailed Over Multi-Million Identity Fraud in Spain

Fighting Identity Fraud Through Customer Risk Assessment

How Customer Risk Assessment Screening is Carried Out

Customer’s Identity

Geography

Industry/Business

What Shufti Pro Offers?

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.