Blog

Data Breaches – Types, Sources, and Preventive Measures

James Efron
October 29, 2019
7 minutes read
8852

A large number of well-renowned companies are under the threat of high-scale data breaches. After one data breach, it does not mean that the same company could not again be exposed to a data breach. Exceptions are there if that company successfully take in place stringent actions after tackling the vulnerabilities exploited before. An example of frequent data breaches is Yahoo data breach. Statistics show that in August 2016, Yahoo hack was uncovered that took place in 2014. It affected user accounts of around 500 million people. The same company faced another hack in December 2016 due to which 1 billion accounts were affected. In October 2017, this report was updated, stating a total of 3 billion affected users and is considered biggest data breach in history.

With the advent of digital file transfers and reliance on digital communication means by multiple industries, data breaches are residing fairly at a high rate. In the U.S, in 2015 data breaches increased to 781 million which were 157 million ten years back i.e. in 2005. In the same time period, compromised user records increased from 67 million to about 169 million. An aforementioned data breach of Yahoo was absolutely contributing to these exposed records. The company advised its users to immediately change passwords and guarantees its users that it will take stringent measures to eliminate the risks of further attacks.

There is a lose-lose situation when a data breach occurs. It is not only the customers whose information is compromised, not just the deceived organization which is dealing with the recovery of hijacked information, meeting legal compliance needs and doing the aftermath of reputational damage. This breach cycle has to break. Otherwise, the lose-lose situation will never end.

What Data is Breached?

Personal, as well as a sensitive chunk of information, is breached. The information which online platforms ask to recognize some identity is compromised. This data includes first and last name, email address, residential address, contact number, username, passwords and some encryption keys that are a secret between user and organization for identification purposes. This information is called personally Identifiable Information (PII).

This hijacked information is sold to third parties and are also weaponized by cybercriminals who use this information to conduct a large number of fraudulent activities. Credit card information is stolen through which fraudsters perform transactions, account takeover frauds are done, real identities are used in several other cybercrimes. Identities of children and adults are used to perform money laundering and terrorist financing. The reason is that these names have not been previously used or involved in any criminal activity before.

Emerging Forms of Data Breaches

The dark web and emerging data breaches are threatening industries. Phishing attacks and account takeover frauds are looming online websites. E-commerce businesses, online gaming, charity, banking websites, etc. are highly prone to cyberattacks because of the assets it deals with. Any loophole in the system can cost businesses with heavy monetary and reputational loss. Online websites need to ensure that they authenticate each onboarding entity thoroughly against a bunch of checks that are enough to filter out bad actors from honest ones. Along with this, existing users should continuously be verified to make sure that identity is not switched with any fraudulent entity.

Identity Theft

It is one of the most common data breaches. Identity theft was estimated to be accounted for about 50% of data breaches globally in 2015. It included about 40% of compromised records in the same year. Due to identity theft, a large number of financial institutions are affected. These sectors hold highly sensitive information in which financial information is common. This information if gets compromised results in huge damage for both the victim and the organization. Among this, the second most common type is the financial data breach. The financial sector lost 120 million identities in 2015. Cybercrimes are high in these sectors due to the attracting opportunities that fraudsters look for. The annual loss is an average of $13.5 million, which is highest as compared to other industries.

Phishing Attacks

The emergence of social engineering is giving rise to multiple other frauds. Among which, email phishing attacks and website phishing attacks are common. End-users are targeted with email phishing attacks. A phishing email from a renowned brand is sent to the legitimate customers which ask users to enter their credentials and credit card information. This email is from a fraudster who is trying to hack the account of end-users. This could be done by clicking the malicious link which redirects the user to a website that seems real but is just a clone of that website. Right after suer enter credentials, the account is hacked through that phishing attacks.

Last year, most of the phishing attacks targeted e-commerce businesses, financial systems, and payment websites. Hackers are all active to exploit weaknesses in the system thorugh innovative tricks. On the same side, online businesses should take in place technological solutions to acter to these tricks.

Credentials Stuffing

Credential stuffing is more or less similar to account takeover fraud. It is a cyberattack in which username and password related information are compromised and that account is hijacked. Fraudster gets unauthorized access to the account by stuffing combinations of username and passwords through automated requests for login. This stuffing is done by automated bots who fit in every possible combination to hack the account and use it for malevolent purposes. Research shows that stuffing attacks are 8% successful while attempting to account for takeover.

Overcoming Data Breaches with Biometric Authentication

Understanding the nature of data breaches, now there is a need for taking into account measures that mitigate future damage. Considering the common methods of user authentication i.e. 2-factor SMS based authentication ensures security when a user tries to access the account from different devices or locations. But unfortunately, this method of user verification is not most adopted. Only 10% of Gmail users use two-step verification.

Well, that was one choice, data breaches take place as a result of unauthorized data access. Therefore, this should be catered with the immediate security layer that ensures an authentic user is trying to access the data/account, edit it or delete it.

Biometric authentication is another option. For identity proofing and online user verification, a prompt, efficient and robust method is to verify the end-user based on biometrics. This could be through fingerprint scanning, iris/retina scanning or face verification.

Face Verification: Through unique facial features, an end-user can be verified. Every time a user gives an access request to the backend system, it will ask to verify the face biometrics. If the traits match, the user will be authenticated and get access to the account. Face verification uses Artificial Intelligence and Machine learning technology to map the facial features and decide in real-time whether the characteristics match the real user or not.

Yes, fraudsters use tricks to fool the system, but facial recognition systems are strong enough to cater to those. The tricks of the printed image, or already taken selfie are used, which are tackled through liveness detection. Liveness detection ensures that the user is physically present at the time of verification. This can be done by recognizing the blinking of an eye, minor facial movements, 3D depth perception, etc. It ensures that the end-user is not fooling the system in any way.

Biometric authentication is the primary step to cut the roots of growing data breaches. All possible cyberattacks are the result of unauthorized access which compromises user data and costs the businesses way more than the technical solution installment. Also, the regulatory authorities are set up to evaluate industries that are prone to data breaches and whether or not they take in place security measures to deter the risks. Identity verification through biometrics contributes to combat the risks of cyberattacks and hefty compliance fines.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Increasing Incidents of Fraud Becoming a Threat to UK’s National Security: UK Finance
What Data is Breached?
Automated systems prevented approximately 736 million pounds ($1 billion) from being stolen through fraudulent means in the first half of 2021.

According to a Reuters report published on Wednesday (Sept. 22), UK Finance has stated that the rising incidents of fraud observed in the e-commerce and online banking sector since the start of the COVID-19 pandemic are slowly becoming “a national security threat”.

The banking industry lobby group UK Finance said that government-backed schemes have become a need of the hour to counter the rising financial crime threats.

Government-coordinated action is needed as criminals have shifted their focus to exploit weaknesses outside the banking system, according to UK Finance’s latest fraud report which covers the first half of 2021.

Read more here: https://t.co/kiWNaBxmjt pic.twitter.com/8b4N6xgafS

— UK Finance (@UKFtweets) September 22, 2021

In the first half of 2021, criminals stole nearly 754 million pounds ($1.03 billion) through bank fraud. This amount represents a 30% rise in bank-related fraud compared to the same time period in 2020, reveals a UK Finance report.

Among the rising fraud schemes was Authorized Push Payment (APP) fraud, whereby customers make payments to criminals, thinking they are legitimate entities. APP fraud went up by 71% in 2021, the report said, moving ahead of card-based fraud for the first time.

Additionally, the UK Finance’s report shows 70% of APP scams were based online and highlighted a rise in the number of online ads that seek individuals as young as 14 to turn them into so-called “money mules” for illegal activities.

The banking group asserted the need for government action through a planned Online Safety Bill, which currently does not include online ads.

“The level of fraud in the U.K. is such that it is now a national security threat,” said Katy Worobec, Managing Director for economic crime at UK Finance, in the report. “The banking sector cannot solve this on its own.”

The report further encouraged the use of automated solutions for combating financial crime, stating that bank security systems prevented approximately 736 million pounds ($1 billion) from being stolen through fraudulent means in the first half of 2021.

Last week, the Financial Conduct Authority stated that the UK lost about 570 million pounds ($778 million) in investment fraud through April 2021, an amount that makes three times the 2018 total.

Suggested Read: UK Exposed to Significant Trade-based Money Laundering Risks Post-Brexit

Data Breaches – Types, Sources, and Preventive Measures

What Data is Breached?

Emerging Forms of Data Breaches

Identity Theft

Phishing Attacks

Credentials Stuffing

Overcoming Data Breaches with Biometric Authentication

Brief Summary of AML Trends in 2021

New AML Guidelines

UAE

Singapore

Hong Kong

Philippines

Financial Institutions are Investing in AI for AML Compliance

Regulators Urge the Use of Tech for AML Compliance

Trade-based Money Laundering on the Rise

The EU’s AML Proposal

Growing List of Countries Support AML Regulations on Crypto

Key Takeaways

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.