Identity Fraud Cost U.S. Consumers $16 billion in 2014
Posted on March 4, 2015 by Kara Dunlap in Security
Identity thieves were busy during 2014, but a new study estimates that U.S. consumers actually suffered fewer losses than in the past.
According to the 2015 Identity Fraud Study from Javelin Strategy & Research, the number of identity fraud victims decreased slightly last year, dropping by three percent from 2013. All totaled, Javelin estimates 12.7 million U.S. consumers were victimized in identity theft in 2014, compared to 13.1 million the previous year. Total fraud losses fell as well, dropping from $ 18 billion in 2013 to $ 16 billion in 2014.
In another bright spot in the report, new account fraud – where a scammer opens a new account in the name of the victim – appears to have hit a record low in 2014. The good news does not go much further than that however. The report also found that victims of new account fraud are three times more likely to take a year or more to discover that their identities were misused than victims of other types of fraud.
Additionally, while incidents of identity fraud may have declined, they had a lasting impact on the spending habits of some of the victims. According to the survey, 28 percent of the 5,000 people surveyed said they avoided merchants after being victims of fraud. In addition, individuals whose credit or debit cards were breached in the past year were nearly three times more likely to be an identity fraud victim.
While students were the least concerned about fraud, Javelin found students were actually the most impacted. Though 64 percent said they were unconcerned with fraud, the group reported feeling more impact when fraud occurred, with 15 percent classifying it as moderate or severe. Students are also the least likely to detect identity fraud themselves. Some 22 percent said they were notified of the situation by a debt collector or when they were denied credit, three times higher than the average fraud victim.
“Despite the headlines, the occurrence of identity fraud hasn’t changed much over the past year, and it is still a significant problem,” said Al Pascual, director of fraud & security, Javelin Strategy & Research, in a statement. “Consumers, financial institutions and retailers are all taking aggressive steps, yet we must remain vigilant. The criminals will continue to find new ways to commit fraud, so taking advantage of available technology and services to protect against, detect and resolve identity fraud is a must for all individuals and corporations.”
Brian Prince is a Contributing Writer for SecurityWeek.
Tags:
Russian Hackers Obtained 1.2 Billion Passwords: Report
Posted on August 5, 2014 by Kara Dunlap in Security
A Russian hacker group has obtained an estimated 1.2 billion Internet credentials collected from various websites around world, Nicole Perlroth and David Gelles of the New York Times reported Tuesday.
According to data provided to the newspaper by Hold Security, the Times reported that user names and passwords were stolen from roughly 420,000 websites of all different sizes. According to the report, the hackers also gained access to 500 million email addresses.
“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” Alex Holden, founder and chief information security officer of Hold Security, told the Times.
Most of the sites that the hackers pillaged are still vulnerable, Holden said. The Times said the group is based in a small city in south central Russia and includes fewer than a dozen men in their 20s “who know one another personally — not just virtually.”
“This issue reminds me of an iceberg, where 90 percent of it is actually underwater,” John Prisco, CEO of Triumfant, told SecurityWeek in an emailed statement. “That’s what is going on here with the news of 1.2 billion credentials exposed. So many cyber breaches today are not actually reported, often times because companies are losing information and they are not even aware of it.”
“Today, we have learned of a huge issue where it seems like billion passwords were stolen overnight, but in reality the iceberg has been mostly submerged for years – crime rings have been stealing information for years, they’ve just been doing it undetected because there hasn’t been a concerted effort on the part of companies entrusted with this information to protect it,” Prisco continued.
An Urgent Call for Two-factor Authentication
Eric Cowperthwaite, vice president, advanced security & strategy at Core Security, explained that this is another example of the pressing need for users and companies to leverage two-factor authentication.
“Companies need to transition to two-factor authentication,” Cowperthwaite said. “Companies such as Facebook and Twitter have finally started offering two-factor authentication, but the bottom line is that most users aren’t taking advantage of it.”
“Banks, as a standard practice, should absolutely be using two-factor authentication,” Cowperthwaite added. “They have a certain amount of loss from fraud built into their operating model – they just accept that it will happen. This acceptance is a shame since there are many simple ways to reduce those costs significantly.”
Holden told the Times that his team has started to alert victimized companies of breaches, but had been unable to reach every website. He also said that Hold Security was working to develop an online tool that enables users to test and see if their personal information is in the database.
“Russian cyber gangs are known for breaking in to steal whatever they can as quickly as possible,” said Joshua Roback, Security Architect, SilverSky. “We should expect to see these accounts for sale on underground forums before the week is through.”
“Understanding why passwords are so valuable to hackers can both explain and prepare enterprises to deal with potential security vulnerabilities,” SecurityWeek columnist Gil Zimmermann noted in a December 2013 column. “There are potentially hundreds of uses for stolen passwords once they are obtained.”
While not close to the scope of this recently disclosed discover, Germany’s Federal Office for Online Security (BSI) warned Internet users in January that cybercriminals had obtained a list of 16 million email addresses and passwords.
Related: Hackers Just Made Off with Two Million Passwords, Now What?
Managing Editor, SecurityWeek.
Tags:
