More than 675,000 records were exposed by data breaches in the U.S. in 2014, according to the California-based Identity Theft Resource Center, a non-profit organization aimed at helping consumers. Since breaches began being tracked in 2005, they have risen by double digits each year.
According to Matt Cullina, CEO of IDT 911, an identity theft and data risk management provider serving the US and UK, the problem of identity theft is getting worse.
“You keep thinking it can’t get worse and 2015 has really shown that it’s gotten worse. What we’re starting to see now is a causal connection between all the data breaches that just keep proliferating and actual identity theft,” Cullina said.
In the past, when data breaches occurred with retailers, customers could call their credit card companies and get a new card and pin, he said.
“What we’re finding now is that with all the proliferation of data breaches to the federal government, to your healthcare providers, it’s not just our credit information. It’s all of our personal data, our social security numbers, our date of birth, all the personal information that somebody who wants to commit crime needs to create new identities,” Cullina said. “What we’re seeing in our fraud center…is more sophisticated types of identity theft.”
If a credit card or bank account takeover happened, it could be detected pretty quickly, said Cullina, who noted that by law banks have to reimburse victims for any losses.
“What we’re seeing now is really taking that identity information and creating all sorts of financial havoc,” Cullina said. That havoc includes tax fraud which, he said, has seen a 400 percent increase from 2014 to 2015.
Tax fraud occurs when a criminal creates false or even legitimate jobs using a stolen identity. They will then attempt to file taxes before the victim or will hack into a legitimate filing online and try to get the tax return before the victim does.
Cullina said approximately 20 percent of tax fraud victims have experienced other types of financial fraud.
“As the banks get more sophisticated, they’re asking questions whenever you spend money in weird ways.” Cullina said. “They’re trying to stop it from happening. Basically, criminals are looking for other paths of least resistance.”
The businesses impacted the most by identity theft and data breach attacks has also evolved, he said.
Healthcare is a targeted business sector, according to Cullina, because of the vast amount of personal data available.
“You have all the bits of information in your health files. You have how you make payments, so it has your credit card information. It has your employee information because often it’s tied to your employer benefits. It has your kids’ information. Everything about your family, let alone your health information,” Cullina said. “Basically criminals are finding that to be the most robust type of data. That’s worth more on the black market than just credit card data.”
Small to midsize companies are being targeted more and more, he said. Sometimes this is a way for the hackers to infiltrate a larger company.
“What it comes down to is they [criminals] cascade from the large companies down to more vulnerable companies that haven’t invested as much in data security. They have an online storefront, or some sort of access in,” Cullina said.
Ransomware attacks where hackers lock online systems are becoming more frequent too.
Cullina said as hackers continue to attack businesses, educating employees is key to protecting sensitive data.
“What we look at is getting every employee…to know that this data is just like money. You have to protect it like you would money in a bank account. Everybody has to be involved. It’s not just your own employees. It’s all the people, businesses, whomever you do business with, your customers, your partners, etc.,” said Cullina. “What we’re finding is the more and more we can educate from the bottom up and top down in an organization, that awareness goes a long way to protecting against data loss.”