{"id":2476,"date":"2014-12-03T05:01:43","date_gmt":"2014-12-03T05:01:43","guid":{"rendered":"http:\/\/www.lifeandnews.com\/articles\/?p=2476"},"modified":"2016-09-09T23:51:08","modified_gmt":"2016-09-09T23:51:08","slug":"after-a-data-breach-its-consumers-left-holding-the-bag","status":"publish","type":"post","link":"https:\/\/www.lifeandnews.com\/articles\/after-a-data-breach-its-consumers-left-holding-the-bag\/","title":{"rendered":"After a data breach, it’s consumers left holding the bag"},"content":{"rendered":"

By Diana S. Dolliver<\/a>, University of Alabama<\/em><\/p>\n

Shoppers have launched into the holiday buying season and retailers are looking forward to year-end sales that make up almost 20%<\/a> of their annual receipts. But as you check out at a store or click \u201cpurchase\u201d on your online shopping cart, you might be setting yourself up as the victim of a crime.<\/p>\n

\"\"<\/figure>\n

Good luck getting data out of here, hackers! A far cry from today\u2019s internet-connected registers.<\/span>
\nKozuch<\/a>, CC BY-SA<\/a><\/span><\/p>\n

Major data breaches at big retail companies have brought this form of cybercrime to the international stage. Between November 27 and December 15, 2013, hackers accessed Target\u2019s point of sale machines \u2013 the cash registers \u2013 that housed millions of credit and debit card numbers in addition to the names, addresses, email addresses and phone numbers of shoppers. They stole an estimated 40 million<\/a> credit and debit card numbers. In 2014, hackers stole approximately 56 million<\/a> customer credit and debit card numbers from Home Depot.<\/p>\n

These numbers are astronomical \u2013 where does all that stolen information go? And who is behind it?<\/p>\n

Hidden hackers<\/h2>\n

The individuals or groups<\/a> of people responsible for these kinds of cybercrimes are varied. There are teenage opportunists operating alone, hackers looking for a challenge and even sophisticated organized criminal syndicates. Some criminals simply want to see if they can break through security systems as practice to hone their hacking skills. Speculation circulates that some hacking is state-sponsored; there\u2019s little published research to back it up, but it appears China<\/a>, for one, engages in cyber espionage.<\/p>\n

Criminals seeking to profit from stolen information may open bank accounts in victims’ names or access financial institutions for monetary gain. Of course, no single person is opening 40 million new credit cards. Hackers who steal identities and credit card information in the massive volumes of the Target or Home Depot breaches may break down the millions of credit and debit accounts into bulk batches \u2013 groups of 10,000, for instance \u2013 and sell them to the highest bidder via online illegal marketplaces, such as those on the Tor Network.<\/p>\n

Once personal data is stolen and sold, the possibilities are endless. Criminals use stolen identities to create fake state or country IDs and to purchase things like plane tickets, cars, and weapons. Email addresses become spamming targets. Credit\/debit card information is valid as long as the victim remains unaware of the theft. That\u2019s why it\u2019s so important for consumers to vigilantly check their accounts on a regular \u2013 even daily \u2013 basis.<\/p>\n

Some of the biggest headaches come when a criminal steals valid identity details \u2013 such as name, date of birth or social security number. It can be extremely challenging for a victim to prove he is the REAL John Doe. Bank accounts can be closed and credit\/debit card numbers changed as soon as foul play is detected, but a person\u2019s name and SSN cannot. The greater risk for holiday shoppers is that stolen financial information will be used to make unauthorized purchases, but having someone create a new identity with stolen personal information isn\u2019t outside of the realm of possibility.<\/p>\n

\"\"<\/a><\/figure>\n

Hackers don\u2019t need the plastic to get full use of your credit card numbers.<\/span>
\nCards image via www.shutterstock.com.<\/a><\/span><\/p>\n

(Lack of) legal response<\/h2>\n

In today\u2019s world, victim and offender no longer need to be in physical proximity. And because of the wide range of cybercrime perpetrators, each with different motives, law enforcement agencies have quite a challenge on their hands. The FBI\u2019s Internet Crimes Complaint Center receives over 250,000 reports<\/a> each year from victims of cybercrimes, totaling over US$781 million per year in losses. It\u2019s estimated<\/a> that many times more victimizations are never reported \u2013 the so-called \u201cdark figure\u201d of cybercrimes.<\/p>\n

Law enforcement agencies struggle to hire and train personnel on detecting and investigating these types of crimes. Currently, if you discover yourself to be the victim of cybercrime, your local police department is probably ill-equipped to handle the case. Instead, your financial institution will most likely work with you to investigate the issue, and you should report the incident to the FBI\u2019s Internet Crimes Complaint Center.<\/p>\n

The average financial loss for complaints the FBI received in 2013 (that involved any monetary loss) was $6,245. Each bank has its own policies, but for the most part they eventually remove the fraudulent charges from hacked credit cards \u2013 typically after a lot of paperwork on the part of the victimized consumer. Regaining money stolen from a debit card or checking account can be much harder.<\/p>\n

Consumers as cybercrime-fighters<\/h2>\n

While lawmakers consider how to target cybercrime and agencies work out how to equip themselves, it falls to citizens to protect themselves.<\/p>\n