2009 Continues Trend of Record Credit Card Security Breaches

By Eva Maria Norlyk

In 2008, data security breaches reached record levels, increasing by 47% from 2007 to 2008, according to the non-profit organization Identity Theft Resource Center. With a total of 310 security breaches reported by July this year, 2009 cybercrime attacks so far are keeping up with last year’s record data breaches. In addition, 2009 has the dubious distinction of being the year of the largest-ever data security breach with cybercriminals in one instance making away with more than 100 million credit card numbers and other personal information.

The most recent in a long string of large-scale attacks was made public at the end of July when Network Solutions, an IT company that provides hosting services for small businesses, announced that it had been the victim of data theft. The security breach began back in March this year when hackers infiltrated Network Solutions’ e-commerce web servers and planted code which intercepted transactions for more than 4,000 online businesses before it was discovered. It wasn’t until June 8th that Network Solutions noticed the unauthorized code in their servers, and by that point the damage was done. The malicious code is estimated to have intercepted the personal and financial data of nearly 600,000 credit cardholders.

The case was disconcerting because of the sheer size and scope of the breech. Hackers would have had a difficult time breaking into the individual websites for each of the affected businesses. However, by targeting the servers at Network Solutions, they were able to collect credit card information and other sensitive personal information for a total of 4,343 e-commerce sites in one go.

With the aid of federal law enforcement and a commercial data breach forensics team, Network Solutions is investigating the source of the breach. Meanwhile, the company is also working to take care of its affected customers and their clients. Network Solutions has offered to notify the affected individuals for each e-commerce site and also pay for a full year of credit monitoring through TransUnion for those whose information was compromised.

As concerning as the Network Solutions breach is, it pales in comparison to the all-time largest security breach reported by Heartland Payment Systems earlier this year. Heartland Payment Systems is the fifth largest processor of credit card and debit card transactions in the United States. The company suffered a colossal data when cybercriminals burrowed into Heartland’s computer network and from May of 2008 until January 2009 recorded the credit- and debit-card data of millions of consumers. The Heartland data breach is thought to have compromised a staggering 100 million credit cards issued by over 656 institutions.

Other large-scale security breaches this year include a large identity theft at Virginia’s Prescription Monitoring program, which threatened the security of the 531,400 Virginians whose social security numbers may have been in the breached database. Another Virginia breach targeted the state’s Department of Health Professionals and concerned over 8 million patients whose records, including 35 million prescriptions, were allegedly stolen.

The University of California at Berkeley also fell victim to hackers who infiltrated the school’s restricted computer databases. Social Security numbers, health insurance information, and other information for an estimated 160,000 students were compromised. Worse, if the hackers had not left bragging messages behind in the data logs, the crime might have gone unnoticed.

The rise in cybercrime is, in part, due to its international expansion. Back in the days of store-front business, thieves had to make break-ins on site. Now, with the “world wide web,” any mom-and-pop online business run out of Remoteville, US could fall prey to a sophisticated international hacking group.

Published: October 21, 2009