BofA, Foxconn Breaches Display Diversity of Hacker Motives
This year has already witnessed a rise in data breach activity. Beyond the Symantec pcAnywhere drama and the Zappos breach, Bank of America came under fire via a merchant breach even while in the midst of a multibillion-dollar legal battle over faulty mortgages.
Bank of America could not immediately be reached for comment, but published statements indicate that the company has sent letters to customers to notify them of a possible compromise that may have exposed credit card account details. BofA has not disclosed how many accounts were affected in the breach.
"As part of our routine fraud monitoring, if we believe a customer's card may have been compromised at a third-party location, we will notify the customer and block and reissue the card, which is what happened in this case," BofA spokeswoman Betty Riess told Bank Info Security. "Security for our customers is a top priority, and we take proactive steps like this to protect our customers from fraud."
Hacker Activity Heightens
Lawrence Reusing, general manager for mobile security at Imation Corp., said
Bank of America's disclosure of the recent breach again highlights the sophistication of criminals trying to breach network and mobile devices in 2012.
"The news proves that no business is immune," Reusing said. "Just weeks ago, Zappos came under scrutiny because of a network breach, and this latest disclosure from BoFA is concerning for businesses and the consumers that put trust in retailers, banks and other services companies to secure their private information."
At some level, the Zappos breach was worse. Some 24 million customer passwords were stolen in the hack, a black eye for the Amazon-owned property. Zappos was tight-lipped about the root cause of the attack. The difference is account-holder details were not accessed.
Whether for financial gain or social protest, hacker activity shows no sign of slowing down. On Thursday, news spread that "hacktivist" group Swagg Security had breached Apple supplier Foxconn's e-mail servers and Internet sites. Swagg Security has expressed concern over reports that Foxconn employees are working in poor conditions and that some have committed suicide.
And just hours ago, it was revealed that the United Nations Web site was hacked again.
The Mobile Factor
A growing number of mobile consumers are demanding security, but enterprises also need their workers to be productive and agile for business continuity and success, Reusing said. That, he said, makes it critical for IT to ensure the protection of customer data -- whether it's inside the network or with their partners.
Smart solutions combine data encryption and strong authentication to ensure that customer data is protected at rest and on the move, he said.
"Let's face it," Reusing said. "No one welcomes data breaches, and solution providers are working closely with companies of all sizes on implementing solutions that will not only monitor both fixed and mobile devices connected to the network, but also on increasing the level of education for employees and any third party on the severity of not taking security seriously in today's world."
Posted: 2012-02-13 @ 2:02pm PT
Credit card issuers will re-issue cards that they suspect were stolen even before fraud occurs. Most of the card data theft happens at stores where the card was used legitimately. Believe it or not, many payment systems used by merchants run on ordinary computers connected to the internet.