2016’s Biggest Data Breaches — and The Implications for Merchants
2016 was a big year for hackers. The Identity Theft Resource Center identified 980 breaches, exposing billions of sensitive records to theft. Here are some of the year’s biggest data theft stories – as well as insights into how all of this impacts e-commerce websites.
What Were the Biggest Data Breaches of 2016?
No consumer’s data is safe; this was especially clear in 2016. As fraud continues to increase, even the largest companies fell victim to hacking.
- In 2014, 500 million Yahoo accounts (including full names, dates of birth, phone numbers, and some security questions and answers) were breached, although this wasn’t confirmed until September 2016. Adding insult to injury, the company discovered in December 2016 that a 2013 breach may have compromised 1 billion Yahoo accounts — making it the largest data breach in history.
- Another instance of an aftershock breach, 360 million accounts were hacked sometime before June 2013. However, the company didn’t report the breach and notify users until May 2016.
- Approximately 145 million users were affected by a system compromise using stolen employee login credentials. Hackers gained access to such information as names, passwords, addresses and dates of birth.
- The social network was hacked in 2012, with 117 million email and password combinations reported as stolen. In 2016, this data surfaced again, for sale on the dark web.
- This file-hosting service experienced a breach in 2012, in which it reported that a “small number” of user names were stolen. In 2016, Dropbox revealed that the scope of the breach was far greater: Approximately 68 million emails and hashed and salted passwords were compromised.
- Newkirk Products. An issuer of healthcare ID cards, this provider’s data breach in August 2016 may have affected nearly 3.3 million people. Hackers accessed sensitive information, including names, dates of birth and insurance plan details.
- 21st Century Oncology. In March, this cancer care service provider revealed that it was the victim of a major breach in October 2015. Hackers accessed 2.2 million patient records, including Social Security numbers, diagnosis and treatment information, and insurance details.
- Verizon Enterprise Solutions. A security system breach led to the compromise of approximately 1.5 million customer records, which were found for sale in an underground cybercrime forum.
With an estimated 1.9 million records compromised every day — and each record costing companies an average of $221 — the risk is serious and pervasive.
How Can Consumers Protect Themselves?
When consumers learn their data has been compromised, they’re likely to feel vulnerable. There are several steps they can take to protect themselves against the misuse of personal data.
- Change existing passwords. As evident from the LinkedIn, Dropbox and Yahoo breaches, personal account details can resurface years after the initial data breach. Failing to change passwords and secure sensitive data after a breach means personal credentials are available to cybercriminals long after the information was first compromised.
- Create unique passwords for each site. It’s important to use a unique, hard-to-hack password for every site visited. Tedious? Yes. But if hackers gain user names and passwords on one site, they’ll try them across multiple sites in an effort to gain entry.
- Take advantage of services offered. After a data breach, many companies offer free credit monitoring and ID protection services. Consumers should utilize these services.
- Monitor credit reports. With free credit reports offered once a year from the three major credit reporting agencies, consumers should request a credit report from one of the agencies every four months to check for fraud.
What Does This Mean for Merchants?
With 2016’s increase in breaches comes an increased volume of compromised data available for sale on the dark web. No longer can e-commerce businesses take transactions at face value. Customers aren’t always who they say they are. Merchants must efficiently — and effectively — protect their businesses by verifying every online customer’s identity.
Screening every transaction is a good place to start. This allows merchants to:
- Prevent fraudsters from conducting transactions using stolen information
- Quickly and accurately distinguish between fraudulent transactions and legitimate ones
- Spot the small fraudulent transactions that may signal a cyberthief testing out a merchant’s fraud filters
- Draw from a bigger pool of transaction data for more accurate analysis of fraud patterns
To take fraud protection a step further, a multi-layered solution that integrates advanced technology, statistical intelligence and sophisticated human analysis arms merchants with a comprehensive set of tools to stop fraud from taking hold in the first place.
Moreover, a strong fraud protection solution sends an equally strong signal of trust to consumers, that the merchant is not willing to let criminals get away with using their stolen information. This peace of mind can go a long way toward building confidence and loyalty for consumers.
Prepare for 2017 by Learning From 2016
One thing is clear: Despite increased security and awareness, the data breach forecast for 2017 is daunting.
- Password breaches that resurface long after the initial compromise will continue to put customers at risk.
- Payment-based cyberattacks will continue at a high level, despite the transition to EMV in the United States.
- International data breaches are on the rise, causing new headaches for global organizations.
The best approach for merchants? Learn from the mistakes of 2016 and keep on top of developing threats. Hackers are determined to get the information they want, so make it impossible for them to use stolen credentials on your e-commerce site.