We’ve written here, over the past twelve months, about some pretty significant data breaches.
Some, like last October’s Talk Talk data breach, triggered an almost instant wave of spam and social engineering telephone calls.
Elsewhere, the ‘dark web’ has long been the place for criminals to trade stolen data.
The Daily Mail – last November – reported that a fraudster who called himself ‘The Martian’ was selling data stolen from Talk Talk for as little as £1.62 a time.
Now, worryingly, stolen data has gone ‘mainstream’. The Times reported, on Saturday February 13th, that card data is now available for purchase on an openly available, if still illegal, website.
The Times reports claims that details of 100,000 Brits were available on the site priced from just £1.67 per record, and that the site has been updated regularly with over 400,000 new records made available in the six weeks since the start of the year.
The MP Keith Vaz, chairman of the home affairs select committee, described it as “deeply disturbing“, suggesting that the site could be funding terrorism and organised crime. He added that “The National Crime Agency must get this site closed.” and “I will be writing to the NCA to bring this to their attention.”
One might hope that somebody at the NCA takes The Times.
That said, the time of writing this, the site in question was still freely accessible, but even if it is taken down, the stolen data will doubtless be made available elsewhere.
Update – a full week later the site was still publicly accessible.
Stephen Orphei – the General Manager of the PCI Security Standards Council – likened card fraud to a water filled balloon; when pressure is applied in one area, the fraud appears elsewhere. It won’t be going away any time soon.
Compliance3’s Data Discovery service can help identify where data is being stored in your organisation, and once you know where it’s being stored you can decide whether you really, really need to continue storing it, and then how best to protect it.
As we reported back in January, a survey conducted by PWC suggested that ‘90% of large companies and 74% of small companies had experienced some kind of breach in the previous 12 months, and most had experienced more than one – the average was four’.
Get in touch with us, and find out how we can help you identify where the bones are buried in your organisation.