In 2014, there were an estimated 2.3 million cases, a twenty-two percent increase from the previous year (Andrews, 2016). According to the Federal Trade Commission, identity theft complaints have also increased by more than 47 percent since 2014 and it was the second most reported crime after illegal debt collection. (“FTC Releases Annual Summary of Consumer Complaints Debt Collection, Identity Theft, and Imposter Scams Remain Top Categories of Complaints Received by FTC in 2015”, 2016) “The 2017 Identity Fraud Study, released by Javelin Strategy & Research, found that $16 billion was stolen from 15.4 million U.S. consumers in 2016, compared with $15.3 billion and 13.1 million victims in 2015. In the past six years identity thieves have stolen over $107 billion.” (“Identity Theft and Cybercrime”,
In 2006 AOL, inadvertently, made public personal information, of some 650,000 of its members. “The members filed suit with California federal district court, on behalf of themselves and a putative nationwide class of AOL members, alleging violations of federal electronic privacy law, 18 U.S.C. § 2702(a). A subclass of AOL members who are California residents also alleged various violations of California law, including the California Consumers Legal Remedies Act, California Civil Code § 1770.” (Doe 1 v AOL LLC, 2009)
In the past 12 months, there have been nearly 432 million accounts hacked belonging to many websites and applications. Many of this information stolen was sensitive, personal data such as credit card information, phone numbers, passwords, and even addresses.
Hackers can gain access to the computer records of banks, credit card companies, hospitals, merchants, universities, government agencies, and other organizations. Though such breaches occur much more rarely than phishing, even one instance can give the hacker access to millions of people’s personal data, including Social Security numbers, birth certificates, driver’s license numbers, health records, employment records, and financial information. The FBI reports that, since
However, the impact wasn’t over. In May of 2016, a hacker named “Peace” advertised the 2012 stolen database on the darknet for $2,200 USD (Trend Micro). The database was purported to contain email addresses and passwords of 167 million accounts including cracked passwords. This number is much higher than the original 6.5 million account breach reported. In a response from LinkedIn’s Chief Information Security Office, Cory Scott (Trend Micro), he stated that, “For several years, we have hashed and salted every password in our database, and we have offered protection tools such as email challenges and dual factor authentication. We have demanded that parties cease making stolen password data available and will evaluate potential legal action if they fail to comply.” Invalidation of passwords began immediately for users with accounts created before 2012 who had never changed their password, as requested by LinkedIn, since the initial data breach.
As value customers of the Anthem, Inc. we believe it is important to keep each one of you informed of any incident that might affect your business with us. Your privacy and security is our priority for the reason Anthem, Inc. would like to inform our customers of a recent phishing attack. Unfortunately, we have experienced similar attacks in the past which led many of the employees and customers’ data exposed to hackers. Even though this is a serious matter for the company and the customers it is important for us to make our customers aware that phishing attacks are common and they cause huge losses to both the customers and the companies (Wright et al., 2014). Our most recent attack took place on April 2014 and it affected about 80 million identifiable data stolen via phishing emails. The
Time Newspaper has learnt that it's not surprising that Internet companies have electronic dossiers that contain personal information for individuals who subscribe to the websites. Generally, these companies have obtained the information from people based on individual's visit to the website, sent and received emails, tagged photos, and searches people carry out. However, the extent of personal information known by these Internet companies has remained largely unknown as well who they provide and/or sell this information to. However, Internet companies continue to gather lots of personal information from different people who focus on carrying out online activities on a daily basis. Currently, it's estimated that these firms gather personal information from nearly 500 million users but are hesitant to provide this information to the other firms or individuals. As their unwillingness to share has attracted significant congressional inquiry, things could finally change in California following the introduction of a bill that may force companies to disclose the kind of personal information they have gathered and how this information is being used.
On September 8, 2015, it was discovered that a Patriot Financial Services (PFS) employee, whom provided customer support services to clients, had stolen personal financial data from approximately 50K of their customers. The data stolen by this employee was comprised of personal customer information including full names, home addresses, social security numbers, contact numbers, bank account numbers, driver 's license numbers, birth dates, email addresses, mother 's maiden names, pin’s and account balances. The suspect employee then proceeded to leak out this
Identity theft is, unfortunately, a commonplace in today’s world. Technology is ever advancing and evolving making today’s purchases obsolete. The obsolesces of technology plagued TJX. The company was attempting to get through under the radar with the enterprise security systems. “Because of the lax security systems at TJX, the hackers had an open doorway to the company 's entire computer system” (Weiss, 2014). TJX was cognizant of the breach and withheld information from stakeholders of the business. “Once a breach is discovered notification to consumers is paramount.”
However, in this instance the more than 32 million people whose identities were stolen probably would have rather had their credit card information released instead of the other personally identifying information.
(AFP/File/Karen Bleier, Yahoo is attempting to bind when it first knew programmers had ruptured its frameworks and whether they cleared out approaches to recapture access to accounts later on)
This case study, written in 2009 is not the only case where a major data breach has occurred within organizations. In the late 2011 Sony’s PlayStation Network (PSN) was breached impacting up to 77 million user’s accounts including data on names, address and possibly credit card details. In late 2013 Target had a cyber-attack that compromised a large quantity of its data and had 110 million accounts compromised. Finally in September 2014 Apple had their iCloud server breached by hacking that compromised all the users of the online server. These occurrences still have some unanswered questions and several experts have yet to decipher the actual reason as to why the security breach occurred.
v. Andrew Auernheimer, 2014. Auernheimer was working for Apple Inc. at the time the iPad was brought to customers. When the iPad first came out you had to purchase a contract with AT&T. Thus AT&T controlled the website and used email addresses. Auernheimer worked with testing security systems and found that personal emails were accessible from customers email address making the customers exposed. But when Auernheimer brought this to the company attention nothing was done. Auernheimer at this point took it upon himself to make it know to the public and went to press and exposed peoples email address. Then AT&T informed the government saying it was Auernheimer that violated the computer fraud and abuse act not at the fault of AT&T. The court found Auernheimer quilt they also not only used the laws in place by the Computer Fraud and Abuse Act but other state laws within computer crime. In this case Auernheimer should have gone about it a different way so it was not pinned to him with breaking the laws he should of gone to the government to show that AT&T was doing nothing to protect the peoples personal information. In this case The Computer Fraud and Abuse Act was used if more details were put in place for other parties involved in that way it could have also brought claims to AT&T with it being the flaw in their system that made it possible and shown they had done nothing to try to improve