In recent years, the threat has mushroomed both in terms of the number of attacks and the financial resources targeted. Increasingly, hackers seek out and compromise legitimate user credentials to gain access to protected systems. It could be access to credit bureau files or payment processing files.
In the Target breach, it was a heating and air conditioning vendor that was exploited to gain entry. Eventually thieves grabbed data on over 100 million individuals. ADP payroll processing services experienced a rash of credentials-related breaches in the past two years, as has Experian, one of the Big Three credit reporting agencies. Another new trend is targeting smaller payroll processing companies directly to access their servers.
One recent data breach involving PayTime Payroll of Harrisburg PA hit over 200,000 worker files dating back to 2008. It encompassed both current and former workers of PayTime’s clients as well as some dependents and beneficiaries. Payroll data is probably the mother lode of personal data. It’s the ID thief’s complete tool kit.
As long as the hackers can make money, they’ll continue to seek out these obscure weak links and drill in. I do expect the threat to grow in future years because most firms still have their heads in the sand when it comes to bolstering their IT department. Yes, it costs money to do so but it’s money well spent because tighter security will protect your clients, your reputation and your bottom line. It’s disheartening to see how many CEO’s still turn a blind eye to the problem until it’s too late. As the former CEO of Target could tell them, their job’s also on the line if there’s a massive breach.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.