Earlier this month, security experts collaborated at the annual Black Hat security conference and discussed new trends and solutions in the realm of hacking and identity theft. One of the major issues discussed, reported by The New York Times, was that of an extensive Russian crime ring that collected an estimated 1.2 billion username and password combinations and 4.5 billion general records.
Alex Holden, the founder and chief information security officer of Hold Security, said the Russians have indiscriminately targeted groups with an internet presence. The businesses affected range from small websites to Fortune 500 companies, and although some institutions were aware of the breach it appears that most were not.
The hackers have not sold any information as of yet, but have instead been sending spam for fees. They could, however, sell the personal information they have amassed for a good deal of money. Last year, for example, Holden discovered a database selling 360 million personal records.
Avivah Litan, a security analyst at the research firm Gartner, warns, "Companies that rely on user names and passwords have to develop a sense of urgency about changing this. Until they do, criminals will just keep stockpiling people's credentials."
Businesses are increasingly taking note of this warning, especially because this year every breach has cost the company an average of $3.5 million. H&R Block is one company that has just installed a new, more rigorous identity-confirmation program in hopes of preventing breaches.
And it isn't only businesses that are vulnerable to breaches. This summer, a group of Chinese hackers invaded U.S. hospital systems and collected data on 4.5 million patients.
It is becoming increasingly crucial that companies install protective credit card processors and implement effective defensive measures, including employee education on the dangers and methods of prevention of security breaches.