Article
Ashley Madison: The new face of data breaches
At the recent ATM & Mobile Innovation Summit in Washington, DC, a pair of security experts discussed the implications of the Ashley Madison data breach, as well as other worrisome cybercrime trends.
September 22, 2015 by Will Hernandez — Editor, NetWorld Media Group
For almost two years now, Target has served as the reluctant standard-bearer when it comes to high-profile data breaches.
The retail giant took that title away from TJX, which suffered a data breach in 2007 that affected 94 million consumers and cost the discount clothing chain close to $500 million. While Target's setback started a string of high-profile retail data breaches and became a rallying cry for the current EMV transition in the U.S., no incident since then has vied to become the new champion.
Enter Ashley Madison.
When news broke that the Canada-based online dating service for married people had experienced a data breach, it set in motion a chain of events not seen with other data breaches.
Fraudsters scrambled to take advantage of the situation in a number of ways. One example: Criminals created websites that offered to check whether an email address had been used on Ashely Madison. Once they knew they had hooked a worried dating service client, the blackmail began. Reports surfaced that Ashley Madison users were being told to pay into extortionist's bitcoin accounts in exchange for a promise to keep their secret safe.
At the ATM & Mobile Innovation summit held recently in Washington, D.C., Ken Metcalf, chief technology officer for South Africa-based security provider Reslam, compared the Ashley Madison breach to an earthquake and its aftershocks. The summit is an annual event co-hosted by the Electronic Funds Transfer Association and Networld Media Group, publisher of Mobile Payments Today and ATM Marketplace.
"Ashely Madison has far more significance than the other breaches we have seen," Metcalf said. "You had this inital data breach [the earthquake] that was very sensitive, but look what happened after that.
"The information went into the world and you had some very clever companies that took advantage of the fact [the aftershocks] that there were nervous people about this data."
The Ashley Madison breach was one of several topics that Metcalf and Joseph Samuel, founder and managing partner of Park Lane Group, discussed during the hour-long panel.
Ashley Madison and other recent data breaches such as the one earlier this year at health care provider Anthem sparked a discussion about the federal government's role in these situations, and whether a nationwide data breach notification law is needed.
Samuel, who spent several years working on Capitol Hill, said the challenge with such a law is how it would jibe with existing state laws.
"There are a lot of challenges and I think it's going to be difficult to get that done," he said. "But what I do see happening is this idea behind greater collaboration between industries and government, and that's along the lines of cybersecurity info sharing."
Samuel noted that Congress has already discussed such an endeavor and might pass a law along those lines by the end of the year.
The Internet of Things is another area where Congress has shown interest, and for good reason.
As devices become more connected with each other, the more susceptible they become to data breaches and general hacks. In July, Wired chronicled how hackers can remotely disable a car's brakes through the vehicle's Internet-connected system.
"There is a great concern around networking critical components," Metcalf said. "In terms of the Internet of Things, there's always this seesaw between convenience and security. You can make something and let it stand on its own. Or you can connect it to other devices."
Samuel said Congress is studying the IoT from two perspectives: the general "wow" factor of such inventions; and what they mean for consumer security. However, he said that their interest in IoT is more about getting themselves up to speed on the concept and its market than it is about legislation.
"Congress, to a certain extent, is cautious about doing something that could negatively impact innovation in nascent industries," Samuel said.
Metcalf and Samuel also touched upon a number of topics related current security trends:
- Metcalf on the EMV liability shift leading to more online fraud: "What has come out of discussions on the shift [in the U.S. and other countries] is that we need to put other things in place in that whole chain of transacting."
- Samuel on whether an EMV mandate from the federal government is needed: "I don't see lawmakers clamoring for a governmental mandate. What lawmakers and regulators want is ... to see action. They want to have confidence that the industry as a whole gets it, that they're on top of situation."
- Metcalf on the problems with mobile device security on older devices: "You have a lot of devices out there that will never be updated with security and software updates. That security vulnerability will always be there. That is my fear around the mobile phone."
About Will Hernandez
Will Hernandez has 14 years of experience ranging from newspapers to wire services and trade publications. Before becoming Editor of MobilePaymentsToday.com, he spent two years as the content manager for PaymentsJournal.com, a leading payments industry news aggregator and information hub published by Mercator Advisory Group. Will spent four years covering the payments industry as an associate editor for multiple publications in SourceMedia's Payments Group based in Chicago.
Related Media
SecurityPresented ByDiebold Nixdorf
Subscribe
Get the latest news and resources from ATM Marketplace.
