Security researcher Brian Krebs recently disclosed that a Russian gang which operates a criminal identity theft service for other identity thieves had hacked into three major data aggregators, LexisNexis, Dun & Bradstreet and Kroll Background America for as long as five months without being uncovered until recently. These data aggregators are companies that store tremendous amounts of personal information used for business transactions and by law enforcement. Included in the information stored by these companies is not just names, birthdates and Social Security numbers, but also knowledge-based authentication information, which is used by businesses, financial institutions and credit card companies to confirm someone’s identity when doing business with them. This information includes information about previous loans, residences and other personal information. By stealing this information the hackers were able to steal the identities of their victims and obtain loans and credit. The Russian gang managed to infiltrate the computers of all three of these data aggregators without being detected for months and without triggering the security software and anti-malware employed by the three companies. The Russian gang then sold the data on countless victims to other identity thieves. The FBI is still investigating this story and I will update you as further developments occur.
TIPS
As I so often tell you, your personal information is only as safe as the places that hold that information with the weakest security. For this reason it is important to limit as much as possible the amount of information that you share and to be constantly vigilant about protecting and monitoring your accounts and assets. Make sure that your accounts are password protected and that your own security software and anti-malware software is installed and constantly updated with the latest patches. Identity thieves are always a bit ahead of the developers of security software so it is even more important to install updates as soon as they are available.