Health care, government and education are common targets of data breaches. However, fraudsters are dominating headlines with a data breach of the affair-driven website, Ashley Madison. The breach gives cyber security professionals and citizens, a strong insight into how secure systems are in comparison to how safe users think their info may be.
According to news reports, the drama surrounding the breach started when fraudsters compromised the Ashley Madison website and threatened to release the data if it was not shut down. The owners of Ashley Madison did not comply; therefore, the stolen data was released to the dark web.
Various reports are conveying the types of personally identifying information were compromised. Thus far, the data includes names, e-mails, purchase history and more. This data breach is unique in the manner that the focus of the fraudsters was not financial gain, because they did not obtain full payment information, just a partial set of the numbers.
In the majority of cases, victims of a data breach would be relieved that their payment information was not at risk. However, in this instance the more than 32 million people have different information released that can be viewed as worse given the circumstance.
The Ashley Madison website prided itself in being anonymous and even led with that promise. Although, numerous companies instill in people how they should trust them, some people face data breaches later. In knowing the risk in the digital age, some users still provided their correct contact and payment information.
As an example, allegedly some people used their work e-mails to sign up, even government e-mail accounts. Some users did sign up with fake accounts, but can still be linked through their payment information. One important detail is that the reports claim that the site does not require verification of e-mail addresses, so e-mails may not be correct to the user.
Aside from the morality aspect of the people affected by the breach, the situation is alarming for businesses and customers. All data is important to someone, even if it is only a person’s name. Likewise, businesses and customers should be aware of the data they give and store, and how this can ultimately impact their lives. While a fraudster obtaining a credit card number and spending thousands of dollars on clothes can impact a person’s credit, a name and e-mail released from a site like Ashley Madison can affect a person in a completely different, yet destructive way.
Businesses need to protect the data that they store on servers, regardless of if they are a small business or a large corporation. Additionally, compared to the usual targets, age-restricted companies and various others may be at more risk, due to the morality focus on the Ashley Madison case. Finally, verification is key along with Knowledge Based Authentication (KBA) to avoid not knowing if a person is who they claim to be.